/* Test basic add delete update copy matching stuff. */
static void tests(SecKeyDescriptor *descriptor)
{
const uint8_t *keyData = (const uint8_t *)"abc";
CFIndex keyDataLength = 3;
SecKeyEncoding encoding = kSecKeyEncodingRaw;
ok(customKey = SecKeyCreate(kCFAllocatorDefault,
descriptor, keyData, keyDataLength, encoding),
"create custom key");
is(customKey, initedCustomKey, "CustomKeyInit got the right key");
SecPadding padding = kSecPaddingPKCS1;
const uint8_t *src = (const uint8_t *)"defgh";
size_t srcLen = 5;
uint8_t dst[5];
size_t dstLen = 5;
ok_status(SecKeyDecrypt(customKey, padding, src, srcLen, dst, &dstLen),
"SecKeyDecrypt");
ok_status(SecKeyEncrypt(customKey, padding, src, srcLen, dst, &dstLen),
"SecKeyEncrypt");
ok_status(SecKeyRawSign(customKey, padding, src, srcLen, dst, &dstLen),
"SecKeyRawSign");
ok_status(SecKeyRawVerify(customKey, padding, src, srcLen, dst, dstLen),
"SecKeyRawVerify");
is(SecKeyGetSize(customKey, kSecKeyKeySizeInBits), (size_t)5*8, "SecKeyGetSize");
CFDictionaryRef attrDict = NULL;
ok(attrDict = SecKeyCopyAttributeDictionary(customKey),
"SecKeyCopyAttributeDictionary");
CFReleaseNull(attrDict);
CFDataRef pubdata = NULL;
ok(SecKeyCopyPublicBytes(customKey, &pubdata) != 0, "SecKeyCopyPublicBytes");
CFReleaseNull(pubdata);
CFDataRef wrapped;
wrapped = _SecKeyCopyWrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL);
ok(wrapped == NULL, "_SecKeyCopyWrapKey");
CFReleaseNull(wrapped);
wrapped = _SecKeyCopyUnwrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL);
ok(wrapped == NULL, "_SecKeyCopyUnwrapKey");
CFReleaseNull(wrapped);
//ok(SecKeyGeneratePair(customKey, ), "SecKeyGeneratePair");
ok(SecKeyGetTypeID() != 0, "SecKeyGetTypeID works");
if (customKey) {
CFRelease(customKey);
customKey = NULL;
}
}
SECStatus
WRAP_PubWrapSymKey(SecPublicKeyRef publickey,
SecSymmetricKeyRef bulkkey,
CSSM_DATA_PTR encKey)
{
OSStatus rv;
CSSM_KEY bk;
rv = cmsNullWrapKey(bulkkey, &bk);
if (rv) {
return rv;
}
return SecKeyEncrypt(publickey, kSecPaddingPKCS1,
bk.KeyData.Data, bk.KeyData.Length,
encKey->Data, &encKey->Length);
}
/*
* Encrypt/Decrypt
*/
OSStatus sslRsaEncrypt(
SSLContext *ctx,
SSLPubKey *pubKey,
const uint32_t padding,
const uint8_t *plainText,
size_t plainTextLen,
uint8_t *cipherText, // mallocd by caller; RETURNED
size_t cipherTextLen, // available
size_t *actualBytes) // RETURNED
{
#if 0
gi_uint16 giCipherTextLen = cipherTextLen;
RSAStatus rsaStatus;
assert(actualBytes != NULL);
rsaStatus = RSA_Encrypt(&pubKey->rsaKey,
RP_PKCS1,
getRandomByte,
plainText,
plainTextLen,
cipherText,
&giCipherTextLen);
*actualBytes = giCipherTextLen;
return rsaStatus ? rsaStatusToSSL(rsaStatus) : noErr;
#else
size_t ctlen = cipherTextLen;
assert(actualBytes != NULL);
#if RSA_PUB_KEY_USAGE_HACK
/* Force key usage to allow encryption with public key */
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
const CSSM_KEY_PTR cssmKey = NULL;
if (SecKeyGetCSSMKey(SECKEYREF(pubKey), &cssmKey)==noErr && cssmKey)
cssmKey->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT;
#endif
#endif
OSStatus status = SecKeyEncrypt(SECKEYREF(pubKey), padding,
plainText, plainTextLen, cipherText, &ctlen);
if (status) {
sslErrorLog("sslRsaEncrypt: SecKeyEncrypt failed (error %d)\n", status);
}
/* Since the KeyExchange already allocated modulus size bytes we'll
use all of them. SecureTransport has always sent that many bytes,
so we're not going to deviate, to avoid interoperability issues. */
if (!status && (ctlen < cipherTextLen)) {
size_t offset = cipherTextLen - ctlen;
memmove(cipherText + offset, cipherText, ctlen);
memset(cipherText, 0, offset);
ctlen = cipherTextLen;
}
if (actualBytes)
*actualBytes = ctlen;
if (status)
sslErrorLog("***sslRsaEncrypt: error %d\n", status);
return status;
#endif
}
