]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/regressions/kc-41-sececkey.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.10.29.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-41-sececkey.c
1 /*
2 * Copyright (c) 2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*
26 * si-40-seckey.c
27 * Security
28 *
29 * Copyright (c) 2007-2009,2013-2014 Apple Inc. All Rights Reserved.
30 *
31 */
32 #include <TargetConditionals.h>
33 #include <CoreFoundation/CoreFoundation.h>
34 #include <Security/Security.h>
35 #include <Security/SecKeyPriv.h>
36
37 #include <Security/SecItem.h>
38 #include <Security/SecKey.h>
39
40 #if 0
41 #include <Security/SecCertificate.h>
42 #include <Security/SecCertificateInternal.h>
43 #include <Security/SecKey.h>
44 #include <Security/SecKeyPriv.h>
45 #include <Security/SecItem.h>
46 #include <Security/SecAsn1Types.h>
47 #include <Security/oidsalg.h>
48 #include <Security/SecureTransport.h>
49 #include <Security/SecRandom.h>
50 #include <CommonCrypto/CommonDigest.h>
51 #include <libDER/libDER.h>
52 #include <stdlib.h>
53 #include <unistd.h>
54 #endif
55
56
57 #include "keychain_regressions.h"
58 #include "utilities/SecCFRelease.h"
59
60
61 #if TARGET_OS_IPHONE
62 static void testdigestandsignalg(SecKeyRef privKey, SecKeyRef pubKey, const SecAsn1AlgId *algId) {
63 uint8_t dataToDigest[256];
64 size_t dataToDigestLen = sizeof(dataToDigest);
65 size_t sigLen = SecKeyGetSize(privKey, kSecKeySignatureSize);
66 uint8_t sig[sigLen];
67
68 DERItem oid;
69 oid.length = algId->algorithm.Length;
70 oid.data = algId->algorithm.Data;
71
72 /* Get the oid in decimal for display purposes. */
73 CFStringRef oidStr = SecDERItemCopyOIDDecimalRepresentation(kCFAllocatorDefault, &oid);
74 char oidBuf[40];
75 CFStringGetCString(oidStr, oidBuf, sizeof(oidBuf), kCFStringEncodingUTF8);
76 CFRelease(oidStr);
77
78 SKIP: {
79 OSStatus status;
80
81 /* Time to sign. */
82 ok_status(status = SecKeyDigestAndSign(privKey, algId, dataToDigest, dataToDigestLen,
83 sig, &sigLen),
84 "digest and sign %s with %ld bit RSA key", oidBuf, sigLen * 8);
85
86 skip("SecKeyDigestAndSign failed", 3, status == errSecSuccess);
87
88 /* Verify the signature we just made. */
89 ok_status(SecKeyDigestAndVerify(pubKey, algId, dataToDigest, dataToDigestLen,
90 sig, sigLen), "digest and verify");
91 /* Invalidate the signature. */
92 sig[0] ^= 0xff;
93 is_status(SecKeyDigestAndVerify(pubKey, algId, dataToDigest, dataToDigestLen,
94 sig, sigLen), errSSLCrypto, "digest and verify bad sig");
95 sig[0] ^= 0xff;
96 dataToDigest[0] ^= 0xff;
97 is_status(SecKeyDigestAndVerify(pubKey, algId, dataToDigest, dataToDigestLen,
98 sig, sigLen), errSSLCrypto, "digest and verify bad digest");
99 }
100 }
101
102 static void testdigestandsign(SecKeyRef privKey, SecKeyRef pubKey) {
103 static const SecAsn1Oid *oids[] = {
104 &CSSMOID_ECDSA_WithSHA1,
105 #if 0
106 &CSSMOID_ECDSA_WithSHA224,
107 &CSSMOID_ECDSA_WithSHA256,
108 &CSSMOID_ECDSA_WithSHA384,
109 &CSSMOID_ECDSA_WithSHA512,
110 #endif
111 };
112
113 uint32_t ix;
114 SecAsn1AlgId algId = {};
115 for (ix = 0; ix < sizeof(oids) / sizeof(*oids); ++ix) {
116 if (oids[ix]) {
117 algId.algorithm = *oids[ix];
118 } else {
119 algId.algorithm.Length = 0;
120 algId.algorithm.Data = NULL;
121 }
122
123 testdigestandsignalg(privKey, pubKey, &algId);
124 }
125 }
126 #endif
127
128
129 #if !TARGET_OS_IPHONE
130 /* This is part of Security.framework on iOS */
131
132 enum {
133 // kSecKeyKeySizeInBits = 0, // already exists on osx
134 kSecKeySignatureSize = 101,
135 kSecKeyEncryptedDataSize = 102,
136 // More might belong here, but we aren't settled on how
137 // to take into account padding and/or digest types.
