]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecKeyAdaptors.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / sec / Security / SecKeyAdaptors.m
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * SecKeyAdaptors.m - Implementation of assorted algorithm adaptors for SecKey.
26 * Algorithm adaptor is able to perform some transformation on provided input and calculated results and invoke
27 * underlying operation with different algorithm. Typical adaptors are message->digest or unpadded->padded.
28 * To invoke underlying operation, add algorithm to the context algorithm array and invoke SecKeyRunAlgorithmAndCopyResult().
29 */
30
31 #import <Foundation/Foundation.h>
32
33 #include <Security/SecBase.h>
34 #include <Security/SecKeyInternal.h>
35 #include <Security/SecItem.h>
36 #include <Security/SecItemPriv.h>
37 #include <Security/SecCFAllocator.h>
38
39 #include <AssertMacros.h>
40 #include <utilities/SecCFWrappers.h>
41 #include <utilities/array_size.h>
42 #include <utilities/debugging.h>
43 #include <utilities/SecCFError.h>
44 #include <utilities/SecBuffer.h>
45
46 #include <corecrypto/ccsha1.h>
47 #include <corecrypto/ccsha2.h>
48 #include <corecrypto/ccmd5.h>
49 #include <corecrypto/ccrsa_priv.h>
50 #include <corecrypto/ccansikdf.h>
51 #include <corecrypto/ccmode.h>
52 #include <corecrypto/ccaes.h>
53 #include <corecrypto/ccder.h>
54
55
56 #pragma mark Algorithm constants value definitions
57
58 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw = CFSTR("algid:sign:RSA:raw");
59 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRawCCUnit = CFSTR("algid:sign:RSA:raw-cc");
60
61 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw = CFSTR("algid:sign:RSA:digest-PKCS1v15");
62 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5");
63 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA1");
64 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA224");
65 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA256");
66 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA384");
67 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA512");
68 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA1 = CFSTR("algid:sign:RSA:digest-PSS:SHA1:SHA1:20");
69 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA224 = CFSTR("algid:sign:RSA:digest-PSS:SHA224:SHA224:24");
70 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256 = CFSTR("algid:sign:RSA:digest-PSS:SHA256:SHA256:32");
71 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384 = CFSTR("algid:sign:RSA:digest-PSS:SHA384:SHA384:48");
72 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512 = CFSTR("algid:sign:RSA:digest-PSS:SHA512:SHA512:64");
73
74 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 = CFSTR("algid:sign:RSA:message-PKCS1v15:MD5");
75 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA1");
76 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA224");
77 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA256");
78 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA384");
79 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA512");
80 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA1 = CFSTR("algid:sign:RSA:message-PSS:SHA1:SHA1:20");
81 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA224 = CFSTR("algid:sign:RSA:message-PSS:SHA224:SHA224:24");
82 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA256 = CFSTR("algid:sign:RSA:message-PSS:SHA256:SHA256:32");
83 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA384 = CFSTR("algid:sign:RSA:message-PSS:SHA384:SHA384:48");
84 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512 = CFSTR("algid:sign:RSA:message-PSS:SHA512:SHA512:64");
85
86 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754 = CFSTR("algid:sign:ECDSA:RFC4754");
87
88 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962 = CFSTR("algid:sign:ECDSA:digest-X962");
89 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1 = CFSTR("algid:sign:ECDSA:digest-X962:SHA1");
90 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224 = CFSTR("algid:sign:ECDSA:digest-X962:SHA224");
91 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256 = CFSTR("algid:sign:ECDSA:digest-X962:SHA256");
92 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384 = CFSTR("algid:sign:ECDSA:digest-X962:SHA384");
93 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512 = CFSTR("algid:sign:ECDSA:digest-X962:SHA512");
94
95 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1 = CFSTR("algid:sign:ECDSA:message-X962:SHA1");
96 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224 = CFSTR("algid:sign:ECDSA:message-X962:SHA224");
97 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256 = CFSTR("algid:sign:ECDSA:message-X962:SHA256");
98 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384 = CFSTR("algid:sign:ECDSA:message-X962:SHA384");
99 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512 = CFSTR("algid:sign:ECDSA:message-X962:SHA512");
100
101 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw = CFSTR("algid:encrypt:RSA:raw");
102 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRawCCUnit = CFSTR("algid:encrypt:RSA:raw-cc");
103 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1 = CFSTR("algid:encrypt:RSA:PKCS1");
104 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1 = CFSTR("algid:encrypt:RSA:OAEP:SHA1");
105 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224 = CFSTR("algid:encrypt:RSA:OAEP:SHA224");
106 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256 = CFSTR("algid:encrypt:RSA:OAEP:SHA256");
107 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384 = CFSTR("algid:encrypt:RSA:OAEP:SHA384");
108 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512 = CFSTR("algid:encrypt:RSA:OAEP:SHA512");
109
110 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA1:AESGCM");
111 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA224:AESGCM");
112 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA256:AESGCM");
113 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA384:AESGCM");
114 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA512:AESGCM");
115
116 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA1:AESGCM");
117 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM");
118 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM");
119 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM");
120 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM");
121
122 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA1:AESGCM");
123 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM");
124 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM");
125 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM");
126 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM");
127
128 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM-KDFIV");
129 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM-KDFIV");
130 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM-KDFIV");
131 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM-KDFIV");
132
133 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM-KDFIV");
134 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM-KDFIV");
135 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM-KDFIV");
136 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM-KDFIV");
137
