CCCryptorStatus
CCRSACryptorSign(CCRSACryptorRef privateKey, CCAsymmetricPadding padding,
const void *hashToSign, size_t hashSignLen,
CCDigestAlgorithm digestType, size_t saltLen,
void *signedData, size_t *signedDataLen)
{
CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n");
if(!privateKey || !hashToSign || !signedData) return kCCParamError;
switch(padding) {
case ccPKCS1Padding:
if(ccrsa_sign_pkcs1v15(privateKey->fk, CCDigestGetDigestInfo(digestType)->oid,
hashSignLen, hashToSign, signedDataLen, signedData) != 0)
return kCCDecodeError;
break;
case ccOAEPPadding:
if(ccrsa_sign_oaep(privateKey->fk, CCDigestGetDigestInfo(digestType),
ccDRBGGetRngState(), hashSignLen, hashToSign,
signedDataLen, signedData) != 0)
return kCCDecodeError;
break;
case ccX931Padding:
case ccPKCS1PaddingRaw:
case ccPaddingNone:
default:
return kCCParamError;
break;
}
return kCCSuccess;
}
CCCryptorStatus
CCRSACryptorVerify(CCRSACryptorRef publicKey, CCAsymmetricPadding padding,
const void *hash, size_t hashLen,
CCDigestAlgorithm digestType, size_t saltLen,
const void *signedData, size_t signedDataLen)
{
bool valid;
CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n");
if(!publicKey || !hash || !signedData) return kCCParamError;
switch(padding) {
case ccPKCS1Padding:
if(ccrsa_verify_pkcs1v15(ccrsa_ctx_public(publicKey->fk), CCDigestGetDigestInfo(digestType)->oid,
hashLen, hash, signedDataLen, signedData, &valid) != 0)
return kCCDecodeError;
if(!valid) return kCCDecodeError;
break;
case ccOAEPPadding:
if(ccrsa_verify_oaep(ccrsa_ctx_public(publicKey->fk), CCDigestGetDigestInfo(digestType),
hashLen, hash, signedDataLen, signedData, &valid) != 0)
return kCCDecodeError;
if(!valid) return kCCDecodeError;
break;
case ccX931Padding:
case ccPKCS1PaddingRaw:
case ccPaddingNone:
default:
return kCCParamError;
break;
}
return kCCSuccess;
}
CCCryptorStatus
CCRSACryptorDecrypt(CCRSACryptorRef privateKey, CCAsymmetricPadding padding, const void *cipherText, size_t cipherTextLen,
void *plainText, size_t *plainTextLen, const void *tagData, size_t tagDataLen, CCDigestAlgorithm digestType)
{
CCCryptorStatus retval = kCCSuccess;
CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n");
if(!privateKey || !cipherText || !plainText || !plainTextLen) return kCCParamError;
switch (padding) {
case ccPKCS1Padding:
if(ccrsa_decrypt_eme_pkcs1v15(privateKey->fk, plainTextLen, plainText, cipherTextLen, (uint8_t *) cipherText) != 0)
retval = kCCDecodeError;
break;
case ccOAEPPadding:
if(ccrsa_decrypt_oaep(privateKey->fk, CCDigestGetDigestInfo(digestType), plainTextLen, plainText, cipherTextLen, (uint8_t *) cipherText,
tagDataLen, tagData) != 0)
retval = kCCDecodeError;
break;
default:
goto errOut;
}
errOut:
return retval;
}
int
CCKeyDerivationPBKDF( CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen,
const uint8_t *salt, size_t saltLen,
CCPseudoRandomAlgorithm prf, uint rounds,
uint8_t *derivedKey, size_t derivedKeyLen)
{
const struct ccdigest_info *di;
CC_DEBUG_LOG(ASL_LEVEL_ERR, "PasswordLen %lu SaltLen %lU PRF %d Rounds %u DKLen %lu\n", passwordLen, saltLen, prf, rounds, derivedKeyLen);
if(algorithm != kCCPBKDF2) return -1;
switch(prf) {
case kCCPRFHmacAlgSHA1: di = CCDigestGetDigestInfo(kCCDigestSHA1); break;
case kCCPRFHmacAlgSHA224: di = CCDigestGetDigestInfo(kCCDigestSHA224); break;
case kCCPRFHmacAlgSHA256: di = CCDigestGetDigestInfo(kCCDigestSHA256); break;
case kCCPRFHmacAlgSHA384: di = CCDigestGetDigestInfo(kCCDigestSHA384); break;
case kCCPRFHmacAlgSHA512: di = CCDigestGetDigestInfo(kCCDigestSHA512); break;
default: return -1;
}
if(!password || !salt || !derivedKey || (derivedKeyLen == 0) || (rounds == 0)) return -1;
ccpbkdf2_hmac(di, passwordLen, password, saltLen, salt, rounds, derivedKeyLen, derivedKey);
return 0;
}
