/* Test basic add delete update copy matching stuff. */ static void tests(SecKeyDescriptor *descriptor) { const uint8_t *keyData = (const uint8_t *)"abc"; CFIndex keyDataLength = 3; SecKeyEncoding encoding = kSecKeyEncodingRaw; ok(customKey = SecKeyCreate(kCFAllocatorDefault, descriptor, keyData, keyDataLength, encoding), "create custom key"); is(customKey, initedCustomKey, "CustomKeyInit got the right key"); SecPadding padding = kSecPaddingPKCS1; const uint8_t *src = (const uint8_t *)"defgh"; size_t srcLen = 5; uint8_t dst[5]; size_t dstLen = 5; ok_status(SecKeyDecrypt(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyDecrypt"); ok_status(SecKeyEncrypt(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyEncrypt"); ok_status(SecKeyRawSign(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyRawSign"); ok_status(SecKeyRawVerify(customKey, padding, src, srcLen, dst, dstLen), "SecKeyRawVerify"); is(SecKeyGetSize(customKey, kSecKeyKeySizeInBits), (size_t)5*8, "SecKeyGetSize"); CFDictionaryRef attrDict = NULL; ok(attrDict = SecKeyCopyAttributeDictionary(customKey), "SecKeyCopyAttributeDictionary"); CFReleaseNull(attrDict); CFDataRef pubdata = NULL; ok(SecKeyCopyPublicBytes(customKey, &pubdata) != 0, "SecKeyCopyPublicBytes"); CFReleaseNull(pubdata); CFDataRef wrapped; wrapped = _SecKeyCopyWrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL); ok(wrapped == NULL, "_SecKeyCopyWrapKey"); CFReleaseNull(wrapped); wrapped = _SecKeyCopyUnwrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL); ok(wrapped == NULL, "_SecKeyCopyUnwrapKey"); CFReleaseNull(wrapped); //ok(SecKeyGeneratePair(customKey, ), "SecKeyGeneratePair"); ok(SecKeyGetTypeID() != 0, "SecKeyGetTypeID works"); if (customKey) { CFRelease(customKey); customKey = NULL; } }
SECStatus WRAP_PubWrapSymKey(SecPublicKeyRef publickey, SecSymmetricKeyRef bulkkey, CSSM_DATA_PTR encKey) { OSStatus rv; CSSM_KEY bk; rv = cmsNullWrapKey(bulkkey, &bk); if (rv) { return rv; } return SecKeyEncrypt(publickey, kSecPaddingPKCS1, bk.KeyData.Data, bk.KeyData.Length, encKey->Data, &encKey->Length); }
/* * Encrypt/Decrypt */ OSStatus sslRsaEncrypt( SSLContext *ctx, SSLPubKey *pubKey, const uint32_t padding, const uint8_t *plainText, size_t plainTextLen, uint8_t *cipherText, // mallocd by caller; RETURNED size_t cipherTextLen, // available size_t *actualBytes) // RETURNED { #if 0 gi_uint16 giCipherTextLen = cipherTextLen; RSAStatus rsaStatus; assert(actualBytes != NULL); rsaStatus = RSA_Encrypt(&pubKey->rsaKey, RP_PKCS1, getRandomByte, plainText, plainTextLen, cipherText, &giCipherTextLen); *actualBytes = giCipherTextLen; return rsaStatus ? rsaStatusToSSL(rsaStatus) : noErr; #else size_t ctlen = cipherTextLen; assert(actualBytes != NULL); #if RSA_PUB_KEY_USAGE_HACK /* Force key usage to allow encryption with public key */ #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) const CSSM_KEY_PTR cssmKey = NULL; if (SecKeyGetCSSMKey(SECKEYREF(pubKey), &cssmKey)==noErr && cssmKey) cssmKey->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT; #endif #endif OSStatus status = SecKeyEncrypt(SECKEYREF(pubKey), padding, plainText, plainTextLen, cipherText, &ctlen); if (status) { sslErrorLog("sslRsaEncrypt: SecKeyEncrypt failed (error %d)\n", status); } /* Since the KeyExchange already allocated modulus size bytes we'll use all of them. SecureTransport has always sent that many bytes, so we're not going to deviate, to avoid interoperability issues. */ if (!status && (ctlen < cipherTextLen)) { size_t offset = cipherTextLen - ctlen; memmove(cipherText + offset, cipherText, ctlen); memset(cipherText, 0, offset); ctlen = cipherTextLen; } if (actualBytes) *actualBytes = ctlen; if (status) sslErrorLog("***sslRsaEncrypt: error %d\n", status); return status; #endif }