138 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard = CFSTR("algid:keyexchange:ECDH");
139 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA1");
140 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA224");
141 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA256");
142 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA384");
143 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA512");
144
145 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor = CFSTR("algid:keyexchange:ECDHC");
146 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA1");
147 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA224");
148 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA256");
149 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA384");
150 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA512");
151
152 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard = CFSTR("algid:encrypt:ECIES:ECDH:SHA256:2PubKeys");
153
154 void SecKeyOperationContextDestroy(SecKeyOperationContext *context) {
155 CFReleaseNull(context->algorithm);
156 }
157
158 static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buffer, CFDataRef data)) {
159 PerformWithBuffer(size, ^(size_t size, uint8_t *buffer) {
160 CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)buffer, size, kCFAllocatorNull);
161 operation(buffer, data);
162 CFRelease(data);
163 });
164 }
165
166 static CFDataRef SecKeyCopyDigestForMessage(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2,
167 const struct ccdigest_info *di, CFErrorRef *error) {
168 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
169 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
170 }
171
172 __block CFTypeRef result;
173 PerformWithCFDataBuffer(di->output_size, ^(uint8_t *buffer, CFDataRef data) {
174 ccdigest(di, CFDataGetLength(message), CFDataGetBytePtr(message), buffer);
175 result = SecKeyRunAlgorithmAndCopyResult(context, data, in2, error);
176 });
177 return result;
178 }
179
180 static CFTypeRef SecKeyCopyECDSASignatureForDigest(SecKeyOperationContext *context, CFDataRef digest, CFDataRef in2,
181 SecKeyAlgorithm algorithm, const struct ccdigest_info *di, CFErrorRef *error) {
182 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigestX962);
183 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
184 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
185 }
186
187 if (CFDataGetLength(digest) != (CFIndex)di->output_size) {
188 SecError(errSecParam, error, CFSTR("bad digest size for signing with algorithm %@"), algorithm);
189 return NULL;
190 }
191
192 return SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
193 }
194
195 #define DIGEST_RSA_ADAPTORS(name, di) \
196 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessage ## name( \
197 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
198 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigest ## name); \
199 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
200 }
201
202 #define DIGEST_ECDSA_ADAPTORS(name, di) \
203 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessage ## name( \
204 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
205 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigest ## name); \
206 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
207 } \
208 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigest ## name( \
209 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
210 return SecKeyCopyECDSASignatureForDigest(context, in1, in2, kSecKeyAlgorithmECDSASignatureDigest ## name, di, error); \
211 }
212
213 DIGEST_RSA_ADAPTORS(PKCS1v15SHA1, ccsha1_di())
214 DIGEST_RSA_ADAPTORS(PKCS1v15SHA224, ccsha224_di())
215 DIGEST_RSA_ADAPTORS(PKCS1v15SHA256, ccsha256_di())
216 DIGEST_RSA_ADAPTORS(PKCS1v15SHA384, ccsha384_di())
217 DIGEST_RSA_ADAPTORS(PKCS1v15SHA512, ccsha512_di())
218 DIGEST_RSA_ADAPTORS(PKCS1v15MD5, ccmd5_di())
219 DIGEST_RSA_ADAPTORS(PSSSHA1, ccsha1_di())
220 DIGEST_RSA_ADAPTORS(PSSSHA224, ccsha224_di())
221 DIGEST_RSA_ADAPTORS(PSSSHA256, ccsha256_di())
222 DIGEST_RSA_ADAPTORS(PSSSHA384, ccsha384_di())
223 DIGEST_RSA_ADAPTORS(PSSSHA512, ccsha512_di())
224 DIGEST_ECDSA_ADAPTORS(X962SHA1, ccsha1_di())
225 DIGEST_ECDSA_ADAPTORS(X962SHA224, ccsha224_di())
226 DIGEST_ECDSA_ADAPTORS(X962SHA256, ccsha256_di())
227 DIGEST_ECDSA_ADAPTORS(X962SHA384, ccsha384_di())
228 DIGEST_ECDSA_ADAPTORS(X962SHA512, ccsha512_di())
229
230 #undef DIGEST_RSA_ADAPTORS
231 #undef DIGEST_ECDSA_ADAPTORS
232
233 typedef CF_ENUM(CFIndex, SecKeyECSignatureType) {
234 kSecKeyECSignatureTypeRFC4754,
235 kSecKeyECSignatureTypeX962,
236 };
237
238 static CFDataRef SecKeyCopyConvertedECDSASignature(SecKeyOperationContext *context, SecKeyECSignatureType targetType, CFDataRef sourceSignature, OSStatus errorStatus, CFErrorRef *error) {
239 CFMutableDataRef targetSignature = NULL;
240 CFIndex keySize = SecKeyGetBlockSize(context->key);
241 cc_size ccn = ccn_nof_size(keySize);
242 cc_unit ccr[ccn], ccs[ccn];
243 const uint8_t *data = CFDataGetBytePtr(sourceSignature);
244 if (targetType == kSecKeyECSignatureTypeRFC4754) {
245 // Extract ASN.1 DER signature and create raw r-s big-endian encoded signature.
246 const uint8_t *der_end = data + CFDataGetLength(sourceSignature);
247 if (ccder_decode_seqii(ccn, ccr, ccs, data, der_end) == der_end) {
248 targetSignature = CFDataCreateMutableWithScratch(kCFAllocatorDefault, keySize * 2);
249 uint8_t *target = CFDataGetMutableBytePtr(targetSignature);
250 ccn_write_uint_padded(ccn, ccr, keySize, target);
251 ccn_write_uint_padded(ccn, ccs, keySize, target + keySize);
252 } else {
253 SecError(errorStatus, error, CFSTR("Wrong ECDSA X962 signature"));
254 }
255 } else {
256 // Extract raw r-s big-endian encoded signature and encode ASN.1 DER signature.
257 if (CFDataGetLength(sourceSignature) == 2 * (CFIndex)keySize &&
258 ccn_read_uint(ccn, ccr, keySize, data) == 0 && ccn_read_uint(ccn, ccs, keySize, data + keySize) == 0) {
259 size_t s_len = ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
260 ccder_sizeof_integer(ccn, ccr) +
261 ccder_sizeof_integer(ccn, ccs));
262 targetSignature = CFDataCreateMutableWithScratch(kCFAllocatorDefault, s_len);
263 uint8_t *der = CFDataGetMutableBytePtr(targetSignature);
264 uint8_t *der_end = der + s_len;
265 if (ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
266 ccder_encode_integer(ccn, ccr, der,
267 ccder_encode_integer(ccn, ccs, der, der_end))) == NULL) {
268 CFReleaseNull(targetSignature);
269 SecError(errSecInternal, error, CFSTR("Failed to encode X962 signature"));
270 }
271 } else {
272 SecError(errorStatus, error, CFSTR("Wrong ECDSA RFC4754 signature"));
273 }
274 }
275
276 return targetSignature;
277 }
278
279 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureConvert(SecKeyOperationContext *context,
280 SecKeyECSignatureType signatureType,
281 CFTypeRef digest, CFTypeRef in2, CFErrorRef *error) {
282 CFArrayAppendValue(context->algorithm, signatureType == kSecKeyECSignatureTypeRFC4754 ? kSecKeyAlgorithmECDSASignatureDigestX962 : kSecKeyAlgorithmECDSASignatureRFC4754);
283 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
284 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
285 }
286
287 CFDataRef signature = SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
288 if (signature == NULL || CFEqual(signature, kCFNull)) {
289 return signature;
290 }
291
292 // Convert the signature.
