1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/MYCryptor.m Sat Apr 04 20:42:03 2009 -0700
1.3 @@ -0,0 +1,325 @@
1.4 +//
1.5 +// Cryptor.m
1.6 +// MYCrypto
1.7 +//
1.8 +// Created by Jens Alfke on 3/21/09.
1.9 +// Copyright 2009 Jens Alfke. All rights reserved.
1.10 +//
1.11 +
1.12 +#import "MYCryptor.h"
1.13 +#import "MYDigest.h"
1.14 +#import "Test.h"
1.15 +
1.16 +#if USE_IPHONE_API
1.17 +#import <Security/SecRandom.h>
1.18 +#else
1.19 +#import "MYCrypto_Private.h"
1.20 +#import "MYKeychain.h"
1.21 +#import <stdlib.h>
1.22 +#endif
1.23 +
1.24 +
1.25 +NSString* const CryptorErrorDomain = @"CCCryptor";
1.26 +
1.27 +#if !USE_IPHONE_API
1.28 +static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes);
1.29 +#endif
1.30 +
1.31 +
1.32 +@interface MYCryptor ()
1.33 +@property (readwrite, retain) NSError *error;
1.34 +@end
1.35 +
1.36 +
1.37 +
1.38 +@implementation MYCryptor
1.39 +
1.40 +
1.41 ++ (NSData*) randomKeyOfLength: (size_t)length {
1.42 + NSParameterAssert(length<100000);
1.43 + uint8_t *bytes = malloc(length);
1.44 + if (!bytes) return nil;
1.45 +#if USE_IPHONE_API
1.46 + BOOL ok = SecRandomCopyBytes(kSecRandomDefault, length,bytes) >= 0;
1.47 +#else
1.48 + BOOL ok = generateRandomBytes([[MYKeychain defaultKeychain] CSPHandle], length, bytes);
1.49 +#endif
1.50 + if (ok)
1.51 + return [NSData dataWithBytesNoCopy: bytes length: length freeWhenDone: YES];
1.52 + else {
1.53 + free(bytes);
1.54 + return nil;
1.55 + }
1.56 +}
1.57 +
1.58 ++ (NSData*) keyOfLength: (size_t)lengthInBits fromPassphrase: (NSString*)passphrase
1.59 +{
1.60 + size_t lengthInBytes = (lengthInBits + 7)/8;
1.61 + MYDigest *digest = [[passphrase dataUsingEncoding: NSUTF8StringEncoding] my_SHA256Digest];
1.62 + if (lengthInBytes <= digest.length)
1.63 + return [digest.asData subdataWithRange: NSMakeRange(0,lengthInBytes)];
1.64 + else
1.65 + return nil;
1.66 +}
1.67 +
1.68 +
1.69 +- (id) initWithKey: (NSData*)key
1.70 + algorithm: (CCAlgorithm)algorithm
1.71 + operation: (CCOperation)op {
1.72 + self = [super init];
1.73 + if (self) {
1.74 + NSParameterAssert(key);
1.75 + _key = [key copy];
1.76 + _operation = op;
1.77 + _algorithm = algorithm;
1.78 + _options = kCCOptionPKCS7Padding;
1.79 + }
1.80 + return self;
1.81 +}
1.82 +
1.83 +- (id) initEncryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm {
1.84 + return [self initWithKey: key algorithm: algorithm operation: kCCEncrypt];
1.85 +}
1.86 +
1.87 +- (id) initDecryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm {
1.88 + return [self initWithKey: key algorithm: algorithm operation: kCCDecrypt];
1.89 +}
1.90 +
1.91 +- (void) dealloc
1.92 +{
1.93 + if (_cryptor)
1.94 + CCCryptorRelease(_cryptor);
1.95 + [_key autorelease];
1.96 + [_output autorelease];
1.97 + [_outputStream release];
1.98 + [super dealloc];
1.99 +}
1.100 +
1.101 +
1.102 +@synthesize key=_key, algorithm=_algorithm, options=_options,
1.103 + outputStream=_outputStream, error=_error;
1.104 +
1.105 +
1.106 +- (BOOL) _check: (CCCryptorStatus)status {
1.107 + if (status == kCCSuccess)
1.108 + return YES;
1.109 + else {
1.110 + Warn(@"MYCryptor: CCCryptor error %i", status);
1.111 + self.error = [NSError errorWithDomain: CryptorErrorDomain code: status userInfo: nil];
1.112 + return NO;
1.113 + }
1.114 +}
1.115 +
1.116 +
1.117 +- (BOOL) _outputBytes: (const void*)bytes length: (size_t)length {
1.118 + if (_outputStream) {
1.119 + NSInteger written = [_outputStream write: bytes maxLength: length];
1.120 + if (written < 0) {
1.121 + self.error = _outputStream.streamError;
1.122 + if (_error)
1.123 + Warn(@"MYCryptor: NSOutputStream error %@", _error);
1.124 + else
1.125 + [self _check: kMYCryptorErrorOutputStreamChoked];
1.126 + return NO;
1.127 + } else if (written < length) {
