OSX/shared_regressions/si-44-seckey-fv.m

   1 //
   2 //  si-44-seckey-fv.m
   3 //
   4
   5 #import <Foundation/Foundation.h>
   6
   7 #if TARGET_OS_IOS && !TARGET_OS_SIMULATOR
   8 #import "SecureKeyVaultPublic.h"
   9 #import <Security/SecKey.h>
  10
  11 #import "shared_regressions.h"
  12
  13 static void testFileVaultKeyRawSign() {
  14     id key = CFBridgingRelease(SecKeyCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
  15     id certificate = CFBridgingRelease(SecCertificateCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
  16     id pubKey = CFBridgingRelease(SecCertificateCopyKey((SecCertificateRef)certificate));
  17
  18     uint8_t hash[20] = { 0 };
  19     uint8_t signature[256] = { 0 };
  20     size_t siglen = sizeof(signature);
  21     ok_status(SecKeyRawSign((SecKeyRef)key, kSecPaddingPKCS1SHA1, hash, sizeof(hash), signature, &siglen), "rawSign for fileVault failed");
  22     ok_status(SecKeyRawVerify((SecKeyRef)pubKey, kSecPaddingPKCS1SHA1, hash, sizeof(hash), signature, siglen), "rawverify for fileVault failed");
  23 }
  24
  25 static void testFileVaultKeySign() {
  26     NSData *data = [@"dataToSign" dataUsingEncoding:NSUTF8StringEncoding];
  27     NSData *signature;
  28     SecKeyAlgorithm algorithm = NULL;
  29     NSError *error;
  30     id key = CFBridgingRelease(SecKeyCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
  31     id certificate = CFBridgingRelease(SecCertificateCreateWithSecureKeyVaultID(kCFAllocatorDefault, kSecureKeyVaultIAPAuthPrivateKey));
  32     id pubKey = CFBridgingRelease(SecCertificateCopyKey((SecCertificateRef)certificate));
  33
  34     algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1;
  35     error = nil;
  36     signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
  37     ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
  38     ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
  39
  40     algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256;
  41     error = nil;
  42     signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
  43     ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
  44     ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
  45
  46     algorithm = kSecKeyAlgorithmRSASignatureMessagePSSSHA1;
  47     error = nil;
  48     signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
  49     ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
  50     ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
  51
  52     algorithm = kSecKeyAlgorithmRSASignatureMessagePSSSHA256;
  53     error = nil;
  54     signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key, algorithm, (CFDataRef)data, (void *)&error));
  55     ok(signature != NULL, "signing with alg %@ failed, err %@", algorithm, error);
  56     ok(SecKeyVerifySignature((SecKeyRef)pubKey, algorithm, (CFDataRef)data, (CFDataRef)signature, (void *)&error));
  57 }
  58
  59 int si_44_seckey_fv(int argc, char *const *argv) {
  60     @autoreleasepool {
  61         plan_tests(10);
  62         testFileVaultKeyRawSign();
  63         testFileVaultKeySign();
  64         return 0;
  65     }
  66 }
  67
  68 #endif