SecKey.c   [plain text]

/*
 * Copyright (c) 2006-2011 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/* 
 * SecKey.c - CoreFoundation based key object
 */


#include <Security/SecKeyInternal.h>
#include <Security/SecItem.h>
#include <Security/SecItemPriv.h>
#include <Security/SecFramework.h>

#include "SecRSAKeyPriv.h"
#include "SecECKey.h"
#include "SecBasePriv.h"

#include <CoreFoundation/CFNumber.h>
#include <CoreFoundation/CFString.h>
#include <MacErrors.h>
#include <pthread.h>
#include <string.h>
#include <AssertMacros.h>
#include <security_utilities/debugging.h>
#include <CommonCrypto/CommonDigest.h>
#include <Security/SecAsn1Coder.h>
#include <Security/oidsalg.h>
#include <Security/SecInternal.h>
#include <Security/SecRandom.h>
#include <corecrypto/ccrng_system.h>
#include <asl.h>

static pthread_once_t kSecKeyRegisterClass = PTHREAD_ONCE_INIT;
static CFTypeID kSecKeyTypeID = _kCFRuntimeNotATypeID;

/* Forward declartions of static functions. */
static CFStringRef SecKeyDescribe(CFTypeRef cf);
static void SecKeyDestroy(CFTypeRef cf);

/* Static functions. */
#define MAX_DIGEST_LEN (CC_SHA512_DIGEST_LENGTH)

/* Currently length of SHA512 oid + 1 */
#define MAX_OID_LEN (10)

#define DER_MAX_DIGEST_INFO_LEN  (10 + MAX_DIGEST_LEN + MAX_OID_LEN)

/* Encode the digestInfo header into digestInfo and return the offset from
   digestInfo at which to put the actual digest.  Returns 0 if digestInfo
   won't fit within digestInfoLength bytes.

    0x30, topLen,
        0x30, algIdLen,
            0x06, oid.Len, oid.Data,
            0x05, 0x00
        0x04, digestLen
            digestData
*/
static size_t DEREncodeDigestInfoPrefix(const SecAsn1Oid *oid,
    size_t digestLength, uint8_t *digestInfo, size_t digestInfoLength) {
    size_t algIdLen = oid->Length + 4;
    size_t topLen = algIdLen + digestLength + 4;
	size_t totalLen = topLen + 2;

    if (totalLen > digestInfoLength) {
        return 0;
    }

    size_t ix = 0;
    digestInfo[ix++] = (SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED);
    digestInfo[ix++] = topLen;
    digestInfo[ix++] = (SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED);
    digestInfo[ix++] = algIdLen;
    digestInfo[ix++] = SEC_ASN1_OBJECT_ID;
    digestInfo[ix++] = oid->Length;
    memcpy(&digestInfo[ix], oid->Data, oid->Length);
    ix += oid->Length;
    digestInfo[ix++] = SEC_ASN1_NULL;
    digestInfo[ix++] = 0;
    digestInfo[ix++] = SEC_ASN1_OCTET_STRING;
    digestInfo[ix++] = digestLength;

    return ix;
}

static struct ccrng_system_state ccrng_system_state_seckey;

static void register_algs(void) {
    ccrng_seckey = (struct ccrng_state *)&ccrng_system_state_seckey;
    ccrng_system_init(&ccrng_system_state_seckey);
}


/*
 */
static CFDictionaryRef SecKeyGenerateAttributeDictionaryFor(SecKeyRef key,
                                                     CFTypeRef keyType,
                                                     CFDataRef privateBlob)
{
	CFAllocatorRef allocator = CFGetAllocator(key);
	DICT_DECLARE(25);
	CFDataRef pubKeyDigest = NULL, pubKeyBlob = NULL;
	CFDictionaryRef dict = NULL;

    size_t sizeValue = SecKeyGetSize(key, kSecKeyKeySizeInBits);
    CFNumberRef sizeInBits = CFNumberCreate(allocator, kCFNumberLongType, &sizeValue);

	/* encode the public key. */
    require_noerr(SecKeyCopyPublicBytes(key, &pubKeyBlob), errOut);
    require(pubKeyBlob, errOut);

	/* Calculate the digest of the public key. */
	require(pubKeyDigest = SecSHA1DigestCreate(allocator,
                                               CFDataGetBytePtr(pubKeyBlob), CFDataGetLength(pubKeyBlob)),
			errOut);