1.128 + [self _check: kMYCryptorErrorOutputStreamChoked];
1.129 + return NO;
1.130 + }
1.131 + } else if (length > 0) {
1.132 + [_output appendBytes: bytes length: length];
1.133 + }
1.134 + return YES;
1.135 +}
1.136 +
1.137 +
1.138 +- (BOOL) _start {
1.139 + if (!_cryptor && !_error) {
1.140 + if ([self _check: CCCryptorCreate(_operation, _algorithm, _options,
1.141 + _key.bytes, _key.length, NULL, &_cryptor)]) {
1.142 + _output = [[NSMutableData alloc] initWithCapacity: 1024];
1.143 + }
1.144 + }
1.145 + return !_error;
1.146 +}
1.147 +
1.148 +
1.149 +- (BOOL) addBytes: (const void*)bytes length: (size_t)length {
1.150 + if (length > 0) {
1.151 + NSParameterAssert(bytes!=NULL);
1.152 + if(!_error && (_cryptor || [self _start])) {
1.153 + size_t outputLength = CCCryptorGetOutputLength(_cryptor,length,false);
1.154 + void *output = malloc(outputLength);
1.155 + if ([self _check: CCCryptorUpdate(_cryptor, bytes, length,
1.156 + output, outputLength, &outputLength)]) {
1.157 + [self _outputBytes: output length: outputLength];
1.158 + }
1.159 + free(output);
1.160 + }
1.161 + }
1.162 + return !_error;
1.163 +}
1.164 +
1.165 +- (BOOL) addData: (NSData*)data
1.166 +{
1.167 + return [self addBytes: data.bytes length: data.length];
1.168 +}
1.169 +
1.170 +- (BOOL) addString: (NSString*)str {
1.171 + return [self addData: [str dataUsingEncoding: NSUTF8StringEncoding]];
1.172 +}
1.173 +
1.174 +
1.175 +- (BOOL) addFromStream: (NSInputStream*)input
1.176 +{
1.177 + uint8_t inputBuffer[1024];
1.178 + size_t avail;
1.179 + while (!_error && input.hasBytesAvailable) {
1.180 + avail = sizeof(inputBuffer);
1.181 + NSInteger nRead = [input read: inputBuffer maxLength: sizeof(inputBuffer)];
1.182 + if (nRead < 0) {
1.183 + self.error = input.streamError;
1.184 + return NO;
1.185 + } else if (nRead == 0) {
1.186 + break;
1.187 + } else if (![self addBytes: inputBuffer length: nRead])
1.188 + return NO;
1.189 + }
1.190 + return YES;
1.191 +}
1.192 +
1.193 +
1.194 +- (BOOL) finish
1.195 +{
1.196 + if(!_error && (_cryptor || [self _start])) {
1.197 + size_t outputLength = 100; //CCCryptorGetOutputLength(_cryptor,1,true);
1.198 + void *output = malloc(outputLength);
1.199 + if ([self _check: CCCryptorFinal(_cryptor, output, outputLength, &outputLength)]) {
1.200 + [self _outputBytes: output length: outputLength];
1.201 + }
1.202 + free(output);
1.203 + }
1.204 + CCCryptorRelease(_cryptor);
1.205 + _cryptor = NULL;
1.206 + return !_error;
1.207 +}
1.208 +
1.209 +
1.210 +- (NSData*) outputData {
1.211 + if (_cryptor) [self finish];
1.212 + if(_error) {
1.213 + [_output release];
1.214 + _output = nil;
1.215 + }
1.216 + return _output;
1.217 +}
1.218 +
1.219 +- (NSString*) outputString {
1.220 + NSData *output = self.outputData;
1.221 + if (output) {
1.222 + NSString *str = [[NSString alloc] initWithData: output encoding: NSUTF8StringEncoding];
1.223 + return [str autorelease];
1.224 + } else
1.225 + return nil;
1.226 +}
1.227 +
1.228 +
1.229 +// NSStream delegate method
1.230 +- (void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode {
1.231 + switch (eventCode) {
1.232 + case NSStreamEventHasBytesAvailable:
1.233 + [self addFromStream: (NSInputStream*)stream];
1.234 + break;
1.235 + case NSStreamEventEndEncountered:
1.236 + [self finish];
1.237 + break;
1.238 + case NSStreamEventErrorOccurred:
1.239 + if (!_error)
1.240 + self.error = stream.streamError;
1.241 + break;
1.242 + default:
1.243 + break;
1.244 + }
1.245 +}
1.246 +
1.247 +
1.248 +
1.249 +@end
1.250 +
1.251 +
1.252 +
1.253 +
1.254 +#if !USE_IPHONE_API
1.255 +static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes) {
1.256 + // Adapted from code in Keychain.framework's KeychainUtils.m by Wade Tregaskis.