293 CFAssignRetained(signature, SecKeyCopyConvertedECDSASignature(context, signatureType, signature, errSecParam, error));
294 return signature;
295 }
296
297 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureConvert(SecKeyOperationContext *context,
298 SecKeyECSignatureType signatureType,
299 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
300 SecKeyECSignatureType targetSignatureType = (signatureType == kSecKeyECSignatureTypeRFC4754) ? kSecKeyECSignatureTypeX962 : kSecKeyECSignatureTypeRFC4754;
301 CFArrayAppendValue(context->algorithm, targetSignatureType == kSecKeyECSignatureTypeRFC4754 ? kSecKeyAlgorithmECDSASignatureRFC4754 : kSecKeyAlgorithmECDSASignatureDigestX962);
302 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
303 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
304 }
305
306 CFDataRef convertedSignature = SecKeyCopyConvertedECDSASignature(context, targetSignatureType, signature, errSecVerifyFailed, error);
307 CFTypeRef result = NULL;
308 if (convertedSignature != NULL) {
309 result = SecKeyRunAlgorithmAndCopyResult(context, digest, convertedSignature, error);
310 CFReleaseNull(convertedSignature);
311 }
312 return result;
313 }
314
315 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureRFC4754(SecKeyOperationContext *context,
316 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
317 return SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureConvert(context, kSecKeyECSignatureTypeRFC4754, digest, signature, error);
318 }
319 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureDigestX962(SecKeyOperationContext *context,
320 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
321 return SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureConvert(context, kSecKeyECSignatureTypeX962, digest, signature, error);
322 }
323
324 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureRFC4754(SecKeyOperationContext *context,
325 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
326 return SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureConvert(context, kSecKeyECSignatureTypeRFC4754, digest, signature, error);
327 }
328 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureDigestX962(SecKeyOperationContext *context,
329 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
330 return SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureConvert(context, kSecKeyECSignatureTypeX962, digest, signature, error);
331 }
332
333 static CFDataRef SecKeyRSACopyBigEndianToCCUnit(CFDataRef bigEndian, size_t size) {
334 CFMutableDataRef result = NULL;
335 if (bigEndian != NULL) {
336 size_t dataSize = CFDataGetLength(bigEndian);
337 if (dataSize > size) {
338 size = dataSize;
339 }
340 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, ccn_sizeof_size(size));
341 ccn_read_uint(ccn_nof_size(size), (cc_unit *)CFDataGetMutableBytePtr(result), dataSize, CFDataGetBytePtr(bigEndian));
342 }
343 return result;
344 }
345
346 static void PerformWithBigEndianToCCUnit(CFDataRef bigEndian, size_t size, void (^operation)(CFDataRef ccunits)) {
347 if (bigEndian == NULL) {
348 return operation(NULL);
349 }
350 size_t dataSize = CFDataGetLength(bigEndian);
351 if (dataSize > size) {
352 size = dataSize;
353 }
354 PerformWithCFDataBuffer(ccn_sizeof_size(size), ^(uint8_t *buffer, CFDataRef data) {
355 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, dataSize, CFDataGetBytePtr(bigEndian));
356 operation(data);
357 });
358 }
359
360 static CFDataRef SecKeyRSACopyCCUnitToBigEndian(CFDataRef ccunits, size_t size) {
361 CFMutableDataRef result = NULL;
362 if (ccunits != NULL) {
363 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
364 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
365 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, size);
366 ccn_write_uint_padded(n, s, CFDataGetLength(result), CFDataGetMutableBytePtr(result));
367 }
368 return result;
369 }
370
371 static void PerformWithCCUnitToBigEndian(CFDataRef ccunits, size_t size, void (^operation)(CFDataRef bigEndian)) {
372 if (ccunits == NULL) {
373 return operation(NULL);
374 }
375 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
376 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
377 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
378 ccn_write_uint_padded(n, s, size, buffer);
379 operation(data);
380 });
381 }
382
383 static CFTypeRef SecKeyRSACopyEMSASignature(SecKeyOperationContext *context,
384 CFDataRef in1, CFDataRef in2, CFErrorRef *error, bool pss, const struct ccdigest_info *di) {
385 CFDictionaryRef parameters = NULL;
386 __block CFTypeRef result = NULL;
387
388 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
389 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
390 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
391 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
392 CFReleaseNull(parameters);
393
394 if (pss) {
395 // Verify that algorithm is compatible with the modulus size.
396 size_t blockSize = SecKeyGetBlockSize(context->key);
397 require_action_quiet(blockSize >= di->output_size * 2 + 2, out,
398 SecError(errSecParam, error, CFSTR("algorithm %@ incompatible with %lubit RSA key"),
399 CFArrayGetValueAtIndex(context->algorithm, CFArrayGetCount(context->algorithm) - 1),
400 blockSize * 8));
401 }
402
403 if (!pss && di != NULL) {
404 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw);
405 }
406
407 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
408 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
409 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
410 }
411
412 size_t size = SecKeyGetBlockSize(context->key);
413 if (size == 0) {
414 SecError(errSecParam, error, CFSTR("expecting RSA key"));
415 return NULL;
416 }
417 PerformWithCFDataBuffer(ccn_sizeof_size(size), ^(uint8_t *buffer, CFDataRef data) {
418 NSMutableData *s = [NSMutableData dataWithLength:size];
419 require_action_quiet(s != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
420 if (pss) {
421 NSMutableData *salt = [NSMutableData dataWithLength:di->output_size];
422 require_action_quiet(salt != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
423 int err = ccrng_generate(ccrng_seckey, di->output_size, salt.mutableBytes);
424 require_noerr_action_quiet(err, out, SecError(errSecInternal, error, CFSTR("PSS salt gen fail (%zu bytes), err %d"),
425 di->output_size, err));
426 err = ccrsa_emsa_pss_encode(di, di, di->output_size, salt.bytes,
427 CFDataGetLength(in1), CFDataGetBytePtr(in1), size * 8 - 1, s.mutableBytes);
428 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSASSA-PSS incompatible algorithm for key size")));
429 } else {
430 int err = ccrsa_emsa_pkcs1v15_encode(size, s.mutableBytes, CFDataGetLength(in1), CFDataGetBytePtr(in1), di ? di->oid : NULL);
431 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSAsign wrong input data length")));
432 }
433 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, size, s.bytes);
434 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
435 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
436 out:;
437 });
438
439 out:
440 CFReleaseSafe(parameters);
441 return result;
442 }
443
444 #define RSA_EMSA_SIGN_ADAPTOR(name, pss, di) \
445 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigest ## name( \
446 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
447 return SecKeyRSACopyEMSASignature(context, in1, in2, error, pss, di); \
448 }
449
450 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA1, false, ccsha1_di())
451 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA224, false, ccsha224_di())
452 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA256, false, ccsha256_di())
453 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA384, false, ccsha384_di())
454 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA512, false, ccsha512_di())
455 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15Raw, false, NULL)
456 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15MD5, false, ccmd5_di())
457 RSA_EMSA_SIGN_ADAPTOR(PSSSHA1, true, ccsha1_di())
458 RSA_EMSA_SIGN_ADAPTOR(PSSSHA224, true, ccsha224_di())
459 RSA_EMSA_SIGN_ADAPTOR(PSSSHA256, true, ccsha256_di())
460 RSA_EMSA_SIGN_ADAPTOR(PSSSHA384, true, ccsha384_di())
461 RSA_EMSA_SIGN_ADAPTOR(PSSSHA512, true, ccsha512_di())
462
463 #undef RSA_EMSA_SIGN_ADAPTOR
464
465 static CFTypeRef SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(SecKeyOperationContext *context,
466 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
467 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
468 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
469 }
470
471 __block CFTypeRef result = NULL;
472 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
473 result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, in2, error);
474 if (result != NULL) {
475 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
476 }
477 });
478 return result;
479 }
480
481 static CFTypeRef SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(SecKeyOperationContext *context,
482 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
483 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
484 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
485 }
486
487 __block CFTypeRef result = NULL;
488 PerformWithCCUnitToBigEndian(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef bigEndian) {
489 result = SecKeyRunAlgorithmAndCopyResult(context, bigEndian, in2, error);
490 if (result != NULL) {
491 CFAssignRetained(result, SecKeyRSACopyBigEndianToCCUnit(result, SecKeyGetBlockSize(context->key)));
492 }
493 });
494 return result;
495 }
496
497 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw(SecKeyOperationContext *context,
498 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
499 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
500 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
501 }
502
503 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit(SecKeyOperationContext *context,
504 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
505 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRaw);
506 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
507 }
508
509 static bool SecKeyVerifyBadSignature(CFErrorRef *error) {
510 return SecError(errSecVerifyFailed, error, CFSTR("RSA signature verification failed, no match"));
511 }
512
513 static CFTypeRef SecKeyRSAVerifyAdaptorCopyResult(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error,
514 Boolean (^verifyBlock)(CFDataRef decrypted)) {
515 CFTypeRef result = NULL;
516 context->operation = kSecKeyOperationTypeDecrypt;
517 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
518 result = SecKeyRunAlgorithmAndCopyResult(context, signature, NULL, error);
519 if (context->mode == kSecKeyOperationModePerform && result != NULL) {
520 if (verifyBlock(result)) {
521 CFRetainAssign(result, kCFBooleanTrue);
522 } else {
523 CFRetainAssign(result, kCFBooleanFalse);
524 SecKeyVerifyBadSignature(error);
525 }
526 }
527 return result;
528 }
529
530 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyOperationContext *context,
531 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
532 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) {
533 // Skip zero-padding from the beginning of the decrypted signature.
