//

//  MYKey-iPhone.m

//  MYCrypto-iPhone

//

//  Created by Jens Alfke on 4/4/09.

//  Copyright 2009 Jens Alfke. All rights reserved.

//

#import "MYCrypto_Private.h"

#if MYCRYPTO_USE_IPHONE_API

#import "MYDigest.h"

#import "MYErrorUtils.h"

#pragma mark -

@implementation MYKey

+ (SecKeyRef) _addKeyWithInfo: (NSMutableDictionary*)info {

    if (![info objectForKey: (id)kSecAttrApplicationTag]) {

        // Every keychain item has to have a unique tag, apparently, or you'll get spurious

        // duplicate-item errors. If none was given, make up a random one:

        UInt8 tag[16];

        Assert(check(SecRandomCopyBytes(kSecRandomDefault, sizeof(tag), tag), @"SecRandomCopyBytes"));

        [info setObject: [NSData dataWithBytes: tag length: sizeof(tag)] 

                 forKey: (id)kSecAttrApplicationTag];

    }

    CFDataRef keyPersistentRef;

    SecKeyRef key;

    OSStatus err = SecItemAdd((CFDictionaryRef)info, (CFTypeRef*)&keyPersistentRef);

    if (err==errSecDuplicateItem) {

        // it's already in the keychain -- get a reference to it:

		[info removeObjectForKey: (id)kSecReturnPersistentRef];

		[info setObject: $true forKey: (id)kSecReturnRef];

		if (check(SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef *)&key), 

                   @"SecItemCopyMatching"))

            return key;

    } else if (check(err, @"SecItemAdd")) {

        // It was added

        if ([[info objectForKey: (id)kSecReturnPersistentRef] boolValue]) {

            // now get its SecKeyRef:

            info = $mdict({(id)kSecValuePersistentRef, (id)keyPersistentRef},

                          {(id)kSecReturnRef, $true});

            err = SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef *)&key);

            CFRelease(keyPersistentRef);

            if (check(err,@"SecItemCopyMatching")) {

                Assert(key!=nil);

                return key;

            }

        } else {

            return (SecKeyRef)keyPersistentRef;

        }

    }

    return NULL;

}

- (id) initWithKeyRef: (SecKeyRef)key {

    return [self initWithKeychainItemRef: (SecKeychainItemRef)key];

}

- (id) _initWithKeyData: (NSData*)data

            forKeychain: (SecKeychainRef)keychain

{

    NSMutableDictionary *info = $mdict({(id)kSecClass, (id)kSecClassKey},

                                        {(id)kSecAttrKeyType, (id)self.keyType},

                                        {(id)kSecValueData, data},

                                        {(id)kSecAttrIsPermanent, (keychain ?$true :$false)},

                                        {(id)kSecReturnPersistentRef, $true} );

    SecKeyRef key = [[self class] _addKeyWithInfo: info];

    if (!key) {

        [self release];

        return nil;

    }

    self = [self initWithKeyRef: (SecKeyRef)key];

    if (self) {

        if (!keychain)

            _keyData = [data copy];

    }

    return self;

}

- (id) initWithKeyData: (NSData*)data {

    return [self _initWithKeyData: data forKeychain: nil];

}

- (void) dealloc

{

    [_keyData release];

    [super dealloc];

}

- (SecExternalItemType) keyClass {

    AssertAbstractMethod();

}

- (SecExternalItemType) keyType {

    return NULL;

}

- (NSData*) keyData {

    if (_keyData)

        return _keyData;

    NSDictionary *info = $dict( {(id)kSecValueRef, (id)self.keyRef},

                                {(id)kSecReturnData, $true} );

    CFDataRef data;

    if (!check(SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef*)&data), @"SecItemCopyMatching"))

        return nil;

    else {

        Assert(data!=NULL);

        _keyData = NSMakeCollectable(data);

        return _keyData;

    }

    // The format of this data is not documented. There's been some reverse-engineering:

    // https://devforums.apple.com/message/32089#32089

    // Apparently it is a DER-formatted sequence of a modulus followed by an exponent.

    // This can be converted to OpenSSL format by wrapping it in some additional DER goop.

}

- (MYSHA1Digest*) _keyDigest {

    return [self.keyData my_SHA1Digest];

}

- (SecKeyRef) keyRef {

    return (SecKeyRef) self.keychainItemRef;

}

- (id) _attribute: (CFTypeRef)attribute {

    NSDictionary *info = $dict({(id)kSecValueRef, (id)self.keyRef},

                               {(id)kSecReturnAttributes, $true});

    CFDictionaryRef attrs = NULL;

    if (!check(SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef*)&attrs), @"SecItemCopyMatching"))

        return nil;

    Log(@"_attribute: %@ of %@ %p", attribute, [self class], self.keyRef);//TEMP

    CFTypeRef rawValue = CFDictionaryGetValue(attrs,attribute);

    id value = rawValue ?[[(id)CFMakeCollectable(rawValue) retain] autorelease] :nil;

    CFRelease(attrs);

    return value;

}

- (BOOL) setValue: (NSString*)value ofAttribute: (SecKeychainAttrType)attribute {

    if (!value)

        value = (id)[NSNull null];

    NSDictionary *query = $dict( {(id)kSecValueRef, (id)self.keyRef} );

    NSDictionary *attrs = $dict( {(id)attribute, value} );

    return check(SecItemUpdate((CFDictionaryRef)query, (CFDictionaryRef)attrs), @"SecItemUpdate");

}

- (NSString*) name {

    return [self _attribute: kSecAttrLabel];

}

- (void) setName: (NSString*)name {

    [self setValue: name ofAttribute: kSecAttrLabel];

}

- (NSString*) alias {

    return [self _attribute: kSecAttrApplicationTag];

}

- (void) setAlias: (NSString*)alias {

    [self setValue: alias ofAttribute: kSecAttrApplicationTag];

}

/** Asymmetric encryption/decryption; used by MYPublicKey and MYPrivateKey. */

- (NSData*) _crypt: (NSData*)data operation: (BOOL)operation {

    CAssert(data);

    size_t dataLength = data.length;

    SecKeyRef key = self.keyRef;

    size_t outputLength = MAX(dataLength, SecKeyGetBlockSize(key));

    void *outputBuf = malloc(outputLength);

    if (!outputBuf) return nil;

    OSStatus err;

    if (operation)

        err = SecKeyEncrypt(key, kSecPaddingNone,//PKCS1, 

                            data.bytes, dataLength,

                            outputBuf, &outputLength);

    else

        err = SecKeyDecrypt(key, kSecPaddingNone,//PKCS1, 

                            data.bytes, dataLength,

                            outputBuf, &outputLength);

    if (err) {

        free(outputBuf);

        Warn(@"%scrypting failed (%i)", (operation ?"En" :"De"), err);

        // Note: One of the errors I've seen is -9809, which is errSSLCrypto (SecureTransport.h)

        return nil;

    } else

        return [NSData dataWithBytesNoCopy: outputBuf length: outputLength freeWhenDone: YES];

}

@end

#endif MYCRYPTO_USE_IPHONE_API

/*

 Copyright (c) 2009, Jens Alfke <jens@mooseyard.com>. All rights reserved.

 Redistribution and use in source and binary forms, with or without modification, are permitted

 provided that the following conditions are met:

 * Redistributions of source code must retain the above copyright notice, this list of conditions

 and the following disclaimer.

 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions

 and the following disclaimer in the documentation and/or other materials provided with the

 distribution.

 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR

 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 

 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI-

 BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 

  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 

 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 

 THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */