]> git.saurik.com Git - apple/security.git/blob - OSX/shared_regressions/si-44-seckey-proxy.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / OSX / shared_regressions / si-44-seckey-proxy.m
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #import <Foundation/Foundation.h>
26 #import <Security/SecKeyPriv.h>
27 #import <Security/SecIdentityPriv.h>
28 #import <Security/SecKeyProxy.h>
29
30 #import "shared_regressions.h"
31
32 static void test_key_proxy_connect() {
33 NSError *error;
34 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(256)}, (void *)&error));
35 ok(serverKey != NULL, "generated local ec256 keypair");
36 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
37 SecKeyRef localKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
38 isnt(localKey, NULL, "connected to remote key, error %@", error);
39 ok(CFGetTypeID(localKey) == SecKeyGetTypeID(), "Connected key is really SecKey");
40
41 // Try another connection to the proxy.
42 SecKeyRef secondKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
43 isnt(secondKey, NULL, "2nd connection should not be refused");
44 isnt(SecKeyGetBlockSize(secondKey), (size_t)0, "2nd connections working normally");
45
46 // Even after deleting (not invalidating!) proxy, existing connections should work right.
47 NSXPCListenerEndpoint *endpoint = keyProxy.endpoint;
48 keyProxy = nil;
49
50 // However, connection to it should not be possible any more.
51 CFRelease(secondKey);
52 secondKey = [SecKeyProxy createKeyFromEndpoint:endpoint error:&error];
53 is(secondKey, NULL, "connecting to deleted proxy should not be possible");
54
55 // Create new proxy and invalidate it (idempotent, so we try invalidate multiple times).
56 keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
57 endpoint = keyProxy.endpoint;
58 [keyProxy invalidate];
59 [keyProxy invalidate];
60 secondKey = [SecKeyProxy createKeyFromEndpoint:endpoint error:&error];
61 is(secondKey, NULL, "connection to invalidated proxy should be refused.");
62
63 // Invalidate connected proxy, make sure that remote key does not work as expected.
64 keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
65 secondKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
66 isnt(secondKey, NULL, "connecting to proxy failed.");
67
68 is(SecKeyGetBlockSize((__bridge SecKeyRef)serverKey), SecKeyGetBlockSize(secondKey), "connected key should work fine");
69 [keyProxy invalidate];
70 is(SecKeyGetBlockSize(secondKey), (size_t)0, "disconnected key should fail");
71 CFRelease(secondKey);
72 }
73 static const int TestKeyProxyConnectCount = 10;
74
75 static void test_key_proxy_simple_ops() {
76 NSError *error;
77 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(256)}, (void *)&error));
78 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
79 id localKey = CFBridgingRelease([SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error]);
80 NSDictionary *serverAttributes = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)serverKey));
81 NSDictionary *localAttributes = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)localKey));
82 isnt(localAttributes, nil, "attributes for local remote key failed");
83 ok([serverAttributes isEqual:localAttributes], "local and remote attributes should be identical");
84
85 // Just call description, there is no sane way to test the contents, not crashing is enough.
86 CFBridgingRelease(CFCopyDescription((SecKeyRef)localKey));
87
88 is(SecKeyGetAlgorithmId((__bridge SecKeyRef)serverKey), SecKeyGetAlgorithmId((__bridge SecKeyRef)localKey), "GetAlgorithmId failed for remote");
89 }
90 static const int TestKeyProxySimpleOpsCount = 3;
91
92 static void test_crypto_sign(id key1, id key2, SecKeyAlgorithm algorithm) {
93 id pk1 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key1));
94 isnt(pk1, nil, "failed to get pubkey from key %@", key1);
95 id pk2 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key2));
96 isnt(pk2, nil, "failed to get pubkey from key %@", key2);
97
98 NSData *message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
99 NSError *error;
100 NSData *signature1 = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key1, algorithm, (CFDataRef)message, (void *)&error));
101 isnt(signature1, nil, "failed to sign data with algorithm %@: %@", algorithm, error);
102 ok(SecKeyVerifySignature((SecKeyRef)pk2, algorithm, (CFDataRef)message, (CFDataRef)signature1, (void *)&error), "failed to verify data with algorithm %@: %@", algorithm, error);
103
104 message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
105 error = nil;
106 NSData *signature2 = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key2, algorithm, (CFDataRef)message, (void *)&error));
107 isnt(signature2, nil, "failed to sign data with algorithm %@: %@", algorithm, error);
108 ok(SecKeyVerifySignature((SecKeyRef)pk1, algorithm, (CFDataRef)message, (CFDataRef)signature1, (void *)&error), "failed to verify data with algorithm %@: %@", algorithm, error);
109 }
110 static const int TestKeyCryptoSignCount = 6;
111
112 static void test_crypto_encrypt(id key1, id key2, SecKeyAlgorithm algorithm) {
113 id pk1 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key1));
114 isnt(pk1, nil, "failed to get pubkey from key %@", key1);
115 id pk2 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key2));
116 isnt(pk2, nil, "failed to get pubkey from key %@", key2);
117
118 NSData *message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
119 NSError *error;
120 NSData *ciphertext1 = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)pk1, algorithm, (CFDataRef)message, (void *)&error));
121 isnt(ciphertext1, nil, "failed to encrypt data with algorithm %@: %@", algorithm, error);
122 NSData *plaintext1 = CFBridgingRelease(SecKeyCreateDecryptedData((SecKeyRef)key2, algorithm, (CFDataRef)ciphertext1, (void *)&error));
123 ok([plaintext1 isEqualToData:message], "encrypt/decrypt differs from message: %@ vs %@", message, plaintext1);
124
125 message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
126 error = nil;
127 NSData *ciphertext2 = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)pk2, algorithm, (CFDataRef)message, (void *)&error));
128 isnt(ciphertext2, nil, "failed to encrypt data with algorithm %@: %@", algorithm, error);
129 NSData *plaintext2 = CFBridgingRelease(SecKeyCreateDecryptedData((SecKeyRef)key1, algorithm, (CFDataRef)ciphertext2, (void *)&error));