534 const UInt8 *data = CFDataGetBytePtr(decrypted);
535 CFIndex length = CFDataGetLength(decrypted);
536 while (*data == 0x00 && length > 0) {
537 data++;
538 length--;
539 }
540 // The rest of the decrypted signature must be the same as input data.
541 return length == CFDataGetLength(in1) && memcmp(CFDataGetBytePtr(in1), data, length) == 0;
542 });
543 };
544
545 #define PKCS1v15_EMSA_VERIFY_ADAPTOR(name, oid) \
546 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15 ## name( \
547 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
548 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
549 return ccrsa_emsa_pkcs1v15_verify(CFDataGetLength(decrypted), \
550 (uint8_t *)CFDataGetBytePtr(decrypted), \
551 CFDataGetLength(in1), CFDataGetBytePtr(in1), oid) == 0; \
552 }); \
553 }
554
555 #define PSS_EMSA_VERIFY_ADAPTOR(name, di) \
556 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSS ## name( \
557 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
558 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
559 return ccrsa_emsa_pss_decode(di, di, di->output_size, CFDataGetLength(in1), CFDataGetBytePtr(in1), \
560 CFDataGetLength(decrypted) * 8 - 1, (uint8_t *)CFDataGetBytePtr(decrypted)) == 0; \
561 }); \
562 }
563
564 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di()->oid)
565 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di()->oid)
566 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di()->oid)
567 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di()->oid)
568 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di()->oid)
569 PKCS1v15_EMSA_VERIFY_ADAPTOR(Raw, NULL)
570 PKCS1v15_EMSA_VERIFY_ADAPTOR(MD5, ccmd5_di()->oid)
571
572 PSS_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di())
573 PSS_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di())
574 PSS_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di())
575 PSS_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di())
576 PSS_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di())
577
578 #undef PKCS1v15_EMSA_VERIFY_ADAPTOR
579 #undef PSS_EMSA_VERIFY_ADAPTOR
580
581 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw(SecKeyOperationContext *context,
582 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
583 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
584 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
585 }
586
587 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit(SecKeyOperationContext *context,
588 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
589 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
590 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
591 }
592
593 static CFTypeRef SecKeyRSACopyEncryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
594 CFDataRef in1, CFErrorRef *error) {
595 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
596 size_t size = SecKeyGetBlockSize(context->key);
597 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
598 if (size < minSize) {
599 return kCFNull;
600 }
601 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
602 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
603 }
604
605 __block CFTypeRef result = NULL;
606 PerformWithCFDataBuffer(ccn_sizeof_size(size), ^(uint8_t *buffer, CFDataRef data) {
607 int err;
608 if (di != NULL) {
609 err = ccrsa_oaep_encode(di, ccrng_seckey, size, (cc_unit *)buffer,
610 CFDataGetLength(in1), CFDataGetBytePtr(in1));
611 } else {
612 err = ccrsa_eme_pkcs1v15_encode(ccrng_seckey, size, (cc_unit *)buffer,
613 CFDataGetLength(in1), CFDataGetBytePtr(in1));
614 }
615 require_noerr_action_quiet(err, out, SecError(errSecParam, error,
616 CFSTR("RSAencrypt wrong input size (err %d)"), err));
617 cc_clear(ccn_sizeof_size(size) - size, buffer + size);
618 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
619 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
620 out:;
621 });
622 return result;
623 }
624
625 static CFTypeRef SecKeyRSACopyDecryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
626 CFDataRef in1, CFErrorRef *error) {
627 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
628 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
629 if (SecKeyGetBlockSize(context->key) < minSize) {
630 return kCFNull;
631 }
632 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
633 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
634 }
635
636 __block CFMutableDataRef result = NULL;
637 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
638 CFDataRef cc_result = NULL;
639 require_quiet(cc_result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, NULL, error), out);
640 size_t size = SecKeyGetBlockSize(context->key);
641 result = CFDataCreateMutableWithScratch(NULL, size);
642 int err;
643 if (di != NULL) {
644 err = ccrsa_oaep_decode(di, &size, CFDataGetMutableBytePtr(result),
645 size, (cc_unit *)CFDataGetBytePtr(cc_result));
646 } else {
647 err = ccrsa_eme_pkcs1v15_decode(&size, CFDataGetMutableBytePtr(result),
648 size, (cc_unit *)CFDataGetBytePtr(cc_result));
649 }
650 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
651 SecError(errSecParam, error, CFSTR("RSAdecrypt wrong input (err %d)"), err)));
652 CFDataSetLength(result, size);
653 out:
654 CFReleaseSafe(cc_result);
655 });
656 return result;
657 }
658
659 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
660 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
661 return SecKeyRSACopyEncryptedWithPadding(context, NULL, in1, error);
662 }
663
664 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
665 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
666 return SecKeyRSACopyDecryptedWithPadding(context, NULL, in1, error);
667 }
668
669 #define RSA_OAEP_CRYPT_ADAPTOR(name, di) \
670 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## name( \
671 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
672 return SecKeyRSACopyEncryptedWithPadding(context, di, in1, error); \
673 } \
674 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## name( \
675 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
676 return SecKeyRSACopyDecryptedWithPadding(context, di, in1, error); \
677 }
678
679 RSA_OAEP_CRYPT_ADAPTOR(SHA1, ccsha1_di());
680 RSA_OAEP_CRYPT_ADAPTOR(SHA224, ccsha224_di());
681 RSA_OAEP_CRYPT_ADAPTOR(SHA256, ccsha256_di());
682 RSA_OAEP_CRYPT_ADAPTOR(SHA384, ccsha384_di());
683 RSA_OAEP_CRYPT_ADAPTOR(SHA512, ccsha512_di());
684
685 #undef RSA_OAEP_CRYPT_ADAPTOR
686
687 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize = CFSTR("requestedSize");
688 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo = CFSTR("sharedInfo");
689
690 const CFStringRef kSecKeyEncryptionParameterSymmetricKeySizeInBits = CFSTR("symKeySize");
691 const CFStringRef kSecKeyEncryptionParameterSymmetricAAD = CFSTR("aad");
692 const CFStringRef kSecKeyEncryptionParameterRecryptParameters = CFSTR("recryptParams");
693 const CFStringRef kSecKeyEncryptionParameterRecryptCertificate = CFSTR("recryptCert");
694
695 static CFTypeRef SecKeyECDHCopyX963Result(SecKeyOperationContext *context, const struct ccdigest_info *di,
696 CFTypeRef in1, CFTypeRef params, CFErrorRef *error) {
697 CFTypeRef result = NULL, sharedSecret;
698 require_quiet(sharedSecret = SecKeyRunAlgorithmAndCopyResult(context, in1, NULL, error), out);
699
700 if (context->mode == kSecKeyOperationModePerform) {
701 // Parse params.
