]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecKeyAdaptors.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / OSX / sec / Security / SecKeyAdaptors.m
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * SecKeyAdaptors.m - Implementation of assorted algorithm adaptors for SecKey.
26 * Algorithm adaptor is able to perform some transformation on provided input and calculated results and invoke
27 * underlying operation with different algorithm. Typical adaptors are message->digest or unpadded->padded.
28 * To invoke underlying operation, add algorithm to the context algorithm array and invoke SecKeyRunAlgorithmAndCopyResult().
29 */
30
31 #import <Foundation/Foundation.h>
32
33 #include <Security/SecBase.h>
34 #include <Security/SecKeyInternal.h>
35 #include <Security/SecItem.h>
36 #include <Security/SecItemPriv.h>
37 #include <Security/SecCFAllocator.h>
38
39 #include <AssertMacros.h>
40 #include <utilities/SecCFWrappers.h>
41 #include <utilities/array_size.h>
42 #include <utilities/debugging.h>
43 #include <utilities/SecCFError.h>
44 #include <utilities/SecBuffer.h>
45
46 #include <corecrypto/ccsha1.h>
47 #include <corecrypto/ccsha2.h>
48 #include <corecrypto/ccmd5.h>
49 #include <corecrypto/ccrsa_priv.h>
50 #include <corecrypto/ccansikdf.h>
51 #include <corecrypto/ccmode.h>
52 #include <corecrypto/ccaes.h>
53 #include <corecrypto/ccder.h>
54
55
56 #pragma mark Algorithm constants value definitions
57
58 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw = CFSTR("algid:sign:RSA:raw");
59 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRawCCUnit = CFSTR("algid:sign:RSA:raw-cc");
60
61 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw = CFSTR("algid:sign:RSA:digest-PKCS1v15");
62 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5");
63 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA1");
64 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA224");
65 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA256");
66 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA384");
67 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA512");
68 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA1 = CFSTR("algid:sign:RSA:digest-PSS:SHA1:SHA1:20");
69 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA224 = CFSTR("algid:sign:RSA:digest-PSS:SHA224:SHA224:24");
70 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256 = CFSTR("algid:sign:RSA:digest-PSS:SHA256:SHA256:32");
71 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384 = CFSTR("algid:sign:RSA:digest-PSS:SHA384:SHA384:48");
72 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512 = CFSTR("algid:sign:RSA:digest-PSS:SHA512:SHA512:64");
73
74 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 = CFSTR("algid:sign:RSA:message-PKCS1v15:MD5");
75 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA1");
76 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA224");
77 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA256");
78 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA384");
79 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA512");
80 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA1 = CFSTR("algid:sign:RSA:message-PSS:SHA1:SHA1:20");
81 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA224 = CFSTR("algid:sign:RSA:message-PSS:SHA224:SHA224:24");
82 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA256 = CFSTR("algid:sign:RSA:message-PSS:SHA256:SHA256:32");
83 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA384 = CFSTR("algid:sign:RSA:message-PSS:SHA384:SHA384:48");
84 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512 = CFSTR("algid:sign:RSA:message-PSS:SHA512:SHA512:64");
85
86 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754 = CFSTR("algid:sign:ECDSA:RFC4754");
87
88 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962 = CFSTR("algid:sign:ECDSA:digest-X962");
89 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1 = CFSTR("algid:sign:ECDSA:digest-X962:SHA1");
90 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224 = CFSTR("algid:sign:ECDSA:digest-X962:SHA224");
91 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256 = CFSTR("algid:sign:ECDSA:digest-X962:SHA256");
92 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384 = CFSTR("algid:sign:ECDSA:digest-X962:SHA384");
93 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512 = CFSTR("algid:sign:ECDSA:digest-X962:SHA512");
94
95 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1 = CFSTR("algid:sign:ECDSA:message-X962:SHA1");
96 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224 = CFSTR("algid:sign:ECDSA:message-X962:SHA224");
97 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256 = CFSTR("algid:sign:ECDSA:message-X962:SHA256");
98 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384 = CFSTR("algid:sign:ECDSA:message-X962:SHA384");
99 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512 = CFSTR("algid:sign:ECDSA:message-X962:SHA512");
100
101 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw = CFSTR("algid:encrypt:RSA:raw");
102 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRawCCUnit = CFSTR("algid:encrypt:RSA:raw-cc");
103 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1 = CFSTR("algid:encrypt:RSA:PKCS1");
104 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1 = CFSTR("algid:encrypt:RSA:OAEP:SHA1");
105 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224 = CFSTR("algid:encrypt:RSA:OAEP:SHA224");
106 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256 = CFSTR("algid:encrypt:RSA:OAEP:SHA256");
107 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384 = CFSTR("algid:encrypt:RSA:OAEP:SHA384");
108 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512 = CFSTR("algid:encrypt:RSA:OAEP:SHA512");
109
110 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA1:AESGCM");
111 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA224:AESGCM");
112 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA256:AESGCM");
113 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA384:AESGCM");
114 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA512:AESGCM");
115
116 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA1:AESGCM");
117 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM");
118 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM");
119 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM");
120 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM");
121
122 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA1:AESGCM");
123 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM");
124 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM");
125 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM");
126 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM");
127
128 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM-KDFIV");
129 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM-KDFIV");
130 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM-KDFIV");
131 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM-KDFIV");
132
133 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM-KDFIV");
134 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM-KDFIV");
135 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM-KDFIV");
136 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM-KDFIV");
137
