CCCryptorStatus CCRSACryptorSign(CCRSACryptorRef privateKey, CCAsymmetricPadding padding, const void *hashToSign, size_t hashSignLen, CCDigestAlgorithm digestType, size_t saltLen, void *signedData, size_t *signedDataLen) { CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n"); if(!privateKey || !hashToSign || !signedData) return kCCParamError; switch(padding) { case ccPKCS1Padding: if(ccrsa_sign_pkcs1v15(privateKey->fk, CCDigestGetDigestInfo(digestType)->oid, hashSignLen, hashToSign, signedDataLen, signedData) != 0) return kCCDecodeError; break; case ccOAEPPadding: if(ccrsa_sign_oaep(privateKey->fk, CCDigestGetDigestInfo(digestType), ccDRBGGetRngState(), hashSignLen, hashToSign, signedDataLen, signedData) != 0) return kCCDecodeError; break; case ccX931Padding: case ccPKCS1PaddingRaw: case ccPaddingNone: default: return kCCParamError; break; } return kCCSuccess; }
CCCryptorStatus CCRSACryptorVerify(CCRSACryptorRef publicKey, CCAsymmetricPadding padding, const void *hash, size_t hashLen, CCDigestAlgorithm digestType, size_t saltLen, const void *signedData, size_t signedDataLen) { bool valid; CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n"); if(!publicKey || !hash || !signedData) return kCCParamError; switch(padding) { case ccPKCS1Padding: if(ccrsa_verify_pkcs1v15(ccrsa_ctx_public(publicKey->fk), CCDigestGetDigestInfo(digestType)->oid, hashLen, hash, signedDataLen, signedData, &valid) != 0) return kCCDecodeError; if(!valid) return kCCDecodeError; break; case ccOAEPPadding: if(ccrsa_verify_oaep(ccrsa_ctx_public(publicKey->fk), CCDigestGetDigestInfo(digestType), hashLen, hash, signedDataLen, signedData, &valid) != 0) return kCCDecodeError; if(!valid) return kCCDecodeError; break; case ccX931Padding: case ccPKCS1PaddingRaw: case ccPaddingNone: default: return kCCParamError; break; } return kCCSuccess; }
CCCryptorStatus CCRSACryptorDecrypt(CCRSACryptorRef privateKey, CCAsymmetricPadding padding, const void *cipherText, size_t cipherTextLen, void *plainText, size_t *plainTextLen, const void *tagData, size_t tagDataLen, CCDigestAlgorithm digestType) { CCCryptorStatus retval = kCCSuccess; CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n"); if(!privateKey || !cipherText || !plainText || !plainTextLen) return kCCParamError; switch (padding) { case ccPKCS1Padding: if(ccrsa_decrypt_eme_pkcs1v15(privateKey->fk, plainTextLen, plainText, cipherTextLen, (uint8_t *) cipherText) != 0) retval = kCCDecodeError; break; case ccOAEPPadding: if(ccrsa_decrypt_oaep(privateKey->fk, CCDigestGetDigestInfo(digestType), plainTextLen, plainText, cipherTextLen, (uint8_t *) cipherText, tagDataLen, tagData) != 0) retval = kCCDecodeError; break; default: goto errOut; } errOut: return retval; }
int CCKeyDerivationPBKDF( CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen, const uint8_t *salt, size_t saltLen, CCPseudoRandomAlgorithm prf, uint rounds, uint8_t *derivedKey, size_t derivedKeyLen) { const struct ccdigest_info *di; CC_DEBUG_LOG(ASL_LEVEL_ERR, "PasswordLen %lu SaltLen %lU PRF %d Rounds %u DKLen %lu\n", passwordLen, saltLen, prf, rounds, derivedKeyLen); if(algorithm != kCCPBKDF2) return -1; switch(prf) { case kCCPRFHmacAlgSHA1: di = CCDigestGetDigestInfo(kCCDigestSHA1); break; case kCCPRFHmacAlgSHA224: di = CCDigestGetDigestInfo(kCCDigestSHA224); break; case kCCPRFHmacAlgSHA256: di = CCDigestGetDigestInfo(kCCDigestSHA256); break; case kCCPRFHmacAlgSHA384: di = CCDigestGetDigestInfo(kCCDigestSHA384); break; case kCCPRFHmacAlgSHA512: di = CCDigestGetDigestInfo(kCCDigestSHA512); break; default: return -1; } if(!password || !salt || !derivedKey || (derivedKeyLen == 0) || (rounds == 0)) return -1; ccpbkdf2_hmac(di, passwordLen, password, saltLen, salt, rounds, derivedKeyLen, derivedKey); return 0; }