	DICT_ADDPAIR(kSecClass, kSecClassKey);
	DICT_ADDPAIR(kSecAttrKeyClass, privateBlob ? kSecAttrKeyClassPrivate : kSecAttrKeyClassPublic);
	DICT_ADDPAIR(kSecAttrApplicationLabel, pubKeyDigest);
	DICT_ADDPAIR(kSecAttrIsPermanent, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrIsPrivate, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrIsModifiable, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrKeyType, keyType);
	DICT_ADDPAIR(kSecAttrKeySizeInBits, sizeInBits);
	DICT_ADDPAIR(kSecAttrEffectiveKeySize, sizeInBits);
	DICT_ADDPAIR(kSecAttrIsSensitive, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrWasAlwaysSensitive, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrIsExtractable, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrWasNeverExtractable, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrCanEncrypt, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrCanDecrypt, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrCanDerive, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrCanSign, kCFBooleanTrue);
	DICT_ADDPAIR(kSecAttrCanVerify, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrCanSignRecover, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrCanVerifyRecover, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrCanWrap, kCFBooleanFalse);
	DICT_ADDPAIR(kSecAttrCanUnwrap, kCFBooleanTrue);
	DICT_ADDPAIR(kSecValueData, privateBlob ? privateBlob : pubKeyBlob);
    dict = DICT_CREATE(allocator);

errOut:
	// @@@ Zero out key material.
	CFReleaseSafe(pubKeyDigest);
	CFReleaseSafe(pubKeyBlob);
	CFReleaseSafe(sizeInBits);

	return dict;
}

CFDictionaryRef SecKeyGeneratePrivateAttributeDictionary(SecKeyRef key,
                                                         CFTypeRef keyType,
                                                         CFDataRef privateBlob)
{
    return SecKeyGenerateAttributeDictionaryFor(key, keyType, privateBlob);
}

CFDictionaryRef SecKeyGeneratePublicAttributeDictionary(SecKeyRef key, CFTypeRef keyType)
{
    return SecKeyGenerateAttributeDictionaryFor(key, keyType, NULL);
}

/*
 */

static CFStringRef SecKeyDescribe(CFTypeRef cf) {
    SecKeyRef key = (SecKeyRef)cf;
    return CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecKeyRef: %p>"), key);
}

static void SecKeyDestroy(CFTypeRef cf) {
    SecKeyRef key = (SecKeyRef)cf;
    if (key->key_class->destroy)
        key->key_class->destroy(key);
}

static Boolean SecKeyEqual(CFTypeRef cf1, CFTypeRef cf2) {
    SecKeyRef key1 = (SecKeyRef)cf1;
    SecKeyRef key2 = (SecKeyRef)cf2;
    if (key1 == key2)
        return true;
    if (!key2 || key1->key_class != key2->key_class)
        return false;
    if (key1->key_class->extraBytes)
        return !memcmp(key1->key, key2->key, key1->key_class->extraBytes);

    /* TODO: Won't work when we get reference keys. */
    CFDictionaryRef d1, d2;
    d1 = SecKeyCopyAttributeDictionary(key1);
    d2 = SecKeyCopyAttributeDictionary(key2);
    Boolean result = CFEqual(d1, d2);
    CFReleaseSafe(d1);
    CFReleaseSafe(d2);
    return result;
}

static void SecKeyRegisterClass(void) {
	static const CFRuntimeClass kSecKeyClass = {
		0,													/* version */
		"SecKey",                                           /* class name */
		NULL,												/* init */
		NULL,												/* copy */
		SecKeyDestroy,                                      /* dealloc */
		SecKeyEqual,										/* equal */
		NULL,												/* hash */
		NULL,												/* copyFormattingDesc */
		SecKeyDescribe                                      /* copyDebugDesc */
	};

    kSecKeyTypeID = _CFRuntimeRegisterClass(&kSecKeyClass);
    register_algs();
}

/* Public API functions. */
CFTypeID SecKeyGetTypeID(void) {
    pthread_once(&kSecKeyRegisterClass, SecKeyRegisterClass);
    return kSecKeyTypeID;
}

static bool getBoolForKey(CFDictionaryRef dict, CFStringRef key, bool default_value) {
	CFTypeRef value = CFDictionaryGetValue(dict, key);
	if (value) {
		if (CFGetTypeID(value) == CFBooleanGetTypeID()) {
			return CFBooleanGetValue(value);
		} else {
			secwarning("Value %@ for key %@ is not bool", value, key);
		}
	}

	return default_value;
}

static OSStatus add_ref(CFTypeRef item, CFMutableDictionaryRef dict) {
	CFDictionarySetValue(dict, kSecValueRef, item);
	return SecItemAdd(dict, NULL);
}

static void merge_params_applier(const void *key, const void *value,
                                 void *context) {
	CFMutableDictionaryRef result = (CFMutableDictionaryRef)context;
	CFDictionaryAddValue(result, key, value);
}