138 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard = CFSTR("algid:keyexchange:ECDH");
139 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA1");
140 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA224");
141 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA256");
142 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA384");
143 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA512");
144
145 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor = CFSTR("algid:keyexchange:ECDHC");
146 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA1");
147 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA224");
148 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA256");
149 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA384");
150 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA512");
151
152 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard = CFSTR("algid:encrypt:ECIES:ECDH:SHA256:2PubKeys");
153
154 void SecKeyOperationContextDestroy(SecKeyOperationContext *context) {
155 CFReleaseNull(context->algorithm);
156 }
157
158 static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buffer, CFDataRef data)) {
159 PerformWithBuffer(size, ^(size_t size, uint8_t *buffer) {
160 CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)buffer, size, kCFAllocatorNull);
161 operation(buffer, data);
162 CFRelease(data);
163 });
164 }
165
166 static CFDataRef SecKeyCopyDigestForMessage(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2,
167 const struct ccdigest_info *di, CFErrorRef *error) {
168 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
169 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
170 }
171
172 __block CFTypeRef result;
173 PerformWithCFDataBuffer(di->output_size, ^(uint8_t *buffer, CFDataRef data) {
174 ccdigest(di, CFDataGetLength(message), CFDataGetBytePtr(message), buffer);
175 result = SecKeyRunAlgorithmAndCopyResult(context, data, in2, error);
176 });
177 return result;
178 }
179
180 static CFTypeRef SecKeyCopyECDSASignatureForDigest(SecKeyOperationContext *context, CFDataRef digest, CFDataRef in2,
181 SecKeyAlgorithm algorithm, const struct ccdigest_info *di, CFErrorRef *error) {
182 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigestX962);
183 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
184 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
185 }
186
187 if (CFDataGetLength(digest) != (CFIndex)di->output_size) {
188 SecError(errSecParam, error, CFSTR("bad digest size for signing with algorithm %@"), algorithm);
189 return NULL;
190 }
191
192 return SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
193 }
194
195 #define DIGEST_RSA_ADAPTORS(name, di) \
196 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessage ## name( \
197 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
198 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigest ## name); \
199 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
200 }
201
202 #define DIGEST_ECDSA_ADAPTORS(name, di) \
203 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessage ## name( \
204 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
205 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigest ## name); \
206 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
207 } \
208 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigest ## name( \
209 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
210 return SecKeyCopyECDSASignatureForDigest(context, in1, in2, kSecKeyAlgorithmECDSASignatureDigest ## name, di, error); \
211 }
212
213 DIGEST_RSA_ADAPTORS(PKCS1v15SHA1, ccsha1_di())
214 DIGEST_RSA_ADAPTORS(PKCS1v15SHA224, ccsha224_di())
215 DIGEST_RSA_ADAPTORS(PKCS1v15SHA256, ccsha256_di())
216 DIGEST_RSA_ADAPTORS(PKCS1v15SHA384, ccsha384_di())
217 DIGEST_RSA_ADAPTORS(PKCS1v15SHA512, ccsha512_di())
218 DIGEST_RSA_ADAPTORS(PKCS1v15MD5, ccmd5_di())
219 DIGEST_RSA_ADAPTORS(PSSSHA1, ccsha1_di())
220 DIGEST_RSA_ADAPTORS(PSSSHA224, ccsha224_di())
221 DIGEST_RSA_ADAPTORS(PSSSHA256, ccsha256_di())
222 DIGEST_RSA_ADAPTORS(PSSSHA384, ccsha384_di())
223 DIGEST_RSA_ADAPTORS(PSSSHA512, ccsha512_di())
224 DIGEST_ECDSA_ADAPTORS(X962SHA1, ccsha1_di())
225 DIGEST_ECDSA_ADAPTORS(X962SHA224, ccsha224_di())
226 DIGEST_ECDSA_ADAPTORS(X962SHA256, ccsha256_di())
227 DIGEST_ECDSA_ADAPTORS(X962SHA384, ccsha384_di())
228 DIGEST_ECDSA_ADAPTORS(X962SHA512, ccsha512_di())
229
230 #undef DIGEST_RSA_ADAPTORS
231 #undef DIGEST_ECDSA_ADAPTORS
232
233 typedef CF_ENUM(CFIndex, SecKeyECSignatureType) {
234 kSecKeyECSignatureTypeRFC4754,
235 kSecKeyECSignatureTypeX962,
236 };
237
238 static CFDataRef SecKeyCopyConvertedECDSASignature(SecKeyOperationContext *context, SecKeyECSignatureType targetType, CFDataRef sourceSignature, OSStatus errorStatus, CFErrorRef *error) {
239 CFMutableDataRef targetSignature = NULL;
240 CFIndex keySize = SecKeyGetBlockSize(context->key);
241 cc_size ccn = ccn_nof_size(keySize);
242 cc_unit ccr[ccn], ccs[ccn];
243 const uint8_t *data = CFDataGetBytePtr(sourceSignature);
244 if (targetType == kSecKeyECSignatureTypeRFC4754) {
245 // Extract ASN.1 DER signature and create raw r-s big-endian encoded signature.
246 const uint8_t *der_end = data + CFDataGetLength(sourceSignature);
247 if (ccder_decode_seqii(ccn, ccr, ccs, data, der_end) == der_end) {
248 targetSignature = CFDataCreateMutableWithScratch(kCFAllocatorDefault, keySize * 2);
249 uint8_t *target = CFDataGetMutableBytePtr(targetSignature);
250 ccn_write_uint_padded(ccn, ccr, keySize, target);
251 ccn_write_uint_padded(ccn, ccs, keySize, target + keySize);
252 } else {
253 SecError(errorStatus, error, CFSTR("Wrong ECDSA X962 signature"));
254 }
255 } else {
256 // Extract raw r-s big-endian encoded signature and encode ASN.1 DER signature.
257 if (CFDataGetLength(sourceSignature) == 2 * (CFIndex)keySize &&
258 ccn_read_uint(ccn, ccr, keySize, data) == 0 && ccn_read_uint(ccn, ccs, keySize, data + keySize) == 0) {
259 size_t s_len = ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
260 ccder_sizeof_integer(ccn, ccr) +
261 ccder_sizeof_integer(ccn, ccs));
262 targetSignature = CFDataCreateMutableWithScratch(kCFAllocatorDefault, s_len);
263 uint8_t *der = CFDataGetMutableBytePtr(targetSignature);
264 uint8_t *der_end = der + s_len;
265 if (ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
266 ccder_encode_integer(ccn, ccr, der,
267 ccder_encode_integer(ccn, ccs, der, der_end))) == NULL) {
268 CFReleaseNull(targetSignature);
269 SecError(errSecInternal, error, CFSTR("Failed to encode X962 signature"));
270 }
271 } else {
272 SecError(errorStatus, error, CFSTR("Wrong ECDSA RFC4754 signature"));
273 }
274 }
275
276 return targetSignature;
277 }
278
279 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureConvert(SecKeyOperationContext *context,
280 SecKeyECSignatureType signatureType,
281 CFTypeRef digest, CFTypeRef in2, CFErrorRef *error) {
282 CFArrayAppendValue(context->algorithm, signatureType == kSecKeyECSignatureTypeRFC4754 ? kSecKeyAlgorithmECDSASignatureDigestX962 : kSecKeyAlgorithmECDSASignatureRFC4754);
283 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
284 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
285 }
286
287 CFDataRef signature = SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
288 if (signature == NULL || CFEqual(signature, kCFNull)) {
289 return signature;
290 }
291
292 // Convert the signature.
