static void testECKeyDesc() {
SecKeyRef pubKey = NULL;
CFStringRef pubRef = NULL;
long pubLength = 0;
pubKey = SecKeyCreateECPublicKey(kCFAllocatorDefault, ecPubKey, sizeof(ecPubKey), kSecKeyEncodingBytes);
require_quiet( pubKey, fail);
pubRef = CFCopyDescription(pubKey);
require_quiet(pubRef, fail);
pubLength = CFStringGetLength(pubRef)+1;
char *publicDescription = (char*)malloc(pubLength);
if(false == CFStringGetCString(pubRef, publicDescription, pubLength, kCFStringEncodingUTF8))
{
free(publicDescription);
goto fail;
}
ok_status(strncmp(ecKeyDescription, publicDescription, strlen(ecKeyDescription)-17), "ec key description");
free(publicDescription);
fail:
CFReleaseSafe(pubRef);
CFReleaseSafe(pubKey);
}
SecKeyRef SecKeyCreatePublicFromDER(CFAllocatorRef allocator,
const SecAsn1Oid *oid, const SecAsn1Item *params,
const SecAsn1Item *keyData) {
SecKeyRef publicKey = NULL;
if (SecAsn1OidCompare(oid, &CSSMOID_RSA)) {
/* pkcs1 1 */
publicKey = SecKeyCreateRSAPublicKey(kCFAllocatorDefault,
keyData->Data, keyData->Length, kSecKeyEncodingPkcs1);
} else if (SecAsn1OidCompare(oid, &CSSMOID_ecPublicKey)) {
SecDERKey derKey = {
.oid = oid->Data,
.oidLength = oid->Length,
.key = keyData->Data,
.keyLength = keyData->Length,
};
if (params) {
derKey.parameters = params->Data;
derKey.parametersLength = params->Length;
}
publicKey = SecKeyCreateECPublicKey(kCFAllocatorDefault,
(const uint8_t *)&derKey, sizeof(derKey), kSecDERKeyEncoding);
} else {
static void tests(void)
{
CFDataRef message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
_user_one_p12, sizeof(_user_one_p12), kCFAllocatorNull);
CFArrayRef items = NULL;
SecCertificateRef cert = NULL;
SecKeyRef pkey = NULL;
is_status(SecPKCS12Import(message, NULL, NULL), errSecAuthFailed,
"try null password on a known good p12");
CFStringRef password = CFSTR("user-one");
CFDictionaryRef options = CFDictionaryCreate(NULL,
(const void **)&kSecImportExportPassphrase,
(const void **)&password, 1,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
ok_status(SecPKCS12Import(message, options, &items), "import user one");
is(CFArrayGetCount(items), 1, "one identity");
CFDictionaryRef item = CFArrayGetValueAtIndex(items, 0);
SecIdentityRef identity = NULL;
ok(identity = (SecIdentityRef)CFDictionaryGetValue(item, kSecImportItemIdentity), "pull identity from imported data");
ok(CFGetTypeID(identity)==SecIdentityGetTypeID(),"this is a SecIdentityRef");
ok_status(SecIdentityCopyPrivateKey(identity, &pkey),"get private key");
ok_status(SecIdentityCopyCertificate(identity, &cert), "get certificate");
CFReleaseNull(items);
CFReleaseNull(message);
CFReleaseNull(options);
CFReleaseNull(password);
CFReleaseNull(cert);
CFReleaseNull(pkey);
message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
_user_two_p12, sizeof(_user_two_p12), kCFAllocatorNull);
items = NULL;
password = CFSTR("user-two");
options = CFDictionaryCreate(NULL,
(const void **)&kSecImportExportPassphrase,
(const void **)&password, 1,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
ok_status(SecPKCS12Import(message, options, &items), "import user two");
is(CFArrayGetCount(items), 1, "one identity");
item = CFArrayGetValueAtIndex(items, 0);
ok(identity = (SecIdentityRef)CFDictionaryGetValue(item, kSecImportItemIdentity), "pull identity from imported data");
ok(CFGetTypeID(identity)==SecIdentityGetTypeID(),"this is a SecIdentityRef");
ok_status(SecIdentityCopyPrivateKey(identity, &pkey),"get private key");
ok_status(SecIdentityCopyCertificate(identity, &cert), "get certificate");
CFReleaseNull(items);
CFReleaseNull(message);
CFReleaseNull(options);
CFReleaseNull(password);
CFReleaseNull(cert);
CFReleaseNull(pkey);
message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
ECDSA_fails_import_p12, ECDSA_fails_import_p12_len, kCFAllocatorNull);
items = NULL;
password = CFSTR("test");
options = CFDictionaryCreate(NULL,
(const void **)&kSecImportExportPassphrase,
(const void **)&password, 1,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
ok_status(SecPKCS12Import(message, options, &items), "import ECDSA_fails_import_p12");
is(CFArrayGetCount(items), 1, "one identity");
item = CFArrayGetValueAtIndex(items, 0);
ok(identity = (SecIdentityRef)CFDictionaryGetValue(item, kSecImportItemIdentity), "pull identity from imported data");
ok(CFGetTypeID(identity)==SecIdentityGetTypeID(),"this is a SecIdentityRef");
ok_status(SecIdentityCopyPrivateKey(identity, &pkey),"get private key");
ok_status(SecIdentityCopyCertificate(identity, &cert), "get certificate");
CFDataRef pubdata = NULL;
SecKeyRef pubkey = NULL;
ok_status(SecKeyCopyPublicBytes(pkey, &pubdata), "pub key from priv key");
ok(pubkey = SecKeyCreateECPublicKey(kCFAllocatorDefault,
CFDataGetBytePtr(pubdata), CFDataGetLength(pubdata), kSecKeyEncodingBytes),
"recreate seckey");
/* Sign something. */
uint8_t something[20] = {0x80, 0xbe, 0xef, 0xba, 0xd0, };
size_t sigLen = SecKeyGetSize(pkey, kSecKeySignatureSize);
uint8_t sig[sigLen];
ok_status(SecKeyRawSign(pkey, kSecPaddingPKCS1,
something, sizeof(something), sig, &sigLen), "sign something");
ok_status(SecKeyRawVerify(pubkey, kSecPaddingPKCS1,
something, sizeof(something), sig, sigLen), "verify sig on something");
CFReleaseNull(pubdata);
CFReleaseNull(pubkey);
CFReleaseNull(pkey);
ok(pkey = SecKeyCreateECPrivateKey(kCFAllocatorDefault,
ECDSA_fails_import_priv_only, ECDSA_fails_import_priv_only_len,
kSecKeyEncodingPkcs1), "import privkey without pub");
ok_status(SecKeyCopyPublicBytes(pkey, &pubdata), "pub key from priv key");
ok(pubkey = SecKeyCreateECPublicKey(kCFAllocatorDefault,
CFDataGetBytePtr(pubdata), CFDataGetLength(pubdata), kSecKeyEncodingBytes),
"recreate seckey");
ok_status(SecKeyRawVerify(pubkey, kSecPaddingPKCS1,
something, sizeof(something), sig, sigLen), "verify sig on something");
CFReleaseNull(pubdata);
CFReleaseNull(pubkey);
CFReleaseNull(pkey);
CFReleaseNull(items);
CFReleaseNull(message);
CFReleaseNull(options);
CFReleaseNull(password);
CFReleaseNull(cert);
}