/* Create a mutable dictionary that is based on the subdictionary for key
 with any attributes from the top level dict merged in. */
static CFMutableDictionaryRef merge_params(CFDictionaryRef dict,
                                           CFStringRef key) {
	CFDictionaryRef subdict = CFDictionaryGetValue(dict, key);
	CFMutableDictionaryRef result;

	if (subdict) {
		result = CFDictionaryCreateMutableCopy(NULL, 0, subdict);
		/* Add everything in dict not already in result to result. */
		CFDictionaryApplyFunction(dict, merge_params_applier, result);
	} else {
		result = CFDictionaryCreateMutableCopy(NULL, 0, dict);
	}

	/* Remove values that only belong in the top level dict. */
	CFDictionaryRemoveValue(result, kSecPublicKeyAttrs);
	CFDictionaryRemoveValue(result, kSecPrivateKeyAttrs);
	CFDictionaryRemoveValue(result, kSecAttrKeyType);
	CFDictionaryRemoveValue(result, kSecAttrKeySizeInBits);

	return result;
}

/* Generate a private/public keypair. */
OSStatus SecKeyGeneratePair(CFDictionaryRef parameters,
                            SecKeyRef *publicKey, SecKeyRef *privateKey) {
    OSStatus result = errSecUnsupportedAlgorithm;
    SecKeyRef privKey = NULL;
	SecKeyRef pubKey = NULL;
    CFMutableDictionaryRef pubParams = merge_params(parameters, kSecPublicKeyAttrs),
                           privParams = merge_params(parameters, kSecPrivateKeyAttrs);
	CFStringRef ktype = CFDictionaryGetValue(parameters, kSecAttrKeyType);

    require(ktype, errOut);

    if (CFEqual(ktype, kSecAttrKeyTypeEC)) {
        result = SecECKeyGeneratePair(parameters, &pubKey, &privKey);
    } else if (CFEqual(ktype, kSecAttrKeyTypeRSA)) {
        result = SecRSAKeyGeneratePair(parameters, &pubKey, &privKey);
    }

    require_noerr(result, errOut);

    /* Store the keys in the keychain if they are marked as permanent. */
    if (getBoolForKey(pubParams, kSecAttrIsPermanent, false)) {
        require_noerr(result = add_ref(pubKey, pubParams), errOut);
    }
    if (getBoolForKey(privParams, kSecAttrIsPermanent, false)) {
        require_noerr(result = add_ref(privKey, privParams), errOut);
    }

    if (publicKey) {
        *publicKey = pubKey;
        pubKey = NULL;
    }
    if (privateKey) {
        *privateKey = privKey;
        privKey = NULL;
    }

errOut:
	CFReleaseSafe(pubParams);
	CFReleaseSafe(privParams);
    CFReleaseSafe(pubKey);
    CFReleaseSafe(privKey);

    return result;
}

SecKeyRef SecKeyCreatePublicFromDER(CFAllocatorRef allocator,
    const SecAsn1Oid *oid, const SecAsn1Item *params,
    const SecAsn1Item *keyData) {
    SecKeyRef publicKey = NULL;
	if (SecAsn1OidCompare(oid, &CSSMOID_RSA)) {
        /* pkcs1 1 */
		publicKey = SecKeyCreateRSAPublicKey(kCFAllocatorDefault,
			keyData->Data, keyData->Length, kSecKeyEncodingPkcs1);
	} else if (SecAsn1OidCompare(oid, &CSSMOID_ecPublicKey)) {
        SecDERKey derKey = {
            .oid = oid->Data,
            .oidLength = oid->Length,
            .key = keyData->Data,
            .keyLength = keyData->Length,
        };
        if (params) {
            derKey.parameters = params->Data;
            derKey.parametersLength = params->Length;
        }
		publicKey = SecKeyCreateECPublicKey(kCFAllocatorDefault,
			(const uint8_t *)&derKey, sizeof(derKey), kSecDERKeyEncoding);
    } else {
		secwarning("Unsupported algorithm oid");
	}

    return publicKey;
}

SecKeyRef SecKeyCreate(CFAllocatorRef allocator,
    const SecKeyDescriptor *key_class, const uint8_t *keyData,
	CFIndex keyDataLength, SecKeyEncoding encoding) {
	check(key_class);

    size_t size = sizeof(struct __SecKey) + key_class->extraBytes;
    SecKeyRef result = (SecKeyRef)_CFRuntimeCreateInstance(allocator,
        SecKeyGetTypeID(), size - sizeof(CFRuntimeBase), NULL);
	if (result) {
		memset((char*)result + sizeof(result->_base), 0, size - sizeof(result->_base));
        result->key_class = key_class;
        if (key_class->extraBytes) {
            /* Make result->key point to the extraBytes we allocated. */
            result->key = ((char*)result) + sizeof(*result);
        }
        if (key_class->init) {
			OSStatus status;
			status = key_class->init(result, keyData, keyDataLength, encoding);
			if (status) {
				secwarning("init %s key: %d", key_class->name, status);
				CFRelease(result);
				result = NULL;
			}
		}
    }
    return result;
}