138 };
139
140 static
141 size_t SecKeyGetSize(SecKeyRef key, int whichSize)
142 {
143 /* SecKeyGetBlockSize return the signature size on OS X -- smh */
144 size_t result = SecKeyGetBlockSize(key);
145
146 result = (result - 2)/2 - 3;
147
148 /* in this test, this is always an ECDSA key */
149 switch (whichSize) {
150 case kSecKeyEncryptedDataSize:
151 result = 0;
152 break;
153 case kSecKeySignatureSize:
154 result = (result >= 66 ? 9 : 8) + 2 * result;
155 break;
156 case kSecKeyKeySizeInBits:
157 if (result >= 66)
158 return 521;
159 }
160
161 if (whichSize == kSecKeyKeySizeInBits)
162 result *= 8;
163
164 return result;
165
166 }
167 #endif
168
169
170 static void testkeygen(size_t keySizeInBits) {
171 SecKeyRef pubKey = NULL, privKey = NULL;
172 size_t keySizeInBytes = (keySizeInBits + 7) / 8;
173 CFNumberRef kzib;
174
175 kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keySizeInBits);
176 CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
177 CFDictionaryAddValue(kgp, kSecAttrKeyType, kSecAttrKeyTypeEC);
178 CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib);
179
180 OSStatus status;
181 ok_status(status = SecKeyGeneratePair(kgp, &pubKey, &privKey),
182 "Generate %ld bit (%ld byte) EC keypair", keySizeInBits,
183 keySizeInBytes);
184 CFRelease(kzib);
185 CFRelease(kgp);
186
187 SKIP: {
188 skip("keygen failed", 8, status == errSecSuccess);
189 ok(pubKey, "pubkey returned");
190 ok(privKey, "privKey returned");
191 is(SecKeyGetSize(pubKey, kSecKeyKeySizeInBits), (size_t) keySizeInBits, "public key size is ok");
192 is(SecKeyGetSize(privKey, kSecKeyKeySizeInBits), (size_t) keySizeInBits, "private key size is ok");
193
194 /* Sign something. */
195 uint8_t something[20] = {0x80, 0xbe, 0xef, 0xba, 0xd0, };
196 uint8_t sig[8+2*keySizeInBytes];
197 size_t sigLen = sizeof(sig);
198 ok_status(SecKeyRawSign(privKey, kSecPaddingNone,
199 something, sizeof(something), sig, &sigLen), "sign something");
200 ok_status(SecKeyRawVerify(pubKey, kSecPaddingNone,
201 something, sizeof(something), sig, sigLen), "verify sig on something");
202
203 #if TARGET_OS_IPHONE
204 testdigestandsign(privKey, pubKey);
205 #endif
206
207 const void *privkeys[] = {
208 kSecValueRef
209 };
210 const void *privvalues[] = {
211 privKey
212 };
213 CFDictionaryRef privitem = CFDictionaryCreate(NULL, privkeys, privvalues,
214 sizeof(privkeys) / sizeof(*privkeys), NULL, NULL);
215 #if TARGET_OS_IPHONE
216 ok_status(SecItemAdd(privitem, NULL), "add private key");
217 #endif
218 ok_status(SecItemDelete(privitem), "delete private key");