293 CFAssignRetained(signature, SecKeyCopyConvertedECDSASignature(context, signatureType, signature, errSecParam, error));
294 return signature;
295 }
296
297 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureConvert(SecKeyOperationContext *context,
298 SecKeyECSignatureType signatureType,
299 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
300 SecKeyECSignatureType targetSignatureType = (signatureType == kSecKeyECSignatureTypeRFC4754) ? kSecKeyECSignatureTypeX962 : kSecKeyECSignatureTypeRFC4754;
301 CFArrayAppendValue(context->algorithm, targetSignatureType == kSecKeyECSignatureTypeRFC4754 ? kSecKeyAlgorithmECDSASignatureRFC4754 : kSecKeyAlgorithmECDSASignatureDigestX962);
302 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
303 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
304 }
305
306 CFDataRef convertedSignature = SecKeyCopyConvertedECDSASignature(context, targetSignatureType, signature, errSecVerifyFailed, error);
307 CFTypeRef result = NULL;
308 if (convertedSignature != NULL) {
309 result = SecKeyRunAlgorithmAndCopyResult(context, digest, convertedSignature, error);
310 CFReleaseNull(convertedSignature);
311 }
312 return result;
313 }
314
315 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureRFC4754(SecKeyOperationContext *context,
316 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
317 return SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureConvert(context, kSecKeyECSignatureTypeRFC4754, digest, signature, error);
318 }
319 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureDigestX962(SecKeyOperationContext *context,
320 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
321 return SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureConvert(context, kSecKeyECSignatureTypeX962, digest, signature, error);
322 }
323
324 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureRFC4754(SecKeyOperationContext *context,
325 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
326 return SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureConvert(context, kSecKeyECSignatureTypeRFC4754, digest, signature, error);
327 }
328 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureDigestX962(SecKeyOperationContext *context,
329 CFTypeRef digest, CFTypeRef signature, CFErrorRef *error) {
330 return SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureConvert(context, kSecKeyECSignatureTypeX962, digest, signature, error);
331 }
332
333 static CFDataRef SecKeyRSACopyBigEndianToCCUnit(CFDataRef bigEndian, size_t size) {
334 CFMutableDataRef result = NULL;
335 if (bigEndian != NULL) {
336 size_t dataSize = CFDataGetLength(bigEndian);
337 if (dataSize > size) {
338 size = dataSize;
339 }
340 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, ccn_sizeof_size(size));
341 ccn_read_uint(ccn_nof_size(size), (cc_unit *)CFDataGetMutableBytePtr(result), dataSize, CFDataGetBytePtr(bigEndian));
342 }
343 return result;
344 }
345
346 static void PerformWithBigEndianToCCUnit(CFDataRef bigEndian, size_t size, void (^operation)(CFDataRef ccunits)) {
347 if (bigEndian == NULL) {
348 return operation(NULL);
349 }
350 size_t dataSize = CFDataGetLength(bigEndian);
351 if (dataSize > size) {
352 size = dataSize;
353 }
354 PerformWithCFDataBuffer(ccn_sizeof_size(size), ^(uint8_t *buffer, CFDataRef data) {
355 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, dataSize, CFDataGetBytePtr(bigEndian));
356 operation(data);
357 });
358 }
359
360 static CFDataRef SecKeyRSACopyCCUnitToBigEndian(CFDataRef ccunits, size_t size) {
361 CFMutableDataRef result = NULL;
362 if (ccunits != NULL) {
363 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
364 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
365 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, size);
366 ccn_write_uint_padded(n, s, CFDataGetLength(result), CFDataGetMutableBytePtr(result));
367 }
368 return result;
369 }
370
371 static void PerformWithCCUnitToBigEndian(CFDataRef ccunits, size_t size, void (^operation)(CFDataRef bigEndian)) {
372 if (ccunits == NULL) {
373 return operation(NULL);
374 }
375 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
376 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
377 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
378 ccn_write_uint_padded(n, s, size, buffer);
379 operation(data);
380 });
381 }
382
383 static CFTypeRef SecKeyRSACopyEMSASignature(SecKeyOperationContext *context,
384 CFDataRef in1, CFDataRef in2, CFErrorRef *error, bool pss, const struct ccdigest_info *di) {
385 CFDictionaryRef parameters = NULL;
386 __block CFTypeRef result = NULL;
387
388 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
389 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
390 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
391 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
392 CFReleaseNull(parameters);
393
394 if (pss) {
395 // Verify that algorithm is compatible with the modulus size.
396 size_t blockSize = SecKeyGetBlockSize(context->key);
397 require_action_quiet(blockSize >= di->output_size * 2 + 2, out,
398 SecError(errSecParam, error, CFSTR("algorithm %@ incompatible with %lubit RSA key"),
399 CFArrayGetValueAtIndex(context->algorithm, CFArrayGetCount(context->algorithm) - 1),
400 blockSize * 8));
401 }
402
403 if (!pss && di != NULL) {
404 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw);
405 }
406
407 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
408 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
409 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
410 }
411
412 size_t size = SecKeyGetBlockSize(context->key);
413 if (size == 0) {
414 SecError(errSecParam, error, CFSTR("expecting RSA key"));
415 return NULL;
416 }
417 PerformWithCFDataBuffer(ccn_sizeof_size(size), ^(uint8_t *buffer, CFDataRef data) {
418 NSMutableData *s = [NSMutableData dataWithLength:size];
419 require_action_quiet(s != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
420 if (pss) {
421 NSMutableData *salt = [NSMutableData dataWithLength:di->output_size];
422 require_action_quiet(salt != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
423 int err = ccrng_generate(ccrng_seckey, di->output_size, salt.mutableBytes);
424 require_noerr_action_quiet(err, out, SecError(errSecInternal, error, CFSTR("PSS salt gen fail (%zu bytes), err %d"),
425 di->output_size, err));
426 err = ccrsa_emsa_pss_encode(di, di, di->output_size, salt.bytes,
427 CFDataGetLength(in1), CFDataGetBytePtr(in1), size * 8 - 1, s.mutableBytes);
428 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSASSA-PSS incompatible algorithm for key size")));
429 } else {
430 int err = ccrsa_emsa_pkcs1v15_encode(size, s.mutableBytes, CFDataGetLength(in1), CFDataGetBytePtr(in1), di ? di->oid : NULL);
431 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSAsign wrong input data length")));
432 }
433 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, size, s.bytes);
434 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
435 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
436 out:;
437 });
438
439 out:
440 CFReleaseSafe(parameters);
441 return result;
442 }
443
444 #define RSA_EMSA_SIGN_ADAPTOR(name, pss, di) \
445 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigest ## name( \
446 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
447 return SecKeyRSACopyEMSASignature(context, in1, in2, error, pss, di); \
448 }
449
450 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA1, false, ccsha1_di())
451 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA224, false, ccsha224_di())
452 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA256, false, ccsha256_di())
453 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA384, false, ccsha384_di())
454 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA512, false, ccsha512_di())
455 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15Raw, false, NULL)
456 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15MD5, false, ccmd5_di())
457 RSA_EMSA_SIGN_ADAPTOR(PSSSHA1, true, ccsha1_di())
458 RSA_EMSA_SIGN_ADAPTOR(PSSSHA224, true, ccsha224_di())
459 RSA_EMSA_SIGN_ADAPTOR(PSSSHA256, true, ccsha256_di())
460 RSA_EMSA_SIGN_ADAPTOR(PSSSHA384, true, ccsha384_di())
461 RSA_EMSA_SIGN_ADAPTOR(PSSSHA512, true, ccsha512_di())
462
463 #undef RSA_EMSA_SIGN_ADAPTOR
464
465 static CFTypeRef SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(SecKeyOperationContext *context,
466 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
467 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
468 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
469 }
470
471 __block CFTypeRef result = NULL;
472 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
473 result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, in2, error);
474 if (result != NULL) {
475 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
476 }
477 });
478 return result;
479 }
480
481 static CFTypeRef SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(SecKeyOperationContext *context,
482 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
483 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
484 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
485 }
486
487 __block CFTypeRef result = NULL;
488 PerformWithCCUnitToBigEndian(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef bigEndian) {
489 result = SecKeyRunAlgorithmAndCopyResult(context, bigEndian, in2, error);
490 if (result != NULL) {
491 CFAssignRetained(result, SecKeyRSACopyBigEndianToCCUnit(result, SecKeyGetBlockSize(context->key)));
492 }
493 });
494 return result;
495 }
496
497 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw(SecKeyOperationContext *context,
498 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
499 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
500 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
501 }
502
503 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit(SecKeyOperationContext *context,
504 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
505 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRaw);
506 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
507 }
508
509 static bool SecKeyVerifyBadSignature(CFErrorRef *error) {
510 return SecError(errSecVerifyFailed, error, CFSTR("RSA signature verification failed, no match"));
511 }
512
513 static CFTypeRef SecKeyRSAVerifyAdaptorCopyResult(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error,
514 Boolean (^verifyBlock)(CFDataRef decrypted)) {
515 CFTypeRef result = NULL;
516 context->operation = kSecKeyOperationTypeDecrypt;
517 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
518 result = SecKeyRunAlgorithmAndCopyResult(context, signature, NULL, error);
519 if (context->mode == kSecKeyOperationModePerform && result != NULL) {
520 if (verifyBlock(result)) {
521 CFRetainAssign(result, kCFBooleanTrue);
522 } else {
523 CFRetainAssign(result, kCFBooleanFalse);
524 SecKeyVerifyBadSignature(error);
525 }
526 }
527 return result;
528 }
529
530 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyOperationContext *context,
531 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
532 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) {
533 // Skip zero-padding from the beginning of the decrypted signature.