130 ok([plaintext2 isEqualToData:message], "encrypt/decrypt differs from message: %@ vs %@", message, plaintext2);
131 }
132 static const int TestKeyCryptoEncryptCount = 6;
133
134 static void test_crypto_kxchg(id key1, id key2, SecKeyAlgorithm algorithm) {
135 id pk1 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key1));
136 isnt(pk1, nil, "failed to get pubkey from key %@", key1);
137 id pk2 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key2));
138 isnt(pk2, nil, "failed to get pubkey from key %@", key2);
139
140 NSError *error;
141 NSData *result1 = CFBridgingRelease(SecKeyCopyKeyExchangeResult((SecKeyRef)key1, algorithm, (SecKeyRef)pk2, (CFDictionaryRef)@{}, (void *)&error));
142 isnt(result1, nil, "failed to keyexchange data with algorithm %@: %@", algorithm, error);
143 NSData *result2 = CFBridgingRelease(SecKeyCopyKeyExchangeResult((SecKeyRef)key2, algorithm, (SecKeyRef)pk1, (CFDictionaryRef)@{}, (void *)&error));
144 isnt(result1, nil, "failed to keyexchange data with algorithm %@: %@", algorithm, error);
145 ok([result1 isEqualToData:result2], "keyexchange results differ!");
146 }
147 static const int TestKeyCryptoKeyExchange = 5;
148
149 static void test_key_proxy_crypto_ops_RSA() {
150 NSError *error;
151 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @(2048)}, (void *)&error));
152 ok(serverKey != NULL, "generated local rsa2048 keypair: %@", error);
153 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
154 id localKey = CFBridgingRelease([SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error]);
155 isnt(localKey, NULL, "connected to remote key, error %@", error);
156
157 test_crypto_sign(localKey, serverKey, kSecKeyAlgorithmRSASignatureMessagePSSSHA1);
158 test_crypto_sign(serverKey, localKey, kSecKeyAlgorithmRSASignatureMessagePSSSHA256);
159
160 test_crypto_encrypt(localKey, serverKey, kSecKeyAlgorithmRSAEncryptionOAEPSHA1);
161 test_crypto_encrypt(serverKey, localKey, kSecKeyAlgorithmRSAEncryptionOAEPSHA256);
162 }
163 static const int TestKeyCryptoOpsRSACount = 2 + TestKeyCryptoSignCount * 2 + TestKeyCryptoEncryptCount * 2;
164
165 static void test_key_proxy_crypto_ops_EC() {
166 NSError *error;
167 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(256)}, (void *)&error));
168 ok(serverKey != NULL, "generated local ec256 keypair: %@", error);
169 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
170 id localKey = CFBridgingRelease([SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error]);
171 isnt(localKey, NULL, "connected to remote key, error %@", error);
172
173 test_crypto_sign(localKey, serverKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1);
174 test_crypto_sign(serverKey, localKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA256);
175
176 test_crypto_encrypt(localKey, serverKey, kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM);
177 test_crypto_encrypt(serverKey, localKey, kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM);
178
179 test_crypto_kxchg(localKey, serverKey, kSecKeyAlgorithmECDHKeyExchangeStandard);
180 }
181 static const int TestKeyCryptoOpsECCount = 2 + TestKeyCryptoSignCount * 2 + TestKeyCryptoEncryptCount * 2 + TestKeyCryptoKeyExchange * 1;
