]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecKeyAdaptors.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.251.4.tar.gz
[apple/security.git] / OSX / sec / Security / SecKeyAdaptors.m
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * SecKeyAdaptors.m - Implementation of assorted algorithm adaptors for SecKey.
26 * Algorithm adaptor is able to perform some transformation on provided input and calculated results and invoke
27 * underlying operation with different algorithm. Typical adaptors are message->digest or unpadded->padded.
28 * To invoke underlying operation, add algorithm to the context algorithm array and invoke SecKeyRunAlgorithmAndCopyResult().
29 */
30
31 #import <Foundation/Foundation.h>
32
33 #include <Security/SecBase.h>
34 #include <Security/SecKeyInternal.h>
35 #include <Security/SecItem.h>
36 #include <Security/SecCFAllocator.h>
37
38 #include <AssertMacros.h>
39 #include <utilities/SecCFWrappers.h>
40 #include <utilities/array_size.h>
41 #include <utilities/debugging.h>
42 #include <utilities/SecCFError.h>
43 #include <utilities/SecBuffer.h>
44
45 #include <corecrypto/ccsha1.h>
46 #include <corecrypto/ccsha2.h>
47 #include <corecrypto/ccmd5.h>
48 #include <corecrypto/ccrsa_priv.h>
49 #include <corecrypto/ccansikdf.h>
50 #include <corecrypto/ccmode.h>
51 #include <corecrypto/ccaes.h>
52
53 #pragma mark Algorithm constants value definitions
54
55 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw = CFSTR("algid:sign:RSA:raw");
56 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRawCCUnit = CFSTR("algid:sign:RSA:raw-cc");
57
58 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw = CFSTR("algid:sign:RSA:digest-PKCS1v15");
59 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5");
60 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA1");
61 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA224");
62 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA256");
63 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA384");
64 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA512");
65 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA1 = CFSTR("algid:sign:RSA:digest-PSS:SHA1:SHA1:20");
66 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA224 = CFSTR("algid:sign:RSA:digest-PSS:SHA224:SHA224:24");
67 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256 = CFSTR("algid:sign:RSA:digest-PSS:SHA256:SHA256:32");
68 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384 = CFSTR("algid:sign:RSA:digest-PSS:SHA384:SHA384:48");
69 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512 = CFSTR("algid:sign:RSA:digest-PSS:SHA512:SHA512:64");
70
71 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 = CFSTR("algid:sign:RSA:message-PKCS1v15:MD5");
72 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA1");
73 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA224");
74 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA256");
75 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA384");
76 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA512");
77 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA1 = CFSTR("algid:sign:RSA:message-PSS:SHA1:SHA1:20");
78 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA224 = CFSTR("algid:sign:RSA:message-PSS:SHA224:SHA224:24");
79 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA256 = CFSTR("algid:sign:RSA:message-PSS:SHA256:SHA256:32");
80 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA384 = CFSTR("algid:sign:RSA:message-PSS:SHA384:SHA384:48");
81 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512 = CFSTR("algid:sign:RSA:message-PSS:SHA512:SHA512:64");
82
83 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754 = CFSTR("algid:sign:ECDSA:RFC4754");
84
85 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962 = CFSTR("algid:sign:ECDSA:digest-X962");
86 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1 = CFSTR("algid:sign:ECDSA:digest-X962:SHA1");
87 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224 = CFSTR("algid:sign:ECDSA:digest-X962:SHA224");
88 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256 = CFSTR("algid:sign:ECDSA:digest-X962:SHA256");
89 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384 = CFSTR("algid:sign:ECDSA:digest-X962:SHA384");
90 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512 = CFSTR("algid:sign:ECDSA:digest-X962:SHA512");
91
92 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1 = CFSTR("algid:sign:ECDSA:message-X962:SHA1");
93 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224 = CFSTR("algid:sign:ECDSA:message-X962:SHA224");
94 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256 = CFSTR("algid:sign:ECDSA:message-X962:SHA256");
95 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384 = CFSTR("algid:sign:ECDSA:message-X962:SHA384");
96 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512 = CFSTR("algid:sign:ECDSA:message-X962:SHA512");
97
98 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw = CFSTR("algid:encrypt:RSA:raw");
99 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRawCCUnit = CFSTR("algid:encrypt:RSA:raw-cc");
100 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1 = CFSTR("algid:encrypt:RSA:PKCS1");
101 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1 = CFSTR("algid:encrypt:RSA:OAEP:SHA1");
102 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224 = CFSTR("algid:encrypt:RSA:OAEP:SHA224");
103 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256 = CFSTR("algid:encrypt:RSA:OAEP:SHA256");
104 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384 = CFSTR("algid:encrypt:RSA:OAEP:SHA384");
105 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512 = CFSTR("algid:encrypt:RSA:OAEP:SHA512");
106
107 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA1:AESGCM");
108 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA224:AESGCM");
109 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA256:AESGCM");
110 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA384:AESGCM");
111 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA512:AESGCM");
112
113 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA1:AESGCM");
114 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM");
115 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM");
116 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM");
117 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM");
118
119 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA1:AESGCM");
120 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM");
121 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM");
122 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM");
123 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM");
124
125 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM-KDFIV");
126 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM-KDFIV");
127 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM-KDFIV");
128 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM-KDFIV");
129
130 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM-KDFIV");
131 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM-KDFIV");