534 const UInt8 *data = CFDataGetBytePtr(decrypted);
535 CFIndex length = CFDataGetLength(decrypted);
536 while (*data == 0x00 && length > 0) {
537 data++;
538 length--;
539 }
540 // The rest of the decrypted signature must be the same as input data.
541 return length == CFDataGetLength(in1) && memcmp(CFDataGetBytePtr(in1), data, length) == 0;
542 });
543 };
544
545 #define PKCS1v15_EMSA_VERIFY_ADAPTOR(name, oid) \
546 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15 ## name( \
547 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
548 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
549 return ccrsa_emsa_pkcs1v15_verify(CFDataGetLength(decrypted), \
550 (uint8_t *)CFDataGetBytePtr(decrypted), \
551 CFDataGetLength(in1), CFDataGetBytePtr(in1), oid) == 0; \
552 }); \
553 }
554
555 #define PSS_EMSA_VERIFY_ADAPTOR(name, di) \
556 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSS ## name( \
557 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
558 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
559 return ccrsa_emsa_pss_decode(di, di, di->output_size, CFDataGetLength(in1), CFDataGetBytePtr(in1), \
560 CFDataGetLength(decrypted) * 8 - 1, (uint8_t *)CFDataGetBytePtr(decrypted)) == 0; \
561 }); \
562 }
563
564 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di()->oid)
565 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di()->oid)
566 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di()->oid)
567 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di()->oid)
568 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di()->oid)
569 PKCS1v15_EMSA_VERIFY_ADAPTOR(Raw, NULL)
570 PKCS1v15_EMSA_VERIFY_ADAPTOR(MD5, ccmd5_di()->oid)
571
572 PSS_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di())
573 PSS_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di())
574 PSS_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di())
575 PSS_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di())
576 PSS_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di())
577
578 #undef PKCS1v15_EMSA_VERIFY_ADAPTOR
579 #undef PSS_EMSA_VERIFY_ADAPTOR
580
581 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw(SecKeyOperationContext *context,
582 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
583 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
584 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
585 }
586
587 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit(SecKeyOperationContext *context,
588 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
589 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
590 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
591 }
592
593 static CFTypeRef SecKeyRSACopyEncryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
594 CFDataRef in1, CFErrorRef *error) {
595 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
596 size_t size = SecKeyGetBlockSize(context->key);
597 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
598 if (size < minSize) {
599 return kCFNull;
600 }
601 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
602 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
603 }
604
605 __block CFTypeRef result = NULL;
606 PerformWithCFDataBuffer(ccn_sizeof_size(size), ^(uint8_t *buffer, CFDataRef data) {
607 int err;
608 if (di != NULL) {
609 err = ccrsa_oaep_encode(di, ccrng_seckey, size, (cc_unit *)buffer,
610 CFDataGetLength(in1), CFDataGetBytePtr(in1));
611 } else {
612 err = ccrsa_eme_pkcs1v15_encode(ccrng_seckey, size, (cc_unit *)buffer,
613 CFDataGetLength(in1), CFDataGetBytePtr(in1));
614 }
615 require_noerr_action_quiet(err, out, SecError(errSecParam, error,
616 CFSTR("RSAencrypt wrong input size (err %d)"), err));
617 cc_clear(ccn_sizeof_size(size) - size, buffer + size);
618 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
619 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
620 out:;
621 });
622 return result;
623 }
624
625 static CFTypeRef SecKeyRSACopyDecryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
626 CFDataRef in1, CFErrorRef *error) {
627 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
628 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
629 if (SecKeyGetBlockSize(context->key) < minSize) {
630 return kCFNull;
631 }
632 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
633 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
634 }
635
636 __block CFMutableDataRef result = NULL;
637 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
638 CFDataRef cc_result = NULL;
639 require_quiet(cc_result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, NULL, error), out);
640 size_t size = SecKeyGetBlockSize(context->key);
641 result = CFDataCreateMutableWithScratch(NULL, size);
642 int err;
643 if (di != NULL) {
644 err = ccrsa_oaep_decode(di, &size, CFDataGetMutableBytePtr(result),
645 size, (cc_unit *)CFDataGetBytePtr(cc_result));
646 } else {
647 err = ccrsa_eme_pkcs1v15_decode(&size, CFDataGetMutableBytePtr(result),
648 size, (cc_unit *)CFDataGetBytePtr(cc_result));
649 }
650 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
651 SecError(errSecParam, error, CFSTR("RSAdecrypt wrong input (err %d)"), err)));
652 CFDataSetLength(result, size);
653 out:
654 CFReleaseSafe(cc_result);
655 });
656 return result;
657 }
658
659 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
660 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
661 return SecKeyRSACopyEncryptedWithPadding(context, NULL, in1, error);
662 }
663
664 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
665 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
666 return SecKeyRSACopyDecryptedWithPadding(context, NULL, in1, error);
667 }
668
669 #define RSA_OAEP_CRYPT_ADAPTOR(name, di) \
670 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## name( \
671 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
672 return SecKeyRSACopyEncryptedWithPadding(context, di, in1, error); \
673 } \
674 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## name( \
675 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
676 return SecKeyRSACopyDecryptedWithPadding(context, di, in1, error); \
677 }
678
679 RSA_OAEP_CRYPT_ADAPTOR(SHA1, ccsha1_di());
680 RSA_OAEP_CRYPT_ADAPTOR(SHA224, ccsha224_di());
681 RSA_OAEP_CRYPT_ADAPTOR(SHA256, ccsha256_di());
682 RSA_OAEP_CRYPT_ADAPTOR(SHA384, ccsha384_di());
683 RSA_OAEP_CRYPT_ADAPTOR(SHA512, ccsha512_di());
684
685 #undef RSA_OAEP_CRYPT_ADAPTOR
686
687 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize = CFSTR("requestedSize");
688 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo = CFSTR("sharedInfo");
689
690 const CFStringRef kSecKeyEncryptionParameterSymmetricKeySizeInBits = CFSTR("symKeySize");
691 const CFStringRef kSecKeyEncryptionParameterSymmetricAAD = CFSTR("aad");
692 const CFStringRef kSecKeyEncryptionParameterRecryptParameters = CFSTR("recryptParams");
693 const CFStringRef kSecKeyEncryptionParameterRecryptCertificate = CFSTR("recryptCert");
694
695 static CFTypeRef SecKeyECDHCopyX963Result(SecKeyOperationContext *context, const struct ccdigest_info *di,
696 CFTypeRef in1, CFTypeRef params, CFErrorRef *error) {
697 CFTypeRef result = NULL, sharedSecret;
698 require_quiet(sharedSecret = SecKeyRunAlgorithmAndCopyResult(context, in1, NULL, error), out);
699
700 if (context->mode == kSecKeyOperationModePerform) {
701 // Parse params.