182
183 /*
184 Bag Attributes
185 friendlyName: uranusLeaf
186 localKeyID: 46 E0 8A 05 63 4D 17 3F CA A4 AA B6 5A DA CF BA 84 22 7C 23
187 subject=/CN=uranusLeaf/emailAddress=uranus@uranus.com
188 issuer=/CN=plutoCA/emailAddress=pluto@pluto.com
189 */
190 static const uint8_t _c1[] = {
191 0x30, 0x82, 0x02, 0xe0, 0x30, 0x82, 0x01, 0xc8,
192 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
193 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
194 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x30, 0x32, 0x31,
195 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03,
196 0x0c, 0x07, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x43,
197 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x09, 0x2a,
198 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
199 0x0c, 0x0f, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x40,
200 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x2e, 0x63, 0x6f,
201 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x35, 0x31,
202 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x34, 0x32,
203 0x35, 0x5a, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x32,
204 0x31, 0x37, 0x30, 0x30, 0x30, 0x34, 0x32, 0x35,
205 0x5a, 0x30, 0x37, 0x31, 0x13, 0x30, 0x11, 0x06,
206 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0a, 0x75, 0x72,
207 0x61, 0x6e, 0x75, 0x73, 0x4c, 0x65, 0x61, 0x66,
208 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86,
209 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x0c,
210 0x11, 0x75, 0x72, 0x61, 0x6e, 0x75, 0x73, 0x40,
211 0x75, 0x72, 0x61, 0x6e, 0x75, 0x73, 0x2e, 0x63,
212 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
213 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
214 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
215 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
216 0x01, 0x01, 0x00, 0xa6, 0x82, 0x8e, 0xc6, 0x7e,
217 0xc9, 0x8c, 0x99, 0x6f, 0xb0, 0x62, 0x32, 0x35,
218 0xe7, 0xdb, 0xff, 0x34, 0x84, 0xdc, 0x72, 0xa8,
219 0xef, 0x22, 0x6f, 0x93, 0x63, 0x64, 0x80, 0x80,
220 0x5d, 0x50, 0x7e, 0xb4, 0x2e, 0x1b, 0x93, 0x93,
221 0x49, 0xca, 0xae, 0xcd, 0x34, 0x44, 0x4b, 0xd7,
222 0xfa, 0x9f, 0x3c, 0xfc, 0x9e, 0x65, 0xa9, 0xfb,
223 0x5e, 0x5d, 0x18, 0xa3, 0xf8, 0xb0, 0x08, 0xac,
224 0x8f, 0xfd, 0x03, 0xcb, 0xbd, 0x7f, 0xa0, 0x2a,
225 0xa6, 0xea, 0xca, 0xa3, 0x24, 0xef, 0x7c, 0xc3,
226 0xeb, 0x95, 0xcb, 0x90, 0x3f, 0x5e, 0xde, 0x78,
227 0xf2, 0x3d, 0x32, 0x72, 0xdb, 0x33, 0x6e, 0x9b,
228 0x52, 0x9f, 0x0c, 0x60, 0x4a, 0x24, 0xa1, 0xf6,
229 0x3b, 0x80, 0xbd, 0xa1, 0xdc, 0x40, 0x03, 0xe7,
230 0xa0, 0x59, 0x1f, 0xdb, 0xb4, 0xed, 0x57, 0xdc,
231 0x74, 0x0d, 0x99, 0x5a, 0x12, 0x74, 0x64, 0xaa,
232 0xb6, 0xa5, 0x96, 0x75, 0xf9, 0x42, 0x43, 0xe2,
233 0x52, 0xc2, 0x57, 0x23, 0x75, 0xd7, 0xa9, 0x4f,
234 0x07, 0x32, 0x99, 0xbd, 0x3d, 0x44, 0xbd, 0x04,
235 0x62, 0xe5, 0xb7, 0x2c, 0x0c, 0x11, 0xc5, 0xb2,
236 0x2e, 0xc4, 0x12, 0x1d, 0x7f, 0x42, 0x1e, 0x71,
237 0xaf, 0x39, 0x2b, 0x78, 0x47, 0x92, 0x23, 0x44,
238 0xef, 0xe3, 0xc1, 0x47, 0x69, 0x5a, 0xf1, 0x48,
239 0xaa, 0x37, 0xa4, 0x94, 0x6b, 0x96, 0xe5, 0x4b,
240 0xfd, 0x05, 0xc7, 0x9c, 0xcc, 0x38, 0xd1, 0x47,
