static void testkeygen2(size_t keySizeInBits) {
SecKeyRef pubKey = NULL, privKey = NULL;
size_t keySizeInBytes = (keySizeInBits + 7) / 8;
CFNumberRef kzib;
int32_t keysz32 = (int32_t)keySizeInBits;
CFUUIDRef ourUUID = CFUUIDCreate(kCFAllocatorDefault);
CFStringRef uuidString = CFUUIDCreateString(kCFAllocatorDefault, ourUUID);
CFMutableStringRef publicName = CFStringCreateMutableCopy(kCFAllocatorDefault, 0, uuidString);
CFMutableStringRef privateName = CFStringCreateMutableCopy(kCFAllocatorDefault, 0, uuidString);
CFReleaseNull(ourUUID);
CFReleaseNull(uuidString);
CFStringAppend(publicName, CFSTR("-Public-41"));
CFStringAppend(privateName, CFSTR("-Private-41"));
CFMutableDictionaryRef pubd = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault,
kSecAttrLabel, publicName,
NULL);
CFMutableDictionaryRef privd = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault,
kSecAttrLabel, privateName,
NULL);
kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keysz32);
CFDictionaryRef kgp = CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
kSecAttrKeyType, kSecAttrKeyTypeEC,
kSecAttrKeySizeInBits, kzib,
kSecAttrIsPermanent, kCFBooleanTrue,
kSecPublicKeyAttrs, pubd,
kSecPrivateKeyAttrs, privd,
NULL);
CFReleaseNull(kzib);
OSStatus status;
ok_status(status = SecKeyGeneratePair(kgp, &pubKey, &privKey),
"Generate %ld bit (%ld byte) persistent RSA keypair",
keySizeInBits, keySizeInBytes);
CFReleaseNull(kgp);
SKIP: {
skip("keygen failed", 8, status == errSecSuccess);
ok(pubKey, "pubkey returned");
ok(privKey, "privKey returned");
is(SecKeyGetSize(pubKey, kSecKeyKeySizeInBits), (size_t) keySizeInBits, "public key size is ok");
is(SecKeyGetSize(privKey, kSecKeyKeySizeInBits), (size_t) keySizeInBits, "private key size is ok");
SecKeyRef pubKey2, privKey2;
CFDictionaryAddValue(pubd, kSecClass, kSecClassKey);
CFDictionaryAddValue(pubd, kSecReturnRef, kCFBooleanTrue);
CFDictionaryAddValue(privd, kSecClass, kSecClassKey);
CFDictionaryAddValue(privd, kSecReturnRef, kCFBooleanTrue);
CFDictionaryAddValue(privd, kSecAttrCanSign, kCFBooleanTrue);
ok_status(SecItemCopyMatching(pubd, (CFTypeRef *)&pubKey2),
"retrieve pub key by label");
ok(pubKey2, "got valid object");
ok_status(SecItemCopyMatching(privd, (CFTypeRef *)&privKey2),
"retrieve priv key by label and kSecAttrCanSign");
ok(privKey2, "got valid object");
/* Sign something. */
uint8_t something[20] = {0x80, 0xbe, 0xef, 0xba, 0xd0, };
size_t sigLen = SecKeyGetSize(privKey2, kSecKeySignatureSize);
uint8_t sig[sigLen];
ok_status(SecKeyRawSign(privKey2, kSecPaddingPKCS1,
something, sizeof(something), sig, &sigLen), "sign something");
ok_status(SecKeyRawVerify(pubKey2, kSecPaddingPKCS1,
something, sizeof(something), sig, sigLen), "verify sig on something");
/* Cleanup. */
CFReleaseNull(pubKey2);
CFReleaseNull(privKey2);
}
/* delete from keychain - note: do it before releasing publicName and privateName
because pubd and privd have no retain/release callbacks */
ok_status(SecItemDelete(pubd), "delete generated pub key");
ok_status(SecItemDelete(privd), "delete generated priv key");
/* Cleanup. */
CFReleaseNull(pubKey);
CFReleaseNull(privKey);
CFReleaseNull(publicName);
CFReleaseNull(privateName);
CFReleaseNull(pubd);
CFReleaseNull(privd);
}
CFDataRef keybag = CFDataCreate(kCFAllocatorDefault, keybag_data, sizeof(keybag_data));
CFDataRef backup = CFDataCreate(kCFAllocatorDefault, (const UInt8 *)export_plist, sizeof(export_plist));
ok_status(_SecKeychainRestoreBackup(backup, keybag, NULL));
CFRelease(keybag);
CFRelease(backup);
/* The restored item is kind of malformed (pdmn and accc attributes are inconsistent). Currently adopted way
of handling of this item is to try to handle it gracefully, this is what this test does (i.e. it checks that
it is possible to update such item). Another possibility which might be adopted in the future is dropping such
item during backup decoding. In this case, the test should be modified to check that the item does not exist
in the keychain at all. */
/* Try to update item with inconsistent accc and pdmn attributes. */
CFDictionaryRef query = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault,
kSecClass, kSecClassGenericPassword,
kSecAttrAccessGroup, CFSTR("com.apple.security.sos"),
kSecAttrService, CFSTR("test"),
NULL);
CFDictionaryRef update = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault,
kSecAttrService, CFSTR("updated-test"),
NULL);
ok_status(SecItemUpdate(query, update));
diag("This still fails - don't be alarmed");
CFRelease(update);
CFRelease(query);
}
int secd_32_restore_bad_backup(int argc, char *const *argv)
{
plan_tests(2 + kSecdTestSetupTestCount);