enum {
    kSecKeyDigestInfoSign,
    kSecKeyDigestInfoVerify
};

static OSStatus SecKeyDigestInfoSignVerify(
    SecKeyRef           key,            /* Private key */
	SecPadding          padding,		/* kSecPaddingPKCS1@@@ */
	const uint8_t       *dataToSign,	/* signature over this data */
	size_t              dataToSignLen,	/* length of dataToSign */
	uint8_t             *sig,			/* signature, RETURNED */
	size_t              *sigLen,        /* IN/OUT */
    int mode) {
    size_t digestInfoLength = DER_MAX_DIGEST_INFO_LEN;
    uint8_t digestInfo[digestInfoLength];
    const SecAsn1Oid *digestOid;
    size_t digestLen;

    switch (padding) {
#if 0
    case kSecPaddingPKCS1MD2:
        digestLen = CC_MD2_DIGEST_LENGTH;
        digestOid = &CSSMOID_MD2;
        break;
    case kSecPaddingPKCS1MD4:
        digestLen = CC_MD4_DIGEST_LENGTH;
        digestOid = &CSSMOID_MD4;
        break;
    case kSecPaddingPKCS1MD5:
        digestLen = CC_MD5_DIGEST_LENGTH;
        digestOid = &CSSMOID_MD5;
        break;
#endif
    case kSecPaddingPKCS1SHA1:
        digestLen = CC_SHA1_DIGEST_LENGTH;
        digestOid = &CSSMOID_SHA1;
        break;
#if 0
    case kSecPaddingPKCS1SHA224:
        digestLen = CC_SHA224_DIGEST_LENGTH;
        digestOid = &CSSMOID_SHA224;
        break;
    case kSecPaddingPKCS1SHA256:
        digestLen = CCSHA256_OUTPUT_SIZE;
        digestOid = &CSSMOID_SHA256;
        break;
    case kSecPaddingPKCS1SHA384:
        digestLen = CC_SHA384_DIGEST_LENGTH;
        digestOid = &CSSMOID_SHA384;
        break;
    case kSecPaddingPKCS1SHA512:
        digestLen = CC_SHA512_DIGEST_LENGTH;
        digestOid = &CSSMOID_SHA512;
        break;
#endif
    default:
        return errSecUnsupportedPadding;
    }

    if (dataToSignLen != digestLen)
        return errSecParam;

    size_t offset = DEREncodeDigestInfoPrefix(digestOid, digestLen,
        digestInfo, digestInfoLength);
    if (!offset)
        return errSecBufferTooSmall;

    /* Append the digest to the digestInfo prefix and adjust the length. */
    memcpy(&digestInfo[offset], dataToSign, digestLen);
    digestInfoLength = offset + digestLen;

    if (mode == kSecKeyDigestInfoSign) {
        return key->key_class->rawSign(key, kSecPaddingPKCS1,
            digestInfo, digestInfoLength, sig, sigLen);
    } else {
        return key->key_class->rawVerify(key, kSecPaddingPKCS1,
            digestInfo, digestInfoLength, sig, *sigLen);
    }

    return noErr;
}

OSStatus SecKeyRawSign(
    SecKeyRef           key,            /* Private key */
	SecPadding          padding,		/* kSecPaddingNone or kSecPaddingPKCS1 */
	const uint8_t       *dataToSign,	/* signature over this data */
	size_t              dataToSignLen,	/* length of dataToSign */
	uint8_t             *sig,			/* signature, RETURNED */
	size_t              *sigLen) {		/* IN/OUT */
    if (!key->key_class->rawSign)
        return errSecUnsupportedOperation;

    if (padding < kSecPaddingPKCS1MD2) {
        return key->key_class->rawSign(key, padding, dataToSign, dataToSignLen,
            sig, sigLen);
    } else {
        return SecKeyDigestInfoSignVerify(key, padding, dataToSign, dataToSignLen,
        sig, sigLen, kSecKeyDigestInfoSign);
    }
}