132 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM-KDFIV");
133 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM-KDFIV");
134
135 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard = CFSTR("algid:keyexchange:ECDH");
136 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA1");
137 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA224");
138 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA256");
139 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA384");
140 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA512");
141
142 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor = CFSTR("algid:keyexchange:ECDHC");
143 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA1");
144 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA224");
145 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA256");
146 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA384");
147 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA512");
148
149 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard = CFSTR("algid:encrypt:ECIES:ECDH:SHA256:2PubKeys");
150
151 void SecKeyOperationContextDestroy(SecKeyOperationContext *context) {
152 CFReleaseNull(context->algorithm);
153 }
154
155 static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buffer, CFDataRef data)) {
156 PerformWithBuffer(size, ^(size_t size, uint8_t *buffer) {
157 CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)buffer, size, kCFAllocatorNull);
158 operation(buffer, data);
159 CFRelease(data);
160 });
161 }
162
163 static CFDataRef SecKeyCopyDigestForMessage(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2,
164 const struct ccdigest_info *di, CFErrorRef *error) {
165 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
166 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
167 }
168
169 __block CFTypeRef result;
170 PerformWithCFDataBuffer(di->output_size, ^(uint8_t *buffer, CFDataRef data) {
171 ccdigest(di, CFDataGetLength(message), CFDataGetBytePtr(message), buffer);
172 result = SecKeyRunAlgorithmAndCopyResult(context, data, in2, error);
173 });
174 return result;
175 }
176
177 static CFTypeRef SecKeyCopyECDSASignatureForDigest(SecKeyOperationContext *context, CFDataRef digest, CFDataRef in2,
178 SecKeyAlgorithm algorithm, const struct ccdigest_info *di, CFErrorRef *error) {
179 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigestX962);
180 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
181 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
182 }
183
184 if (CFDataGetLength(digest) != (CFIndex)di->output_size) {
185 SecError(errSecParam, error, CFSTR("bad digest size for signing with algorithm %@"), algorithm);
186 return NULL;
187 }
188
189 return SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
190 }
191
192 #define DIGEST_RSA_ADAPTORS(name, di) \
193 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessage ## name( \
194 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
195 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigest ## name); \
196 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
197 }
198
199 #define DIGEST_ECDSA_ADAPTORS(name, di) \
200 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessage ## name( \
201 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
202 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigest ## name); \
203 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
204 } \
205 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigest ## name( \
206 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
207 return SecKeyCopyECDSASignatureForDigest(context, in1, in2, kSecKeyAlgorithmECDSASignatureDigest ## name, di, error); \
208 }
209
210 DIGEST_RSA_ADAPTORS(PKCS1v15SHA1, ccsha1_di())
211 DIGEST_RSA_ADAPTORS(PKCS1v15SHA224, ccsha224_di())
212 DIGEST_RSA_ADAPTORS(PKCS1v15SHA256, ccsha256_di())
213 DIGEST_RSA_ADAPTORS(PKCS1v15SHA384, ccsha384_di())
214 DIGEST_RSA_ADAPTORS(PKCS1v15SHA512, ccsha512_di())
215 DIGEST_RSA_ADAPTORS(PKCS1v15MD5, ccmd5_di())
216 DIGEST_RSA_ADAPTORS(PSSSHA1, ccsha1_di())
217 DIGEST_RSA_ADAPTORS(PSSSHA224, ccsha224_di())
218 DIGEST_RSA_ADAPTORS(PSSSHA256, ccsha256_di())
219 DIGEST_RSA_ADAPTORS(PSSSHA384, ccsha384_di())
220 DIGEST_RSA_ADAPTORS(PSSSHA512, ccsha512_di())
221 DIGEST_ECDSA_ADAPTORS(X962SHA1, ccsha1_di())
222 DIGEST_ECDSA_ADAPTORS(X962SHA224, ccsha224_di())
223 DIGEST_ECDSA_ADAPTORS(X962SHA256, ccsha256_di())
224 DIGEST_ECDSA_ADAPTORS(X962SHA384, ccsha384_di())
225 DIGEST_ECDSA_ADAPTORS(X962SHA512, ccsha512_di())
226
227 #undef DIGEST_RSA_ADAPTORS
228 #undef DIGEST_ECDSA_ADAPTORS
229
230 static CFDataRef SecKeyRSACopyBigEndianToCCUnit(CFDataRef bigEndian, size_t size) {
231 CFMutableDataRef result = NULL;
232 if (bigEndian != NULL) {
233 size_t dataSize = CFDataGetLength(bigEndian);
234 if (dataSize > size) {
235 size = dataSize;
236 }
237 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, ccrsa_sizeof_n_from_size(size));
238 ccn_read_uint(ccn_nof_size(size), (cc_unit *)CFDataGetMutableBytePtr(result), dataSize, CFDataGetBytePtr(bigEndian));
239 }
240 return result;
241 }
242
243 static void PerformWithBigEndianToCCUnit(CFDataRef bigEndian, size_t size, void (^operation)(CFDataRef ccunits)) {
244 if (bigEndian == NULL) {
245 return operation(NULL);
246 }
247 size_t dataSize = CFDataGetLength(bigEndian);
248 if (dataSize > size) {
249 size = dataSize;
250 }
251 PerformWithCFDataBuffer(ccrsa_sizeof_n_from_size(size), ^(uint8_t *buffer, CFDataRef data) {
252 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, dataSize, CFDataGetBytePtr(bigEndian));
253 operation(data);
254 });
255 }
256
257 static CFDataRef SecKeyRSACopyCCUnitToBigEndian(CFDataRef ccunits, size_t size) {
258 CFMutableDataRef result = NULL;
259 if (ccunits != NULL) {
260 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
261 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
262 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, size);
263 ccn_write_uint_padded(n, s, CFDataGetLength(result), CFDataGetMutableBytePtr(result));
264 }
265 return result;
266 }
267
268 static void PerformWithCCUnitToBigEndian(CFDataRef ccunits, size_t size, void (^operation)(CFDataRef bigEndian)) {
269 if (ccunits == NULL) {
270 return operation(NULL);
271 }
272 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
273 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
274 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
275 ccn_write_uint_padded(n, s, size, buffer);
276 operation(data);
277 });
278 }
279
280 static CFTypeRef SecKeyRSACopyEMSASignature(SecKeyOperationContext *context,
281 CFDataRef in1, CFDataRef in2, CFErrorRef *error, bool pss, const struct ccdigest_info *di) {
282 CFDictionaryRef parameters = NULL;
283 __block CFTypeRef result = NULL;
284
285 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
286 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
287 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
288 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
289 CFReleaseNull(parameters);
290
291 if (pss) {
292 // Verify that algorithm is compatible with the modulus size.