1.257 + CSSM_CC_HANDLE ccHandle;
1.258 + if (!checkcssm(CSSM_CSP_CreateRandomGenContext(module, CSSM_ALGID_APPLE_YARROW, NULL,
1.259 + lengthInBytes, &ccHandle),
1.260 + @"CSSM_CSP_CreateRandomGenContext"))
1.261 + return NO;
1.262 + CSSM_DATA data = {.Data=dstBytes, .Length=lengthInBytes};
1.263 + BOOL ok = checkcssm(CSSM_GenerateRandom(ccHandle, &data), @"CSSM_GenerateRandom");
1.264 + CSSM_DeleteContext(ccHandle);
1.265 + return ok;
1.266 +}
1.267 +#endif
1.268 +
1.269 +
1.270 +
1.271 +
1.272 +TestCase(MYCryptor) {
1.273 + // Encryption:
1.274 + NSData *key = [MYCryptor randomKeyOfLength: kCCKeySizeAES256];
1.275 + Log(@"Key = %@",key);
1.276 + MYCryptor *enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128];
1.277 + CAssert(enc);
1.278 + CAssert([enc addString: @"This is a test. "]);
1.279 + CAssert([enc addString: @"This is only a test."]);
1.280 + CAssertEqual(enc.error, nil);
1.281 + NSData *encrypted = enc.outputData;
1.282 + CAssertEqual(enc.error, nil);
1.283 + CAssert(encrypted.length > 0);
1.284 + [enc release];
1.285 + Log(@"Encrypted = %@", encrypted);
1.286 +
1.287 + // Decryption:
1.288 + MYCryptor *dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128];
1.289 + CAssert(dec);
1.290 + CAssert([dec addData: encrypted]);
1.291 + NSString *decrypted = dec.outputString;
1.292 + CAssertEqual(dec.error, nil);
1.293 + [dec release];
1.294 + Log(@"Decrypted = '%@'", decrypted);
1.295 + CAssertEqual(decrypted, @"This is a test. This is only a test.");
1.296 +
1.297 + // Encryption to stream:
1.298 + key = [MYCryptor randomKeyOfLength: kCCKeySizeAES256];
1.299 + Log(@"Key = %@",key);
1.300 + enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128];
1.301 + CAssert(enc);
1.302 + enc.outputStream = [NSOutputStream outputStreamToMemory];
1.303 + [enc.outputStream open];
1.304 + CAssert([enc addString: @"This is a test. "]);
1.305 + CAssert([enc addString: @"This is only a test."]);
1.306 + CAssert([enc finish]);
1.307 + CAssertEqual(enc.error, nil);
1.308 + encrypted = [[enc.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey] retain];
1.309 + CAssert(encrypted.length > 0);
1.310 + [enc release];
1.311 + Log(@"Encrypted = %@", encrypted);
1.312 +
1.313 + dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128];
1.314 + CAssert(dec);
1.315 + dec.outputStream = [NSOutputStream outputStreamToMemory];
1.316 + [dec.outputStream open];
1.317 + CAssert([dec addData: encrypted]);
1.318 + CAssert([dec finish]);
1.319 + CAssertEqual(dec.error, nil);
1.320 + NSData *decryptedData = [dec.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey];
1.321 + [dec release];
1.322 + decrypted = [[NSString alloc] initWithData: decryptedData
1.323 + encoding: NSUTF8StringEncoding];
1.324 + Log(@"Decrypted = '%@'", decrypted);
1.325 + CAssertEqual(decrypted, @"This is a test. This is only a test.");
1.326 + [encrypted release];
1.327 + [decrypted release];
1.328 +}