]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecKeyAdaptors.c
Security-58286.1.32.tar.gz
[apple/security.git] / OSX / sec / Security / SecKeyAdaptors.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * SecKeyAdaptors.c - Implementation of assorted algorithm adaptors for SecKey.
26 * Algorithm adaptor is able to perform some transformation on provided input and calculated results and invoke
27 * underlying operation with different algorithm. Typical adaptors are message->digest or unpadded->padded.
28 * To invoke underlying operation, add algorithm to the context algorithm array and invoke SecKeyRunAlgorithmAndCopyResult().
29 */
30
31 #include <Security/SecBase.h>
32 #include <Security/SecKeyInternal.h>
33 #include <Security/SecItem.h>
34 #include <Security/SecCFAllocator.h>
35
36 #include <AssertMacros.h>
37 #include <utilities/SecCFWrappers.h>
38 #include <utilities/array_size.h>
39 #include <utilities/debugging.h>
40 #include <utilities/SecCFError.h>
41 #include <utilities/SecBuffer.h>
42
43 #include <corecrypto/ccsha1.h>
44 #include <corecrypto/ccsha2.h>
45 #include <corecrypto/ccmd5.h>
46 #include <corecrypto/ccrsa_priv.h>
47 #include <corecrypto/ccansikdf.h>
48 #include <corecrypto/ccmode.h>
49 #include <corecrypto/ccaes.h>
50
51 #pragma mark Algorithm constants value definitions
52
53 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw = CFSTR("algid:sign:RSA:raw");
54 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRawCCUnit = CFSTR("algid:sign:RSA:raw-cc");
55
56 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw = CFSTR("algid:sign:RSA:digest-PKCS1v15");
57 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5");
58 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA1");
59 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA224");
60 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA256");
61 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA384");
62 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA512");
63 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA1 = CFSTR("algid:sign:RSA:digest-PSS:SHA1:SHA1:20");
64 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA224 = CFSTR("algid:sign:RSA:digest-PSS:SHA224:SHA224:24");
65 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256 = CFSTR("algid:sign:RSA:digest-PSS:SHA256:SHA256:32");
66 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384 = CFSTR("algid:sign:RSA:digest-PSS:SHA384:SHA384:48");
67 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512 = CFSTR("algid:sign:RSA:digest-PSS:SHA512:SHA512:64");
68
69 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 = CFSTR("algid:sign:RSA:message-PKCS1v15:MD5");
70 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA1");
71 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA224");
72 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA256");
73 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA384");
74 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA512");
75 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA1 = CFSTR("algid:sign:RSA:message-PSS:SHA1:SHA1:20");
76 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA224 = CFSTR("algid:sign:RSA:message-PSS:SHA224:SHA224:24");
77 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA256 = CFSTR("algid:sign:RSA:message-PSS:SHA256:SHA256:32");
78 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA384 = CFSTR("algid:sign:RSA:message-PSS:SHA384:SHA384:48");
79 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512 = CFSTR("algid:sign:RSA:message-PSS:SHA512:SHA512:64");
80
81 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754 = CFSTR("algid:sign:ECDSA:RFC4754");
82
83 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962 = CFSTR("algid:sign:ECDSA:digest-X962");
84 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1 = CFSTR("algid:sign:ECDSA:digest-X962:SHA1");
85 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224 = CFSTR("algid:sign:ECDSA:digest-X962:SHA224");
86 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256 = CFSTR("algid:sign:ECDSA:digest-X962:SHA256");
87 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384 = CFSTR("algid:sign:ECDSA:digest-X962:SHA384");
88 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512 = CFSTR("algid:sign:ECDSA:digest-X962:SHA512");
89
90 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1 = CFSTR("algid:sign:ECDSA:message-X962:SHA1");
91 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224 = CFSTR("algid:sign:ECDSA:message-X962:SHA224");
92 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256 = CFSTR("algid:sign:ECDSA:message-X962:SHA256");
93 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384 = CFSTR("algid:sign:ECDSA:message-X962:SHA384");
94 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512 = CFSTR("algid:sign:ECDSA:message-X962:SHA512");
95
96 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw = CFSTR("algid:encrypt:RSA:raw");
97 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRawCCUnit = CFSTR("algid:encrypt:RSA:raw-cc");
98 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1 = CFSTR("algid:encrypt:RSA:PKCS1");
99 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1 = CFSTR("algid:encrypt:RSA:OAEP:SHA1");
100 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224 = CFSTR("algid:encrypt:RSA:OAEP:SHA224");
101 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256 = CFSTR("algid:encrypt:RSA:OAEP:SHA256");
102 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384 = CFSTR("algid:encrypt:RSA:OAEP:SHA384");
103 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512 = CFSTR("algid:encrypt:RSA:OAEP:SHA512");
104
105 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA1:AESGCM");
106 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA224:AESGCM");
107 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA256:AESGCM");
108 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA384:AESGCM");
109 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA512:AESGCM");
110
111 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA1:AESGCM");
112 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM");
113 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM");
114 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM");
115 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM");
116
117 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA1:AESGCM");
118 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM");
119 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM");
120 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM");
121 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM");
122
123 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM-KDFIV");
124 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM-KDFIV");
125 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM-KDFIV");
126 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM-KDFIV");
127
128 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM-KDFIV");
129 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM-KDFIV");