702 CFTypeRef value = NULL;
703 CFIndex requestedSize = 0;
704 require_action_quiet((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterRequestedSize)) != NULL
705 && CFGetTypeID(value) == CFNumberGetTypeID() &&
706 CFNumberGetValue(value, kCFNumberCFIndexType, &requestedSize), out,
707 SecError(errSecParam, error, CFSTR("kSecKeyKeyExchangeParameterRequestedSize is missing")));
708 size_t sharedInfoLength = 0;
709 const void *sharedInfo = NULL;
710 if ((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterSharedInfo)) != NULL) {
711 require_action_quiet(CFGetTypeID(value) == CFDataGetTypeID(), out, SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong sharedInfo type (must be CFData/NSData)")));
712 sharedInfo = CFDataGetBytePtr(value);
713 sharedInfoLength = CFDataGetLength(value);
714 }
715
716 CFMutableDataRef kdfResult = CFDataCreateMutableWithScratch(kCFAllocatorDefault, requestedSize);
717 int err = ccansikdf_x963(di, CFDataGetLength(sharedSecret), CFDataGetBytePtr(sharedSecret), sharedInfoLength, sharedInfo,
718 requestedSize, CFDataGetMutableBytePtr(kdfResult));
719 require_noerr_action_quiet(err, out, (CFReleaseNull(kdfResult),
720 SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong input (%d)"), err)));
721 CFAssignRetained(result, kdfResult);
722 } else {
723 // In test-only mode, propagate result (YES/NO) of underlying operation.
724 CFRetainAssign(result, sharedSecret);
725 }
726 out:
727 CFReleaseNull(sharedSecret);
728 return result;
729 }
730
731 #define ECDH_X963_ADAPTOR(hashname, di, cofactor) \
732 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDH ## cofactor ## X963 ## hashname( \
733 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
734 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDHKeyExchange ## cofactor); \
735 return SecKeyECDHCopyX963Result(context, di, in1, in2, error); \
736 }
737
738 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Standard)
739 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Standard)
740 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Standard)
741 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Standard)
742 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Standard)
743 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Cofactor)
744 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Cofactor)
745 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Cofactor)
746 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Cofactor)
747 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Cofactor)
748
749 #undef ECDH_X963_ADAPTOR
750
751 // Extract number value of either CFNumber or CFString.
752 static CFIndex SecKeyGetCFIndexFromRef(CFTypeRef ref) {
753 CFIndex result = 0;
754 if (CFGetTypeID(ref) == CFNumberGetTypeID()) {
755 if (!CFNumberGetValue(ref, kCFNumberCFIndexType, &result)) {
756 result = 0;
757 }
758 } else if (CFGetTypeID(ref) == CFStringGetTypeID()) {
759 result = CFStringGetIntValue(ref);
760 }
761 return result;
762 }
763
764 typedef CFDataRef (*SecKeyECIESKeyExchangeCopyResult)(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm, bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV, CFDictionaryRef inParams, CFErrorRef *error);
765 typedef Boolean (*SecKeyECIESEncryptCopyResult)(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams, CFMutableDataRef result, CFErrorRef *error);
766 typedef CFDataRef SecKeyECIESDecryptCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams, CFErrorRef *error);
767
768 static CFTypeRef SecKeyECIESCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
769 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
770 SecKeyECIESEncryptCopyResult encryptCopyResult, bool variableIV,
771 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
772 CFDictionaryRef parameters = NULL;
773 SecKeyRef ephemeralPrivateKey = NULL, ephemeralPublicKey = NULL;
774 CFDataRef pubKeyData = NULL, ephemeralPubKeyData = NULL, keyExchangeResult = NULL;
775 CFTypeRef result = NULL;
776 SecKeyRef originalKey = context->key;
777 CFMutableDataRef ciphertext = NULL;
778
779 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
780 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
781 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
782 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
783
784 // Generate ephemeral key.
785 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
786 CFAssignRetained(parameters, CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
787 #if TARGET_OS_OSX
788 kSecUseDataProtectionKeychain, kCFBooleanTrue,
789 #endif
790 kSecAttrKeyType, CFDictionaryGetValue(parameters, kSecAttrKeyType),
791 kSecAttrKeySizeInBits, CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits),
792 NULL));
793 require_quiet(ephemeralPrivateKey = SecKeyCreateRandomKey(parameters, error), out);
794 require_action_quiet(ephemeralPublicKey = SecKeyCopyPublicKey(ephemeralPrivateKey), out,
795 SecError(errSecParam, error, CFSTR("Unable to get public key from generated ECkey")));
796 require_quiet(ephemeralPubKeyData = SecKeyCopyExternalRepresentation(ephemeralPublicKey, error), out);
797
798 context->key = ephemeralPrivateKey;
799 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, true,
800 ephemeralPubKeyData, pubKeyData, variableIV, in2, error), out);
801 if (context->mode == kSecKeyOperationModePerform) {
802 // Encrypt input data using AES-GCM.
803 ciphertext = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, ephemeralPubKeyData);
804 require_quiet(encryptCopyResult(keyExchangeResult, in1, in2, ciphertext, error), out);
805 result = CFRetain(ciphertext);
806 } else {
807 result = CFRetain(keyExchangeResult);
808 }
809
810 out:
811 CFReleaseSafe(parameters);
812 CFReleaseSafe(ephemeralPrivateKey);
813 CFReleaseSafe(ephemeralPublicKey);
814 CFReleaseSafe(pubKeyData);
815 CFReleaseSafe(ephemeralPubKeyData);
816 CFReleaseSafe(keyExchangeResult);
817 CFReleaseSafe(ciphertext);
818 context->key = originalKey;
819 return result;
820 }
821
822 static CFTypeRef SecKeyECIESCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
823 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
824 SecKeyECIESDecryptCopyResult decryptCopyResult, bool variableIV,
825 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
826 CFTypeRef result = NULL;
827 CFDictionaryRef parameters = NULL;
828 CFDataRef ephemeralPubKeyData = NULL, keyExchangeResult = NULL, pubKeyData = NULL;
829 SecKeyRef pubKey = NULL;
830 CFDataRef ciphertext = NULL;
831 const UInt8 *ciphertextBuffer = NULL;
832 CFIndex keySize = 0;
833
834 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
835 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
836 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
837 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
838
839 if (context->mode == kSecKeyOperationModePerform) {
840 // Extract ephemeral public key from the packet.
841 keySize = (SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits)) + 7) / 8;
842 require_action_quiet(CFDataGetLength(in1) >= keySize * 2 + 1, out,
843 SecError(errSecParam, error, CFSTR("%@: too small input packet for ECIES decrypt"), context->key));
844 ciphertextBuffer = CFDataGetBytePtr(in1);
845 ephemeralPubKeyData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, keySize * 2 + 1, kCFAllocatorNull);
846 ciphertextBuffer += keySize * 2 + 1;
847
848 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
849 SecError(errSecParam, error, CFSTR("%@: Unable to get public key"), context->key));
850 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
851 }
852
853 // Perform keyExchange operation.
854 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, false,
855 ephemeralPubKeyData, pubKeyData, variableIV, in2, error), out);
856 if (context->mode == kSecKeyOperationModePerform) {
857 // Decrypt ciphertext using AES-GCM.
858 ciphertext = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, CFDataGetLength(in1) - (keySize * 2 + 1),
859 kCFAllocatorNull);
860 require_quiet(result = decryptCopyResult(keyExchangeResult, ciphertext, in2, error), out);
861 } else {
862 result = CFRetain(keyExchangeResult);
863 }
864
865 out:
866 CFReleaseSafe(parameters);
867 CFReleaseSafe(ephemeralPubKeyData);
868 CFReleaseSafe(keyExchangeResult);
869 CFReleaseSafe(pubKeyData);
870 CFReleaseSafe(pubKey);
871 CFReleaseSafe(ciphertext);
872 return result;
873 }
874
875 static const CFIndex kSecKeyIESTagLength = 16;
876 static const UInt8 kSecKeyIESIV[16] = { 0 };
877
878 static CFDataRef SecKeyECIESKeyExchangeKDFX963CopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
879 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
880 CFDictionaryRef inParams, CFErrorRef *error) {
881 NSDictionary *parametersForKeyExchange, *inputParameters = (__bridge NSDictionary *)inParams;
882 NSData *result;
883 NSMutableData *sharedInfoForKeyExchange;
884
885 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
886 context->operation = kSecKeyOperationTypeKeyExchange;
887
888 if (context->mode == kSecKeyOperationModePerform) {
889 NSInteger keySize = 0;
890 NSNumber *keySizeObject = inputParameters[(__bridge id)kSecKeyEncryptionParameterSymmetricKeySizeInBits];
891 if (keySizeObject != nil) {
892 if (![keySizeObject isKindOfClass:NSNumber.class]) {
893 SecError(errSecParam, error, CFSTR("Bad requested kSecKeyEncryptionParameterSymmetricKeySizeInBits: %@"), keySizeObject);
894 return NULL;
895 }
896 keySize = keySizeObject.integerValue / 8;
897 } else {
898 // Use 128bit AES for EC keys <= 256bit, 256bit AES for larger keys.