219 CFReleaseNull(privitem);
220
221 const void *pubkeys[] = {
222 kSecValueRef
223 };
224 const void *pubvalues[] = {
225 pubKey
226 };
227 CFDictionaryRef pubitem = CFDictionaryCreate(NULL, pubkeys, pubvalues,
228 sizeof(pubkeys) / sizeof(*pubkeys), NULL, NULL);
229 #if TARGET_OS_IPHONE
230 ok_status(SecItemAdd(pubitem, NULL), "add public key");
231 #endif
232 ok_status(SecItemDelete(pubitem), "delete public key");
233 CFReleaseNull(pubitem);
234
235 /* Cleanup. */
236 CFReleaseNull(pubKey);
237 CFReleaseNull(privKey);
238 }
239 }
240
241
242 static void testkeygen2(size_t keySizeInBits) {
243 SecKeyRef pubKey = NULL, privKey = NULL;
244 size_t keySizeInBytes = (keySizeInBits + 7) / 8;
245 CFNumberRef kzib;
246
247 CFUUIDRef ourUUID = CFUUIDCreate(kCFAllocatorDefault);
248 CFStringRef uuidString = CFUUIDCreateString(kCFAllocatorDefault, ourUUID);
249 CFMutableStringRef publicName = CFStringCreateMutableCopy(kCFAllocatorDefault, 0, uuidString);
250 CFMutableStringRef privateName = CFStringCreateMutableCopy(kCFAllocatorDefault, 0, uuidString);
251
252 CFReleaseNull(ourUUID);
253 CFReleaseNull(uuidString);
254
255 CFStringAppend(publicName, CFSTR("-Public-41"));
256 CFStringAppend(privateName, CFSTR("-Private-41"));
257
258 CFMutableDictionaryRef pubd = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
259 CFMutableDictionaryRef privd = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
260 CFDictionaryAddValue(pubd, kSecAttrLabel, publicName);
261 CFDictionaryAddValue(privd, kSecAttrLabel, privateName);
262
263 kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keySizeInBits);
264 CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
265 CFDictionaryAddValue(kgp, kSecAttrKeyType, kSecAttrKeyTypeEC);
266 CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib);
267 CFDictionaryAddValue(kgp, kSecAttrIsPermanent, kCFBooleanTrue);
268 CFDictionaryAddValue(kgp, kSecPublicKeyAttrs, pubd);
269 CFDictionaryAddValue(kgp, kSecPrivateKeyAttrs, privd);
270
271 OSStatus status;
272 ok_status(status = SecKeyGeneratePair(kgp, &pubKey, &privKey),
273 "Generate %ld bit (%ld byte) persistent RSA keypair",
274 keySizeInBits, keySizeInBytes);
275 CFRelease(kzib);
276 CFRelease(kgp);
277
278 SKIP: {
279 skip("keygen failed", 8, status == errSecSuccess);
280 ok(pubKey, "pubkey returned");
281 ok(privKey, "privKey returned");
282 is(SecKeyGetSize(pubKey, kSecKeyKeySizeInBits), (size_t) keySizeInBits, "public key size is ok");
283 is(SecKeyGetSize(privKey, kSecKeyKeySizeInBits), (size_t) keySizeInBits, "private key size is ok");
284