130 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM-KDFIV");
131 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM-KDFIV");
132
133 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard = CFSTR("algid:keyexchange:ECDH");
134 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA1");
135 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA224");
136 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA256");
137 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA384");
138 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA512");
139
140 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor = CFSTR("algid:keyexchange:ECDHC");
141 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA1");
142 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA224");
143 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA256");
144 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA384");
145 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA512");
146
147 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard = CFSTR("algid:encrypt:ECIES:ECDH:SHA256:2PubKeys");
148
149 void SecKeyOperationContextDestroy(SecKeyOperationContext *context) {
150 CFReleaseNull(context->algorithm);
151 }
152
153 static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buffer, CFDataRef data)) {
154 PerformWithBuffer(size, ^(size_t size, uint8_t *buffer) {
155 CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)buffer, size, kCFAllocatorNull);
156 operation(buffer, data);
157 CFRelease(data);
158 });
159 }
160
161 static CFDataRef SecKeyCopyDigestForMessage(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2,
162 const struct ccdigest_info *di, CFErrorRef *error) {
163 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
164 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
165 }
166
167 __block CFTypeRef result;
168 PerformWithCFDataBuffer(di->output_size, ^(uint8_t *buffer, CFDataRef data) {
169 ccdigest(di, CFDataGetLength(message), CFDataGetBytePtr(message), buffer);
170 result = SecKeyRunAlgorithmAndCopyResult(context, data, in2, error);
171 });
172 return result;
173 }
174
175 static CFTypeRef SecKeyCopyECDSASignatureForDigest(SecKeyOperationContext *context, CFDataRef digest, CFDataRef in2,
176 SecKeyAlgorithm algorithm, const struct ccdigest_info *di, CFErrorRef *error) {
177 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigestX962);
178 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
179 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
180 }
181
182 if (CFDataGetLength(digest) != (CFIndex)di->output_size) {
183 SecError(errSecParam, error, CFSTR("bad digest size for signing with algorithm %@"), algorithm);
184 return NULL;
185 }
186
187 return SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
188 }
189
190 #define DIGEST_RSA_ADAPTORS(name, di) \
191 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessage ## name( \
192 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
193 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigest ## name); \
194 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
195 }
196
197 #define DIGEST_ECDSA_ADAPTORS(name, di) \
198 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessage ## name( \
199 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
200 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigest ## name); \
201 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
202 } \
203 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigest ## name( \
204 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
205 return SecKeyCopyECDSASignatureForDigest(context, in1, in2, kSecKeyAlgorithmECDSASignatureDigest ## name, di, error); \
206 }
207
208 DIGEST_RSA_ADAPTORS(PKCS1v15SHA1, ccsha1_di())
209 DIGEST_RSA_ADAPTORS(PKCS1v15SHA224, ccsha224_di())
210 DIGEST_RSA_ADAPTORS(PKCS1v15SHA256, ccsha256_di())
211 DIGEST_RSA_ADAPTORS(PKCS1v15SHA384, ccsha384_di())
212 DIGEST_RSA_ADAPTORS(PKCS1v15SHA512, ccsha512_di())
213 DIGEST_RSA_ADAPTORS(PKCS1v15MD5, ccmd5_di())
214 DIGEST_RSA_ADAPTORS(PSSSHA1, ccsha1_di())
215 DIGEST_RSA_ADAPTORS(PSSSHA224, ccsha224_di())
216 DIGEST_RSA_ADAPTORS(PSSSHA256, ccsha256_di())
217 DIGEST_RSA_ADAPTORS(PSSSHA384, ccsha384_di())
218 DIGEST_RSA_ADAPTORS(PSSSHA512, ccsha512_di())
219 DIGEST_ECDSA_ADAPTORS(X962SHA1, ccsha1_di())
220 DIGEST_ECDSA_ADAPTORS(X962SHA224, ccsha224_di())
221 DIGEST_ECDSA_ADAPTORS(X962SHA256, ccsha256_di())
222 DIGEST_ECDSA_ADAPTORS(X962SHA384, ccsha384_di())
223 DIGEST_ECDSA_ADAPTORS(X962SHA512, ccsha512_di())
224
225 #undef DIGEST_RSA_ADAPTORS
226 #undef DIGEST_ECDSA_ADAPTORS
227
228 static CFDataRef SecKeyRSACopyBigEndianToCCUnit(CFDataRef bigEndian, size_t size) {
229 CFMutableDataRef result = NULL;
230 if (bigEndian != NULL) {
231 size_t dataSize = CFDataGetLength(bigEndian);
232 if (dataSize > size) {
233 size = dataSize;
234 }
235 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, ccrsa_sizeof_n_from_size(size));
236 ccn_read_uint(ccn_nof_size(size), (cc_unit *)CFDataGetMutableBytePtr(result), dataSize, CFDataGetBytePtr(bigEndian));
237 }
238 return result;
239 }
240
241 static void PerformWithBigEndianToCCUnit(CFDataRef bigEndian, size_t size, void (^operation)(CFDataRef ccunits)) {
242 if (bigEndian == NULL) {
243 return operation(NULL);
244 }
245 size_t dataSize = CFDataGetLength(bigEndian);
246 if (dataSize > size) {
247 size = dataSize;
248 }
249 PerformWithCFDataBuffer(ccrsa_sizeof_n_from_size(size), ^(uint8_t *buffer, CFDataRef data) {
250 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, dataSize, CFDataGetBytePtr(bigEndian));
251 operation(data);
252 });
253 }
254
255 static CFDataRef SecKeyRSACopyCCUnitToBigEndian(CFDataRef ccunits, size_t size) {
256 CFMutableDataRef result = NULL;
257 if (ccunits != NULL) {
258 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
259 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
260 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, size);
261 ccn_write_uint_padded(n, s, CFDataGetLength(result), CFDataGetMutableBytePtr(result));
262 }
263 return result;
264 }
265
266 static void PerformWithCCUnitToBigEndian(CFDataRef ccunits, size_t size, void (^operation)(CFDataRef bigEndian)) {
267 if (ccunits == NULL) {
268 return operation(NULL);
269 }
270 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
271 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
272 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
273 ccn_write_uint_padded(n, s, size, buffer);
274 operation(data);
275 });
276 }
277
278 static CFTypeRef SecKeyRSACopyEMSASignature(SecKeyOperationContext *context,
279 CFDataRef in1, CFDataRef in2, CFErrorRef *error, bool pss, const struct ccdigest_info *di) {
280 CFDictionaryRef parameters = NULL;
281 __block CFTypeRef result = NULL;
282
283 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
284 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
285 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
286 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
287 CFReleaseNull(parameters);
288
289 if (pss) {
290 // Verify that algorithm is compatible with the modulus size.
