OSX/shared_regressions/si-44-seckey-ec.m

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 #import <Foundation/Foundation.h>
  26
  27 #import <corecrypto/ccsha1.h>
  28 #import <corecrypto/ccsha2.h>
  29 #import <corecrypto/ccec.h>
  30
  31 #include "shared_regressions.h"
  32
  33 static void test_export_import_run(int size) {
  34     NSError *error;
  35     id privKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(size)}, (void *)&error));
  36     ok(privKey, "generate private key (size %d, error %@)", size, error);
  37
  38     NSData *message = [NSData dataWithBytes:"hello" length:5];
  39     error = nil;
  40     NSData *signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (void *)&error));
  41     ok(signature, "create signature, %@", error);
  42
  43     id pubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privKey));
  44     error = nil;
  45     NSData *pubKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)pubKey, (void *)&error));
  46     ok(pubKeyData, "export public key, %@", error);
  47     size = (size + 7) / 8;
  48     is(pubKeyData.length, (unsigned)size * 2 + 1, "pubkey data has expected length");
  49
  50     id importedPubKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)pubKeyData, (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPublic}, (void *)&error));
  51     ok(importedPubKey, "import public key, %@", error);
  52     ok(SecKeyVerifySignature((SecKeyRef)importedPubKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (CFDataRef)signature, (void *)&error), "verify signature, %@", error);
  53
  54     error = nil;
  55     NSData *privKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)privKey, (void *)&error));
  56     ok(privKeyData, "export privKey, %@", error);
  57     is(privKeyData.length, (unsigned)size * 3 + 1, "privkey data has expected length");
  58
  59     error = nil;
  60     id importedPrivKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)privKeyData, (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate}, (void *)&error));
  61     ok(importedPrivKey, "import privKey, %@", error);
  62
  63     id importedPrivKeyPubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)importedPrivKey));
  64     error = nil;
  65     ok(SecKeyVerifySignature((SecKeyRef)importedPrivKeyPubKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (CFDataRef)signature, (void *)&error), "verify signature, %@", error);
  66 }
  67 static const int TestExportImportRun = 10;
  68
  69 static void test_export_import() {
  70     test_export_import_run(192);
  71     test_export_import_run(256);
  72     test_export_import_run(521);
  73 }
  74 static const int TestExportImport = TestExportImportRun * 3;
  75
  76 static void test_sign_digest_run(id privKey, ccec_const_cp_t cp, SecKeyAlgorithm algorithm, const struct ccdigest_info *di) {
  77     ok(SecKeyIsAlgorithmSupported((SecKeyRef)privKey, kSecKeyOperationTypeSign, algorithm), "algorithm %@ should be supported", algorithm);
  78
  79     NSError *error;
  80     NSData *digest = [NSMutableData dataWithLength:di ? di->output_size : 50];
  81
  82     error = nil;
  83     NSData *signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
  84     ok(signature != nil, "signing failed: %@", error);
  85
  86     error = nil;
  87     id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privKey));
  88     NSData *pubKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)publicKey, (void *)&error));
  89     ok(pubKeyData, "export public key: %@", error);
  90     ccec_pub_ctx_decl_cp(cp, pubkey);
  91     ok(ccec_x963_import_pub(cp, pubKeyData.length, pubKeyData.bytes, pubkey) == 0, "error importing cc ec key");
  92     bool valid = false;
  93     is(ccec_verify(pubkey, digest.length, digest.bytes, signature.length, signature.bytes, &valid), 0, "ccec_verify");
  94     is(valid, true, "ccec_verify detected bad signature");
  95
  96     if (di != NULL) {
  97         error = nil;
  98         digest = [NSMutableData dataWithLength:di->output_size + 1];
  99         signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
 100         is(signature, nil, "signing long digest fails");
 101         is(error.code, errSecParam, "wrong error for long digest: %@", error);
 102
 103         error = nil;
 104         digest = [NSMutableData dataWithLength:di->output_size - 1];
 105         signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
 106         is(signature, nil, "signing short digest fails");
 107         is(error.code, errSecParam, "wrong error for short digest: %@", error);
 108     } else {
 109         // Balance count of tests
 110         ok(true);
 111         ok(true);
 112         ok(true);
 113         ok(true);
 114     }
 115 }
 116 static const int TestSignDigestRun = 10;
 117
 118 static void test_sign_digest() {
 119
 120     NSError *error = nil;
 121     id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @192}, (void *)&error));
 122     ok(privateKey, "key properly generated: %@", error);
 123
 124     test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
 125     test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
 126     test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
 127     test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
 128     test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
 129     test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
 130
 131     privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @256}, (void *)&error));
 132     ok(privateKey, "key properly generated: %@", error);
 133
 134     test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
 135     test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
 136     test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
 137     test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
 138     test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
 139     test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
 140
 141
 142     privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @521}, (void *)&error));
 143     ok(privateKey, "key properly generated: %@", error);
 144
 145     test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
 146     test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
 147     test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
 148     test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
 149     test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
 150     test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
 151 }
 152 static const int TestSignDigest = TestSignDigestRun * 18 + 3;
 153
 154 static const int TestCount =
 155 TestExportImport +
 156 TestSignDigest;
 157
 158 int si_44_seckey_ec(int argc, char *const *argv) {
 159     plan_tests(TestCount);
 160
 161     @autoreleasepool {
 162         test_export_import();
 163         test_sign_digest();
 164     }
 165
 166     return 0;
 167 }