285 SecKeyRef pubKey2, privKey2;
286 CFDictionaryAddValue(pubd, kSecClass, kSecClassKey);
287 CFDictionaryAddValue(pubd, kSecReturnRef, kCFBooleanTrue);
288 CFDictionaryAddValue(privd, kSecClass, kSecClassKey);
289 CFDictionaryAddValue(privd, kSecReturnRef, kCFBooleanTrue);
290 CFDictionaryAddValue(privd, kSecAttrCanSign, kCFBooleanTrue);
291 ok_status(SecItemCopyMatching(pubd, (CFTypeRef *)&pubKey2),
292 "retrieve pub key by label");
293 ok(pubKey2, "got valid object");
294 ok_status(SecItemCopyMatching(privd, (CFTypeRef *)&privKey2),
295 "retrieve priv key by label and kSecAttrCanSign");
296 ok(privKey2, "got valid object");
297
298 /* Sign something. */
299 uint8_t something[20] = {0x80, 0xbe, 0xef, 0xba, 0xd0, };
300 size_t sigLen = SecKeyGetSize(privKey2, kSecKeySignatureSize);
301 uint8_t sig[sigLen];
302 ok_status(SecKeyRawSign(privKey2, kSecPaddingPKCS1,
303 something, sizeof(something), sig, &sigLen), "sign something");
304 ok_status(SecKeyRawVerify(pubKey2, kSecPaddingPKCS1,
305 something, sizeof(something), sig, sigLen), "verify sig on something");
306
307 /* Cleanup. */
308 CFReleaseNull(pubKey2);
309 CFReleaseNull(privKey2);
310 }
311
312 /* delete from keychain - note: do it before releasing publicName and privateName
313 because pubd and privd have no retain/release callbacks */
314 ok_status(SecItemDelete(pubd), "delete generated pub key");
315 ok_status(SecItemDelete(privd), "delete generated priv key");
316
317 /* Cleanup. */
318 CFReleaseNull(pubKey);
319 CFReleaseNull(privKey);
320
321 CFReleaseNull(publicName);
322 CFReleaseNull(privateName);
323
324 CFRelease(pubd);
325 CFRelease(privd);
326 }
327
328 #if TARGET_OS_IPHONE
329 // Raw DER Key
330 const uint8_t EC_P256_KeyDER[]={
331 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 0x86, 0x87, 0x79, 0x59, 0xd1,
332 0xc6, 0x3c, 0x50, 0x24, 0x30, 0xa4, 0xaf, 0x89, 0x1d, 0xd1, 0x94, 0x23,
333 0x56, 0x79, 0x46, 0x93, 0x72, 0x31, 0x39, 0x24, 0xe6, 0x01, 0x96, 0xc8,
334 0xeb, 0xf3, 0x88, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x8c, 0xfa, 0xd7,
335 0x8a, 0xf1, 0xb9, 0xad, 0xd7, 0x3a, 0x33, 0xb5, 0x9a, 0xad, 0x52, 0x0d,
336 0x14, 0xd6, 0x6b, 0x35, 0x56, 0x79, 0xd6, 0x74, 0x2a, 0x37, 0x7e, 0x2f,
337 0x33, 0xa6, 0xab, 0xee, 0x35, 0x00, 0x70, 0x82, 0x89, 0x9c, 0xfc, 0x97,
338 0xc4, 0x89, 0x5c, 0x16, 0x50, 0xad, 0x60, 0x55, 0xa6, 0x70, 0xee, 0x07,
339 0x1b, 0xfe, 0xe4, 0xf0, 0xa0, 0x63, 0xc0, 0x73, 0x24, 0x97, 0x92, 0x04,
340 0xc7};
341 #else
342 // Open SSL Private Key
343 const uint8_t EC_P256_KeyDER_priv[]={