291 size_t blockSize = SecKeyGetBlockSize(context->key);
292 require_action_quiet(blockSize >= di->output_size * 2 + 2, out,
293 SecError(errSecParam, error, CFSTR("algorithm %@ incompatible with %lubit RSA key"),
294 CFArrayGetValueAtIndex(context->algorithm, CFArrayGetCount(context->algorithm) - 1),
295 blockSize * 8));
296 }
297
298 if (!pss && di != NULL) {
299 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw);
300 }
301
302 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
303 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
304 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
305 }
306
307 size_t size = SecKeyGetBlockSize(context->key);
308 if (size == 0) {
309 SecError(errSecParam, error, CFSTR("expecting RSA key"));
310 return NULL;
311 }
312 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
313 uint8_t s[size];
314 if (pss) {
315 uint8_t salt[di->output_size];
316 int err = ccrng_generate(ccrng_seckey, di->output_size, salt);
317 require_noerr_action_quiet(err, out, SecError(errSecInternal, error, CFSTR("PSS salt gen fail (%zu bytes), err %d"),
318 di->output_size, err));
319 err = ccrsa_emsa_pss_encode(di, di, di->output_size, salt,
320 CFDataGetLength(in1), CFDataGetBytePtr(in1), size * 8 - 1, s);
321 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSASSA-PSS incompatible algorithm for key size")));
322 } else {
323 int err = ccrsa_emsa_pkcs1v15_encode(size, s, CFDataGetLength(in1), CFDataGetBytePtr(in1), di ? di->oid : NULL);
324 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSAsign wrong input data length")));
325 }
326 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, size, s);
327 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
328 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
329 out:;
330 });
331
332 out:
333 CFReleaseSafe(parameters);
334 return result;
335 }
336
337 #define RSA_EMSA_SIGN_ADAPTOR(name, pss, di) \
338 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigest ## name( \
339 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
340 return SecKeyRSACopyEMSASignature(context, in1, in2, error, pss, di); \
341 }
342
343 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA1, false, ccsha1_di())
344 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA224, false, ccsha224_di())
345 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA256, false, ccsha256_di())
346 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA384, false, ccsha384_di())
347 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA512, false, ccsha512_di())
348 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15Raw, false, NULL)
349 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15MD5, false, ccmd5_di())
350 RSA_EMSA_SIGN_ADAPTOR(PSSSHA1, true, ccsha1_di())
351 RSA_EMSA_SIGN_ADAPTOR(PSSSHA224, true, ccsha224_di())
352 RSA_EMSA_SIGN_ADAPTOR(PSSSHA256, true, ccsha256_di())
353 RSA_EMSA_SIGN_ADAPTOR(PSSSHA384, true, ccsha384_di())
354 RSA_EMSA_SIGN_ADAPTOR(PSSSHA512, true, ccsha512_di())
355
356 #undef RSA_EMSA_SIGN_ADAPTOR
357
358 static CFTypeRef SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(SecKeyOperationContext *context,
359 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
360 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
361 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
362 }
363
364 __block CFTypeRef result = NULL;
365 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
366 result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, in2, error);
367 if (result != NULL) {
368 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
369 }
370 });
371 return result;
372 }
373
374 static CFTypeRef SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(SecKeyOperationContext *context,
375 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
376 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
377 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
378 }
379
380 __block CFTypeRef result = NULL;
381 PerformWithCCUnitToBigEndian(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef bigEndian) {
382 result = SecKeyRunAlgorithmAndCopyResult(context, bigEndian, in2, error);
383 if (result != NULL) {
384 CFAssignRetained(result, SecKeyRSACopyBigEndianToCCUnit(result, SecKeyGetBlockSize(context->key)));
385 }
386 });
387 return result;
388 }
389
390 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw(SecKeyOperationContext *context,
391 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
392 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
393 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
394 }
395
396 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit(SecKeyOperationContext *context,
397 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
398 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRaw);
399 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
400 }
401
402 static bool SecKeyVerifyBadSignature(CFErrorRef *error) {
403 return SecError(errSecVerifyFailed, error, CFSTR("RSA signature verification failed, no match"));
404 }
405
406 static CFTypeRef SecKeyRSAVerifyAdaptorCopyResult(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error,
407 Boolean (^verifyBlock)(CFDataRef decrypted)) {
408 CFTypeRef result = NULL;
409 context->operation = kSecKeyOperationTypeDecrypt;
410 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
411 result = SecKeyRunAlgorithmAndCopyResult(context, signature, NULL, error);
412 if (context->mode == kSecKeyOperationModePerform && result != NULL) {
413 if (verifyBlock(result)) {
414 CFRetainAssign(result, kCFBooleanTrue);
415 } else {
416 CFRetainAssign(result, kCFBooleanFalse);
417 SecKeyVerifyBadSignature(error);
418 }
419 }
420 return result;
421 }
422
423 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyOperationContext *context,
424 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
425 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) {
426 // Skip zero-padding from the beginning of the decrypted signature.
427 const UInt8 *data = CFDataGetBytePtr(decrypted);
428 CFIndex length = CFDataGetLength(decrypted);
429 while (*data == 0x00 && length > 0) {
430 data++;
431 length--;
432 }
433 // The rest of the decrypted signature must be the same as input data.
