Security-58286.1.32.tar.gz

[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-40-seckey.c

diff --git a/OSX/sec/Security/Regressions/secitem/si-40-seckey.c b/OSX/sec/Security/Regressions/secitem/si-40-seckey.c
index a00e17c16c71e9d8b4d9466e9db92e33309bd7a5..9213b94183b6d594c89fc39a3b74dc1c7af77e40 100644 (file)
--- a/OSX/sec/Security/Regressions/secitem/si-40-seckey.c
+++ b/OSX/sec/Security/Regressions/secitem/si-40-seckey.c
@@ -74,10 +74,11 @@ static void testdigestandsignalg(SecKeyRef privKey, SecKeyRef pubKey, const SecA
         ok_status(SecKeyDigestAndVerify(pubKey, algId, dataToDigest, dataToDigestLen,
             sig, sigLen), "digest and verify");
         /* Invalidate the signature. */
-        sig[0] ^= 0xff;
+        /* Tweak the least-significant bit to avoid putting the signature out of range. */
+        sig[sigLen-1] ^= 1;
         is_status(SecKeyDigestAndVerify(pubKey, algId, dataToDigest, dataToDigestLen,
             sig, sigLen), errSSLCrypto, "digest and verify bad sig");
-        sig[0] ^= 0xff;
+        sig[sigLen-1] ^= 1;
         dataToDigest[0] ^= 0xff;
         is_status(SecKeyDigestAndVerify(pubKey, algId, dataToDigest, dataToDigestLen,
             sig, sigLen), errSSLCrypto, "digest and verify bad digest");
@@ -934,9 +935,45 @@ static void testsignverify(unsigned long keySizeInBits)
     CFReleaseNull(privKey);
 }
 
+
+#define kSPKITestCount 4
+static void testspki(CFStringRef keytype, size_t keySizeInBits)
+{
+    SecKeyRef pubKey = NULL, privKey = NULL, pubKey2 = NULL;
+    size_t keySizeInBytes = (keySizeInBits + 7) / 8;
+    CFNumberRef kzib;
+    int32_t keysz32 = (int32_t)keySizeInBits;
+    CFDataRef spki = NULL;
+
+    kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keysz32);
+    CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
+    CFDictionaryAddValue(kgp, kSecAttrKeyType, keytype);
+    CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib);
+
+    OSStatus status;
+    ok_status(status = SecKeyGeneratePair(kgp, &pubKey, &privKey),
+              "Generate %ld bit (%ld byte) keypair", keySizeInBits, keySizeInBytes);
+    CFRelease(kzib);
+    CFRelease(kgp);
+
+    spki = SecKeyCopySubjectPublicKeyInfo(pubKey);
+    ok(spki, "failed to create SPKI");
+
+    pubKey2 = SecKeyCreateFromSubjectPublicKeyInfoData(NULL, spki);
+    ok(pubKey2, "failed to create key from SPKI");
+
+    eq_cf(pubKey, pubKey2, "public not same after going though SPKI");
+
+    CFReleaseNull(pubKey);
+    CFReleaseNull(pubKey2);
+    CFReleaseNull(privKey);
+    CFReleaseNull(spki);
+}
+
+
 /* Test basic add delete update copy matching stuff. */
 #define kTestCount ((3 * kKeyGenTestCount) + kKeyGen2TestCount + kTestSupportedCount + kCreateWithDataTestCount \
-    + kCopyAttributesTestCount + kCopyPublicKeyTestCount + kSignAndVerifyTestCount)
+    + kCopyAttributesTestCount + kCopyPublicKeyTestCount + kSignAndVerifyTestCount + ((3 + 3) * kSPKITestCount))
 static void tests(void)
 {
        /* Comment out lines below for testing generating all common key sizes,
@@ -955,6 +992,14 @@ static void tests(void)
     testcopyattributes(768);
     testcopypublickey(768);
     testsignverify(768);
+
+    testspki(kSecAttrKeyTypeRSA, 1024);
+    testspki(kSecAttrKeyTypeRSA, 2048);
+    testspki(kSecAttrKeyTypeRSA, 4096);
+
+    testspki(kSecAttrKeyTypeEC, 256);
+    testspki(kSecAttrKeyTypeEC, 384);
+    testspki(kSecAttrKeyTypeEC, 521);
 }
 
 int si_40_seckey(int argc, char *const *argv)