1.1 --- a/MYSymmetricKey.m Sun Apr 19 21:19:35 2009 -0700
1.2 +++ b/MYSymmetricKey.m Sat Jun 06 15:01:28 2009 -0700
1.3 @@ -34,8 +34,15 @@
1.4
1.5 static CSSM_KEY* cssmKeyFromData( NSData *keyData, CSSM_ALGORITHMS algorithm,
1.6 MYKeychain *keychain);
1.7 -//static CSSM_ENCRYPT_MODE defaultModeForAlgorithm(CSSM_ALGORITHMS algorithm);
1.8 -//CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm);
1.9 +
1.10 +#if !TARGET_OS_IPHONE
1.11 +static CSSM_KEY* unwrapCssmKeyFromData(NSData *wrappedData,
1.12 + CSSM_ALGORITHMS algorithm,
1.13 + unsigned sizeInBits);
1.14 +static CSSM_ENCRYPT_MODE defaultModeForAlgorithm(CSSM_ALGORITHMS algorithm);
1.15 +static CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm);
1.16 +#endif
1.17 +
1.18 static CSSM_DATA makeSalt( id salty, size_t length );
1.19 static CSSM_RETURN impExpCreatePassKey(
1.20 const SecKeyImportExportParameters *keyParams, // required
1.21 @@ -49,6 +56,10 @@
1.22
1.23
1.24 - (id) _initWithCSSMKey: (CSSM_KEY*)cssmKey {
1.25 + if (!cssmKey) {
1.26 + [self release];
1.27 + return nil;
1.28 + }
1.29 SecKeyRef keyRef = NULL;
1.30 if (SecKeyCreate == NULL) {
1.31 // If weak-linked SPI fn no longer exists
1.32 @@ -75,10 +86,6 @@
1.33 Assert(algorithm <= kCCAlgorithmRC4);
1.34 Assert(keyData);
1.35 CSSM_KEY *key = cssmKeyFromData(keyData, CSSMFromCCAlgorithm(algorithm), keychain);
1.36 - if (!key) {
1.37 - [self release];
1.38 - return nil;
1.39 - }
1.40 return [self _initWithCSSMKey: key];
1.41 }
1.42
1.43 @@ -223,9 +230,15 @@
1.44
1.45
1.46 #if !TARGET_OS_IPHONE
1.47 +- (id) initWithWrappedKeyData: (NSData*)wrappedKeyData {
1.48 + return [self _initWithCSSMKey: unwrapCssmKeyFromData(wrappedKeyData,
1.49 + CSSM_ALGID_AES,128)];
1.50 +}
1.51 +
1.52 +
1.53 - (NSData*) exportWrappedKeyWithPassphrasePrompt: (NSString*)prompt
1.54 {
1.55 - // Prompt use for a passphrase to use for the wrapping key:
1.56 + // Prompt user for a passphrase to use for the wrapping key:
1.57 MYSymmetricKey *wrappingKey = [MYSymmetricKey
1.58 generateFromUserPassphraseWithAlertTitle: @"Export Key"
1.59 alertPrompt: prompt
1.60 @@ -238,15 +251,17 @@
1.61 // Create the context:
1.62 CSSM_ACCESS_CREDENTIALS credentials = {};
1.63 CSSM_CSP_HANDLE cspHandle = self.cssmCSPHandle;
1.64 - //CSSM_ALGORITHMS algorithm = wrappingKey.cssmAlgorithm;
1.65 + CSSM_ALGORITHMS algorithm = wrappingKey.cssmAlgorithm;
1.66 + uint8 iv[16] = {0}; // Right size for AES. Are zeros OK? //FIX: Support other algorithms
1.67 + CSSM_DATA ivData = {.Data=(void*)&iv, .Length=sizeof(iv)};
1.68 CSSM_CC_HANDLE ctx;
1.69 if (!checkcssm(CSSM_CSP_CreateSymmetricContext(cspHandle,
1.70 - wrappingKey.cssmAlgorithm, //CSSM_ALGID_3DES_3KEY_EDE, //algorithm,
1.71 - CSSM_ALGMODE_CBCPadIV8, //defaultModeForAlgorithm(algorithm),
1.72 + algorithm, //CSSM_ALGID_3DES_3KEY_EDE
1.73 + defaultModeForAlgorithm(algorithm),
1.74 &credentials,
1.75 wrappingKey.cssmKey,
1.76 - NULL,
1.77 - CSSM_PADDING_PKCS7, //defaultPaddingForAlgorithm(algorithm),
1.78 + &ivData,
1.79 + defaultPaddingForAlgorithm(algorithm),
1.80 NULL,
1.81 &ctx),
1.82 @"CSSM_CSP_CreateSymmetricContext"))
1.83 @@ -396,6 +411,35 @@
1.84 }
1.85
1.86
1.87 +#if !TARGET_OS_IPHONE
1.88 +static CSSM_KEY* unwrapCssmKeyFromData(NSData *wrappedData,
1.89 + CSSM_ALGORITHMS algorithm,
1.90 + unsigned sizeInBits) {
1.91 + Warn(@"MYSymmetricKey: unwrapping is unimplemented; sorry");
1.92 + return nil;
1.93 +#if 0 //not finished yet
1.94 + // First create a wrapped-key structure from the data:
1.95 + CSSM_WRAP_KEY wrappedKey = {
1.96 + .KeyHeader = {
1.97 + .BlobType = CSSM_KEYBLOB_WRAPPED,
1.98 + .Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS3,
1.99 + .AlgorithmId = algorithm,
1.100 + .KeyClass = CSSM_KEYCLASS_SESSION_KEY,
1.101 + .LogicalKeySizeInBits = sizeInBits,
1.102 + .KeyAttr = CSSM_KEYATTR_EXTRACTABLE,
1.103 + .KeyUsage = CSSM_KEYUSE_ANY,
1.104 + .WrapAlgorithmId = CSSM_ALGID_AES,
1.105 + },
1.106 + .KeyData = {
1.107 + .Data = (void*)wrappedData.bytes,
1.108 + .Length = wrappedData.length
1.109 + }
1.110 + };
1.111 +#endif
1.112 +}
1.113 +#endif
1.114 +
1.115 +
1.116 // Create salt data of a specific length from an arbitrary NSObject. */
1.117 static CSSM_DATA makeSalt( id salty, size_t length ) {
1.118 // Convert to NSData if necessary:
1.119 @@ -416,7 +460,9 @@
1.120
1.121 #pragma mark -
1.122 // Code from Keychain.framework:
1.123 -#if 0
1.124 +
1.125 +#if !TARGET_OS_IPHONE
1.126 +#if 1
1.127 static CSSM_ENCRYPT_MODE defaultModeForAlgorithm(CSSM_ALGORITHMS algorithm) {
1.128 switch(algorithm) {
1.129 // 8-byte block ciphers
1.130 @@ -438,8 +484,10 @@
1.131 return CSSM_ALGMODE_NONE;
1.132 }
1.133 }
1.134 +#endif
1.135
1.136 -CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm) {
1.137 +#if 1
1.138 +static CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm) {
1.139 switch(algorithm) {
1.140 /* 8-byte block ciphers */
1.141 case CSSM_ALGID_DES:
1.142 @@ -465,6 +513,7 @@
1.143 }
1.144 }
1.145 #endif
1.146 +#endif
1.147
1.148 #pragma mark -
1.149 // Code below was copied from SecImportExportUtils.cpp in Apple's libsecurity_keychain project