702 CFTypeRef value = NULL;
703 CFIndex requestedSize = 0;
704 require_action_quiet((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterRequestedSize)) != NULL
705 && CFGetTypeID(value) == CFNumberGetTypeID() &&
706 CFNumberGetValue(value, kCFNumberCFIndexType, &requestedSize), out,
707 SecError(errSecParam, error, CFSTR("kSecKeyKeyExchangeParameterRequestedSize is missing")));
708 size_t sharedInfoLength = 0;
709 const void *sharedInfo = NULL;
710 if ((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterSharedInfo)) != NULL) {
711 require_action_quiet(CFGetTypeID(value) == CFDataGetTypeID(), out, SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong sharedInfo type (must be CFData/NSData)")));
712 sharedInfo = CFDataGetBytePtr(value);
713 sharedInfoLength = CFDataGetLength(value);
714 }
715
716 CFMutableDataRef kdfResult = CFDataCreateMutableWithScratch(kCFAllocatorDefault, requestedSize);
717 int err = ccansikdf_x963(di, CFDataGetLength(sharedSecret), CFDataGetBytePtr(sharedSecret), sharedInfoLength, sharedInfo,
718 requestedSize, CFDataGetMutableBytePtr(kdfResult));
719 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
720 SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong input (%d)"), err)));
721 CFAssignRetained(result, kdfResult);
722 } else {
723 // In test-only mode, propagate result (YES/NO) of underlying operation.
724 result = CFRetainAssign(result, sharedSecret);
725 }
726 out:
727 CFReleaseNull(sharedSecret);
728 return result;
729 }
730
731 #define ECDH_X963_ADAPTOR(hashname, di, cofactor) \
732 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDH ## cofactor ## X963 ## hashname( \
733 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
734 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDHKeyExchange ## cofactor); \
735 return SecKeyECDHCopyX963Result(context, di, in1, in2, error); \
736 }
737
738 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Standard)
739 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Standard)
740 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Standard)
741 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Standard)
742 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Standard)
743 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Cofactor)
744 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Cofactor)
745 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Cofactor)
746 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Cofactor)
747 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Cofactor)
748
749 #undef ECDH_X963_ADAPTOR
750
751 // Extract number value of either CFNumber or CFString.
752 static CFIndex SecKeyGetCFIndexFromRef(CFTypeRef ref) {
753 CFIndex result = 0;
754 if (CFGetTypeID(ref) == CFNumberGetTypeID()) {
755 if (!CFNumberGetValue(ref, kCFNumberCFIndexType, &result)) {
756 result = 0;
757 }
758 } else if (CFGetTypeID(ref) == CFStringGetTypeID()) {
759 result = CFStringGetIntValue(ref);
760 }
761 return result;
762 }
763
764 typedef CFDataRef (*SecKeyECIESKeyExchangeCopyResult)(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm, bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV, CFDictionaryRef inParams, CFErrorRef *error);
765 typedef Boolean (*SecKeyECIESEncryptCopyResult)(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams, CFMutableDataRef result, CFErrorRef *error);
766 typedef CFDataRef SecKeyECIESDecryptCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams, CFErrorRef *error);
767
768 static CFTypeRef SecKeyECIESCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
769 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
770 SecKeyECIESEncryptCopyResult encryptCopyResult, bool variableIV,
771 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
772 CFDictionaryRef parameters = NULL;
773 SecKeyRef ephemeralPrivateKey = NULL, ephemeralPublicKey = NULL;
774 CFDataRef pubKeyData = NULL, ephemeralPubKeyData = NULL, keyExchangeResult = NULL;
775 CFTypeRef result = NULL;
776 SecKeyRef originalKey = context->key;
777 CFMutableDataRef ciphertext = NULL;
778
779 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
780 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
781 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
782 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
783
784 // Generate ephemeral key.
785 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
786 CFAssignRetained(parameters, CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
787 #if TARGET_OS_OSX
788 kSecUseDataProtectionKeychain, kCFBooleanTrue,
789 #endif
790 kSecAttrKeyType, CFDictionaryGetValue(parameters, kSecAttrKeyType),
791 kSecAttrKeySizeInBits, CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits),
792 NULL));
793 require_quiet(ephemeralPrivateKey = SecKeyCreateRandomKey(parameters, error), out);
794 require_action_quiet(ephemeralPublicKey = SecKeyCopyPublicKey(ephemeralPrivateKey), out,
795 SecError(errSecParam, error, CFSTR("Unable to get public key from generated ECkey")));
796 require_quiet(ephemeralPubKeyData = SecKeyCopyExternalRepresentation(ephemeralPublicKey, error), out);
797
798 context->key = ephemeralPrivateKey;
799 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, true,
800 ephemeralPubKeyData, pubKeyData, variableIV, in2, error), out);
801 if (context->mode == kSecKeyOperationModePerform) {
802 // Encrypt input data using AES-GCM.
803 ciphertext = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, ephemeralPubKeyData);
804 require_quiet(encryptCopyResult(keyExchangeResult, in1, in2, ciphertext, error), out);
805 result = CFRetain(ciphertext);
806 } else {
807 result = CFRetain(keyExchangeResult);
808 }
809
810 out:
811 CFReleaseSafe(parameters);
812 CFReleaseSafe(ephemeralPrivateKey);
813 CFReleaseSafe(ephemeralPublicKey);
814 CFReleaseSafe(pubKeyData);
815 CFReleaseSafe(ephemeralPubKeyData);
816 CFReleaseSafe(keyExchangeResult);
817 CFReleaseSafe(ciphertext);
818 context->key = originalKey;
819 return result;
820 }
821
822 static CFTypeRef SecKeyECIESCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
823 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
824 SecKeyECIESDecryptCopyResult decryptCopyResult, bool variableIV,
825 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
826 CFTypeRef result = NULL;
827 CFDictionaryRef parameters = NULL;
828 CFDataRef ephemeralPubKeyData = NULL, keyExchangeResult = NULL, pubKeyData = NULL;
829 SecKeyRef pubKey = NULL;
830 CFDataRef ciphertext = NULL;
831 const UInt8 *ciphertextBuffer = NULL;
832 CFIndex keySize = 0;
833
834 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
835 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
836 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
837 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
838
839 if (context->mode == kSecKeyOperationModePerform) {
840 // Extract ephemeral public key from the packet.
841 keySize = (SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits)) + 7) / 8;
842 require_action_quiet(CFDataGetLength(in1) >= keySize * 2 + 1, out,
843 SecError(errSecParam, error, CFSTR("%@: too small input packet for ECIES decrypt"), context->key));
844 ciphertextBuffer = CFDataGetBytePtr(in1);
845 ephemeralPubKeyData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, keySize * 2 + 1, kCFAllocatorNull);
846 ciphertextBuffer += keySize * 2 + 1;
847
848 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
849 SecError(errSecParam, error, CFSTR("%@: Unable to get public key"), context->key));
850 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
851 }
852
853 // Perform keyExchange operation.
854 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, false,
855 ephemeralPubKeyData, pubKeyData, variableIV, in2, error), out);
856 if (context->mode == kSecKeyOperationModePerform) {
857 // Decrypt ciphertext using AES-GCM.