434 return length == CFDataGetLength(in1) && memcmp(CFDataGetBytePtr(in1), data, length) == 0;
435 });
436 };
437
438 #define PKCS1v15_EMSA_VERIFY_ADAPTOR(name, oid) \
439 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15 ## name( \
440 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
441 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
442 return ccrsa_emsa_pkcs1v15_verify(CFDataGetLength(decrypted), \
443 (uint8_t *)CFDataGetBytePtr(decrypted), \
444 CFDataGetLength(in1), CFDataGetBytePtr(in1), oid) == 0; \
445 }); \
446 }
447
448 #define PSS_EMSA_VERIFY_ADAPTOR(name, di) \
449 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSS ## name( \
450 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
451 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
452 return ccrsa_emsa_pss_decode(di, di, di->output_size, CFDataGetLength(in1), CFDataGetBytePtr(in1), \
453 CFDataGetLength(decrypted) * 8 - 1, (uint8_t *)CFDataGetBytePtr(decrypted)) == 0; \
454 }); \
455 }
456
457 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di()->oid)
458 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di()->oid)
459 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di()->oid)
460 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di()->oid)
461 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di()->oid)
462 PKCS1v15_EMSA_VERIFY_ADAPTOR(Raw, NULL)
463 PKCS1v15_EMSA_VERIFY_ADAPTOR(MD5, ccmd5_di()->oid)
464
465 PSS_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di())
466 PSS_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di())
467 PSS_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di())
468 PSS_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di())
469 PSS_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di())
470
471 #undef PKCS1v15_EMSA_VERIFY_ADAPTOR
472 #undef PSS_EMSA_VERIFY_ADAPTOR
473
474 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw(SecKeyOperationContext *context,
475 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
476 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
477 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
478 }
479
480 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit(SecKeyOperationContext *context,
481 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
482 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
483 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
484 }
485
486 static CFTypeRef SecKeyRSACopyEncryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
487 CFDataRef in1, CFErrorRef *error) {
488 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
489 size_t size = SecKeyGetBlockSize(context->key);
490 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
491 if (size < minSize) {
492 return kCFNull;
493 }
494 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
495 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
496 }
497
498 __block CFTypeRef result = NULL;
499 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
500 int err;
501 if (di != NULL) {
502 err = ccrsa_oaep_encode(di, ccrng_seckey, size, (cc_unit *)buffer,
503 CFDataGetLength(in1), CFDataGetBytePtr(in1));
504 } else {
505 err = ccrsa_eme_pkcs1v15_encode(ccrng_seckey, size, (cc_unit *)buffer,
506 CFDataGetLength(in1), CFDataGetBytePtr(in1));
507 }
508 require_noerr_action_quiet(err, out, SecError(errSecParam, error,
509 CFSTR("RSAencrypt wrong input size (err %d)"), err));
510 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
511 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
512 out:;
513 });
514 return result;
515 }
516
517 static CFTypeRef SecKeyRSACopyDecryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
518 CFDataRef in1, CFErrorRef *error) {
519 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
520 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
521 if (SecKeyGetBlockSize(context->key) < minSize) {
522 return kCFNull;
523 }
524 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
525 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
526 }
527
528 __block CFMutableDataRef result = NULL;
529 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
530 CFDataRef cc_result = NULL;
531 require_quiet(cc_result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, NULL, error), out);
532 size_t size = CFDataGetLength(cc_result);
533 result = CFDataCreateMutableWithScratch(NULL, size);
534 int err;
535 if (di != NULL) {
536 err = ccrsa_oaep_decode(di, &size, CFDataGetMutableBytePtr(result),
537 CFDataGetLength(cc_result), (cc_unit *)CFDataGetBytePtr(cc_result));
538 } else {
539 err = ccrsa_eme_pkcs1v15_decode(&size, CFDataGetMutableBytePtr(result),
540 CFDataGetLength(cc_result), (cc_unit *)CFDataGetBytePtr(cc_result));
541 }
542 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
543 SecError(errSecParam, error, CFSTR("RSAdecrypt wrong input (err %d)"), err)));
544 CFDataSetLength(result, size);
545 out:
546 CFReleaseSafe(cc_result);
547 });
548 return result;
549 }
550
551 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
552 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
553 return SecKeyRSACopyEncryptedWithPadding(context, NULL, in1, error);
554 }
555
556 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
557 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
558 return SecKeyRSACopyDecryptedWithPadding(context, NULL, in1, error);
559 }
560
561 #define RSA_OAEP_CRYPT_ADAPTOR(name, di) \
562 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## name( \
563 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
564 return SecKeyRSACopyEncryptedWithPadding(context, di, in1, error); \
565 } \
566 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## name( \
567 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
568 return SecKeyRSACopyDecryptedWithPadding(context, di, in1, error); \
569 }
570
571 RSA_OAEP_CRYPT_ADAPTOR(SHA1, ccsha1_di());
572 RSA_OAEP_CRYPT_ADAPTOR(SHA224, ccsha224_di());
573 RSA_OAEP_CRYPT_ADAPTOR(SHA256, ccsha256_di());
574 RSA_OAEP_CRYPT_ADAPTOR(SHA384, ccsha384_di());
575 RSA_OAEP_CRYPT_ADAPTOR(SHA512, ccsha512_di());
576
577 #undef RSA_OAEP_CRYPT_ADAPTOR
578
579 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize = CFSTR("requestedSize");
580 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo = CFSTR("sharedInfo");
581
582 static CFTypeRef SecKeyECDHCopyX963Result(SecKeyOperationContext *context, const struct ccdigest_info *di,
583 CFTypeRef in1, CFTypeRef params, CFErrorRef *error) {
584 CFTypeRef result = NULL;
585 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, in1, NULL, error), out);
586
587 if (context->mode == kSecKeyOperationModePerform) {
588 // Parse params.
589 CFTypeRef value = NULL;
590 CFIndex requestedSize = 0;
591 require_action_quiet((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterRequestedSize)) != NULL
592 && CFGetTypeID(value) == CFNumberGetTypeID() &&
593 CFNumberGetValue(value, kCFNumberCFIndexType, &requestedSize), out,
594 SecError(errSecParam, error, CFSTR("kSecKeyKeyExchangeParameterRequestedSize is missing")));
595 size_t sharedInfoLength = 0;
596 const void *sharedInfo = NULL;
597 if ((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterSharedInfo)) != NULL &&
598 CFGetTypeID(value) == CFDataGetTypeID()) {
599 sharedInfo = CFDataGetBytePtr(value);
600 sharedInfoLength = CFDataGetLength(value);
601 }
602
603 CFMutableDataRef kdfResult = CFDataCreateMutableWithScratch(kCFAllocatorDefault, requestedSize);
604 int err = ccansikdf_x963(di, CFDataGetLength(result), CFDataGetBytePtr(result), sharedInfoLength, sharedInfo,
605 requestedSize, CFDataGetMutableBytePtr(kdfResult));
606 CFAssignRetained(result, kdfResult);
607 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
608 SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong input (%d)"), err)));
609 }
610 out:
611 return result;
612 }
613
614 #define ECDH_X963_ADAPTOR(hashname, di, cofactor) \
615 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDH ## cofactor ## X963 ## hashname( \
616 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
617 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDHKeyExchange ## cofactor); \
618 return SecKeyECDHCopyX963Result(context, di, in1, in2, error); \
619 }
620
621 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Standard)
622 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Standard)
623 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Standard)
624 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Standard)
625 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Standard)
626 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Cofactor)
627 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Cofactor)
628 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Cofactor)
629 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Cofactor)
630 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Cofactor)
631
632 #undef ECDH_X963_ADAPTOR
633
634 // Extract number value of either CFNumber or CFString.