344 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x86, 0x87, 0x79, 0x59, 0xd1,
345 0xc6, 0x3c, 0x50, 0x24, 0x30, 0xa4, 0xaf, 0x89, 0x1d, 0xd1, 0x94, 0x23,
346 0x56, 0x79, 0x46, 0x93, 0x72, 0x31, 0x39, 0x24, 0xe6, 0x01, 0x96, 0xc8,
347 0xeb, 0xf3, 0x88, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
348 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x8c, 0xfa, 0xd7,
349 0x8a, 0xf1, 0xb9, 0xad, 0xd7, 0x3a, 0x33, 0xb5, 0x9a, 0xad, 0x52, 0x0d,
350 0x14, 0xd6, 0x6b, 0x35, 0x56, 0x79, 0xd6, 0x74, 0x2a, 0x37, 0x7e, 0x2f,
351 0x33, 0xa6, 0xab, 0xee, 0x35, 0x00, 0x70, 0x82, 0x89, 0x9c, 0xfc, 0x97,
352 0xc4, 0x89, 0x5c, 0x16, 0x50, 0xad, 0x60, 0x55, 0xa6, 0x70, 0xee, 0x07,
353 0x1b, 0xfe, 0xe4, 0xf0, 0xa0, 0x63, 0xc0, 0x73, 0x24, 0x97, 0x92, 0x04,
354 0xc7};
355
356 // Open SSL Public Key
357 const uint8_t EC_P256_KeyDER_pub[]={
358 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
359 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
360 0x42, 0x00, 0x04, 0x8c, 0xfa, 0xd7, 0x8a, 0xf1, 0xb9, 0xad, 0xd7, 0x3a,
361 0x33, 0xb5, 0x9a, 0xad, 0x52, 0x0d, 0x14, 0xd6, 0x6b, 0x35, 0x56, 0x79,
362 0xd6, 0x74, 0x2a, 0x37, 0x7e, 0x2f, 0x33, 0xa6, 0xab, 0xee, 0x35, 0x00,
363 0x70, 0x82, 0x89, 0x9c, 0xfc, 0x97, 0xc4, 0x89, 0x5c, 0x16, 0x50, 0xad,
364 0x60, 0x55, 0xa6, 0x70, 0xee, 0x07, 0x1b, 0xfe, 0xe4, 0xf0, 0xa0, 0x63,
365 0xc0, 0x73, 0x24, 0x97, 0x92, 0x04, 0xc7};
366 #endif
367
368 const uint8_t EC_P256_SigDER[]={
369 0x30, 0x45, 0x02, 0x20, 0x4b, 0x37, 0x7f, 0x45, 0xd0, 0x5d, 0xa6, 0x53,
370 0xb3, 0x62, 0x6f, 0x32, 0xdb, 0xfc, 0xf6, 0x3b, 0x84, 0xfa, 0x5a, 0xd9,
371 0x17, 0x67, 0x03, 0x73, 0x48, 0x0c, 0xad, 0x89, 0x13, 0x69, 0x61, 0xb3,
372 0x02, 0x21, 0x00, 0xd6, 0x23, 0xaf, 0xd9, 0x7d, 0x72, 0xba, 0x3b, 0x90,
373 0xc1, 0x23, 0x7d, 0xdb, 0x2c, 0xd1, 0x0d, 0xbb, 0xb4, 0x0f, 0x67, 0x26,
374 0xff, 0x3f, 0xa6, 0x47, 0xa4, 0x13, 0x0d, 0xe0, 0x45, 0xd5, 0x6b};
375
376 const uint8_t EC_P256_SigRaw[]= {
377 0x4b, 0x37, 0x7f, 0x45, 0xd0, 0x5d, 0xa6, 0x53, 0xb3, 0x62, 0x6f, 0x32,
378 0xdb, 0xfc, 0xf6, 0x3b, 0x84, 0xfa, 0x5a, 0xd9, 0x17, 0x67, 0x03, 0x73,
379 0x48, 0x0c, 0xad, 0x89, 0x13, 0x69, 0x61, 0xb3, 0xd6, 0x23, 0xaf, 0xd9,
380 0x7d, 0x72, 0xba, 0x3b, 0x90, 0xc1, 0x23, 0x7d, 0xdb, 0x2c, 0xd1, 0x0d,
381 0xbb, 0xb4, 0x0f, 0x67, 0x26, 0xff, 0x3f, 0xa6, 0x47, 0xa4, 0x13, 0x0d,
382 0xe0, 0x45, 0xd5, 0x6b};
383
384 const uint8_t EC_SigDigest[24] = "012345678912345678901234";
385
386 /* r is 72 bytes longer than it should be */
387 const uint8_t EC_P256_SigDER_LargeInt[]={
388 0x30, 0x81, 0x8D, 0x02, 0x68,
389 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