858 ciphertext = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, CFDataGetLength(in1) - (keySize * 2 + 1),
859 kCFAllocatorNull);
860 require_quiet(result = decryptCopyResult(keyExchangeResult, ciphertext, in2, error), out);
861 } else {
862 result = CFRetain(keyExchangeResult);
863 }
864
865 out:
866 CFReleaseSafe(parameters);
867 CFReleaseSafe(ephemeralPubKeyData);
868 CFReleaseSafe(keyExchangeResult);
869 CFReleaseSafe(pubKeyData);
870 CFReleaseSafe(pubKey);
871 CFReleaseSafe(ciphertext);
872 return result;
873 }
874
875 static const CFIndex kSecKeyIESTagLength = 16;
876 static const UInt8 kSecKeyIESIV[16] = { 0 };
877
878 static CFDataRef SecKeyECIESKeyExchangeKDFX963CopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
879 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
880 CFDictionaryRef inParams, CFErrorRef *error) {
881 NSDictionary *parametersForKeyExchange, *inputParameters = (__bridge NSDictionary *)inParams;
882 NSData *result;
883 NSMutableData *sharedInfoForKeyExchange;
884
885 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
886 context->operation = kSecKeyOperationTypeKeyExchange;
887
888 if (context->mode == kSecKeyOperationModePerform) {
889 NSInteger keySize = 0;
890 NSNumber *keySizeObject = inputParameters[(__bridge id)kSecKeyEncryptionParameterSymmetricKeySizeInBits];
891 if (keySizeObject != nil) {
892 if (![keySizeObject isKindOfClass:NSNumber.class]) {
893 SecError(errSecParam, error, CFSTR("Bad requested kSecKeyEncryptionParameterSymmetricKeySizeInBits: %@"), keySizeObject);
894 return NULL;
895 }
896 keySize = keySizeObject.integerValue / 8;
897 } else {
898 // Use 128bit AES for EC keys <= 256bit, 256bit AES for larger keys.
899 keySize = ((CFDataGetLength(pubKey) - 1) / 2) * 8;
900 keySize = (keySize > 256) ? (256 / 8) : (128 / 8);
901 }
902
903 if (variableIV) {
904 keySize += sizeof(kSecKeyIESIV);
905 }
906
907 // Generate shared secret using KDF.
908 sharedInfoForKeyExchange = ((__bridge NSData *)ephemeralPubKey).mutableCopy;
909 NSData *sharedInfo = inputParameters[(__bridge id)kSecKeyKeyExchangeParameterSharedInfo];
910 if (sharedInfo != nil) {
911 [sharedInfoForKeyExchange appendData:sharedInfo];
912 }
913 parametersForKeyExchange = @{ (__bridge id)kSecKeyKeyExchangeParameterSharedInfo: sharedInfoForKeyExchange,
914 (__bridge id)kSecKeyKeyExchangeParameterRequestedSize: @(keySize) };
915 }
916
917 result = CFBridgingRelease(SecKeyRunAlgorithmAndCopyResult(context, encrypt ? pubKey : ephemeralPubKey, (__bridge CFDictionaryRef)parametersForKeyExchange, error));
918 if (context->mode == kSecKeyOperationModePerform && !variableIV && result != NULL) {
919 // Append all-zero IV to the result.
920 NSMutableData *data = result.mutableCopy;
921 [data appendBytes:kSecKeyIESIV length:sizeof(kSecKeyIESIV)];
922 result = [NSData dataWithData:data];
923 }
924 return CFBridgingRetain(result);
925 }
926
927 static Boolean SecKeyECIESEncryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
928 CFMutableDataRef result, CFErrorRef *error) {
929 Boolean res = FALSE;
930 CFIndex prefix = CFDataGetLength(result);
931 CFDataSetLength(result, prefix + CFDataGetLength(inData) + kSecKeyIESTagLength);
932 UInt8 *resultBuffer = CFDataGetMutableBytePtr(result) + prefix;
933 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(inData);
934 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
935 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
936 CFDataRef aad = inParams ? CFDictionaryGetValue(inParams, kSecKeyEncryptionParameterSymmetricAAD) : NULL;
937 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
938 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
939 sizeof(kSecKeyIESIV), ivBuffer,
940 aad ? CFDataGetLength(aad) : 0, aad ? CFDataGetBytePtr(aad) : NULL,
941 CFDataGetLength(inData), CFDataGetBytePtr(inData),
942 resultBuffer, kSecKeyIESTagLength, tagBuffer) == 0, out,
943 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm encrypt data")));
944 res = TRUE;
945 out:
946 return res;
947 }
948
949 static CFDataRef SecKeyECIESDecryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
950 CFErrorRef *error) {
951 CFDataRef result = NULL;
952 CFMutableDataRef plaintext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData) - kSecKeyIESTagLength);
953 CFMutableDataRef tag = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), kSecKeyIESTagLength);
954 CFDataGetBytes(inData, CFRangeMake(CFDataGetLength(inData) - kSecKeyIESTagLength, kSecKeyIESTagLength),
955 CFDataGetMutableBytePtr(tag));
956 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
957 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
958 CFDataRef aad = inParams ? CFDictionaryGetValue(inParams, kSecKeyEncryptionParameterSymmetricAAD) : NULL;
959 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
960 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
961 sizeof(kSecKeyIESIV), ivBuffer,
962 aad ? CFDataGetLength(aad) : 0, aad ? CFDataGetBytePtr(aad) : NULL,
963 CFDataGetLength(plaintext), CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(plaintext),
964 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
965 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm decrypt data")));
966 result = CFRetain(plaintext);
967 out:
968 CFReleaseSafe(plaintext);
969 CFReleaseSafe(tag);
970 return result;
971 }
972
973 #define ECIES_X963_ADAPTOR(hashname, cofactor, namepart, variableIV) \
974 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIES ## cofactor ## namepart ## hashname( \
975 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
976 return SecKeyECIESCopyEncryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
977 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESEncryptAESGCMCopyResult, variableIV, in1, in2, error); \
978 } \
979 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES ## cofactor ## namepart ## hashname( \
980 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
981 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
982 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESDecryptAESGCMCopyResult, variableIV, in1, in2, error); \
983 }
984
985 ECIES_X963_ADAPTOR(SHA1, Standard, X963, false)
986 ECIES_X963_ADAPTOR(SHA224, Standard, X963, false)
987 ECIES_X963_ADAPTOR(SHA256, Standard, X963, false)
988 ECIES_X963_ADAPTOR(SHA384, Standard, X963, false)
989 ECIES_X963_ADAPTOR(SHA512, Standard, X963, false)
990 ECIES_X963_ADAPTOR(SHA1, Cofactor, X963, false)
991 ECIES_X963_ADAPTOR(SHA224, Cofactor, X963, false)
992 ECIES_X963_ADAPTOR(SHA256, Cofactor, X963, false)
993 ECIES_X963_ADAPTOR(SHA384, Cofactor, X963, false)
994 ECIES_X963_ADAPTOR(SHA512, Cofactor, X963, false)
995
996 ECIES_X963_ADAPTOR(SHA224, Standard, VariableIVX963, true)
997 ECIES_X963_ADAPTOR(SHA256, Standard, VariableIVX963, true)
998 ECIES_X963_ADAPTOR(SHA384, Standard, VariableIVX963, true)
999 ECIES_X963_ADAPTOR(SHA512, Standard, VariableIVX963, true)
1000 ECIES_X963_ADAPTOR(SHA224, Cofactor, VariableIVX963, true)
1001 ECIES_X963_ADAPTOR(SHA256, Cofactor, VariableIVX963, true)
1002 ECIES_X963_ADAPTOR(SHA384, Cofactor, VariableIVX963, true)
1003 ECIES_X963_ADAPTOR(SHA512, Cofactor, VariableIVX963, true)
1004
1005 #undef ECIES_X963_ADAPTOR
1006
1007 static CFDataRef SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
1008 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
1009 CFDictionaryRef inParams, CFErrorRef *error) {
1010 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
1011 context->operation = kSecKeyOperationTypeKeyExchange;
1012 CFMutableDataRef result = (CFMutableDataRef)SecKeyRunAlgorithmAndCopyResult(context, ephemeralPubKey, NULL, error);
1013 if (result != NULL && context->mode == kSecKeyOperationModePerform) {
1014 const struct ccdigest_info *di = ccsha256_di();
1015 ccdigest_di_decl(di, ctx);
1016 ccdigest_init(di, ctx);
1017 ccdigest_update(di, ctx, CFDataGetLength(result), CFDataGetBytePtr(result));
1018 ccdigest_update(di, ctx, CFDataGetLength(ephemeralPubKey), CFDataGetBytePtr(ephemeralPubKey));
1019 ccdigest_update(di, ctx, CFDataGetLength(pubKey), CFDataGetBytePtr(pubKey));
1020 CFAssignRetained(result, CFDataCreateMutableWithScratch(kCFAllocatorDefault, di->output_size));
1021 ccdigest_final(di, ctx, CFDataGetMutableBytePtr(result));
1022 }
1023 return result;
1024 }
1025
1026 static CFDataRef SecKeyECIESDecryptAESCBCCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
1027 CFErrorRef *error) {
1028 CFMutableDataRef result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData));
1029 cccbc_one_shot(ccaes_cbc_decrypt_mode(),
1030 CFDataGetLength(keyExchangeResult), CFDataGetBytePtr(keyExchangeResult),
1031 NULL, CFDataGetLength(keyExchangeResult) / CCAES_BLOCK_SIZE,
1032 CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(result));
1033 return result;
1034 }
1035
1036 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys(
1037 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
1038 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchangeStandard,
1039 SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult,
1040 SecKeyECIESDecryptAESCBCCopyResult, false,
1041 in1, in2, error);
1042 }
1043
1044 static CFTypeRef SecKeyRSAAESGCMCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
1045 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
1046 CFTypeRef result = NULL;
1047 CFDictionaryRef parameters = NULL;
1048 CFDataRef pubKeyData = NULL, wrappedKey = NULL, sessionKey = NULL;
1049 CFMutableDataRef ciphertext = NULL;
1050
1051 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
1052 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
1053 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
1054 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
1055
1056 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
1057 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
1058 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
1059
1060 // Generate session key. Use 128bit AES for RSA keys < 4096bit, 256bit AES for larger keys.