899 keySize = ((CFDataGetLength(pubKey) - 1) / 2) * 8;
900 keySize = (keySize > 256) ? (256 / 8) : (128 / 8);
901 }
902
903 if (variableIV) {
904 keySize += sizeof(kSecKeyIESIV);
905 }
906
907 // Generate shared secret using KDF.
908 sharedInfoForKeyExchange = ((__bridge NSData *)ephemeralPubKey).mutableCopy;
909 NSData *sharedInfo = inputParameters[(__bridge id)kSecKeyKeyExchangeParameterSharedInfo];
910 if (sharedInfo != nil) {
911 [sharedInfoForKeyExchange appendData:sharedInfo];
912 }
913 parametersForKeyExchange = @{ (__bridge id)kSecKeyKeyExchangeParameterSharedInfo: sharedInfoForKeyExchange,
914 (__bridge id)kSecKeyKeyExchangeParameterRequestedSize: @(keySize) };
915 }
916
917 result = CFBridgingRelease(SecKeyRunAlgorithmAndCopyResult(context, encrypt ? pubKey : ephemeralPubKey, (__bridge CFDictionaryRef)parametersForKeyExchange, error));
918 if (context->mode == kSecKeyOperationModePerform && !variableIV && result != NULL) {
919 // Append all-zero IV to the result.
920 NSMutableData *data = result.mutableCopy;
921 [data appendBytes:kSecKeyIESIV length:sizeof(kSecKeyIESIV)];
922 result = [NSData dataWithData:data];
923 }
924 return CFBridgingRetain(result);
925 }
926
927 static Boolean SecKeyECIESEncryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
928 CFMutableDataRef result, CFErrorRef *error) {
929 Boolean res = FALSE;
930 CFIndex prefix = CFDataGetLength(result);
931 CFDataSetLength(result, prefix + CFDataGetLength(inData) + kSecKeyIESTagLength);
932 UInt8 *resultBuffer = CFDataGetMutableBytePtr(result) + prefix;
933 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(inData);
934 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
935 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
936 CFDataRef aad = inParams ? CFDictionaryGetValue(inParams, kSecKeyEncryptionParameterSymmetricAAD) : NULL;
937 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
938 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
939 sizeof(kSecKeyIESIV), ivBuffer,
940 aad ? CFDataGetLength(aad) : 0, aad ? CFDataGetBytePtr(aad) : NULL,
941 CFDataGetLength(inData), CFDataGetBytePtr(inData),
942 resultBuffer, kSecKeyIESTagLength, tagBuffer) == 0, out,
943 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm encrypt data")));
944 res = TRUE;
945 out:
946 return res;
947 }
948
949 static CFDataRef SecKeyECIESDecryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
950 CFErrorRef *error) {
951 CFDataRef result = NULL;
952 CFMutableDataRef plaintext = NULL;
953 CFMutableDataRef tag = NULL;
954 require_action_quiet(CFDataGetLength(inData) >= kSecKeyIESTagLength, out, SecError(errSecParam, error, CFSTR("ECIES: Input data too short")));
955 plaintext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData) - kSecKeyIESTagLength);
956 tag = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), kSecKeyIESTagLength);
957 CFDataGetBytes(inData, CFRangeMake(CFDataGetLength(inData) - kSecKeyIESTagLength, kSecKeyIESTagLength),
958 CFDataGetMutableBytePtr(tag));
959 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
960 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
961 CFDataRef aad = inParams ? CFDictionaryGetValue(inParams, kSecKeyEncryptionParameterSymmetricAAD) : NULL;
962 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
963 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
964 sizeof(kSecKeyIESIV), ivBuffer,
965 aad ? CFDataGetLength(aad) : 0, aad ? CFDataGetBytePtr(aad) : NULL,
966 CFDataGetLength(plaintext), CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(plaintext),
967 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
968 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm decrypt data")));
969 result = CFRetain(plaintext);
970 out:
971 CFReleaseSafe(plaintext);
972 CFReleaseSafe(tag);
973 return result;
974 }
975
976 #define ECIES_X963_ADAPTOR(hashname, cofactor, namepart, variableIV) \
977 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIES ## cofactor ## namepart ## hashname( \
978 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
979 return SecKeyECIESCopyEncryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
980 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESEncryptAESGCMCopyResult, variableIV, in1, in2, error); \
981 } \
982 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES ## cofactor ## namepart ## hashname( \
983 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
984 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
985 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESDecryptAESGCMCopyResult, variableIV, in1, in2, error); \
986 }
987
988 ECIES_X963_ADAPTOR(SHA1, Standard, X963, false)
989 ECIES_X963_ADAPTOR(SHA224, Standard, X963, false)
990 ECIES_X963_ADAPTOR(SHA256, Standard, X963, false)
991 ECIES_X963_ADAPTOR(SHA384, Standard, X963, false)
992 ECIES_X963_ADAPTOR(SHA512, Standard, X963, false)
993 ECIES_X963_ADAPTOR(SHA1, Cofactor, X963, false)
994 ECIES_X963_ADAPTOR(SHA224, Cofactor, X963, false)
995 ECIES_X963_ADAPTOR(SHA256, Cofactor, X963, false)
996 ECIES_X963_ADAPTOR(SHA384, Cofactor, X963, false)
997 ECIES_X963_ADAPTOR(SHA512, Cofactor, X963, false)
998
999 ECIES_X963_ADAPTOR(SHA224, Standard, VariableIVX963, true)
1000 ECIES_X963_ADAPTOR(SHA256, Standard, VariableIVX963, true)
1001 ECIES_X963_ADAPTOR(SHA384, Standard, VariableIVX963, true)
1002 ECIES_X963_ADAPTOR(SHA512, Standard, VariableIVX963, true)
1003 ECIES_X963_ADAPTOR(SHA224, Cofactor, VariableIVX963, true)
1004 ECIES_X963_ADAPTOR(SHA256, Cofactor, VariableIVX963, true)
1005 ECIES_X963_ADAPTOR(SHA384, Cofactor, VariableIVX963, true)
1006 ECIES_X963_ADAPTOR(SHA512, Cofactor, VariableIVX963, true)
1007
1008 #undef ECIES_X963_ADAPTOR
1009
1010 static CFDataRef SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
1011 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
1012 CFDictionaryRef inParams, CFErrorRef *error) {
1013 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
1014 context->operation = kSecKeyOperationTypeKeyExchange;
1015 CFMutableDataRef result = (CFMutableDataRef)SecKeyRunAlgorithmAndCopyResult(context, ephemeralPubKey, NULL, error);
1016 if (result != NULL && context->mode == kSecKeyOperationModePerform) {
1017 const struct ccdigest_info *di = ccsha256_di();
1018 ccdigest_di_decl(di, ctx);
1019 ccdigest_init(di, ctx);
1020 ccdigest_update(di, ctx, CFDataGetLength(result), CFDataGetBytePtr(result));
1021 ccdigest_update(di, ctx, CFDataGetLength(ephemeralPubKey), CFDataGetBytePtr(ephemeralPubKey));
1022 ccdigest_update(di, ctx, CFDataGetLength(pubKey), CFDataGetBytePtr(pubKey));
1023 CFAssignRetained(result, CFDataCreateMutableWithScratch(kCFAllocatorDefault, di->output_size));
1024 ccdigest_final(di, ctx, CFDataGetMutableBytePtr(result));
1025 }
1026 return result;
1027 }
1028
1029 static CFDataRef SecKeyECIESDecryptAESCBCCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
1030 CFErrorRef *error) {
1031 CFMutableDataRef result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData));
1032 cccbc_one_shot(ccaes_cbc_decrypt_mode(),
1033 CFDataGetLength(keyExchangeResult), CFDataGetBytePtr(keyExchangeResult),
1034 NULL, CFDataGetLength(keyExchangeResult) / CCAES_BLOCK_SIZE,
1035 CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(result));
1036 return result;
1037 }
1038
1039 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys(
1040 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
1041 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchangeStandard,
1042 SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult,
1043 SecKeyECIESDecryptAESCBCCopyResult, false,
1044 in1, in2, error);
1045 }
1046
1047 static CFTypeRef SecKeyRSAAESGCMCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
1048 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
1049 CFTypeRef result = NULL;
1050 CFDictionaryRef parameters = NULL;
1051 CFDataRef pubKeyData = NULL, wrappedKey = NULL, sessionKey = NULL;
1052 CFMutableDataRef ciphertext = NULL;
1053
1054 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
1055 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
1056 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
1057 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
1058
1059 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
1060 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
1061 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
1062
1063 // Generate session key. Use 128bit AES for RSA keys < 4096bit, 256bit AES for larger keys.