OSStatus SecKeyRawVerify(
    SecKeyRef           key,            /* Public key */
	SecPadding          padding,		/* kSecPaddingNone or kSecPaddingPKCS1 */
	const uint8_t       *signedData,	/* signature over this data */
	size_t              signedDataLen,	/* length of dataToSign */
	const uint8_t       *sig,			/* signature */
	size_t              sigLen) {		/* length of signature */
    if (!key->key_class->rawVerify)
        return errSecUnsupportedOperation;

    if (padding < kSecPaddingPKCS1MD2) {
        return key->key_class->rawVerify(key, padding, signedData, signedDataLen,
            sig, sigLen);
    } else {
        /* Casting away the constness of sig is safe since
           SecKeyDigestInfoSignVerify only modifies sig if
           mode == kSecKeyDigestInfoSign. */
        return SecKeyDigestInfoSignVerify(key, padding,
            signedData, signedDataLen, (uint8_t *)sig, &sigLen,
            kSecKeyDigestInfoVerify);
    }
}

OSStatus SecKeyEncrypt(
    SecKeyRef           key,                /* Public key */
	SecPadding          padding,			/* kSecPaddingNone, kSecPaddingPKCS1, kSecPaddingOAEP */
	const uint8_t		*plainText,
	size_t              plainTextLen,		/* length of plainText */
	uint8_t             *cipherText,	
	size_t              *cipherTextLen) {	/* IN/OUT */
    if (key->key_class->encrypt)
        return key->key_class->encrypt(key, padding, plainText, plainTextLen,
            cipherText, cipherTextLen);
    return errSecUnsupportedOperation;
}

OSStatus SecKeyDecrypt(
    SecKeyRef           key,                /* Private key */
	SecPadding          padding,			/* kSecPaddingNone, kSecPaddingPKCS1, kSecPaddingOAEP */
	const uint8_t       *cipherText,
	size_t              cipherTextLen,		/* length of cipherText */
	uint8_t             *plainText,	
	size_t              *plainTextLen) {	/* IN/OUT */
    if (key->key_class->decrypt)
        return key->key_class->decrypt(key, padding, cipherText, cipherTextLen,
            plainText, plainTextLen);
    return errSecUnsupportedOperation;
}

size_t SecKeyGetBlockSize(SecKeyRef key) {
    if (key->key_class->blockSize)
        return key->key_class->blockSize(key);
    return 0;
}

/* Private API functions. */

CFDictionaryRef SecKeyCopyAttributeDictionary(SecKeyRef key) {
    if (key->key_class->copyDictionary)
        return key->key_class->copyDictionary(key);
    return NULL;
}

SecKeyRef SecKeyCreateFromAttributeDictionary(CFDictionaryRef refAttributes) {
	/* TODO: Support having an allocator in refAttributes. */
 	CFAllocatorRef allocator = NULL;
	CFDataRef data = CFDictionaryGetValue(refAttributes, kSecValueData);
	CFTypeRef ktype = CFDictionaryGetValue(refAttributes, kSecAttrKeyType);
	SInt32 algorithm;
	SecKeyRef ref;

	/* First figure out the key type (algorithm). */
	if (CFGetTypeID(ktype) == CFNumberGetTypeID()) {
		CFNumberGetValue(ktype, kCFNumberSInt32Type, &algorithm);
	} else {
		secwarning("Unsupported key type: %@", ktype);
		return NULL;
	}

	/* TODO: The code below won't scale well, consider moving to something
	   table driven. */
	SInt32 class;
	CFTypeRef kclass = CFDictionaryGetValue(refAttributes, kSecAttrKeyClass);
	if (CFGetTypeID(kclass) == CFNumberGetTypeID()) {
		CFNumberGetValue(kclass, kCFNumberSInt32Type, &class);
	} else {
		secwarning("Unsupported key class: %@", kclass);
		return NULL;
	}

    switch (class) {
        case 0: // kSecAttrKeyClassPublic
            switch (algorithm) {
                case 42: // kSecAlgorithmRSA
                    ref = SecKeyCreateRSAPublicKey(allocator,
                                                   CFDataGetBytePtr(data), CFDataGetLength(data),
                                                   kSecKeyEncodingBytes);
                    break;
                case 43: // kSecAlgorithmECDSA
                    ref = SecKeyCreateECPublicKey(allocator,
                                                  CFDataGetBytePtr(data), CFDataGetLength(data),
                                                  kSecKeyEncodingBytes);
                    break;
                default:
                    secwarning("Unsupported public key type: %@", ktype);
                    ref = NULL;
                    break;
            };
            break;
        case 1: // kSecAttrKeyClassPrivate
            switch (algorithm) {
                case 42: // kSecAlgorithmRSA
                    ref = SecKeyCreateRSAPrivateKey(allocator,
                                                    CFDataGetBytePtr(data), CFDataGetLength(data),
                                                    kSecKeyEncodingBytes);
                    break;
                case 43: // kSecAlgorithmECDSA
                    ref = SecKeyCreateECPrivateKey(allocator,
                                                   CFDataGetBytePtr(data), CFDataGetLength(data),
                                                   kSecKeyEncodingBytes);
                    break;
                default:
                    secwarning("Unsupported private key type: %@", ktype);
                    ref = NULL;
                    break;
            };
            break;
        case 2: // kSecAttrKeyClassSymmetric
            secwarning("Unsupported symmetric key type: %@", ktype);
            ref = NULL;
            break;
        default:
            secwarning("Unsupported key class: %@", kclass);
            ref = NULL;
    }