293 size_t blockSize = SecKeyGetBlockSize(context->key);
294 require_action_quiet(blockSize >= di->output_size * 2 + 2, out,
295 SecError(errSecParam, error, CFSTR("algorithm %@ incompatible with %lubit RSA key"),
296 CFArrayGetValueAtIndex(context->algorithm, CFArrayGetCount(context->algorithm) - 1),
297 blockSize * 8));
298 }
299
300 if (!pss && di != NULL) {
301 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw);
302 }
303
304 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
305 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
306 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
307 }
308
309 size_t size = SecKeyGetBlockSize(context->key);
310 if (size == 0) {
311 SecError(errSecParam, error, CFSTR("expecting RSA key"));
312 return NULL;
313 }
314 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
315 NSMutableData *s = [NSMutableData dataWithLength:size];
316 require_action_quiet(s != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
317 if (pss) {
318 NSMutableData *salt = [NSMutableData dataWithLength:di->output_size];
319 require_action_quiet(salt != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
320 int err = ccrng_generate(ccrng_seckey, di->output_size, salt.mutableBytes);
321 require_noerr_action_quiet(err, out, SecError(errSecInternal, error, CFSTR("PSS salt gen fail (%zu bytes), err %d"),
322 di->output_size, err));
323 err = ccrsa_emsa_pss_encode(di, di, di->output_size, salt.bytes,
324 CFDataGetLength(in1), CFDataGetBytePtr(in1), size * 8 - 1, s.mutableBytes);
325 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSASSA-PSS incompatible algorithm for key size")));
326 } else {
327 int err = ccrsa_emsa_pkcs1v15_encode(size, s.mutableBytes, CFDataGetLength(in1), CFDataGetBytePtr(in1), di ? di->oid : NULL);
328 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSAsign wrong input data length")));
329 }
330 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, size, s.bytes);
331 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
332 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
333 out:;
334 });
335
336 out:
337 CFReleaseSafe(parameters);
338 return result;
339 }
340
341 #define RSA_EMSA_SIGN_ADAPTOR(name, pss, di) \
342 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigest ## name( \
343 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
344 return SecKeyRSACopyEMSASignature(context, in1, in2, error, pss, di); \
345 }
346
347 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA1, false, ccsha1_di())
348 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA224, false, ccsha224_di())
349 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA256, false, ccsha256_di())
350 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA384, false, ccsha384_di())
351 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA512, false, ccsha512_di())
352 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15Raw, false, NULL)
353 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15MD5, false, ccmd5_di())
354 RSA_EMSA_SIGN_ADAPTOR(PSSSHA1, true, ccsha1_di())
355 RSA_EMSA_SIGN_ADAPTOR(PSSSHA224, true, ccsha224_di())
356 RSA_EMSA_SIGN_ADAPTOR(PSSSHA256, true, ccsha256_di())
357 RSA_EMSA_SIGN_ADAPTOR(PSSSHA384, true, ccsha384_di())
358 RSA_EMSA_SIGN_ADAPTOR(PSSSHA512, true, ccsha512_di())
359
360 #undef RSA_EMSA_SIGN_ADAPTOR
361
362 static CFTypeRef SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(SecKeyOperationContext *context,
363 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
364 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
365 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
366 }
367
368 __block CFTypeRef result = NULL;
369 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
370 result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, in2, error);
371 if (result != NULL) {
372 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
373 }
374 });
375 return result;
376 }
377
378 static CFTypeRef SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(SecKeyOperationContext *context,
379 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
380 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
381 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
382 }
383
384 __block CFTypeRef result = NULL;
385 PerformWithCCUnitToBigEndian(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef bigEndian) {
386 result = SecKeyRunAlgorithmAndCopyResult(context, bigEndian, in2, error);
387 if (result != NULL) {
388 CFAssignRetained(result, SecKeyRSACopyBigEndianToCCUnit(result, SecKeyGetBlockSize(context->key)));
389 }
390 });
391 return result;
392 }
393
394 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw(SecKeyOperationContext *context,
395 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
396 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
397 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
398 }
399
400 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit(SecKeyOperationContext *context,
401 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
402 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRaw);
403 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
404 }
405
406 static bool SecKeyVerifyBadSignature(CFErrorRef *error) {
407 return SecError(errSecVerifyFailed, error, CFSTR("RSA signature verification failed, no match"));
408 }
409
410 static CFTypeRef SecKeyRSAVerifyAdaptorCopyResult(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error,
411 Boolean (^verifyBlock)(CFDataRef decrypted)) {
412 CFTypeRef result = NULL;
413 context->operation = kSecKeyOperationTypeDecrypt;
414 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
415 result = SecKeyRunAlgorithmAndCopyResult(context, signature, NULL, error);
416 if (context->mode == kSecKeyOperationModePerform && result != NULL) {
417 if (verifyBlock(result)) {
418 CFRetainAssign(result, kCFBooleanTrue);
419 } else {
420 CFRetainAssign(result, kCFBooleanFalse);
421 SecKeyVerifyBadSignature(error);
422 }
423 }
424 return result;
425 }
426
427 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyOperationContext *context,
428 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
429 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) {
430 // Skip zero-padding from the beginning of the decrypted signature.
431 const UInt8 *data = CFDataGetBytePtr(decrypted);
432 CFIndex length = CFDataGetLength(decrypted);
433 while (*data == 0x00 && length > 0) {
434 data++;
435 length--;
436 }
437 // The rest of the decrypted signature must be the same as input data.
438 return length == CFDataGetLength(in1) && memcmp(CFDataGetBytePtr(in1), data, length) == 0;
439 });
440 };
441
442 #define PKCS1v15_EMSA_VERIFY_ADAPTOR(name, oid) \
443 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15 ## name( \
444 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
445 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
446 return ccrsa_emsa_pkcs1v15_verify(CFDataGetLength(decrypted), \
447 (uint8_t *)CFDataGetBytePtr(decrypted), \
448 CFDataGetLength(in1), CFDataGetBytePtr(in1), oid) == 0; \
449 }); \
450 }
451
452 #define PSS_EMSA_VERIFY_ADAPTOR(name, di) \
453 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSS ## name( \
454 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
455 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
456 return ccrsa_emsa_pss_decode(di, di, di->output_size, CFDataGetLength(in1), CFDataGetBytePtr(in1), \
457 CFDataGetLength(decrypted) * 8 - 1, (uint8_t *)CFDataGetBytePtr(decrypted)) == 0; \
458 }); \
459 }
460
461 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di()->oid)
462 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di()->oid)
463 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di()->oid)
464 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di()->oid)
465 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di()->oid)
466 PKCS1v15_EMSA_VERIFY_ADAPTOR(Raw, NULL)
467 PKCS1v15_EMSA_VERIFY_ADAPTOR(MD5, ccmd5_di()->oid)
468
469 PSS_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di())
470 PSS_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di())
471 PSS_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di())
472 PSS_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di())
473 PSS_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di())
474
475 #undef PKCS1v15_EMSA_VERIFY_ADAPTOR
476 #undef PSS_EMSA_VERIFY_ADAPTOR
477
478 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw(SecKeyOperationContext *context,
479 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
480 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
481 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
482 }
483
484 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit(SecKeyOperationContext *context,