241 0x85, 0x60, 0x7f, 0xef, 0xe9, 0x2e, 0x25, 0x08,
242 0xf8, 0x7d, 0x98, 0xdd, 0x6c, 0xeb, 0x4a, 0x32,
243 0x33, 0x44, 0x0b, 0x61, 0xb3, 0xf9, 0xae, 0x26,
244 0x41, 0xb5, 0x38, 0xdb, 0xcf, 0x13, 0x72, 0x23,
245 0x5b, 0x66, 0x20, 0x86, 0x4d, 0x24, 0xc2, 0xd4,
246 0x94, 0xde, 0xe3, 0x24, 0xb7, 0xcd, 0x75, 0x9e,
247 0x1d, 0x9f, 0xbc, 0xd0, 0x60, 0x34, 0x7d, 0xf8,
248 0xcb, 0x41, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01,
249 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
250 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
251 0x82, 0x01, 0x01, 0x00, 0x17, 0xa5, 0x22, 0xed,
252 0xb8, 0x3e, 0x1f, 0x11, 0x99, 0xc5, 0xba, 0x28,
253 0x3e, 0x7e, 0xa6, 0xeb, 0x02, 0x81, 0x06, 0xa1,
254 0xc6, 0x80, 0xb9, 0x7e, 0x5c, 0x5a, 0x63, 0xe0,
255 0x8d, 0xeb, 0xd0, 0xec, 0x9c, 0x3a, 0x94, 0x64,
256 0x7c, 0x13, 0x54, 0x0d, 0xd6, 0xe3, 0x27, 0x88,
257 0xa6, 0xd2, 0x4b, 0x36, 0xdd, 0x2e, 0xfa, 0x94,
258 0xe5, 0x03, 0x27, 0xc9, 0xa6, 0x31, 0x02, 0xea,
259 0x40, 0x77, 0x2e, 0x93, 0xc4, 0x4d, 0xe2, 0x70,
260 0xe2, 0x67, 0x1c, 0xa8, 0x0d, 0xcd, 0x1a, 0x72,
261 0x86, 0x2c, 0xea, 0xdc, 0x7f, 0x8c, 0x49, 0x2c,
262 0xe7, 0x99, 0x13, 0xda, 0x3f, 0x58, 0x9e, 0xf5,
263 0x4d, 0x3c, 0x8c, 0x1c, 0xed, 0x85, 0xa7, 0xe2,
264 0xae, 0xda, 0x5f, 0xbe, 0x36, 0x1c, 0x9f, 0x5a,
265 0xa0, 0xdc, 0x2a, 0xc0, 0xee, 0x71, 0x07, 0x26,
266 0x8b, 0xe8, 0x8a, 0xf8, 0x2d, 0x36, 0x78, 0xc9,
267 0x79, 0xfa, 0xbe, 0x98, 0x59, 0x95, 0x12, 0x24,
268 0xf1, 0xda, 0x20, 0xc7, 0x78, 0xf9, 0x7c, 0x6a,
269 0x24, 0x43, 0x82, 0xa8, 0x0f, 0xb1, 0x7d, 0x94,
270 0xaa, 0x30, 0x35, 0xe5, 0x69, 0xdc, 0x0a, 0x0e,
271 0xaf, 0x10, 0x5e, 0x1a, 0x81, 0x50, 0x5c, 0x7e,
272 0x24, 0xb3, 0x07, 0x65, 0x4b, 0xc1, 0x7e, 0xc6,
273 0x38, 0xdb, 0xd3, 0x6a, 0xf0, 0xd8, 0x85, 0x61,
274 0x9a, 0x9f, 0xfe, 0x02, 0x46, 0x29, 0xb2, 0x9a,
275 0xe2, 0x04, 0xe7, 0x72, 0xcc, 0x87, 0x46, 0xba,
276 0x7d, 0xa8, 0xf9, 0xd0, 0x0f, 0x29, 0xfc, 0xfd,
277 0xd1, 0xd0, 0x7f, 0x36, 0xc1, 0xd8, 0x7d, 0x88,
278 0x03, 0x62, 0xf5, 0x8c, 0x00, 0xb5, 0xc2, 0x81,
279 0x44, 0x67, 0x58, 0x11, 0xb4, 0x3a, 0xbb, 0xd1,
280 0x8c, 0x94, 0x20, 0x60, 0xea, 0xa0, 0xac, 0xc1,
281 0xf1, 0x08, 0x54, 0xb8, 0xf6, 0x5e, 0xac, 0xf1,
282 0xec, 0x78, 0x69, 0x9d, 0x7e, 0x4d, 0x06, 0x3b,
283 0x9b, 0x78, 0x78, 0x10
284 };
285
286 /*
287 Bag Attributes
288 friendlyName: uranusLeaf
289 localKeyID: 46 E0 8A 05 63 4D 17 3F CA A4 AA B6 5A DA CF BA 84 22 7C 23
290 Key Attributes: <No Attributes>
291 */
292 static const uint8_t _k1[] = {
293 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02,
294 0x82, 0x01, 0x01, 0x00, 0xa6, 0x82, 0x8e, 0xc6,
295 0x7e, 0xc9, 0x8c, 0x99, 0x6f, 0xb0, 0x62, 0x32,
296 0x35, 0xe7, 0xdb, 0xff, 0x34, 0x84, 0xdc, 0x72,
297 0xa8, 0xef, 0x22, 0x6f, 0x93, 0x63, 0x64, 0x80,
298 0x80, 0x5d, 0x50, 0x7e, 0xb4, 0x2e, 0x1b, 0x93,
299 0x93, 0x49, 0xca, 0xae, 0xcd, 0x34, 0x44, 0x4b,
300 0xd7, 0xfa, 0x9f, 0x3c, 0xfc, 0x9e, 0x65, 0xa9,
301 0xfb, 0x5e, 0x5d, 0x18, 0xa3, 0xf8, 0xb0, 0x08,
302 0xac, 0x8f, 0xfd, 0x03, 0xcb, 0xbd, 0x7f, 0xa0,
303 0x2a, 0xa6, 0xea, 0xca, 0xa3, 0x24, 0xef, 0x7c,
304 0xc3, 0xeb, 0x95, 0xcb, 0x90, 0x3f, 0x5e, 0xde,
305 0x78, 0xf2, 0x3d, 0x32, 0x72, 0xdb, 0x33, 0x6e,
306 0x9b, 0x52, 0x9f, 0x0c, 0x60, 0x4a, 0x24, 0xa1,