	return ref;
}

/* TODO: This function should ensure that this keys algorithm matches the
   signature algorithm. */
static OSStatus SecKeyGetDigestInfo(SecKeyRef this, const SecAsn1AlgId *algId,
    const uint8_t *data, size_t dataLen, bool digestData,
    uint8_t *digestInfo, size_t *digestInfoLen /* IN/OUT */) {
    unsigned char *(*digestFcn)(const void *, CC_LONG, unsigned char *);
    CFIndex keyAlgID = kSecNullAlgorithmID;
    const SecAsn1Oid *digestOid;
    size_t digestLen;
    size_t offset = 0;

    /* Since these oids all have the same prefix, use switch. */
    if ((algId->algorithm.Length == CSSMOID_RSA.Length) &&
        !memcmp(algId->algorithm.Data, CSSMOID_RSA.Data,
            algId->algorithm.Length - 1)) {
        keyAlgID = kSecRSAAlgorithmID;
        switch (algId->algorithm.Data[algId->algorithm.Length - 1]) {
#if 0
        case 2: /* oidMD2WithRSA */
            digestFcn = CC_MD2;
            digestLen = CC_MD2_DIGEST_LENGTH;
            digestOid = &CSSMOID_MD2;
            break;
        case 3: /* oidMD4WithRSA */
            digestFcn = CC_MD4;
            digestLen = CC_MD4_DIGEST_LENGTH;
            digestOid = &CSSMOID_MD4;
            break;
        case 4: /* oidMD5WithRSA */
            digestFcn = CC_MD5;
            digestLen = CC_MD5_DIGEST_LENGTH;
            digestOid = &CSSMOID_MD5;
            break;
#endif /* 0 */
        case 5: /* oidSHA1WithRSA */
            digestFcn = CC_SHA1;
            digestLen = CC_SHA1_DIGEST_LENGTH;
            digestOid = &CSSMOID_SHA1;
            break;
        case 11: /* oidSHA256WithRSA */
            digestFcn = CC_SHA256;
            digestLen = CC_SHA256_DIGEST_LENGTH;
            digestOid = &CSSMOID_SHA256;
            break;
        case 12: /* oidSHA384WithRSA */
            /* pkcs1 12 */
            digestFcn = CC_SHA384;
            digestLen = CC_SHA384_DIGEST_LENGTH;
            digestOid = &CSSMOID_SHA384;
            break;
        case 13: /* oidSHA512WithRSA */
            digestFcn = CC_SHA512;
            digestLen = CC_SHA512_DIGEST_LENGTH;
            digestOid = &CSSMOID_SHA512;
            break;
        case 14: /* oidSHA224WithRSA */
            digestFcn = CC_SHA224;
            digestLen = CC_SHA224_DIGEST_LENGTH;
            digestOid = &CSSMOID_SHA224;
            break;
        default:
            secdebug("key", "unsupported rsa signature algorithm");
            return errSecUnsupportedAlgorithm;
        }
    } else if ((algId->algorithm.Length == CSSMOID_ECDSA_WithSHA224.Length) &&
        !memcmp(algId->algorithm.Data, CSSMOID_ECDSA_WithSHA224.Data,
            algId->algorithm.Length - 1)) {
        keyAlgID = kSecECDSAAlgorithmID;
        switch (algId->algorithm.Data[algId->algorithm.Length - 1]) {
        case 1: /* oidSHA224WithECDSA */
            digestFcn = CC_SHA224;
            digestLen = CC_SHA224_DIGEST_LENGTH;
            break;
        case 2: /* oidSHA256WithECDSA */
            digestFcn = CC_SHA256;
            digestLen = CC_SHA256_DIGEST_LENGTH;
            break;
        case 3: /* oidSHA384WithECDSA */
            /* pkcs1 12 */
            digestFcn = CC_SHA384;
            digestLen = CC_SHA384_DIGEST_LENGTH;
            break;
        case 4: /* oidSHA512WithECDSA */
            digestFcn = CC_SHA512;
            digestLen = CC_SHA512_DIGEST_LENGTH;
            break;
        default:
            secdebug("key", "unsupported ecdsa signature algorithm");
            return errSecUnsupportedAlgorithm;
        }
    } else if (SecAsn1OidCompare(&algId->algorithm, &CSSMOID_ECDSA_WithSHA1)) {
        keyAlgID = kSecECDSAAlgorithmID;
        digestFcn = CC_SHA1;
        digestLen = CC_SHA1_DIGEST_LENGTH;
    } else if (SecAsn1OidCompare(&algId->algorithm, &CSSMOID_SHA1)) {
        digestFcn = CC_SHA1;
        digestLen = CC_SHA1_DIGEST_LENGTH;
        digestOid = &CSSMOID_SHA1;
    } else if ((algId->algorithm.Length == CSSMOID_SHA224.Length) &&
        !memcmp(algId->algorithm.Data, CSSMOID_SHA224.Data, algId->algorithm.Length - 1))
    {
        switch (algId->algorithm.Data[algId->algorithm.Length - 1]) {
            case 4: /* OID_SHA224 */
                digestFcn = CC_SHA224;
                digestLen = CC_SHA224_DIGEST_LENGTH;
                digestOid = &CSSMOID_SHA224;
                break;
            case 1: /* OID_SHA256 */
                digestFcn = CC_SHA256;
                digestLen = CC_SHA256_DIGEST_LENGTH;
                digestOid = &CSSMOID_SHA256;
                break;
            case 2: /* OID_SHA384 */
                /* pkcs1 12 */
                digestFcn = CC_SHA384;
                digestLen = CC_SHA384_DIGEST_LENGTH;
                digestOid = &CSSMOID_SHA384;
                break;
            case 3: /* OID_SHA512 */
                digestFcn = CC_SHA512;
                digestLen = CC_SHA512_DIGEST_LENGTH;
                digestOid = &CSSMOID_SHA512;
                break;
            default:
                secdebug("key", "unsupported sha-2 signature algorithm");
                return errSecUnsupportedAlgorithm;
        }
    } else if (SecAsn1OidCompare(&algId->algorithm, &CSSMOID_MD5)) {
        digestFcn = CC_MD5;
        digestLen = CC_MD5_DIGEST_LENGTH;
        digestOid = &CSSMOID_MD5;
    } else {
        secdebug("key", "unsupported digesting algorithm");
        return errSecUnsupportedAlgorithm;
    }