485 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
486 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
487 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
488 }
489
490 static CFTypeRef SecKeyRSACopyEncryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
491 CFDataRef in1, CFErrorRef *error) {
492 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
493 size_t size = SecKeyGetBlockSize(context->key);
494 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
495 if (size < minSize) {
496 return kCFNull;
497 }
498 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
499 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
500 }
501
502 __block CFTypeRef result = NULL;
503 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
504 int err;
505 if (di != NULL) {
506 err = ccrsa_oaep_encode(di, ccrng_seckey, size, (cc_unit *)buffer,
507 CFDataGetLength(in1), CFDataGetBytePtr(in1));
508 } else {
509 err = ccrsa_eme_pkcs1v15_encode(ccrng_seckey, size, (cc_unit *)buffer,
510 CFDataGetLength(in1), CFDataGetBytePtr(in1));
511 }
512 require_noerr_action_quiet(err, out, SecError(errSecParam, error,
513 CFSTR("RSAencrypt wrong input size (err %d)"), err));
514 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
515 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
516 out:;
517 });
518 return result;
519 }
520
521 static CFTypeRef SecKeyRSACopyDecryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
522 CFDataRef in1, CFErrorRef *error) {
523 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
524 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
525 if (SecKeyGetBlockSize(context->key) < minSize) {
526 return kCFNull;
527 }
528 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
529 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
530 }
531
532 __block CFMutableDataRef result = NULL;
533 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
534 CFDataRef cc_result = NULL;
535 require_quiet(cc_result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, NULL, error), out);
536 size_t size = CFDataGetLength(cc_result);
537 result = CFDataCreateMutableWithScratch(NULL, size);
538 int err;
539 if (di != NULL) {
540 err = ccrsa_oaep_decode(di, &size, CFDataGetMutableBytePtr(result),
541 CFDataGetLength(cc_result), (cc_unit *)CFDataGetBytePtr(cc_result));
542 } else {
543 err = ccrsa_eme_pkcs1v15_decode(&size, CFDataGetMutableBytePtr(result),
544 CFDataGetLength(cc_result), (cc_unit *)CFDataGetBytePtr(cc_result));
545 }
546 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
547 SecError(errSecParam, error, CFSTR("RSAdecrypt wrong input (err %d)"), err)));
548 CFDataSetLength(result, size);
549 out:
550 CFReleaseSafe(cc_result);
551 });
552 return result;
553 }
554
555 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
556 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
557 return SecKeyRSACopyEncryptedWithPadding(context, NULL, in1, error);
558 }
559
560 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
561 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
562 return SecKeyRSACopyDecryptedWithPadding(context, NULL, in1, error);
563 }
564
565 #define RSA_OAEP_CRYPT_ADAPTOR(name, di) \
566 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## name( \
567 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
568 return SecKeyRSACopyEncryptedWithPadding(context, di, in1, error); \
569 } \
570 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## name( \
571 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
572 return SecKeyRSACopyDecryptedWithPadding(context, di, in1, error); \
573 }
574
575 RSA_OAEP_CRYPT_ADAPTOR(SHA1, ccsha1_di());
576 RSA_OAEP_CRYPT_ADAPTOR(SHA224, ccsha224_di());
577 RSA_OAEP_CRYPT_ADAPTOR(SHA256, ccsha256_di());
578 RSA_OAEP_CRYPT_ADAPTOR(SHA384, ccsha384_di());
579 RSA_OAEP_CRYPT_ADAPTOR(SHA512, ccsha512_di());
580
581 #undef RSA_OAEP_CRYPT_ADAPTOR
582
583 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize = CFSTR("requestedSize");
584 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo = CFSTR("sharedInfo");
585
586 const CFStringRef kSecKeyEncryptionParameterSymmetricKeySizeInBits = CFSTR("symKeySize");
587 const CFStringRef kSecKeyEncryptionParameterSymmetricAAD = CFSTR("aad");
588 const CFStringRef kSecKeyEncryptionParameterRecryptParameters = CFSTR("recryptParams");
589 const CFStringRef kSecKeyEncryptionParameterRecryptCertificate = CFSTR("recryptCert");
590
591 static CFTypeRef SecKeyECDHCopyX963Result(SecKeyOperationContext *context, const struct ccdigest_info *di,
592 CFTypeRef in1, CFTypeRef params, CFErrorRef *error) {
593 CFTypeRef result = NULL;
594 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, in1, NULL, error), out);
595
596 if (context->mode == kSecKeyOperationModePerform) {
597 // Parse params.
598 CFTypeRef value = NULL;
599 CFIndex requestedSize = 0;
600 require_action_quiet((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterRequestedSize)) != NULL
601 && CFGetTypeID(value) == CFNumberGetTypeID() &&
602 CFNumberGetValue(value, kCFNumberCFIndexType, &requestedSize), out,
603 SecError(errSecParam, error, CFSTR("kSecKeyKeyExchangeParameterRequestedSize is missing")));
604 size_t sharedInfoLength = 0;
605 const void *sharedInfo = NULL;
606 if ((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterSharedInfo)) != NULL &&
607 CFGetTypeID(value) == CFDataGetTypeID()) {
608 sharedInfo = CFDataGetBytePtr(value);
609 sharedInfoLength = CFDataGetLength(value);
610 }
611
612 CFMutableDataRef kdfResult = CFDataCreateMutableWithScratch(kCFAllocatorDefault, requestedSize);
613 int err = ccansikdf_x963(di, CFDataGetLength(result), CFDataGetBytePtr(result), sharedInfoLength, sharedInfo,
614 requestedSize, CFDataGetMutableBytePtr(kdfResult));
615 CFAssignRetained(result, kdfResult);
616 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
617 SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong input (%d)"), err)));
618 }
619 out:
620 return result;
621 }
622
623 #define ECDH_X963_ADAPTOR(hashname, di, cofactor) \
624 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDH ## cofactor ## X963 ## hashname( \
625 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
626 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDHKeyExchange ## cofactor); \
627 return SecKeyECDHCopyX963Result(context, di, in1, in2, error); \
628 }
629
630 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Standard)
631 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Standard)
632 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Standard)
633 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Standard)
634 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Standard)
635 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Cofactor)
636 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Cofactor)
637 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Cofactor)
638 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Cofactor)
639 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Cofactor)
640
641 #undef ECDH_X963_ADAPTOR
642
643 // Extract number value of either CFNumber or CFString.
644 static CFIndex SecKeyGetCFIndexFromRef(CFTypeRef ref) {
645 CFIndex result = 0;
646 if (CFGetTypeID(ref) == CFNumberGetTypeID()) {
647 if (!CFNumberGetValue(ref, kCFNumberCFIndexType, &result)) {
648 result = 0;
649 }
650 } else if (CFGetTypeID(ref) == CFStringGetTypeID()) {
651 result = CFStringGetIntValue(ref);
652 }
653 return result;
654 }
655
656 typedef CFDataRef (*SecKeyECIESKeyExchangeCopyResult)(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm, bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV, CFDictionaryRef inParams, CFErrorRef *error);
657 typedef Boolean (*SecKeyECIESEncryptCopyResult)(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams, CFMutableDataRef result, CFErrorRef *error);
658 typedef CFDataRef SecKeyECIESDecryptCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams, CFErrorRef *error);
659
660 static CFTypeRef SecKeyECIESCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
661 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
662 SecKeyECIESEncryptCopyResult encryptCopyResult, bool variableIV,
663 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
664 CFDictionaryRef parameters = NULL;
665 SecKeyRef ephemeralPrivateKey = NULL, ephemeralPublicKey = NULL;
666 CFDataRef pubKeyData = NULL, ephemeralPubKeyData = NULL, keyExchangeResult = NULL;
667 CFTypeRef result = NULL;
668 SecKeyRef originalKey = context->key;
669 CFMutableDataRef ciphertext = NULL;
670
671 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
672 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
673 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
674 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
675
676 // Generate ephemeral key.