307 0xf6, 0x3b, 0x80, 0xbd, 0xa1, 0xdc, 0x40, 0x03,
308 0xe7, 0xa0, 0x59, 0x1f, 0xdb, 0xb4, 0xed, 0x57,
309 0xdc, 0x74, 0x0d, 0x99, 0x5a, 0x12, 0x74, 0x64,
310 0xaa, 0xb6, 0xa5, 0x96, 0x75, 0xf9, 0x42, 0x43,
311 0xe2, 0x52, 0xc2, 0x57, 0x23, 0x75, 0xd7, 0xa9,
312 0x4f, 0x07, 0x32, 0x99, 0xbd, 0x3d, 0x44, 0xbd,
313 0x04, 0x62, 0xe5, 0xb7, 0x2c, 0x0c, 0x11, 0xc5,
314 0xb2, 0x2e, 0xc4, 0x12, 0x1d, 0x7f, 0x42, 0x1e,
315 0x71, 0xaf, 0x39, 0x2b, 0x78, 0x47, 0x92, 0x23,
316 0x44, 0xef, 0xe3, 0xc1, 0x47, 0x69, 0x5a, 0xf1,
317 0x48, 0xaa, 0x37, 0xa4, 0x94, 0x6b, 0x96, 0xe5,
318 0x4b, 0xfd, 0x05, 0xc7, 0x9c, 0xcc, 0x38, 0xd1,
319 0x47, 0x85, 0x60, 0x7f, 0xef, 0xe9, 0x2e, 0x25,
320 0x08, 0xf8, 0x7d, 0x98, 0xdd, 0x6c, 0xeb, 0x4a,
321 0x32, 0x33, 0x44, 0x0b, 0x61, 0xb3, 0xf9, 0xae,
322 0x26, 0x41, 0xb5, 0x38, 0xdb, 0xcf, 0x13, 0x72,
323 0x23, 0x5b, 0x66, 0x20, 0x86, 0x4d, 0x24, 0xc2,
324 0xd4, 0x94, 0xde, 0xe3, 0x24, 0xb7, 0xcd, 0x75,
325 0x9e, 0x1d, 0x9f, 0xbc, 0xd0, 0x60, 0x34, 0x7d,
326 0xf8, 0xcb, 0x41, 0x39, 0x02, 0x03, 0x01, 0x00,
327 0x01, 0x02, 0x82, 0x01, 0x00, 0x4d, 0x27, 0xf2,
328 0x40, 0xc8, 0x3f, 0x5c, 0x87, 0x3c, 0xd9, 0xde,
329 0xa6, 0xa5, 0x93, 0xea, 0xbd, 0x36, 0xf8, 0xd9,
330 0xad, 0xc7, 0xda, 0x07, 0x7a, 0xec, 0x31, 0x02,
331 0x41, 0x09, 0x3a, 0x34, 0x32, 0x82, 0x0b, 0x5b,
332 0x7b, 0xe6, 0xa4, 0x2a, 0xe7, 0x14, 0xef, 0x43,
333 0x36, 0x61, 0xbe, 0x20, 0x4b, 0x82, 0x43, 0x63,
334 0x98, 0x80, 0x82, 0x19, 0x61, 0x71, 0x99, 0xaa,
335 0xf8, 0x59, 0xfd, 0xde, 0xa0, 0x03, 0xa8, 0xab,
336 0x9a, 0xec, 0x28, 0xac, 0x63, 0x79, 0x75, 0x84,
337 0x03, 0xac, 0x45, 0x5e, 0x04, 0x15, 0xb3, 0x47,
338 0xa2, 0x8f, 0x28, 0xb0, 0x72, 0xd0, 0x06, 0x02,
339 0xaf, 0x1e, 0x0a, 0x0a, 0xe9, 0x11, 0x35, 0x4a,
340 0x04, 0x42, 0xb5, 0x0f, 0xd2, 0xcf, 0x4d, 0xdf,
341 0xdb, 0xef, 0x58, 0xbd, 0xf3, 0xa5, 0x3b, 0x11,
342 0x3f, 0xc5, 0x47, 0x81, 0x85, 0xad, 0xd7, 0x1f,
343 0x58, 0x06, 0x42, 0xdc, 0x37, 0x3c, 0xdb, 0x98,
344 0x33, 0xa1, 0xc6, 0x80, 0x07, 0xe0, 0x2b, 0xc5,
345 0xf5, 0x60, 0x35, 0x6a, 0xa2, 0x06, 0x40, 0x4a,
346 0xac, 0x64, 0x02, 0x58, 0x4d, 0x07, 0xe3, 0x69,
347 0xd7, 0xe0, 0x8f, 0xb5, 0xf4, 0xbc, 0xfa, 0xab,
348 0x1a, 0xb0, 0xfa, 0x29, 0xf8, 0xca, 0xde, 0x78,
349 0xf0, 0x89, 0xe2, 0xf9, 0xb7, 0x68, 0x5b, 0x0e,
350 0xdc, 0x4e, 0x8a, 0x56, 0x8d, 0x33, 0x20, 0x2e,
351 0xed, 0x2e, 0xab, 0x6f, 0xba, 0x77, 0xef, 0xe6,
352 0x12, 0x62, 0x49, 0x9e, 0x87, 0x76, 0x1c, 0x1e,
353 0xf4, 0x0e, 0x9e, 0x78, 0x98, 0x91, 0x1a, 0xe3,
354 0xb4, 0x51, 0x4b, 0x8c, 0x2f, 0x08, 0x97, 0x8f,
355 0xf9, 0x68, 0x61, 0x40, 0xcd, 0xb6, 0x10, 0xb4,
356 0xfb, 0x75, 0xb4, 0x20, 0xc1, 0x5a, 0xda, 0x64,
357 0xfd, 0x51, 0x06, 0x85, 0x9a, 0x9e, 0x5d, 0x82,
358 0x14, 0xd4, 0x41, 0x4e, 0x75, 0x10, 0xb5, 0x7b,
359 0xd0, 0x4c, 0xd1, 0x00, 0x01, 0x02, 0x81, 0x81,
360 0x00, 0xcf, 0x8e, 0x68, 0x04, 0x67, 0x09, 0xa9,
361 0x6e, 0xff, 0x11, 0x8c, 0xe5, 0xe4, 0x16, 0xdd,
362 0xb6, 0xa6, 0x55, 0xca, 0x4b, 0x0b, 0xbb, 0xb7,
363 0xf5, 0xe5, 0x73, 0xf3, 0x24, 0x84, 0x29, 0xb2,
364 0xc3, 0xbc, 0x7f, 0x2b, 0x4a, 0xc7, 0xdf, 0x46,
365 0x8e, 0xe1, 0x35, 0x69, 0x1b, 0x8e, 0x9f, 0x6b,
366 0x4d, 0xf3, 0x65, 0xae, 0x3d, 0x87, 0x2b, 0xc9,
367 0xf0, 0x8c, 0xf2, 0x88, 0x2f, 0x1b, 0x79, 0x80,
