CFDataRef SOSUserKeyCreateGenerateParameters(CFErrorRef *error) { size_t saltlen = SALTMAX; uint8_t salt[saltlen]; size_t iterations = ITERATIONMIN; size_t keysize = 256; if(CCRandomCopyBytes(kCCRandomDefault, salt, sizeof(salt)) != kCCSuccess) { SOSCreateError(kSOSErrorProcessingFailure, CFSTR("CCRandomCopyBytes failed"), NULL, error); return NULL; } CFMutableDataRef result = CFDataCreateMutable(kCFAllocatorDefault, 0); CFDataSetLength(result, der_sizeof_pbkdf2_params(saltlen, salt, iterations, keysize)); uint8_t * encode = der_encode_pbkdf2_params(saltlen, salt, iterations, keysize, CFDataGetBytePtr(result), CFDataGetMutableBytePtr(result) + CFDataGetLength(result)); if (!encode) CFReleaseNull(result); if (result) { secnotice("keygen", "Created new parameters: iterations %zd, keysize %zd: %@", iterations, keysize, result); } return result; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, uint32_t *seqno) { if (CCRandomCopyBytes(kCCRandomDefault, seqno, sizeof(*seqno)) != 0) krb5_abortx(context, "Failed to generate random block"); /* MIT used signed numbers, lets not stomp into that space directly */ *seqno &= 0x3fffffff; if (*seqno == 0) *seqno = 1; return 0; }
static char * generate_nonce(void) { uint8_t rand[8]; char *nonce; if (CCRandomCopyBytes(kCCRandomDefault, rand, sizeof(rand)) != kCCSuccess) return NULL; if (rk_hex_encode(rand, sizeof(rand), &nonce) < 0) return NULL; return nonce; }
CFDataRef SecRandomCopyData(SecRandomRef rnd, size_t count) { uint8_t *bytes; CFDataRef retval = NULL; if (rnd != kSecRandomDefault) return NULL; if((bytes = malloc(count)) == NULL) return NULL; if(CCRandomCopyBytes(kCCRandomDefault, bytes, count) == kCCSuccess) retval = CFDataCreate(kCFAllocatorDefault, bytes, count); bzero(bytes, count); free(bytes); return retval; }
size_t genRandomSize(size_t minSize, size_t maxSize) { size_t randomInt; if(minSize == maxSize) return minSize; // make theSize > minSize < maxSize; while(CCRandomCopyBytes(kCCRandomDefault, &randomInt, sizeof(uint32_t)) == -1) { printf("got -1 from CCRandomCopyBytes\n"); } randomInt = (randomInt % (maxSize - minSize)) + minSize; return randomInt; }
byteBuffer genRandomByteBuffer(size_t minSize, size_t maxSize) { byteBuffer retval; size_t randomInt; CCCryptorStatus err; randomInt = genRandomSize(minSize, maxSize); retval = mallocByteBuffer(randomInt); if(retval == NULL) return NULL; if(retval->len != randomInt) return NULL; bzero(retval->bytes, retval->len); // fill bytes randomly while((err = CCRandomCopyBytes(kCCRandomDefault, retval->bytes, retval->len)) != kCCSuccess) { printf("got %d from CCRandomCopyBytes\n", err); } return retval; }
int main(int argc, char **argv) { ENGINE *engine = NULL; int i, j, idx = 0; RSA *rsa; setprogname(argv[0]); /* if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx)) usage(1); if (help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } */ while(1) { int c = getopt_long(argc, argv, "hq", args, &idx); if (c == -1) break; switch (c) { case 'q': verbose = 0; break; case 'h': usage(0); break; case '?': default: usage(-1); break; } } /* argc -= idx; argv += idx; */ if (verbose) printf("[TEST] RSA\n"); /* OpenSSL_add_all_algorithms(); */ #ifdef OPENSSL ENGINE_load_openssl(); #endif ENGINE_load_builtin_engines(); /* if (argc == 0) { engine = ENGINE_by_id("builtin"); } else { engine = ENGINE_by_id(argv[0]); if (engine == NULL) engine = ENGINE_by_dso(argv[0], id_flag); } if (engine == NULL) { fprintf(stderr, "ENGINE_by_dso