1061 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
1062 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
1063 require_action_quiet(sessionKey = CFDataCreateWithRandomBytes((keySize >= 4096) ? (256 / 8) : (128 / 8)), out,
1064 SecError(errSecParam, error, CFSTR("Failed to generate session key")));
1065
1066 // Encrypt session key using wrapping algorithm and store at the beginning of the result packet.
1067 require_action_quiet(wrappedKey = SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error), out,
1068 CFReleaseNull(result));
1069 ciphertext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(wrappedKey) + CFDataGetLength(in1) + kSecKeyIESTagLength);
1070 UInt8 *resultBuffer = CFDataGetMutableBytePtr(ciphertext);
1071 CFDataGetBytes(wrappedKey, CFRangeMake(0, CFDataGetLength(wrappedKey)), resultBuffer);
1072 resultBuffer += CFDataGetLength(wrappedKey);
1073
1074 // Encrypt input data using AES-GCM.
1075 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(in1);
1076 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
1077 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1078 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1079 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1080 CFDataGetLength(in1), CFDataGetBytePtr(in1), resultBuffer,
1081 kSecKeyIESTagLength, tagBuffer) == 0, out,
1082 SecError(errSecParam, error, CFSTR("RSAWRAP: Failed to aes-gcm encrypt data")));
1083 result = CFRetain(ciphertext);
1084
1085 out:
1086 CFReleaseSafe(parameters);
1087 CFReleaseSafe(pubKeyData);
1088 CFReleaseSafe(wrappedKey);
1089 CFReleaseSafe(sessionKey);
1090 CFReleaseSafe(ciphertext);
1091 return result;
1092 }
1093
1094 static CFTypeRef SecKeyRSAAESGCMCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
1095 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
1096 CFTypeRef result = NULL;
1097 CFDictionaryRef parameters = NULL;
1098 CFMutableDataRef plaintext = NULL, tag = NULL;
1099 CFDataRef pubKeyData = NULL, sessionKey = NULL;
1100 SecKeyRef pubKey = NULL;
1101
1102 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
1103 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
1104 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
1105 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
1106
1107 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
1108 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
1109 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
1110
1111 // Extract encrypted session key.
1112 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
1113 SecError(errSecParam, error, CFSTR("%@: unable to get public key"), context->key));
1114 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
1115
1116 CFIndex wrappedKeySize = SecKeyGetBlockSize(context->key);
1117 require_action_quiet(CFDataGetLength(in1) >= wrappedKeySize + kSecKeyIESTagLength, out,
1118 SecError(errSecParam, error, CFSTR("RSA-WRAP too short input data")));
1119 sessionKey = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, CFDataGetBytePtr(in1), wrappedKeySize, kCFAllocatorNull);
1120
1121 // Decrypt session key.
1122 CFAssignRetained(sessionKey, SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error));
1123 require_quiet(sessionKey, out);
1124 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
1125 keySize = (keySize >= 4096) ? (256 / 8) : (128 / 8);
1126 require_action_quiet(CFDataGetLength(sessionKey) == keySize, out,
1127 SecError(errSecParam, error, CFSTR("RSA-WRAP bad ciphertext, unexpected session key size")));
1128
1129 // Decrypt ciphertext using AES-GCM.