    /* check key is appropriate for signature (superfluous for digest only oid) */
    if (keyAlgID == kSecNullAlgorithmID)
        keyAlgID = SecKeyGetAlgorithmID(this);
    else if (keyAlgID != SecKeyGetAlgorithmID(this))
        return errSecUnsupportedAlgorithm;

    switch(keyAlgID) {
        case kSecRSAAlgorithmID:
            offset = DEREncodeDigestInfoPrefix(digestOid, digestLen,
                                               digestInfo, *digestInfoLen);
            if (!offset)
                return errSecBufferTooSmall;
            break;
        case kSecDSAAlgorithmID:
            if (digestOid != &CSSMOID_SHA1)
                return errSecUnsupportedAlgorithm;
            break;
        case kSecECDSAAlgorithmID:
            break;
        default:
            secdebug("key", "unsupported signature algorithm");
            return errSecUnsupportedAlgorithm;
    }

    if (digestData) {
        if(dataLen>UINT32_MAX) /* Check for overflow with CC_LONG cast */
            return paramErr;
        digestFcn(data, (CC_LONG)dataLen, &digestInfo[offset]);
        *digestInfoLen = offset + digestLen;
    } else {
        if (dataLen != digestLen)
            return paramErr;
        memcpy(&digestInfo[offset], data, dataLen);
        *digestInfoLen = offset + dataLen;
    }

    return noErr;
}

OSStatus SecKeyDigestAndVerify(
    SecKeyRef           this,            /* Private key */
	const SecAsn1AlgId  *algId,         /* algorithm oid/params */
	const uint8_t       *dataToDigest,	/* signature over this data */
	size_t              dataToDigestLen,/* length of dataToDigest */
	const uint8_t       *sig,			/* signature to verify */
	size_t              sigLen) {		/* length of sig */
    size_t digestInfoLength = DER_MAX_DIGEST_INFO_LEN;
    uint8_t digestInfo[digestInfoLength];
    OSStatus status;

    status = SecKeyGetDigestInfo(this, algId, dataToDigest, dataToDigestLen, true,
        digestInfo, &digestInfoLength);
    if (status)
        return status;
    return SecKeyRawVerify(this, kSecPaddingPKCS1,
        digestInfo, digestInfoLength, sig, sigLen);
}