failed"\n); return 76; } if (ENGINE_get_RSA(engine) == NULL) return 77; printf("rsa %s\n", ENGINE_get_RSA(engine)->name); */ if (time_keygen) { struct timeval tv1, tv2; BIGNUM *e; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); printf("running keygen with %d loops\n", loops); gettimeofday(&tv1, NULL); for (i = 0; i < loops; i++) { rsa = RSA_new_method(engine); if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) { RSA_free(rsa); fprintf(stderr, "RSA_generate_key_ex"); fail++; return 1; } RSA_free(rsa); } gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("time %lu.%06lu\n", (unsigned long)tv2.tv_sec, (unsigned long)tv2.tv_usec); BN_free(e); /* ENGINE_finish(engine); */ return 0; } /* if (time_key) { const int size = 20; struct timeval tv1, tv2; unsigned char *p; if (strcmp(time_key, "generate") == 0) { BIGNUM *e; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) { fprintf(stderr, "RSA_generate_key_ex"); fail++; return (1); } } else { rsa = read_key(engine, time_key); } p = emalloc(loops * size); CCRandomCopyBytes(kCCRandomDefault, p, loops * size); gettimeofday(&tv1, NULL); for (i = 0; i < loops; i++) check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING); gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("time %lu.%06lu\n", (unsigned long)tv2.tv_sec, (unsigned long)tv2.tv_usec); RSA_free(rsa); ENGINE_finish(engine); return 0; } */ if (rsa_key) { rsa = read_key(engine, rsa_key); /* * Assuming that you use the RSA key in the distribution, this * test will generate a signature have a starting zero and thus * will generate a checksum that is 127 byte instead of the * checksum that is 128 byte (like the key). */ { const unsigned char sha1[20] = { 0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35, 0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b }; check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char sha1[20]; CCRandomCopyBytes(kCCRandomDefault, sha1, sizeof(sha1)); check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char des3[21]; CCRandomCopyBytes(kCCRandomDefault, des3, sizeof(des3)); check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char aes[32]; CCRandomCopyBytes(kCCRandomDefault, aes, sizeof(aes)); check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING); } RSA_free(rsa); } if (verbose) { printf("[BEGIN] RSA loops\n"); printf("Running %d loops\n", loops); } total++; for (i = 0; i < loops; i++) { BN_GENCB cb; BIGNUM *e; unsigned int n; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); BN_GENCB_set(&cb, cb_func, NULL); CCRandomCopyBytes(kCCRandomDefault, &n, sizeof(n)); n &= 0x1ff; n += 1024; if (RSA_generate_key_ex(rsa, n, e, &cb) != 1) { fprintf(stderr, "RSA_generate_key_ex"); fail++; return 1; } BN_free(e); for (j = 0; j < 8; j++) { unsigned char sha1[20]; CCRandomCopyBytes(kCCRandomDefault, sha1, sizeof(sha1)); check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } RSA_free(rsa); } if (verbose) printf("[PASS] RSA loops\n"); pass++; if (verbose) { printf("[SUMMARY]\n"); printf("total: %d\n", total); printf("passed: %d\n", pass); printf("failed: %d\n", fail); } /* ENGINE_finish(engine); */ return (fail); }
int SecRandomCopyBytes(SecRandomRef rnd, size_t count, uint8_t *bytes) { if (rnd != kSecRandomDefault) return errSecParam; return CCRandomCopyBytes(kCCRandomDefault, bytes, count); }
static OSStatus getRandomNonce(uint64_t *nonce) { return nonce ? CCRandomCopyBytes(kCCRandomDevRandom, (void *)nonce, sizeof(*nonce)) : SECFailure; }