390 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
391 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
392 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
393 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4b, 0x37, 0x7f, 0x45, 0xd0, 0x5d, 0xa6, 0x53,
394 0xb3, 0x62, 0x6f, 0x32, 0xdb, 0xfc, 0xf6, 0x3b, 0x84, 0xfa, 0x5a, 0xd9, 0x17, 0x67, 0x03, 0x73,
395 0x48, 0x0c, 0xad, 0x89, 0x13, 0x69, 0x61, 0xb3,
396 0x02, 0x21,
397 0x00, 0xd6, 0x23, 0xaf, 0xd9, 0x7d, 0x72, 0xba, 0x3b, 0x90, 0xc1, 0x23, 0x7d, 0xdb, 0x2c, 0xd1,
398 0x0d, 0xbb, 0xb4, 0x0f, 0x67, 0x26, 0xff, 0x3f, 0xa6, 0x47, 0xa4, 0x13, 0x0d, 0xe0, 0x45, 0xd5,
399 0x6b};
400
401 static void testsignformat(void)
402 {
403 SecKeyRef pkey = NULL;
404 SecKeyRef pubkey = NULL;
405 CFArrayRef KeyArrayPub=NULL;
406 CFArrayRef KeyArrayPriv=NULL;
407 uint8_t EC_signature_DER[72];
408 uint8_t EC_signature_RAW[64];
409 size_t EC_signature_DER_size=sizeof(EC_signature_DER);
410 size_t EC_signature_RAW_size=sizeof(EC_signature_RAW);
411
412 #if TARGET_OS_IPHONE
413 // Key import for iOS
414 {
415 ok((pkey = SecKeyCreateECPrivateKey(kCFAllocatorDefault,
416 EC_P256_KeyDER, sizeof(EC_P256_KeyDER),
417 kSecKeyEncodingPkcs1)) != NULL, "import privkey");
418 CFDataRef pubdata = NULL;
419 ok_status(SecKeyCopyPublicBytes(pkey, &pubdata), "pub key from priv key");
420
421 ok((pubkey = SecKeyCreateECPublicKey(kCFAllocatorDefault,
422 CFDataGetBytePtr(pubdata), CFDataGetLength(pubdata),
423 kSecKeyEncodingBytes))!=NULL,
424 "recreate seckey");
425 CFReleaseNull(pubdata);
426 }
427 #else
428 // Key import for MacOS
429 {
430 CFDataRef DER_key;
431 SecExternalFormat sef=kSecFormatOpenSSL;
432 SecExternalItemType seit;
433
434 // Public key
435 DER_key = CFDataCreate(kCFAllocatorDefault, EC_P256_KeyDER_pub, sizeof(EC_P256_KeyDER_pub));
436 seit=kSecItemTypePublicKey;
437 ok_status(SecItemImport(DER_key,NULL,&sef,&seit,0,NULL,NULL,&KeyArrayPub), "Import DER key");
438 ok((!(KeyArrayPub==NULL) && CFArrayGetCount(KeyArrayPub)==1), "One key imported");
439 pubkey=(SecKeyRef)CFArrayGetValueAtIndex(KeyArrayPub,0);
440 CFReleaseNull(DER_key);
441
442 // Private key
443 DER_key = CFDataCreate(kCFAllocatorDefault, EC_P256_KeyDER_priv, sizeof(EC_P256_KeyDER_priv));
444 seit=kSecItemTypePrivateKey;
445 ok_status(SecItemImport(DER_key,NULL,&sef,&seit,0,NULL,NULL,&KeyArrayPriv), "Import DER key");
446 ok((!(KeyArrayPriv==NULL) && CFArrayGetCount(KeyArrayPriv)==1), "One key imported");
447 pkey=(SecKeyRef)CFArrayGetValueAtIndex(KeyArrayPriv,0);
448 CFReleaseNull(DER_key);
449 }