677 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
678 CFAssignRetained(parameters, CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
679 kSecAttrKeyType, CFDictionaryGetValue(parameters, kSecAttrKeyType),
680 kSecAttrKeySizeInBits, CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits),
681 NULL));
682 require_quiet(ephemeralPrivateKey = SecKeyCreateRandomKey(parameters, error), out);
683 require_action_quiet(ephemeralPublicKey = SecKeyCopyPublicKey(ephemeralPrivateKey), out,
684 SecError(errSecParam, error, CFSTR("Unable to get public key from generated ECkey")));
685 require_quiet(ephemeralPubKeyData = SecKeyCopyExternalRepresentation(ephemeralPublicKey, error), out);
686
687 context->key = ephemeralPrivateKey;
688 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, true,
689 ephemeralPubKeyData, pubKeyData, variableIV, in2, error), out);
690 if (context->mode == kSecKeyOperationModePerform) {
691 // Encrypt input data using AES-GCM.
692 ciphertext = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, ephemeralPubKeyData);
693 require_quiet(encryptCopyResult(keyExchangeResult, in1, in2, ciphertext, error), out);
694 result = CFRetain(ciphertext);
695 } else {
696 result = CFRetain(keyExchangeResult);
697 }
698
699 out:
700 CFReleaseSafe(parameters);
701 CFReleaseSafe(ephemeralPrivateKey);
702 CFReleaseSafe(ephemeralPublicKey);
703 CFReleaseSafe(pubKeyData);
704 CFReleaseSafe(ephemeralPubKeyData);
705 CFReleaseSafe(keyExchangeResult);
706 CFReleaseSafe(ciphertext);
707 context->key = originalKey;
708 return result;
709 }
710
711 static CFTypeRef SecKeyECIESCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
712 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
713 SecKeyECIESDecryptCopyResult decryptCopyResult, bool variableIV,
714 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
715 CFTypeRef result = NULL;
716 CFDictionaryRef parameters = NULL;
717 CFDataRef ephemeralPubKeyData = NULL, keyExchangeResult = NULL, pubKeyData = NULL;
718 SecKeyRef pubKey = NULL;
719 CFDataRef ciphertext = NULL;
720 const UInt8 *ciphertextBuffer = NULL;
721 CFIndex keySize = 0;
722
723 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
724 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
725 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
726 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
727
728 if (context->mode == kSecKeyOperationModePerform) {
729 // Extract ephemeral public key from the packet.
730 keySize = (SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits)) + 7) / 8;
731 require_action_quiet(CFDataGetLength(in1) >= keySize * 2 + 1, out,
732 SecError(errSecParam, error, CFSTR("%@: too small input packet for ECIES decrypt"), context->key));
733 ciphertextBuffer = CFDataGetBytePtr(in1);
734 ephemeralPubKeyData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, keySize * 2 + 1, kCFAllocatorNull);
735 ciphertextBuffer += keySize * 2 + 1;
736
737 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
738 SecError(errSecParam, error, CFSTR("%@: Unable to get public key"), context->key));
739 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
740 }
741
742 // Perform keyExchange operation.
743 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, false,
744 ephemeralPubKeyData, pubKeyData, variableIV, in2, error), out);
745 if (context->mode == kSecKeyOperationModePerform) {
746 // Decrypt ciphertext using AES-GCM.
747 ciphertext = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, CFDataGetLength(in1) - (keySize * 2 + 1),
748 kCFAllocatorNull);
749 require_quiet(result = decryptCopyResult(keyExchangeResult, ciphertext, in2, error), out);
750 } else {
751 result = CFRetain(keyExchangeResult);
752 }
753
754 out:
755 CFReleaseSafe(parameters);
756 CFReleaseSafe(ephemeralPubKeyData);
757 CFReleaseSafe(keyExchangeResult);
758 CFReleaseSafe(pubKeyData);
759 CFReleaseSafe(pubKey);
760 CFReleaseSafe(ciphertext);
761 return result;
762 }
763
764 static const CFIndex kSecKeyIESTagLength = 16;
765 static const UInt8 kSecKeyIESIV[16] = { 0 };
766
767 static CFDataRef SecKeyECIESKeyExchangeKDFX963CopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
768 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
769 CFDictionaryRef inParams, CFErrorRef *error) {
770 NSDictionary *parametersForKeyExchange, *inputParameters = (__bridge NSDictionary *)inParams;
771 NSData *result;
772 NSMutableData *sharedInfoForKeyExchange;
773
774 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
775 context->operation = kSecKeyOperationTypeKeyExchange;
776
777 if (context->mode == kSecKeyOperationModePerform) {
778 NSInteger keySize = 0;
779 NSNumber *keySizeObject = inputParameters[(__bridge id)kSecKeyEncryptionParameterSymmetricKeySizeInBits];
780 if (keySizeObject != nil) {
781 if (![keySizeObject isKindOfClass:NSNumber.class]) {
782 SecError(errSecParam, error, CFSTR("Bad requested kSecKeyEncryptionParameterSymmetricKeySizeInBits: %@"), keySizeObject);
783 return NULL;
784 }
785 keySize = keySizeObject.integerValue / 8;
786 } else {
787 // Use 128bit AES for EC keys <= 256bit, 256bit AES for larger keys.
788 keySize = ((CFDataGetLength(pubKey) - 1) / 2) * 8;
789 keySize = (keySize > 256) ? (256 / 8) : (128 / 8);
790 }
791
792 if (variableIV) {
793 keySize += sizeof(kSecKeyIESIV);
794 }
795
796 // Generate shared secret using KDF.