OSStatus SecKeyDigestAndSign(
    SecKeyRef           this,            /* Private key */
	const SecAsn1AlgId  *algId,         /* algorithm oid/params */
	const uint8_t       *dataToDigest,	/* signature over this data */
	size_t              dataToDigestLen,/* length of dataToDigest */
	uint8_t             *sig,			/* signature, RETURNED */
	size_t              *sigLen) {		/* IN/OUT */
    size_t digestInfoLength = DER_MAX_DIGEST_INFO_LEN;
    uint8_t digestInfo[digestInfoLength];
    OSStatus status;

    status = SecKeyGetDigestInfo(this, algId, dataToDigest, dataToDigestLen, true /* digest data */,
        digestInfo, &digestInfoLength);
    if (status)
        return status;
    return SecKeyRawSign(this, kSecPaddingPKCS1,
        digestInfo, digestInfoLength, sig, sigLen);
}

OSStatus SecKeyVerifyDigest(
                               SecKeyRef           this,            /* Private key */
                               const SecAsn1AlgId  *algId,         /* algorithm oid/params */
                               const uint8_t       *digestData,	/* signature over this digest */
                               size_t              digestDataLen,/* length of dataToDigest */
                               const uint8_t       *sig,			/* signature to verify */
                               size_t              sigLen) {		/* length of sig */
    size_t digestInfoLength = DER_MAX_DIGEST_INFO_LEN;
    uint8_t digestInfo[digestInfoLength];
    OSStatus status;

    status = SecKeyGetDigestInfo(this, algId, digestData, digestDataLen, false /* data is digest */,
                                 digestInfo, &digestInfoLength);
    if (status)
        return status;
    return SecKeyRawVerify(this, kSecPaddingPKCS1,
                           digestInfo, digestInfoLength, sig, sigLen);
}

OSStatus SecKeySignDigest(
                             SecKeyRef           this,            /* Private key */
                             const SecAsn1AlgId  *algId,         /* algorithm oid/params */
                             const uint8_t       *digestData,	/* signature over this digest */
                             size_t              digestDataLen,/* length of digestData */
                             uint8_t             *sig,			/* signature, RETURNED */
                             size_t              *sigLen) {		/* IN/OUT */
    size_t digestInfoLength = DER_MAX_DIGEST_INFO_LEN;
    uint8_t digestInfo[digestInfoLength];
    OSStatus status;

    status = SecKeyGetDigestInfo(this, algId, digestData, digestDataLen, false,
                                 digestInfo, &digestInfoLength);
    if (status)
        return status;
    return SecKeyRawSign(this, kSecPaddingPKCS1,
                         digestInfo, digestInfoLength, sig, sigLen);
}

CFIndex SecKeyGetAlgorithmID(SecKeyRef key) {
    /* This method was added to version 1 keys. */
    if (key->key_class->version > 0 && key->key_class->getAlgorithmID)
        return key->key_class->getAlgorithmID(key);
    /* All version 0 key were RSA. */
    return kSecRSAAlgorithmID;
}


OSStatus SecKeyCopyPublicBytes(SecKeyRef key, CFDataRef* serializedPublic) {
    if (key->key_class->version > 1 && key->key_class->copyPublic)
        return key->key_class->copyPublic(key, serializedPublic);
    return errSecUnimplemented;
}

SecKeyRef SecKeyCreateFromPublicBytes(CFAllocatorRef allocator, CFIndex algorithmID, const uint8_t *keyData, CFIndex keyDataLength)
{
    switch (algorithmID)
    {
        case kSecRSAAlgorithmID:
            return SecKeyCreateRSAPublicKey(allocator,
                                            keyData, keyDataLength,
                                            kSecKeyEncodingBytes);
        case kSecECDSAAlgorithmID:
            return SecKeyCreateECPublicKey(allocator,
                                           keyData, keyDataLength,
                                           kSecKeyEncodingBytes);
        default:
            return NULL;
    }
}

SecKeyRef SecKeyCreateFromPublicData(CFAllocatorRef allocator, CFIndex algorithmID, CFDataRef serialized)
{
    return SecKeyCreateFromPublicBytes(allocator, algorithmID, CFDataGetBytePtr(serialized), CFDataGetLength(serialized));
}

// This is a bit icky hack to avoid changing the vtable for
// SecKey.
size_t SecKeyGetSize(SecKeyRef key, SecKeySize whichSize)
{
    size_t result = SecKeyGetBlockSize(key);

    if (kSecECDSAAlgorithmID == SecKeyGetAlgorithmID(key)) {
        switch (whichSize) {
            case kSecKeyEncryptedDataSize:
                result = 0;
                break;
            case kSecKeySignatureSize:
                result = 2 * result + 6;
                if (result >= 66)
                    result += 2;
                break;
            case kSecKeyKeySizeInBits:
                if (result >= 66)
                    return 521;
        }
    }
            
    if (whichSize == kSecKeyKeySizeInBits)
            result *= 8;
        
    return result;

}