635 static CFIndex SecKeyGetCFIndexFromRef(CFTypeRef ref) {
636 CFIndex result = 0;
637 if (CFGetTypeID(ref) == CFNumberGetTypeID()) {
638 if (!CFNumberGetValue(ref, kCFNumberCFIndexType, &result)) {
639 result = 0;
640 }
641 } else if (CFGetTypeID(ref) == CFStringGetTypeID()) {
642 result = CFStringGetIntValue(ref);
643 }
644 return result;
645 }
646
647 typedef CFDataRef (*SecKeyECIESKeyExchangeCopyResult)(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm, bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV, CFErrorRef *error);
648 typedef Boolean (*SecKeyECIESEncryptCopyResult)(CFDataRef keyExchangeResult, CFDataRef inData, CFMutableDataRef result, CFErrorRef *error);
649 typedef CFDataRef SecKeyECIESDecryptCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFErrorRef *error);
650
651 static CFTypeRef SecKeyECIESCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
652 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
653 SecKeyECIESEncryptCopyResult encryptCopyResult, bool variableIV,
654 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
655 CFDictionaryRef parameters = NULL;
656 SecKeyRef ephemeralPrivateKey = NULL, ephemeralPublicKey = NULL;
657 CFDataRef pubKeyData = NULL, ephemeralPubKeyData = NULL, keyExchangeResult = NULL;
658 CFTypeRef result = NULL;
659 SecKeyRef originalKey = context->key;
660 CFMutableDataRef ciphertext = NULL;
661
662 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
663 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
664 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
665 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
666
667 // Generate ephemeral key.
668 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
669 CFAssignRetained(parameters, CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
670 kSecAttrKeyType, CFDictionaryGetValue(parameters, kSecAttrKeyType),
671 kSecAttrKeySizeInBits, CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits),
672 NULL));
673 require_quiet(ephemeralPrivateKey = SecKeyCreateRandomKey(parameters, error), out);
674 require_action_quiet(ephemeralPublicKey = SecKeyCopyPublicKey(ephemeralPrivateKey), out,
675 SecError(errSecParam, error, CFSTR("Unable to get public key from generated ECkey")));
676 require_quiet(ephemeralPubKeyData = SecKeyCopyExternalRepresentation(ephemeralPublicKey, error), out);
677
678 context->key = ephemeralPrivateKey;
679 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, true,
680 ephemeralPubKeyData, pubKeyData, variableIV, error), out);
681 if (context->mode == kSecKeyOperationModePerform) {
682 // Encrypt input data using AES-GCM.
683 ciphertext = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, ephemeralPubKeyData);
684 require_quiet(encryptCopyResult(keyExchangeResult, in1, ciphertext, error), out);
685 result = CFRetain(ciphertext);
686 } else {
687 result = CFRetain(keyExchangeResult);
688 }
689
690 out:
691 CFReleaseSafe(parameters);
692 CFReleaseSafe(ephemeralPrivateKey);
693 CFReleaseSafe(ephemeralPublicKey);
694 CFReleaseSafe(pubKeyData);
695 CFReleaseSafe(ephemeralPubKeyData);
696 CFReleaseSafe(keyExchangeResult);
697 CFReleaseSafe(ciphertext);
698 context->key = originalKey;
699 return result;
700 }
701
702 static CFTypeRef SecKeyECIESCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
703 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
704 SecKeyECIESDecryptCopyResult decryptCopyResult, bool variableIV,
705 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
706 CFTypeRef result = NULL;
707 CFDictionaryRef parameters = NULL;
708 CFDataRef ephemeralPubKeyData = NULL, keyExchangeResult = NULL, pubKeyData = NULL;
709 SecKeyRef pubKey = NULL;
710 CFDataRef ciphertext = NULL;
711 const UInt8 *ciphertextBuffer = NULL;
712 CFIndex keySize = 0;
713
714 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
715 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
716 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
717 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
718
719 if (context->mode == kSecKeyOperationModePerform) {
720 // Extract ephemeral public key from the packet.
721 keySize = (SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits)) + 7) / 8;
722 require_action_quiet(CFDataGetLength(in1) >= keySize * 2 + 1, out,
723 SecError(errSecParam, error, CFSTR("%@: too small input packet for ECIES decrypt"), context->key));
724 ciphertextBuffer = CFDataGetBytePtr(in1);
725 ephemeralPubKeyData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, keySize * 2 + 1, kCFAllocatorNull);
726 ciphertextBuffer += keySize * 2 + 1;
727
728 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
729 SecError(errSecParam, error, CFSTR("%@: Unable to get public key"), context->key));
730 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
731 }
732
733 // Perform keyExchange operation.
734 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, false,
735 ephemeralPubKeyData, pubKeyData, variableIV, error), out);
736 if (context->mode == kSecKeyOperationModePerform) {
737 // Decrypt ciphertext using AES-GCM.
738 ciphertext = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, CFDataGetLength(in1) - (keySize * 2 + 1),
739 kCFAllocatorNull);
740 require_quiet(result = decryptCopyResult(keyExchangeResult, ciphertext, error), out);
741 } else {
742 result = CFRetain(keyExchangeResult);
743 }
744
745 out:
746 CFReleaseSafe(parameters);
747 CFReleaseSafe(ephemeralPubKeyData);
748 CFReleaseSafe(keyExchangeResult);
749 CFReleaseSafe(pubKeyData);
750 CFReleaseSafe(pubKey);
751 CFReleaseSafe(ciphertext);
752 return result;
753 }
754
755 static const CFIndex kSecKeyIESTagLength = 16;
756 static const UInt8 kSecKeyIESIV[16] = { 0 };
757
758 static CFDataRef SecKeyECIESKeyExchangeKDFX963CopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
759 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
760 CFErrorRef *error) {
761 CFDictionaryRef parameters = NULL;
762 CFNumberRef keySizeRef = NULL;
763 CFDataRef result = NULL;
764
765 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
766 context->operation = kSecKeyOperationTypeKeyExchange;
767
768 if (context->mode == kSecKeyOperationModePerform) {
769 // Use 128bit AES for EC keys <= 256bit, 256bit AES for larger keys.
770 CFIndex keySize = ((CFDataGetLength(pubKey) - 1) / 2) * 8;
771 keySize = (keySize > 256) ? (256 / 8) : (128 / 8);
772
773 if (variableIV) {
774 keySize += sizeof(kSecKeyIESIV);
775 }
776
777 // Generate shared secret using KDF.
778 keySizeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &keySize);
779 parameters = CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
780 kSecKeyKeyExchangeParameterSharedInfo, ephemeralPubKey,
781 kSecKeyKeyExchangeParameterRequestedSize, keySizeRef,
782 NULL);
783 }
784
785 result = SecKeyRunAlgorithmAndCopyResult(context, encrypt ? pubKey : ephemeralPubKey, parameters, error);
786 if (context->mode == kSecKeyOperationModePerform && !variableIV && result != NULL) {
787 // Append all-zero IV to the result.