368 0xd2, 0xb2, 0x64, 0x0a, 0xcc, 0x66, 0x69, 0x4c,
369 0xa1, 0x85, 0xc4, 0x6a, 0x94, 0x46, 0x70, 0x69,
370 0xbc, 0x8c, 0x1c, 0x62, 0x65, 0x4d, 0x68, 0xcc,
371 0xe3, 0x3c, 0x6c, 0xe7, 0xd1, 0x09, 0xed, 0xdd,
372 0x42, 0x10, 0x11, 0x6b, 0xdd, 0x7c, 0xe3, 0xe1,
373 0x3b, 0x3b, 0x0d, 0x01, 0x6d, 0xca, 0x2f, 0x4b,
374 0x45, 0x5e, 0x76, 0x5d, 0x5c, 0x6f, 0x53, 0xa4,
375 0x38, 0x74, 0x75, 0x94, 0x2c, 0xda, 0xf8, 0xa6,
376 0x01, 0x02, 0x81, 0x81, 0x00, 0xcd, 0x5f, 0x9d,
377 0x6c, 0x94, 0xf6, 0x44, 0x37, 0x72, 0xfe, 0xcf,
378 0xbe, 0x82, 0x96, 0x24, 0x22, 0x12, 0x07, 0x6f,
379 0xd1, 0x57, 0x7b, 0xc7, 0x63, 0x20, 0xf5, 0x93,
380 0x79, 0x70, 0x0b, 0xe4, 0x38, 0x19, 0x62, 0x7b,
381 0x89, 0x3e, 0x45, 0xdf, 0xd6, 0xae, 0x9d, 0x0d,
382 0xa8, 0x76, 0xc1, 0xbd, 0x04, 0x2b, 0xaa, 0x30,
383 0x6a, 0xac, 0x65, 0x91, 0x61, 0xf0, 0xf8, 0x5d,
384 0xa3, 0x53, 0xa4, 0xfb, 0x99, 0xac, 0x46, 0x7a,
385 0x12, 0x4b, 0xf7, 0xa7, 0x48, 0x41, 0x61, 0x48,
386 0x26, 0x5c, 0x68, 0x2f, 0x73, 0x91, 0xe4, 0x74,
387 0xcd, 0xc9, 0x8b, 0xe7, 0x26, 0xe4, 0x35, 0xde,
388 0x32, 0x6b, 0x24, 0x49, 0xf2, 0x04, 0x67, 0x3d,
389 0x31, 0x8f, 0x22, 0xe5, 0x49, 0xae, 0x49, 0x94,
390 0xb3, 0x45, 0x2b, 0xed, 0x6f, 0x9c, 0xc7, 0x80,
391 0xf0, 0x42, 0xd5, 0x8f, 0x27, 0xd6, 0xd6, 0x49,
392 0xf2, 0x16, 0xcc, 0x4b, 0x39, 0x02, 0x81, 0x81,
393 0x00, 0xbb, 0xb7, 0xd7, 0x59, 0xcb, 0xfb, 0x10,
394 0x13, 0xc4, 0x7b, 0x92, 0x0c, 0x45, 0xcb, 0x6c,
395 0x81, 0x0a, 0x55, 0x63, 0x1d, 0x96, 0xa2, 0x13,
396 0xd2, 0x40, 0xd1, 0x2a, 0xa1, 0xe7, 0x2a, 0x73,
397 0x74, 0xd6, 0x61, 0xc9, 0xbc, 0xdb, 0xa2, 0x93,
398 0x85, 0x1c, 0x28, 0x9b, 0x44, 0x82, 0x2c, 0xaa,
399 0xf7, 0x18, 0x60, 0xe9, 0x42, 0xda, 0xa2, 0xff,
400 0x04, 0x21, 0xe6, 0x24, 0xc7, 0x3e, 0x39, 0x19,
401 0x0a, 0xf6, 0xae, 0xc6, 0x99, 0x71, 0x32, 0x61,
402 0x4d, 0x60, 0xd7, 0x71, 0x71, 0x63, 0x77, 0xbe,
403 0x19, 0xfa, 0x3a, 0x9d, 0xbf, 0x73, 0x50, 0x8a,
404 0xa6, 0x26, 0x7b, 0x74, 0xfa, 0x39, 0xd9, 0xb9,
405 0x18, 0x4b, 0xc2, 0x05, 0xe5, 0x8f, 0x53, 0xe6,
406 0xdc, 0x14, 0x1f, 0x42, 0x20, 0x93, 0x11, 0x4d,
407 0x29, 0x93, 0x32, 0xc8, 0x63, 0x96, 0x88, 0x76,
408 0x69, 0x5c, 0xe3, 0x0e, 0xbd, 0xb6, 0xd9, 0xd6,
409 0x01, 0x02, 0x81, 0x80, 0x62, 0xa2, 0xed, 0x84,
410 0xdc, 0xf6, 0x7a, 0x44, 0xf7, 0x62, 0x12, 0x7c,
411 0xb9, 0x53, 0x4a, 0xff, 0x62, 0x11, 0x58, 0x4e,
412 0xfe, 0xe9, 0x60, 0x15, 0xe8, 0x1a, 0x8a, 0x3d,
413 0xe4, 0xe6, 0x91, 0x31, 0xb0, 0x5f, 0x70, 0x5d,
414 0xb6, 0x1e, 0xf1, 0x26, 0xb6, 0xae, 0x8f, 0x84,
415 0xbd, 0xa4, 0xc7, 0x17, 0x5d, 0xb1, 0x5b, 0x97,
416 0xa0, 0x3d, 0x17, 0xda, 0x26, 0x55, 0xe3, 0x03,
417 0x32, 0x85, 0x26, 0xa1, 0xe3, 0xef, 0xe5, 0x69,
418 0x2c, 0x3b, 0x41, 0x88, 0x9e, 0x7e, 0x0e, 0x9c,
419 0xfd, 0xfc, 0xbb, 0xed, 0x91, 0xc0, 0x5b, 0xa9,
420 0x0a, 0x87, 0xba, 0xf9, 0x1e, 0xda, 0x10, 0x61,
421 0xbe, 0xbb, 0xab, 0x18, 0x25, 0xad, 0x3f, 0xe2,
422 0xb1, 0x90, 0x5c, 0xf7, 0x4a, 0x51, 0xe4, 0xad,
423 0x45, 0x27, 0x97, 0xdd, 0xe7, 0x3a, 0x9a, 0x5e,
424 0xca, 0x7a, 0xaf, 0x4a, 0xbf, 0x10, 0x24, 0x6b,
425 0xb5, 0x2f, 0x61, 0x61, 0x02, 0x81, 0x81, 0x00,
426 0x85, 0x7c, 0x78, 0xa5, 0x11, 0xdf, 0xc3, 0x6a,
427 0x38, 0x48, 0xfa, 0x7e, 0x48, 0xf0, 0x5a, 0x58,
428 0xe2, 0xc5, 0x83, 0x4e, 0x38, 0x3f, 0x4a, 0x2b,