450 #endif
451
452 // Verify fixed signature
453 ok_status(SecKeyRawVerify(pubkey, kSecPaddingPKCS1,
454 EC_SigDigest, sizeof(EC_SigDigest), EC_P256_SigDER, sizeof(EC_P256_SigDER)), "verify DER sig on something");
455
456 ok_status(SecKeyRawVerify(pubkey, kSecPaddingSigRaw,
457 EC_SigDigest, sizeof(EC_SigDigest), EC_P256_SigRaw, sizeof(EC_P256_SigRaw)), "verify RAW sig on something");
458
459 // Verify signature with mismatching format
460 ok_status(!SecKeyRawVerify(pubkey, kSecPaddingSigRaw,
461 EC_SigDigest, sizeof(EC_SigDigest), EC_P256_SigDER, sizeof(EC_P256_SigDER)), "verify DER sig with RAW option");
462
463 ok_status(!SecKeyRawVerify(pubkey, kSecPaddingPKCS1,
464 EC_SigDigest, sizeof(EC_SigDigest), EC_P256_SigRaw, sizeof(EC_P256_SigRaw)), "verify RAW sig with DER something");
465
466 // Sign something in each format
467 ok_status(SecKeyRawSign(pkey, kSecPaddingPKCS1,
468 EC_SigDigest, sizeof(EC_SigDigest), EC_signature_DER, &EC_signature_DER_size), "sign DER sig on something");
469
470 ok_status(SecKeyRawSign(pkey, kSecPaddingSigRaw,
471 EC_SigDigest, sizeof(EC_SigDigest), EC_signature_RAW, &EC_signature_RAW_size), "sign RAW sig on something");
472
473 // Verify expecting that verification does the right thing.
474 ok_status(SecKeyRawVerify(pubkey, kSecPaddingPKCS1,
475 EC_SigDigest, sizeof(EC_SigDigest), EC_signature_DER, EC_signature_DER_size), "verify DER sig on something");
476
477 ok_status(SecKeyRawVerify(pubkey, kSecPaddingSigRaw,
478 EC_SigDigest, sizeof(EC_SigDigest), EC_signature_RAW, EC_signature_RAW_size), "verify RAW sig on something");
479
480 // Verify signature with one integer larger than it should be
481 ok_status(!SecKeyRawVerify(pubkey, kSecPaddingPKCS1,
482 EC_SigDigest, sizeof(EC_SigDigest), EC_P256_SigDER_LargeInt, sizeof(EC_P256_SigDER_LargeInt)),
483 "verify DER sig with large integer");
484
485 CFReleaseNull(KeyArrayPub);
486 CFReleaseNull(KeyArrayPriv);
487 }
488
489
490 /* Test basic add delete update copy matching stuff. */
491 static void tests(void)
492 {
493 testsignformat();
494
495 testkeygen(192);
496 #if TARGET_OS_IPHONE
497 testkeygen(224);
498 #endif
499 testkeygen(256);
500 testkeygen(384);
501 testkeygen(521);
502
503 testkeygen2(192);
504 #if TARGET_OS_IPHONE
505 testkeygen2(224);
506 #endif
507 testkeygen2(256);
508 testkeygen2(384);
509 testkeygen2(521);
510
511 }
512
513 int kc_41_sececkey(int argc, char *const *argv)
514 {
515 #if TARGET_OS_IPHONE
516 plan_tests(141);
517 #else
518 plan_tests(101);
519 #endif
520
521 tests();
522
523 return 0;
524 }
mirror of Security