788 CFMutableDataRef data = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, result);
789 CFDataAppendBytes(data, kSecKeyIESIV, sizeof(kSecKeyIESIV));
790 CFAssignRetained(result, data);
791 }
792 CFReleaseSafe(parameters);
793 CFReleaseSafe(keySizeRef);
794 return result;
795 }
796
797 static Boolean SecKeyECIESEncryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFMutableDataRef result,
798 CFErrorRef *error) {
799 Boolean res = FALSE;
800 CFIndex prefix = CFDataGetLength(result);
801 CFDataSetLength(result, prefix + CFDataGetLength(inData) + kSecKeyIESTagLength);
802 UInt8 *resultBuffer = CFDataGetMutableBytePtr(result) + prefix;
803 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(inData);
804 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
805 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
806 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
807 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
808 sizeof(kSecKeyIESIV), ivBuffer,
809 0, NULL,
810 CFDataGetLength(inData), CFDataGetBytePtr(inData),
811 resultBuffer, kSecKeyIESTagLength, tagBuffer) == 0, out,
812 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm encrypt data")));
813 res = TRUE;
814 out:
815 return res;
816 }
817
818 static CFDataRef SecKeyECIESDecryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFErrorRef *error) {
819 CFDataRef result = NULL;
820 CFMutableDataRef plaintext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData) - kSecKeyIESTagLength);
821 CFMutableDataRef tag = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), kSecKeyIESTagLength);
822 CFDataGetBytes(inData, CFRangeMake(CFDataGetLength(inData) - kSecKeyIESTagLength, kSecKeyIESTagLength),
823 CFDataGetMutableBytePtr(tag));
824 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
825 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
826 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
827 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
828 sizeof(kSecKeyIESIV), ivBuffer,
829 0, NULL,
830 CFDataGetLength(plaintext), CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(plaintext),
831 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
832 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm decrypt data")));
833 result = CFRetain(plaintext);
834 out:
835 CFReleaseSafe(plaintext);
836 CFReleaseSafe(tag);
837 return result;
838 }
839
840 #define ECIES_X963_ADAPTOR(hashname, cofactor, namepart, variableIV) \
841 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIES ## cofactor ## namepart ## hashname( \
842 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
843 return SecKeyECIESCopyEncryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
844 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESEncryptAESGCMCopyResult, variableIV, in1, in2, error); \
845 } \
846 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES ## cofactor ## namepart ## hashname( \
847 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
848 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
849 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESDecryptAESGCMCopyResult, variableIV, in1, in2, error); \
850 }
851
852 ECIES_X963_ADAPTOR(SHA1, Standard, X963, false)
853 ECIES_X963_ADAPTOR(SHA224, Standard, X963, false)
854 ECIES_X963_ADAPTOR(SHA256, Standard, X963, false)
855 ECIES_X963_ADAPTOR(SHA384, Standard, X963, false)
856 ECIES_X963_ADAPTOR(SHA512, Standard, X963, false)
857 ECIES_X963_ADAPTOR(SHA1, Cofactor, X963, false)
858 ECIES_X963_ADAPTOR(SHA224, Cofactor, X963, false)
859 ECIES_X963_ADAPTOR(SHA256, Cofactor, X963, false)
860 ECIES_X963_ADAPTOR(SHA384, Cofactor, X963, false)
861 ECIES_X963_ADAPTOR(SHA512, Cofactor, X963, false)
862
863 ECIES_X963_ADAPTOR(SHA224, Standard, VariableIVX963, true)
864 ECIES_X963_ADAPTOR(SHA256, Standard, VariableIVX963, true)
865 ECIES_X963_ADAPTOR(SHA384, Standard, VariableIVX963, true)
866 ECIES_X963_ADAPTOR(SHA512, Standard, VariableIVX963, true)
867 ECIES_X963_ADAPTOR(SHA224, Cofactor, VariableIVX963, true)
868 ECIES_X963_ADAPTOR(SHA256, Cofactor, VariableIVX963, true)
869 ECIES_X963_ADAPTOR(SHA384, Cofactor, VariableIVX963, true)
870 ECIES_X963_ADAPTOR(SHA512, Cofactor, VariableIVX963, true)
871
872 #undef ECIES_X963_ADAPTOR
873
874 static CFDataRef SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
875 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
876 CFErrorRef *error) {
877 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
878 context->operation = kSecKeyOperationTypeKeyExchange;
879 CFMutableDataRef result = (CFMutableDataRef)SecKeyRunAlgorithmAndCopyResult(context, ephemeralPubKey, NULL, error);
880 if (result != NULL && context->mode == kSecKeyOperationModePerform) {
881 const struct ccdigest_info *di = ccsha256_di();
882 ccdigest_di_decl(di, ctx);
883 ccdigest_init(di, ctx);
884 ccdigest_update(di, ctx, CFDataGetLength(result), CFDataGetBytePtr(result));
885 ccdigest_update(di, ctx, CFDataGetLength(ephemeralPubKey), CFDataGetBytePtr(ephemeralPubKey));
886 ccdigest_update(di, ctx, CFDataGetLength(pubKey), CFDataGetBytePtr(pubKey));
887 CFAssignRetained(result, CFDataCreateMutableWithScratch(kCFAllocatorDefault, di->output_size));
888 ccdigest_final(di, ctx, CFDataGetMutableBytePtr(result));
889 }
890 return result;
891 }
892
893 static CFDataRef SecKeyECIESDecryptAESCBCCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFErrorRef *error) {
894 CFMutableDataRef result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData));
895 cccbc_one_shot(ccaes_cbc_decrypt_mode(),
896 CFDataGetLength(keyExchangeResult), CFDataGetBytePtr(keyExchangeResult),
897 NULL, CFDataGetLength(keyExchangeResult) / CCAES_BLOCK_SIZE,
898 CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(result));
899 return result;
900 }
901
902 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys(
903 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
904 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchangeStandard,
905 SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult,
906 SecKeyECIESDecryptAESCBCCopyResult, false,
907 in1, in2, error);
908 }
909
910 static CFTypeRef SecKeyRSAAESGCMCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
911 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
912 CFTypeRef result = NULL;
913 CFDictionaryRef parameters = NULL;
914 CFDataRef pubKeyData = NULL, wrappedKey = NULL, sessionKey = NULL;
915 CFMutableDataRef ciphertext = NULL;
916
917 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
918 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
919 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
920 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
921
922 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
923 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
924 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
925
926 // Generate session key. Use 128bit AES for RSA keys < 4096bit, 256bit AES for larger keys.
