5 #import <Foundation/Foundation.h>
7 #if TARGET_OS_IOS && !TARGET_OS_SIMULATOR
8 #import "SecureKeyVaultPublic.h"
9 #import <Security/SecKey.h>
11 #import "shared_regressions.h"
13 static void testFileVaultKeyRawSign() {
14 id key = CFBridgingRelease(SecKeyCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
15 id certificate = CFBridgingRelease(SecCertificateCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
16 id pubKey = CFBridgingRelease(SecCertificateCopyPublicKey((SecCertificateRef)certificate));
18 uint8_t hash[20] = { 0 };
19 uint8_t signature[256] = { 0 };
20 size_t siglen = sizeof(signature);
21 ok_status(SecKeyRawSign((SecKeyRef)key, kSecPaddingPKCS1SHA1, hash, sizeof(hash), signature, &siglen), "rawSign for fileVault failed");
22 ok_status(SecKeyRawVerify((SecKeyRef)pubKey, kSecPaddingPKCS1SHA1, hash, sizeof(hash), signature, siglen), "rawverify for fileVault failed");
25 static void testFileVaultKeySign() {
26 NSData *data = [@"dataToSign" dataUsingEncoding:NSUTF8StringEncoding];
28 SecKeyAlgorithm algorithm = NULL;
30 id key = CFBridgingRelease(SecKeyCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
31 id certificate = CFBridgingRelease(SecCertificateCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
32 id pubKey = CFBridgingRelease(SecCertificateCopyPublicKey((SecCertificateRef)certificate));
34 algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1;
36 signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
37 ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
38 ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
40 algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256;
42 signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
43 ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
44 ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
46 algorithm = kSecKeyAlgorithmRSASignatureMessagePSSSHA1;
48 signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
49 ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
50 ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
52 algorithm = kSecKeyAlgorithmRSASignatureMessagePSSSHA256;
54 signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
55 ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
56 ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
59 int si_44_seckey_fv(int argc, char *const *argv) {
62 testFileVaultKeyRawSign();
63 testFileVaultKeySign();