1130 plaintext = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), CFDataGetLength(in1) - wrappedKeySize - kSecKeyIESTagLength);
1131 tag = CFDataCreateMutableWithScratch(kCFAllocatorDefault, kSecKeyIESTagLength);
1132 CFDataGetBytes(in1, CFRangeMake(CFDataGetLength(in1) - kSecKeyIESTagLength, kSecKeyIESTagLength),
1133 CFDataGetMutableBytePtr(tag));
1134 const UInt8 *ciphertextBuffer = CFDataGetBytePtr(in1);
1135 ciphertextBuffer += wrappedKeySize;
1136 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
1137 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1138 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1139 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1140 CFDataGetLength(plaintext), ciphertextBuffer, CFDataGetMutableBytePtr(plaintext),
1141 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
1142 SecError(errSecParam, error, CFSTR("RSA-WRAP: Failed to aes-gcm decrypt data")));
1143 result = CFRetain(plaintext);
1144
1145 out:
1146 CFReleaseSafe(parameters);
1147 CFReleaseSafe(sessionKey);
1148 CFReleaseSafe(tag);
1149 CFReleaseSafe(pubKeyData);
1150 CFReleaseSafe(pubKey);
1151 CFReleaseSafe(plaintext);
1152 return result;
1153 }
1154
1155 #define RSA_OAEP_AESGCM_ADAPTOR(hashname) \
1156 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1157 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1158 return SecKeyRSAAESGCMCopyEncryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1159 } \
1160 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1161 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1162 return SecKeyRSAAESGCMCopyDecryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1163 }
1164
1165 RSA_OAEP_AESGCM_ADAPTOR(SHA1)
1166 RSA_OAEP_AESGCM_ADAPTOR(SHA224)
1167 RSA_OAEP_AESGCM_ADAPTOR(SHA256)
1168 RSA_OAEP_AESGCM_ADAPTOR(SHA384)
1169 RSA_OAEP_AESGCM_ADAPTOR(SHA512)
1170
1171 #undef RSA_OAEP_AESGCM_ADAPTOR
1172
1173 SecKeyAlgorithmAdaptor SecKeyGetAlgorithmAdaptor(SecKeyOperationType operation, SecKeyAlgorithm algorithm) {
1174 static CFDictionaryRef adaptors[kSecKeyOperationTypeCount];
1175 static dispatch_once_t onceToken;
1176 dispatch_once(&onceToken, ^{
1177 const void *signKeys[] = {
1178 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1179 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1180 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1181 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1182 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1183 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1184 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1185
1186 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1187 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1188 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1189 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1190 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1191
1192 kSecKeyAlgorithmRSASignatureRaw,
1193 kSecKeyAlgorithmRSASignatureRawCCUnit,
1194
1195 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1196 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1197 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1198 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1199 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1200 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1201
1202 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1203 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1204 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1205 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1206 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1207
1208 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1209 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1210 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1211 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1212 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1213
1214 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1215 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1216 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1217 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1218 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1219
1220 kSecKeyAlgorithmECDSASignatureRFC4754,
1221 kSecKeyAlgorithmECDSASignatureDigestX962,
1222 };
1223 const void *signValues[] = {
1224 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA1,
1225 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA224,
1226 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA256,
1227 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA384,
1228 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA512,
1229 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15Raw,
1230 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15MD5,
1231
1232 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA1,
1233 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA224,
1234 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA256,
1235 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA384,
1236 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA512,
1237
1238 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw,
1239 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit,
1240
1241 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1242 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1243 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1244 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1245 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1246 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1247
1248 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1249 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1250 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1251 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1252 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1253
1254 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1255 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1256 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1257 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1258 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1259
1260 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1261 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1262 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1263 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1264 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1265
1266 SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureRFC4754,
1267 SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureDigestX962,
1268 };
1269 check_compile_time(array_size(signKeys) == array_size(signValues));
1270 adaptors[kSecKeyOperationTypeSign] = CFDictionaryCreate(kCFAllocatorDefault, signKeys, signValues,
1271 array_size(signKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1272
1273 const void *verifyKeys[] = {
1274 kSecKeyAlgorithmRSASignatureRaw,
1275
1276 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1277 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1278 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1279 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1280 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1281 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1282 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1283
1284 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1285 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1286 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1287 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1288 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1289
1290 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1291 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1292 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1293 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1294 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1295 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1296
1297 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1298 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1299 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1300 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1301 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1302
1303 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1304 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1305 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1306 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1307 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1308
1309 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1310 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1311 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1312 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1313 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1314
1315 kSecKeyAlgorithmECDSASignatureRFC4754,
1316 kSecKeyAlgorithmECDSASignatureDigestX962,
1317 };
1318 const void *verifyValues[] = {
1319 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw,
1320
1321 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA1,
1322 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA224,
1323 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA256,
1324 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA384,
1325 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA512,
1326 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15Raw,
1327 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15MD5,
1328
1329 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA1,
1330 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA224,
1331 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA256,
1332 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA384,
1333 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA512,
1334
1335 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1336 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1337 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1338 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1339 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1340 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1341
1342 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1343 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1344 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1345 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1346 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1347
1348 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1349 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1350 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1351 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1352 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1353
1354 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1355 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1356 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1357 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1358 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1359
1360 SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureRFC4754,
1361 SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureDigestX962,
1362 };
1363 check_compile_time(array_size(verifyKeys) == array_size(verifyValues));
1364 adaptors[kSecKeyOperationTypeVerify] = CFDictionaryCreate(kCFAllocatorDefault, verifyKeys, verifyValues,
1365 array_size(verifyKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1366
1367 const void *encryptKeys[] = {
1368 kSecKeyAlgorithmRSAEncryptionRaw,
1369 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1370
1371 kSecKeyAlgorithmRSAEncryptionPKCS1,
1372 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1373 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1374 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1375 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1376 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1377
1378 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1379 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1380 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1381 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1382 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1383
1384 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1385 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1386 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1387 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1388 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1389
1390 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1391 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1392 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1393 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1394 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1395
1396 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1397 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1398 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1399 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1400
1401 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1402 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1403 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1404 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1405 };
1406 const void *encryptValues[] = {
1407 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1408 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1409
1410 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1,
1411 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1,
1412 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224,
1413 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256,
1414 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384,
1415 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512,
1416
1417 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1AESGCM,
1418 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224AESGCM,
1419 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256AESGCM,
1420 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384AESGCM,
1421 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512AESGCM,
1422
1423 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA1,
1424 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA224,
1425 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA256,
1426 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA384,
1427 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA512,
1428
1429 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA1,
1430 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA224,
1431 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA256,
1432 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA384,
1433 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA512,
1434
1435 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA224,
1436 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA256,
1437 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA384,
1438 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA512,
1439
1440 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA224,
1441 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA256,
1442 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA384,
1443 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA512,
1444 };
1445 check_compile_time(array_size(encryptKeys) == array_size(encryptValues));
1446 adaptors[kSecKeyOperationTypeEncrypt] = CFDictionaryCreate(kCFAllocatorDefault, encryptKeys, encryptValues,
1447 array_size(encryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1448
1449 const void *decryptKeys[] = {
1450 kSecKeyAlgorithmRSAEncryptionRaw,
1451 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1452
1453 kSecKeyAlgorithmRSAEncryptionPKCS1,
1454 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1455 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1456 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1457 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1458 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1459
1460 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1461 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1462 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1463 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1464 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1465
1466 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1467 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1468 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1469 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1470 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1471
1472 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1473 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1474 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1475 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1476 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1477
1478 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1479 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1480 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1481 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1482
1483 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1484 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1485 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1486 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1487
1488 kSecKeyAlgorithmECIESEncryptionAKSSmartCard,
1489 };
1490 const void *decryptValues[] = {
1491 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1492 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1493
1494 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1,
1495 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1,
1496 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224,
1497 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256,
1498 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384,
1499 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512,
1500
1501 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1AESGCM,
1502 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224AESGCM,
1503 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256AESGCM,
1504 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384AESGCM,
1505 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512AESGCM,
1506
1507 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA1,
1508 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA224,
1509 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA256,
1510 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA384,
1511 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA512,
1512
1513 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA1,
1514 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA224,
1515 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA256,
1516 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA384,
1517 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA512,
1518
1519 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA224,
1520 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA256,
1521 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA384,
1522 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA512,
1523
1524 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA224,
1525 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA256,
1526 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA384,
1527 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA512,
1528
1529 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys,
1530 };
1531 check_compile_time(array_size(decryptKeys) == array_size(decryptValues));
1532 adaptors[kSecKeyOperationTypeDecrypt] = CFDictionaryCreate(kCFAllocatorDefault, decryptKeys, decryptValues,
1533 array_size(decryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1534
1535 const void *keyExchangeKeys[] = {
1536 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1,
1537 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224,
1538 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256,
1539 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384,
1540 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512,
1541
1542 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1,
1543 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224,
1544 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256,
1545 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384,
1546 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512,
1547 };
1548 const void *keyExchangeValues[] = {
1549
1550 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA1,
1551 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA224,
1552 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA256,
1553 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA384,
1554 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA512,
1555
1556 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA1,
1557 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA224,
1558 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA256,
1559 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA384,
1560 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA512,
1561 };
1562 check_compile_time(array_size(keyExchangeKeys) == array_size(keyExchangeKeys));
1563 adaptors[kSecKeyOperationTypeKeyExchange] = CFDictionaryCreate(kCFAllocatorDefault, keyExchangeKeys, keyExchangeValues,
1564 array_size(keyExchangeKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1565 });
1566
1567 return CFDictionaryGetValue(adaptors[operation], algorithm);
1568 }
mirror of Security