927 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
928 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
929 require_action_quiet(sessionKey = CFDataCreateWithRandomBytes((keySize >= 4096) ? (256 / 8) : (128 / 8)), out,
930 SecError(errSecParam, error, CFSTR("Failed to generate session key")));
931
932 // Encrypt session key using wrapping algorithm and store at the beginning of the result packet.
933 require_action_quiet(wrappedKey = SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error), out,
934 CFReleaseNull(result));
935 ciphertext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(wrappedKey) + CFDataGetLength(in1) + kSecKeyIESTagLength);
936 UInt8 *resultBuffer = CFDataGetMutableBytePtr(ciphertext);
937 CFDataGetBytes(wrappedKey, CFRangeMake(0, CFDataGetLength(wrappedKey)), resultBuffer);
938 resultBuffer += CFDataGetLength(wrappedKey);
939
940 // Encrypt input data using AES-GCM.
941 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(in1);
942 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
943 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
944 sizeof(kSecKeyIESIV), kSecKeyIESIV,
945 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
946 CFDataGetLength(in1), CFDataGetBytePtr(in1), resultBuffer,
947 kSecKeyIESTagLength, tagBuffer) == 0, out,
948 SecError(errSecParam, error, CFSTR("RSAWRAP: Failed to aes-gcm encrypt data")));
949 result = CFRetain(ciphertext);
950
951 out:
952 CFReleaseSafe(parameters);
953 CFReleaseSafe(pubKeyData);
954 CFReleaseSafe(wrappedKey);
955 CFReleaseSafe(sessionKey);
956 CFReleaseSafe(ciphertext);
957 return result;
958 }
959
960 static CFTypeRef SecKeyRSAAESGCMCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
961 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
962 CFTypeRef result = NULL;
963 CFDictionaryRef parameters = NULL;
964 CFMutableDataRef plaintext = NULL, tag = NULL;
965 CFDataRef pubKeyData = NULL, sessionKey = NULL;
966 SecKeyRef pubKey = NULL;
967
968 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
969 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
970 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
971 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
972
973 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
974 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
975 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
976
977 // Extract encrypted session key.
978 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
979 SecError(errSecParam, error, CFSTR("%@: unable to get public key"), context->key));
980 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
981
982 CFIndex wrappedKeySize = SecKeyGetBlockSize(context->key);
983 require_action_quiet(CFDataGetLength(in1) >= wrappedKeySize + kSecKeyIESTagLength, out,
984 SecError(errSecParam, error, CFSTR("RSA-WRAP too short input data")));
985 sessionKey = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, CFDataGetBytePtr(in1), wrappedKeySize, kCFAllocatorNull);
986
987 // Decrypt session key.
988 CFAssignRetained(sessionKey, SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error));
989 require_quiet(sessionKey, out);
990 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
991 keySize = (keySize >= 4096) ? (256 / 8) : (128 / 8);
992 require_action_quiet(CFDataGetLength(sessionKey) == keySize, out,
993 SecError(errSecParam, error, CFSTR("RSA-WRAP bad ciphertext, unexpected session key size")));
994
995 // Decrypt ciphertext using AES-GCM.
996 plaintext = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), CFDataGetLength(in1) - wrappedKeySize - kSecKeyIESTagLength);
997 tag = CFDataCreateMutableWithScratch(kCFAllocatorDefault, kSecKeyIESTagLength);
998 CFDataGetBytes(in1, CFRangeMake(CFDataGetLength(in1) - kSecKeyIESTagLength, kSecKeyIESTagLength),
999 CFDataGetMutableBytePtr(tag));
1000 const UInt8 *ciphertextBuffer = CFDataGetBytePtr(in1);
1001 ciphertextBuffer += wrappedKeySize;
1002 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
1003 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1004 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1005 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1006 CFDataGetLength(plaintext), ciphertextBuffer, CFDataGetMutableBytePtr(plaintext),
1007 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
1008 SecError(errSecParam, error, CFSTR("RSA-WRAP: Failed to aes-gcm decrypt data")));
1009 result = CFRetain(plaintext);
1010
1011 out:
1012 CFReleaseSafe(parameters);
1013 CFReleaseSafe(sessionKey);
1014 CFReleaseSafe(tag);
1015 CFReleaseSafe(pubKeyData);
1016 CFReleaseSafe(pubKey);
1017 CFReleaseSafe(plaintext);
1018 return result;
1019 }
1020
1021 #define RSA_OAEP_AESGCM_ADAPTOR(hashname) \
1022 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1023 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1024 return SecKeyRSAAESGCMCopyEncryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1025 } \
1026 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1027 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1028 return SecKeyRSAAESGCMCopyDecryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1029 }
1030
1031 RSA_OAEP_AESGCM_ADAPTOR(SHA1)
1032 RSA_OAEP_AESGCM_ADAPTOR(SHA224)
1033 RSA_OAEP_AESGCM_ADAPTOR(SHA256)
1034 RSA_OAEP_AESGCM_ADAPTOR(SHA384)
1035 RSA_OAEP_AESGCM_ADAPTOR(SHA512)
1036
1037 #undef RSA_OAEP_AESGCM_ADAPTOR
1038
1039 SecKeyAlgorithmAdaptor SecKeyGetAlgorithmAdaptor(SecKeyOperationType operation, SecKeyAlgorithm algorithm) {
1040 static CFDictionaryRef adaptors[kSecKeyOperationTypeCount];
1041 static dispatch_once_t onceToken;
1042 dispatch_once(&onceToken, ^{
1043 const void *signKeys[] = {
1044 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1045 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1046 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1047 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1048 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1049 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1050 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1051
1052 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1053 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1054 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1055 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1056 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1057
1058 kSecKeyAlgorithmRSASignatureRaw,
1059 kSecKeyAlgorithmRSASignatureRawCCUnit,
1060
1061 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1062 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1063 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1064 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1065 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1066 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1067
1068 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1069 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1070 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1071 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1072 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1073
1074 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1075 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1076 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1077 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1078 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1079
1080 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1081 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1082 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1083 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1084 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1085 };
1086 const void *signValues[] = {
1087 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA1,
1088 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA224,
1089 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA256,
1090 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA384,
1091 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA512,
1092 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15Raw,
1093 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15MD5,
1094
1095 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA1,
1096 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA224,
1097 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA256,
1098 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA384,
1099 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA512,
1100
1101 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw,
1102 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit,
1103
1104 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1105 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1106 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1107 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1108 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1109 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1110
1111 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1112 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1113 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1114 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1115 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1116
1117 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1118 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1119 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1120 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1121 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1122
1123 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1124 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1125 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1126 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1127 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1128 };
1129 check_compile_time(array_size(signKeys) == array_size(signValues));
1130 adaptors[kSecKeyOperationTypeSign] = CFDictionaryCreate(kCFAllocatorDefault, signKeys, signValues,
1131 array_size(signKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1132
1133 const void *verifyKeys[] = {
1134 kSecKeyAlgorithmRSASignatureRaw,
1135
1136 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1137 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1138 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1139 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1140 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1141 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1142 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1143
1144 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1145 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1146 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1147 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1148 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1149
1150 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1151 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1152 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1153 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1154 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1155 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1156
1157 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1158 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1159 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1160 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1161 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1162
1163 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1164 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1165 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1166 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1167 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1168
1169 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1170 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1171 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1172 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1173 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1174 };
1175 const void *verifyValues[] = {
1176 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw,
1177
1178 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA1,
1179 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA224,