797 sharedInfoForKeyExchange = ((__bridge NSData *)ephemeralPubKey).mutableCopy;
798 NSData *sharedInfo = inputParameters[(__bridge id)kSecKeyKeyExchangeParameterSharedInfo];
799 if (sharedInfo != nil) {
800 [sharedInfoForKeyExchange appendData:sharedInfo];
801 }
802 parametersForKeyExchange = @{ (__bridge id)kSecKeyKeyExchangeParameterSharedInfo: sharedInfoForKeyExchange,
803 (__bridge id)kSecKeyKeyExchangeParameterRequestedSize: @(keySize) };
804 }
805
806 result = CFBridgingRelease(SecKeyRunAlgorithmAndCopyResult(context, encrypt ? pubKey : ephemeralPubKey, (__bridge CFDictionaryRef)parametersForKeyExchange, error));
807 if (context->mode == kSecKeyOperationModePerform && !variableIV && result != NULL) {
808 // Append all-zero IV to the result.
809 NSMutableData *data = result.mutableCopy;
810 [data appendBytes:kSecKeyIESIV length:sizeof(kSecKeyIESIV)];
811 result = [NSData dataWithData:data];
812 }
813 return CFBridgingRetain(result);
814 }
815
816 static Boolean SecKeyECIESEncryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
817 CFMutableDataRef result, CFErrorRef *error) {
818 Boolean res = FALSE;
819 CFIndex prefix = CFDataGetLength(result);
820 CFDataSetLength(result, prefix + CFDataGetLength(inData) + kSecKeyIESTagLength);
821 UInt8 *resultBuffer = CFDataGetMutableBytePtr(result) + prefix;
822 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(inData);
823 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
824 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
825 CFDataRef aad = inParams ? CFDictionaryGetValue(inParams, kSecKeyEncryptionParameterSymmetricAAD) : NULL;
826 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
827 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
828 sizeof(kSecKeyIESIV), ivBuffer,
829 aad ? CFDataGetLength(aad) : 0, aad ? CFDataGetBytePtr(aad) : NULL,
830 CFDataGetLength(inData), CFDataGetBytePtr(inData),
831 resultBuffer, kSecKeyIESTagLength, tagBuffer) == 0, out,
832 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm encrypt data")));
833 res = TRUE;
834 out:
835 return res;
836 }
837
838 static CFDataRef SecKeyECIESDecryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
839 CFErrorRef *error) {
840 CFDataRef result = NULL;
841 CFMutableDataRef plaintext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData) - kSecKeyIESTagLength);
842 CFMutableDataRef tag = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), kSecKeyIESTagLength);
843 CFDataGetBytes(inData, CFRangeMake(CFDataGetLength(inData) - kSecKeyIESTagLength, kSecKeyIESTagLength),
844 CFDataGetMutableBytePtr(tag));
845 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
846 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
847 CFDataRef aad = inParams ? CFDictionaryGetValue(inParams, kSecKeyEncryptionParameterSymmetricAAD) : NULL;
848 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
849 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
850 sizeof(kSecKeyIESIV), ivBuffer,
851 aad ? CFDataGetLength(aad) : 0, aad ? CFDataGetBytePtr(aad) : NULL,
852 CFDataGetLength(plaintext), CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(plaintext),
853 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
854 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm decrypt data")));
855 result = CFRetain(plaintext);
856 out:
857 CFReleaseSafe(plaintext);
858 CFReleaseSafe(tag);
859 return result;
860 }
861
862 #define ECIES_X963_ADAPTOR(hashname, cofactor, namepart, variableIV) \
863 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIES ## cofactor ## namepart ## hashname( \
864 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
865 return SecKeyECIESCopyEncryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
866 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESEncryptAESGCMCopyResult, variableIV, in1, in2, error); \
867 } \
868 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES ## cofactor ## namepart ## hashname( \
869 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
870 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
871 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESDecryptAESGCMCopyResult, variableIV, in1, in2, error); \
872 }
873
874 ECIES_X963_ADAPTOR(SHA1, Standard, X963, false)
875 ECIES_X963_ADAPTOR(SHA224, Standard, X963, false)
876 ECIES_X963_ADAPTOR(SHA256, Standard, X963, false)
877 ECIES_X963_ADAPTOR(SHA384, Standard, X963, false)
878 ECIES_X963_ADAPTOR(SHA512, Standard, X963, false)
879 ECIES_X963_ADAPTOR(SHA1, Cofactor, X963, false)
880 ECIES_X963_ADAPTOR(SHA224, Cofactor, X963, false)
881 ECIES_X963_ADAPTOR(SHA256, Cofactor, X963, false)
882 ECIES_X963_ADAPTOR(SHA384, Cofactor, X963, false)
883 ECIES_X963_ADAPTOR(SHA512, Cofactor, X963, false)
884
885 ECIES_X963_ADAPTOR(SHA224, Standard, VariableIVX963, true)
886 ECIES_X963_ADAPTOR(SHA256, Standard, VariableIVX963, true)
887 ECIES_X963_ADAPTOR(SHA384, Standard, VariableIVX963, true)
888 ECIES_X963_ADAPTOR(SHA512, Standard, VariableIVX963, true)
889 ECIES_X963_ADAPTOR(SHA224, Cofactor, VariableIVX963, true)
890 ECIES_X963_ADAPTOR(SHA256, Cofactor, VariableIVX963, true)
891 ECIES_X963_ADAPTOR(SHA384, Cofactor, VariableIVX963, true)
892 ECIES_X963_ADAPTOR(SHA512, Cofactor, VariableIVX963, true)
893
894 #undef ECIES_X963_ADAPTOR
895
896 static CFDataRef SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
897 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
898 CFDictionaryRef inParams, CFErrorRef *error) {
899 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
900 context->operation = kSecKeyOperationTypeKeyExchange;
901 CFMutableDataRef result = (CFMutableDataRef)SecKeyRunAlgorithmAndCopyResult(context, ephemeralPubKey, NULL, error);
902 if (result != NULL && context->mode == kSecKeyOperationModePerform) {
903 const struct ccdigest_info *di = ccsha256_di();
904 ccdigest_di_decl(di, ctx);
905 ccdigest_init(di, ctx);
906 ccdigest_update(di, ctx, CFDataGetLength(result), CFDataGetBytePtr(result));
907 ccdigest_update(di, ctx, CFDataGetLength(ephemeralPubKey), CFDataGetBytePtr(ephemeralPubKey));
908 ccdigest_update(di, ctx, CFDataGetLength(pubKey), CFDataGetBytePtr(pubKey));
909 CFAssignRetained(result, CFDataCreateMutableWithScratch(kCFAllocatorDefault, di->output_size));
910 ccdigest_final(di, ctx, CFDataGetMutableBytePtr(result));
911 }
912 return result;
913 }
914
915 static CFDataRef SecKeyECIESDecryptAESCBCCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFDictionaryRef inParams,
916 CFErrorRef *error) {
917 CFMutableDataRef result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData));
918 cccbc_one_shot(ccaes_cbc_decrypt_mode(),
919 CFDataGetLength(keyExchangeResult), CFDataGetBytePtr(keyExchangeResult),
920 NULL, CFDataGetLength(keyExchangeResult) / CCAES_BLOCK_SIZE,
921 CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(result));
922 return result;
923 }
924
925 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys(
926 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
927 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchangeStandard,
928 SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult,
929 SecKeyECIESDecryptAESCBCCopyResult, false,
930 in1, in2, error);
931 }
932
933 static CFTypeRef SecKeyRSAAESGCMCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
934 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
935 CFTypeRef result = NULL;
936 CFDictionaryRef parameters = NULL;
937 CFDataRef pubKeyData = NULL, wrappedKey = NULL, sessionKey = NULL;
938 CFMutableDataRef ciphertext = NULL;
939
940 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
941 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
942 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
943 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
944
945 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
946 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
947 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
948
949 // Generate session key. Use 128bit AES for RSA keys < 4096bit, 256bit AES for larger keys.