1064 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
1065 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
1066 require_action_quiet(sessionKey = CFDataCreateWithRandomBytes((keySize >= 4096) ? (256 / 8) : (128 / 8)), out,
1067 SecError(errSecParam, error, CFSTR("Failed to generate session key")));
1068
1069 // Encrypt session key using wrapping algorithm and store at the beginning of the result packet.
1070 require_action_quiet(wrappedKey = SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error), out,
1071 CFReleaseNull(result));
1072 ciphertext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(wrappedKey) + CFDataGetLength(in1) + kSecKeyIESTagLength);
1073 UInt8 *resultBuffer = CFDataGetMutableBytePtr(ciphertext);
1074 CFDataGetBytes(wrappedKey, CFRangeMake(0, CFDataGetLength(wrappedKey)), resultBuffer);
1075 resultBuffer += CFDataGetLength(wrappedKey);
1076
1077 // Encrypt input data using AES-GCM.
1078 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(in1);
1079 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
1080 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1081 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1082 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1083 CFDataGetLength(in1), CFDataGetBytePtr(in1), resultBuffer,
1084 kSecKeyIESTagLength, tagBuffer) == 0, out,
1085 SecError(errSecParam, error, CFSTR("RSAWRAP: Failed to aes-gcm encrypt data")));
1086 result = CFRetain(ciphertext);
1087
1088 out:
1089 CFReleaseSafe(parameters);
1090 CFReleaseSafe(pubKeyData);
1091 CFReleaseSafe(wrappedKey);
1092 CFReleaseSafe(sessionKey);
1093 CFReleaseSafe(ciphertext);
1094 return result;
1095 }
1096
1097 static CFTypeRef SecKeyRSAAESGCMCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
1098 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
1099 CFTypeRef result = NULL;
1100 CFDictionaryRef parameters = NULL;
1101 CFMutableDataRef plaintext = NULL, tag = NULL;
1102 CFDataRef pubKeyData = NULL, sessionKey = NULL;
1103 SecKeyRef pubKey = NULL;
1104
1105 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
1106 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
1107 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
1108 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
1109
1110 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
1111 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
1112 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
1113
1114 // Extract encrypted session key.
1115 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
1116 SecError(errSecParam, error, CFSTR("%@: unable to get public key"), context->key));
1117 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
1118
1119 CFIndex wrappedKeySize = SecKeyGetBlockSize(context->key);
1120 require_action_quiet(CFDataGetLength(in1) >= wrappedKeySize + kSecKeyIESTagLength, out,
1121 SecError(errSecParam, error, CFSTR("RSA-WRAP too short input data")));
1122 sessionKey = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, CFDataGetBytePtr(in1), wrappedKeySize, kCFAllocatorNull);
1123
1124 // Decrypt session key.
1125 CFAssignRetained(sessionKey, SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error));
1126 require_quiet(sessionKey, out);
1127 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
1128 keySize = (keySize >= 4096) ? (256 / 8) : (128 / 8);
1129 require_action_quiet(CFDataGetLength(sessionKey) == keySize, out,
1130 SecError(errSecParam, error, CFSTR("RSA-WRAP bad ciphertext, unexpected session key size")));
1131
1132 // Decrypt ciphertext using AES-GCM.
1133 plaintext = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), CFDataGetLength(in1) - wrappedKeySize - kSecKeyIESTagLength);
1134 tag = CFDataCreateMutableWithScratch(kCFAllocatorDefault, kSecKeyIESTagLength);
1135 CFDataGetBytes(in1, CFRangeMake(CFDataGetLength(in1) - kSecKeyIESTagLength, kSecKeyIESTagLength),
1136 CFDataGetMutableBytePtr(tag));
1137 const UInt8 *ciphertextBuffer = CFDataGetBytePtr(in1);
1138 ciphertextBuffer += wrappedKeySize;
1139 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
1140 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1141 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1142 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1143 CFDataGetLength(plaintext), ciphertextBuffer, CFDataGetMutableBytePtr(plaintext),
1144 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
1145 SecError(errSecParam, error, CFSTR("RSA-WRAP: Failed to aes-gcm decrypt data")));
1146 result = CFRetain(plaintext);
1147
1148 out:
1149 CFReleaseSafe(parameters);
1150 CFReleaseSafe(sessionKey);
1151 CFReleaseSafe(tag);
1152 CFReleaseSafe(pubKeyData);
1153 CFReleaseSafe(pubKey);
1154 CFReleaseSafe(plaintext);
1155 return result;
1156 }
1157
1158 #define RSA_OAEP_AESGCM_ADAPTOR(hashname) \
1159 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1160 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1161 return SecKeyRSAAESGCMCopyEncryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1162 } \
1163 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1164 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1165 return SecKeyRSAAESGCMCopyDecryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1166 }
1167
1168 RSA_OAEP_AESGCM_ADAPTOR(SHA1)
1169 RSA_OAEP_AESGCM_ADAPTOR(SHA224)
1170 RSA_OAEP_AESGCM_ADAPTOR(SHA256)
1171 RSA_OAEP_AESGCM_ADAPTOR(SHA384)
1172 RSA_OAEP_AESGCM_ADAPTOR(SHA512)
1173
1174 #undef RSA_OAEP_AESGCM_ADAPTOR
1175
1176 SecKeyAlgorithmAdaptor SecKeyGetAlgorithmAdaptor(SecKeyOperationType operation, SecKeyAlgorithm algorithm) {
1177 static CFDictionaryRef adaptors[kSecKeyOperationTypeCount];
1178 static dispatch_once_t onceToken;
1179 dispatch_once(&onceToken, ^{
1180 const void *signKeys[] = {
1181 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1182 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1183 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1184 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1185 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1186 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1187 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1188
1189 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1190 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1191 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1192 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1193 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1194
1195 kSecKeyAlgorithmRSASignatureRaw,
1196 kSecKeyAlgorithmRSASignatureRawCCUnit,
1197
1198 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1199 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1200 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1201 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1202 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1203 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1204
1205 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1206 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1207 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1208 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1209 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1210
1211 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1212 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1213 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1214 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1215 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1216
1217 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1218 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1219 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1220 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1221 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1222
1223 kSecKeyAlgorithmECDSASignatureRFC4754,
1224 kSecKeyAlgorithmECDSASignatureDigestX962,
1225 };
1226 const void *signValues[] = {
1227 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA1,
1228 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA224,
1229 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA256,
1230 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA384,
1231 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA512,
1232 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15Raw,
1233 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15MD5,
1234
1235 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA1,
1236 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA224,
1237 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA256,
1238 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA384,
1239 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA512,
1240
1241 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw,
1242 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit,
1243
1244 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1245 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1246 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1247 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1248 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1249 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1250
1251 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1252 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1253 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1254 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1255 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1256
1257 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1258 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1259 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1260 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1261 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1262
1263 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1264 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1265 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1266 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1267 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1268
1269 SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureRFC4754,
1270 SecKeyAlgorithmAdaptorCopyResult_Sign_ECDSASignatureDigestX962,
1271 };
1272 check_compile_time(array_size(signKeys) == array_size(signValues));
1273 adaptors[kSecKeyOperationTypeSign] = CFDictionaryCreate(kCFAllocatorDefault, signKeys, signValues,
1274 array_size(signKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1275
1276 const void *verifyKeys[] = {
1277 kSecKeyAlgorithmRSASignatureRaw,
1278
1279 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1280 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1281 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1282 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1283 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1284 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1285 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1286
1287 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1288 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1289 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1290 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1291 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1292
1293 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1294 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1295 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1296 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1297 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1298 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1299
1300 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1301 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1302 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1303 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1304 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1305
1306 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1307 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1308 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1309 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1310 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1311
1312 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1313 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1314 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1315 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1316 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1317
1318 kSecKeyAlgorithmECDSASignatureRFC4754,
1319 kSecKeyAlgorithmECDSASignatureDigestX962,
1320 };
1321 const void *verifyValues[] = {
1322 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw,