429 0x07, 0x57, 0x31, 0xe7, 0xbe, 0x50, 0xb1, 0xbb,
430 0x24, 0xf3, 0x3d, 0x8b, 0x53, 0xb7, 0xd1, 0x47,
431 0x72, 0x5e, 0xd5, 0xd6, 0x4c, 0xce, 0x2c, 0x46,
432 0x61, 0x9a, 0xaa, 0xc3, 0x0e, 0xd4, 0x23, 0x2c,
433 0xdd, 0xf5, 0xb7, 0xad, 0x38, 0x52, 0x17, 0xc4,
434 0x16, 0xbb, 0xda, 0x1c, 0x61, 0xb1, 0xca, 0x8d,
435 0xb2, 0xa0, 0xbe, 0x4f, 0x3d, 0x19, 0x0e, 0xe0,
436 0x0e, 0x52, 0xad, 0xf3, 0xaf, 0xd9, 0xcc, 0x78,
437 0xc2, 0xb1, 0x5e, 0x05, 0x5e, 0xf2, 0x27, 0x84,
438 0x15, 0xe4, 0x8f, 0xca, 0xc5, 0x92, 0x43, 0xe0,
439 0x24, 0x8d, 0xf2, 0x5d, 0x55, 0xcc, 0x9d, 0x2f,
440 0xa9, 0xf6, 0x9b, 0x67, 0x6a, 0x87, 0x74, 0x36,
441 0x34, 0x7c, 0xd4, 0x9d, 0xff, 0xad, 0xee, 0x69
442 };
443
444 static void test_key_proxy_identity() {
445 id certificate = CFBridgingRelease(SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)[NSData dataWithBytes:_c1 length:sizeof(_c1)]));
446 isnt(certificate, nil, "created certificate");
447 NSError *error;
448 id key = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)[NSData dataWithBytes:_k1 length:sizeof(_k1)], (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate}, (void *)&error));
449 isnt(key, nil, "create key: %@", error);
450 id identity = CFBridgingRelease(SecIdentityCreate(kCFAllocatorDefault, (__bridge SecCertificateRef)certificate, (__bridge SecKeyRef)key));
451 isnt(identity, nil, "create identity");
452
453 SecKeyProxy *identityProxy = [[SecKeyProxy alloc] initWithIdentity:(SecIdentityRef)identity];
454 isnt(identityProxy, nil, "create identity proxy");
455
456 id localIdentity = CFBridgingRelease([SecKeyProxy createIdentityFromEndpoint:identityProxy.endpoint error:&error]);
457 isnt(localIdentity, nil, "create remote identity");
458
459 id localKey;
460 id localCertificate;
461 SecIdentityCopyPrivateKey((__bridge SecIdentityRef)identity, (void *)&localKey);
462 SecIdentityCopyCertificate((__bridge SecIdentityRef)identity, (void *)&localCertificate);
463 isnt(localKey, nil, "got key from localIdentity");
464 isnt(localCertificate, nil, "got certificate from localIdentity");
465
466 ok([certificate isEqual:localCertificate], "Certificates are the same");
467 is(SecKeyGetBlockSize((SecKeyRef)key), SecKeyGetBlockSize((SecKeyRef)localKey), "Keys are the same");
468
469 // Check that it is not possible to get identity from key proxy
470 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)key];
471 error = nil;
472 id secondIdentity = CFBridgingRelease([SecKeyProxy createIdentityFromEndpoint:keyProxy.endpoint error:&error]);
473 is(secondIdentity, nil, "connecting identity to key proxy should not be possible.");
474 }
475 static const int TestKeyProxyIdentityCount = 10;
476
477 static const int TestCount =
478 TestKeyProxyConnectCount +
479 TestKeyProxySimpleOpsCount +
480 TestKeyCryptoOpsRSACount +
481 TestKeyCryptoOpsECCount +
482 TestKeyProxyIdentityCount;
483
484 int si_44_seckey_proxy(int argc, char *const *argv) {
485 plan_tests(TestCount);
486
487 @autoreleasepool {
488 test_key_proxy_connect();
489 test_key_proxy_simple_ops();
490 test_key_proxy_crypto_ops_RSA();
491 test_key_proxy_crypto_ops_EC();
492 test_key_proxy_identity();
493 }
494
495 return 0;
496 }
mirror of Security