950 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
951 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
952 require_action_quiet(sessionKey = CFDataCreateWithRandomBytes((keySize >= 4096) ? (256 / 8) : (128 / 8)), out,
953 SecError(errSecParam, error, CFSTR("Failed to generate session key")));
954
955 // Encrypt session key using wrapping algorithm and store at the beginning of the result packet.
956 require_action_quiet(wrappedKey = SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error), out,
957 CFReleaseNull(result));
958 ciphertext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(wrappedKey) + CFDataGetLength(in1) + kSecKeyIESTagLength);
959 UInt8 *resultBuffer = CFDataGetMutableBytePtr(ciphertext);
960 CFDataGetBytes(wrappedKey, CFRangeMake(0, CFDataGetLength(wrappedKey)), resultBuffer);
961 resultBuffer += CFDataGetLength(wrappedKey);
962
963 // Encrypt input data using AES-GCM.
964 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(in1);
965 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
966 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
967 sizeof(kSecKeyIESIV), kSecKeyIESIV,
968 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
969 CFDataGetLength(in1), CFDataGetBytePtr(in1), resultBuffer,
970 kSecKeyIESTagLength, tagBuffer) == 0, out,
971 SecError(errSecParam, error, CFSTR("RSAWRAP: Failed to aes-gcm encrypt data")));
972 result = CFRetain(ciphertext);
973
974 out:
975 CFReleaseSafe(parameters);
976 CFReleaseSafe(pubKeyData);
977 CFReleaseSafe(wrappedKey);
978 CFReleaseSafe(sessionKey);
979 CFReleaseSafe(ciphertext);
980 return result;
981 }
982
983 static CFTypeRef SecKeyRSAAESGCMCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
984 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
985 CFTypeRef result = NULL;
986 CFDictionaryRef parameters = NULL;
987 CFMutableDataRef plaintext = NULL, tag = NULL;
988 CFDataRef pubKeyData = NULL, sessionKey = NULL;
989 SecKeyRef pubKey = NULL;
990
991 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
992 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
993 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
994 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
995
996 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
997 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
998 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
999
1000 // Extract encrypted session key.
1001 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
1002 SecError(errSecParam, error, CFSTR("%@: unable to get public key"), context->key));
1003 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
1004
1005 CFIndex wrappedKeySize = SecKeyGetBlockSize(context->key);
1006 require_action_quiet(CFDataGetLength(in1) >= wrappedKeySize + kSecKeyIESTagLength, out,
1007 SecError(errSecParam, error, CFSTR("RSA-WRAP too short input data")));
1008 sessionKey = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, CFDataGetBytePtr(in1), wrappedKeySize, kCFAllocatorNull);
1009
1010 // Decrypt session key.
1011 CFAssignRetained(sessionKey, SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error));
1012 require_quiet(sessionKey, out);
1013 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
1014 keySize = (keySize >= 4096) ? (256 / 8) : (128 / 8);
1015 require_action_quiet(CFDataGetLength(sessionKey) == keySize, out,
1016 SecError(errSecParam, error, CFSTR("RSA-WRAP bad ciphertext, unexpected session key size")));
1017
1018 // Decrypt ciphertext using AES-GCM.
1019 plaintext = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), CFDataGetLength(in1) - wrappedKeySize - kSecKeyIESTagLength);
1020 tag = CFDataCreateMutableWithScratch(kCFAllocatorDefault, kSecKeyIESTagLength);
1021 CFDataGetBytes(in1, CFRangeMake(CFDataGetLength(in1) - kSecKeyIESTagLength, kSecKeyIESTagLength),
1022 CFDataGetMutableBytePtr(tag));
1023 const UInt8 *ciphertextBuffer = CFDataGetBytePtr(in1);
1024 ciphertextBuffer += wrappedKeySize;
1025 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
1026 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1027 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1028 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1029 CFDataGetLength(plaintext), ciphertextBuffer, CFDataGetMutableBytePtr(plaintext),
1030 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
1031 SecError(errSecParam, error, CFSTR("RSA-WRAP: Failed to aes-gcm decrypt data")));
1032 result = CFRetain(plaintext);
1033
1034 out:
1035 CFReleaseSafe(parameters);
1036 CFReleaseSafe(sessionKey);
1037 CFReleaseSafe(tag);
1038 CFReleaseSafe(pubKeyData);
1039 CFReleaseSafe(pubKey);
1040 CFReleaseSafe(plaintext);
1041 return result;
1042 }
1043
1044 #define RSA_OAEP_AESGCM_ADAPTOR(hashname) \
1045 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1046 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1047 return SecKeyRSAAESGCMCopyEncryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1048 } \
1049 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1050 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1051 return SecKeyRSAAESGCMCopyDecryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1052 }
1053
1054 RSA_OAEP_AESGCM_ADAPTOR(SHA1)
1055 RSA_OAEP_AESGCM_ADAPTOR(SHA224)
1056 RSA_OAEP_AESGCM_ADAPTOR(SHA256)
1057 RSA_OAEP_AESGCM_ADAPTOR(SHA384)
1058 RSA_OAEP_AESGCM_ADAPTOR(SHA512)
1059
1060 #undef RSA_OAEP_AESGCM_ADAPTOR
1061
1062 SecKeyAlgorithmAdaptor SecKeyGetAlgorithmAdaptor(SecKeyOperationType operation, SecKeyAlgorithm algorithm) {
1063 static CFDictionaryRef adaptors[kSecKeyOperationTypeCount];
1064 static dispatch_once_t onceToken;
1065 dispatch_once(&onceToken, ^{
1066 const void *signKeys[] = {
1067 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1068 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1069 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1070 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1071 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1072 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1073 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1074
1075 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1076 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1077 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1078 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1079 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1080
1081 kSecKeyAlgorithmRSASignatureRaw,
1082 kSecKeyAlgorithmRSASignatureRawCCUnit,
1083
1084 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1085 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1086 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1087 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1088 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1089 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1090
1091 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1092 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1093 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1094 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1095 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1096
1097 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1098 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1099 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1100 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1101 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1102
1103 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1104 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1105 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1106 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1107 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1108 };
1109 const void *signValues[] = {
1110 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA1,
1111 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA224,
1112 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA256,
1113 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA384,
1114 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA512,
1115 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15Raw,
1116 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15MD5,
1117
1118 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA1,
1119 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA224,
1120 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA256,
1121 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA384,
1122 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA512,
1123
1124 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw,
1125 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit,
1126
1127 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1128 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1129 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1130 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1131 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1132 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1133
1134 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1135 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1136 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1137 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1138 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1139
1140 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1141 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1142 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1143 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1144 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1145
1146 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1147 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1148 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1149 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1150 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1151 };
1152 check_compile_time(array_size(signKeys) == array_size(signValues));
1153 adaptors[kSecKeyOperationTypeSign] = CFDictionaryCreate(kCFAllocatorDefault, signKeys, signValues,
1154 array_size(signKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1155
1156 const void *verifyKeys[] = {
1157 kSecKeyAlgorithmRSASignatureRaw,
1158
1159 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1160 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1161 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1162 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1163 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1164 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1165 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1166
1167 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1168 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1169 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1170 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1171 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1172
1173 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1174 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1175 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1176 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1177 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1178 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1179
1180 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1181 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1182 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1183 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1184 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1185
1186 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1187 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1188 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1189 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1190 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1191
1192 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1193 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1194 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1195 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1196 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1197 };
1198 const void *verifyValues[] = {
1199 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw,
1200
1201 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA1,
1202 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA224,