1323
1324 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA1,
1325 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA224,
1326 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA256,
1327 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA384,
1328 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA512,
1329 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15Raw,
1330 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15MD5,
1331
1332 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA1,
1333 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA224,
1334 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA256,
1335 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA384,
1336 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA512,
1337
1338 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1339 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1340 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1341 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1342 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1343 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1344
1345 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1346 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1347 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1348 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1349 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1350
1351 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1352 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1353 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1354 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1355 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1356
1357 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1358 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1359 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1360 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1361 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1362
1363 SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureRFC4754,
1364 SecKeyAlgorithmAdaptorCopyResult_Verify_ECDSASignatureDigestX962,
1365 };
1366 check_compile_time(array_size(verifyKeys) == array_size(verifyValues));
1367 adaptors[kSecKeyOperationTypeVerify] = CFDictionaryCreate(kCFAllocatorDefault, verifyKeys, verifyValues,
1368 array_size(verifyKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1369
1370 const void *encryptKeys[] = {
1371 kSecKeyAlgorithmRSAEncryptionRaw,
1372 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1373
1374 kSecKeyAlgorithmRSAEncryptionPKCS1,
1375 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1376 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1377 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1378 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1379 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1380
1381 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1382 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1383 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1384 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1385 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1386
1387 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1388 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1389 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1390 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1391 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1392
1393 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1394 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1395 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1396 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1397 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1398
1399 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1400 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1401 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1402 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1403
1404 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1405 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1406 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1407 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1408 };
1409 const void *encryptValues[] = {
1410 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1411 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1412
1413 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1,
1414 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1,
1415 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224,
1416 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256,
1417 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384,
1418 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512,
1419
1420 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1AESGCM,
1421 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224AESGCM,
1422 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256AESGCM,
1423 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384AESGCM,
1424 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512AESGCM,
1425
1426 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA1,
1427 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA224,
1428 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA256,
1429 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA384,
1430 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA512,
1431
1432 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA1,
1433 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA224,
1434 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA256,
1435 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA384,
1436 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA512,
1437
1438 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA224,
1439 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA256,
1440 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA384,
1441 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA512,
1442
1443 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA224,
1444 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA256,
1445 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA384,
1446 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA512,
1447 };
1448 check_compile_time(array_size(encryptKeys) == array_size(encryptValues));
1449 adaptors[kSecKeyOperationTypeEncrypt] = CFDictionaryCreate(kCFAllocatorDefault, encryptKeys, encryptValues,
1450 array_size(encryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1451
1452 const void *decryptKeys[] = {
1453 kSecKeyAlgorithmRSAEncryptionRaw,
1454 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1455
1456 kSecKeyAlgorithmRSAEncryptionPKCS1,
1457 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1458 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1459 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1460 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1461 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1462
1463 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1464 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1465 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1466 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1467 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1468
1469 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1470 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1471 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1472 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1473 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1474
1475 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1476 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1477 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1478 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1479 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1480
1481 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1482 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1483 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1484 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1485
1486 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1487 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1488 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1489 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1490
1491 kSecKeyAlgorithmECIESEncryptionAKSSmartCard,
1492 };
1493 const void *decryptValues[] = {
1494 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1495 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1496
1497 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1,
1498 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1,
1499 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224,
1500 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256,
1501 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384,
1502 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512,
1503
1504 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1AESGCM,
1505 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224AESGCM,
1506 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256AESGCM,
1507 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384AESGCM,
1508 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512AESGCM,
1509
1510 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA1,
1511 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA224,
1512 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA256,
1513 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA384,
1514 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA512,
1515
1516 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA1,
1517 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA224,
1518 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA256,
1519 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA384,
1520 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA512,
1521
1522 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA224,
1523 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA256,
1524 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA384,
1525 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA512,
1526
1527 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA224,
1528 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA256,
1529 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA384,
1530 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA512,
1531
1532 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys,
1533 };
1534 check_compile_time(array_size(decryptKeys) == array_size(decryptValues));
1535 adaptors[kSecKeyOperationTypeDecrypt] = CFDictionaryCreate(kCFAllocatorDefault, decryptKeys, decryptValues,
1536 array_size(decryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1537
1538 const void *keyExchangeKeys[] = {
1539 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1,
1540 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224,
1541 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256,
1542 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384,
1543 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512,
1544
1545 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1,
1546 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224,
1547 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256,
1548 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384,
1549 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512,
1550 };
1551 const void *keyExchangeValues[] = {
1552
1553 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA1,
1554 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA224,
1555 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA256,
1556 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA384,
1557 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA512,
1558
1559 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA1,
1560 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA224,
1561 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA256,
1562 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA384,
1563 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA512,
1564 };
1565 check_compile_time(array_size(keyExchangeKeys) == array_size(keyExchangeKeys));
1566 adaptors[kSecKeyOperationTypeKeyExchange] = CFDictionaryCreate(kCFAllocatorDefault, keyExchangeKeys, keyExchangeValues,
1567 array_size(keyExchangeKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1568 });
1569
1570 return CFDictionaryGetValue(adaptors[operation], algorithm);
1571 }
mirror of Security