1180 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA256,
1181 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA384,
1182 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA512,
1183 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15Raw,
1184 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15MD5,
1185
1186 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA1,
1187 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA224,
1188 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA256,
1189 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA384,
1190 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA512,
1191
1192 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1193 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1194 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1195 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1196 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1197 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1198
1199 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1200 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1201 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1202 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1203 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1204
1205 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1206 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1207 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1208 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1209 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1210
1211 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1212 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1213 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1214 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1215 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1216 };
1217 check_compile_time(array_size(verifyKeys) == array_size(verifyValues));
1218 adaptors[kSecKeyOperationTypeVerify] = CFDictionaryCreate(kCFAllocatorDefault, verifyKeys, verifyValues,
1219 array_size(verifyKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1220
1221 const void *encryptKeys[] = {
1222 kSecKeyAlgorithmRSAEncryptionRaw,
1223 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1224
1225 kSecKeyAlgorithmRSAEncryptionPKCS1,
1226 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1227 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1228 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1229 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1230 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1231
1232 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1233 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1234 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1235 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1236 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1237
1238 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1239 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1240 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1241 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1242 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1243
1244 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1245 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1246 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1247 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1248 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1249
1250 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1251 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1252 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1253 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1254
1255 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1256 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1257 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1258 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1259 };
1260 const void *encryptValues[] = {
1261 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1262 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1263
1264 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1,
1265 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1,
1266 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224,
1267 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256,
1268 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384,
1269 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512,
1270
1271 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1AESGCM,
1272 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224AESGCM,
1273 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256AESGCM,
1274 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384AESGCM,
1275 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512AESGCM,
1276
1277 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA1,
1278 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA224,
1279 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA256,
1280 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA384,
1281 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA512,
1282
1283 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA1,
1284 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA224,
1285 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA256,
1286 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA384,
1287 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA512,
1288
1289 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA224,
1290 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA256,
1291 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA384,
1292 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA512,
1293
1294 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA224,
1295 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA256,
1296 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA384,
1297 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA512,
1298 };
1299 check_compile_time(array_size(encryptKeys) == array_size(encryptValues));
1300 adaptors[kSecKeyOperationTypeEncrypt] = CFDictionaryCreate(kCFAllocatorDefault, encryptKeys, encryptValues,
1301 array_size(encryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1302
1303 const void *decryptKeys[] = {
1304 kSecKeyAlgorithmRSAEncryptionRaw,
1305 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1306
1307 kSecKeyAlgorithmRSAEncryptionPKCS1,
1308 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1309 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1310 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1311 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1312 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1313
1314 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1315 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1316 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1317 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1318 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1319
1320 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1321 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1322 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1323 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1324 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1325
1326 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1327 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1328 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1329 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1330 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1331
1332 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1333 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1334 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1335 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1336
1337 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1338 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1339 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1340 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1341
1342 kSecKeyAlgorithmECIESEncryptionAKSSmartCard,
1343 };
1344 const void *decryptValues[] = {
1345 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1346 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1347
1348 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1,
1349 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1,
1350 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224,
1351 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256,
1352 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384,
1353 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512,
1354
1355 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1AESGCM,
1356 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224AESGCM,
1357 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256AESGCM,
1358 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384AESGCM,
1359 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512AESGCM,
1360
1361 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA1,
1362 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA224,
1363 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA256,
1364 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA384,
1365 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA512,
1366
1367 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA1,
1368 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA224,
1369 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA256,
1370 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA384,
1371 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA512,
1372
1373 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA224,
1374 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA256,
1375 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA384,
1376 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA512,
1377
1378 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA224,
1379 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA256,
1380 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA384,
1381 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA512,
1382
1383 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys,
1384 };
1385 check_compile_time(array_size(decryptKeys) == array_size(decryptValues));
1386 adaptors[kSecKeyOperationTypeDecrypt] = CFDictionaryCreate(kCFAllocatorDefault, decryptKeys, decryptValues,
1387 array_size(decryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1388
1389 const void *keyExchangeKeys[] = {
1390 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1,
1391 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224,
1392 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256,
1393 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384,
1394 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512,
1395
1396 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1,
1397 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224,
1398 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256,
1399 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384,
1400 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512,
1401 };
1402 const void *keyExchangeValues[] = {
1403
1404 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA1,
1405 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA224,
1406 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA256,
1407 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA384,
1408 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA512,
1409
1410 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA1,
1411 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA224,
1412 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA256,
1413 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA384,
1414 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA512,
1415 };
1416 check_compile_time(array_size(keyExchangeKeys) == array_size(keyExchangeKeys));
1417 adaptors[kSecKeyOperationTypeKeyExchange] = CFDictionaryCreate(kCFAllocatorDefault, keyExchangeKeys, keyExchangeValues,
1418 array_size(keyExchangeKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1419 });
1420
1421 return CFDictionaryGetValue(adaptors[operation], algorithm);
1422 }