1203 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA256,
1204 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA384,
1205 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA512,
1206 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15Raw,
1207 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15MD5,
1208
1209 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA1,
1210 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA224,
1211 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA256,
1212 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA384,
1213 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA512,
1214
1215 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1216 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1217 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1218 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1219 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1220 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1221
1222 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1223 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1224 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1225 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1226 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1227
1228 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1229 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1230 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1231 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1232 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1233
1234 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1235 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1236 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1237 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1238 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1239 };
1240 check_compile_time(array_size(verifyKeys) == array_size(verifyValues));
1241 adaptors[kSecKeyOperationTypeVerify] = CFDictionaryCreate(kCFAllocatorDefault, verifyKeys, verifyValues,
1242 array_size(verifyKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1243
1244 const void *encryptKeys[] = {
1245 kSecKeyAlgorithmRSAEncryptionRaw,
1246 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1247
1248 kSecKeyAlgorithmRSAEncryptionPKCS1,
1249 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1250 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1251 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1252 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1253 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1254
1255 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1256 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1257 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1258 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1259 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1260
1261 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1262 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1263 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1264 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1265 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1266
1267 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1268 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1269 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1270 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1271 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1272
1273 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1274 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1275 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1276 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1277
1278 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1279 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1280 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1281 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1282 };
1283 const void *encryptValues[] = {
1284 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1285 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1286
1287 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1,
1288 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1,
1289 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224,
1290 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256,
1291 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384,
1292 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512,
1293
1294 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1AESGCM,
1295 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224AESGCM,
1296 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256AESGCM,
1297 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384AESGCM,
1298 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512AESGCM,
1299
1300 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA1,
1301 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA224,
1302 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA256,
1303 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA384,
1304 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA512,
1305
1306 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA1,
1307 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA224,
1308 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA256,
1309 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA384,
1310 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA512,
1311
1312 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA224,
1313 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA256,
1314 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA384,
1315 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA512,
1316
1317 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA224,
1318 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA256,
1319 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA384,
1320 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA512,
1321 };
1322 check_compile_time(array_size(encryptKeys) == array_size(encryptValues));
1323 adaptors[kSecKeyOperationTypeEncrypt] = CFDictionaryCreate(kCFAllocatorDefault, encryptKeys, encryptValues,
1324 array_size(encryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1325
1326 const void *decryptKeys[] = {
1327 kSecKeyAlgorithmRSAEncryptionRaw,
1328 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1329
1330 kSecKeyAlgorithmRSAEncryptionPKCS1,
1331 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1332 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1333 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1334 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1335 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1336
1337 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1338 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1339 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1340 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1341 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1342
1343 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1344 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1345 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1346 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1347 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1348
1349 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1350 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1351 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1352 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1353 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1354
1355 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1356 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1357 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1358 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1359
1360 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1361 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1362 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1363 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1364
1365 kSecKeyAlgorithmECIESEncryptionAKSSmartCard,
1366 };
1367 const void *decryptValues[] = {
1368 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1369 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1370
1371 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1,
1372 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1,
1373 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224,
1374 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256,
1375 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384,
1376 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512,
1377
1378 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1AESGCM,
1379 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224AESGCM,
1380 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256AESGCM,
1381 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384AESGCM,
1382 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512AESGCM,
1383
1384 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA1,
1385 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA224,
1386 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA256,
1387 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA384,
1388 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA512,
1389
1390 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA1,
1391 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA224,
1392 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA256,
1393 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA384,
1394 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA512,
1395
1396 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA224,
1397 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA256,
1398 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA384,
1399 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA512,
1400
1401 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA224,
1402 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA256,
1403 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA384,
1404 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA512,
1405
1406 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys,
1407 };
1408 check_compile_time(array_size(decryptKeys) == array_size(decryptValues));
1409 adaptors[kSecKeyOperationTypeDecrypt] = CFDictionaryCreate(kCFAllocatorDefault, decryptKeys, decryptValues,
1410 array_size(decryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1411
1412 const void *keyExchangeKeys[] = {
1413 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1,
1414 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224,
1415 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256,
1416 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384,
1417 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512,
1418
1419 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1,
1420 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224,
1421 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256,
1422 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384,
1423 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512,
1424 };
1425 const void *keyExchangeValues[] = {
1426
1427 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA1,
1428 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA224,
1429 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA256,
1430 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA384,
1431 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA512,
1432
1433 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA1,
1434 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA224,
1435 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA256,
1436 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA384,
1437 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA512,
1438 };
1439 check_compile_time(array_size(keyExchangeKeys) == array_size(keyExchangeKeys));
1440 adaptors[kSecKeyOperationTypeKeyExchange] = CFDictionaryCreate(kCFAllocatorDefault, keyExchangeKeys, keyExchangeValues,
1441 array_size(keyExchangeKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1442 });
1443
1444 return CFDictionaryGetValue(adaptors[operation], algorithm);
1445 }
mirror of Security