1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/MYKeychain-iPhone.m Sat Apr 04 22:56:13 2009 -0700
1.3 @@ -0,0 +1,269 @@
1.4 +//
1.5 +// MYKeychain-iPhone.m
1.6 +// MYCrypto-iPhone
1.7 +//
1.8 +// Created by Jens Alfke on 3/31/09.
1.9 +// Copyright 2009 Jens Alfke. All rights reserved.
1.10 +//
1.11 +
1.12 +#import "MYCrypto_Private.h"
1.13 +#import "MYDigest.h"
1.14 +
1.15 +#if USE_IPHONE_API
1.16 +
1.17 +
1.18 +@interface MYKeyEnumerator : NSEnumerator
1.19 +{
1.20 + CFArrayRef _results;
1.21 + CFTypeRef _itemClass;
1.22 + CFIndex _index;
1.23 +}
1.24 +
1.25 +- (id) initWithQuery: (NSMutableDictionary*)query;
1.26 ++ (id) firstItemWithQuery: (NSMutableDictionary*)query;
1.27 +@end
1.28 +
1.29 +
1.30 +
1.31 +@implementation MYKeychain
1.32 +
1.33 +
1.34 ++ (MYKeychain*) allKeychains
1.35 +{
1.36 + // iPhone only has a single keychain.
1.37 + return [self defaultKeychain];
1.38 +}
1.39 +
1.40 ++ (MYKeychain*) defaultKeychain
1.41 +{
1.42 + static MYKeychain *sDefaultKeychain;
1.43 + @synchronized(self) {
1.44 + if (!sDefaultKeychain) {
1.45 + sDefaultKeychain = [[self alloc] init];
1.46 + }
1.47 + }
1.48 + return sDefaultKeychain;
1.49 +}
1.50 +
1.51 +
1.52 +- (id) copyWithZone: (NSZone*)zone {
1.53 + // It's not necessary to make copies of Keychain objects. This makes it more efficient
1.54 + // to use instances as NSDictionary keys or store them in NSSets.
1.55 + return [self retain];
1.56 +}
1.57 +
1.58 +
1.59 +
1.60 +#pragma mark -
1.61 +#pragma mark SEARCHING:
1.62 +
1.63 +
1.64 +- (MYPublicKey*) publicKeyWithDigest: (MYSHA1Digest*)pubKeyDigest {
1.65 + return [MYKeyEnumerator firstItemWithQuery:
1.66 + $mdict({(id)kSecClass, (id)kSecClassKey},
1.67 + {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData},
1.68 + {(id)kSecReturnRef, $true})];
1.69 +}
1.70 +
1.71 +- (NSEnumerator*) enumeratePublicKeys {
1.72 + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
1.73 + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPublic},
1.74 + {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
1.75 + {(id)kSecReturnRef, $true});
1.76 + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
1.77 +}
1.78 +
1.79 +
1.80 +- (MYKeyPair*) keyPairWithDigest: (MYSHA1Digest*)pubKeyDigest {
1.81 + return [MYKeyEnumerator firstItemWithQuery:
1.82 + $mdict({(id)kSecClass, (id)kSecClassKey},
1.83 + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPrivate},
1.84 + {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData},
1.85 + {(id)kSecReturnRef, $true})];
1.86 +}
1.87 +
1.88 +- (NSEnumerator*) enumerateKeyPairs {
1.89 + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
1.90 + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPrivate},
1.91 + {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
1.92 + {(id)kSecReturnRef, $true});
1.93 + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
1.94 +}
1.95 +
1.96 +- (MYCertificate*) certificateWithDigest: (MYSHA1Digest*)pubKeyDigest {
1.97 + return [MYKeyEnumerator firstItemWithQuery:
1.98 + $mdict({(id)kSecClass, (id)kSecClassCertificate},
1.99 + {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData},
1.100 + {(id)kSecReturnRef, $true})];
1.101 +}
1.102 +
1.103 +- (NSEnumerator*) enumerateCertificates {
1.104 + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassCertificate},
1.105 + {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
1.106 + {(id)kSecReturnRef, $true});
1.107 + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
1.108 +}
1.109 +
1.110 +- (NSEnumerator*) enumerateSymmetricKeys {
1.111 + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
1.112 + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassSymmetric},
1.113 + {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
1.114 + {(id)kSecReturnRef, $true});
1.115 + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
1.116 +}
1.117 +
1.118 +- (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias {
1.119 + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
1.120 + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassSymmetric},
1.121 + {(id)kSecAttrApplicationTag, alias},
1.122 + {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
1.123 + {(id)kSecReturnRef, $true});
1.124 + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
1.125 +}
1.126 +
1.127 +
1.128 +#pragma mark -
1.129 +#pragma mark IMPORT:
1.130 +
1.131 +
1.132 +- (MYPublicKey*) importPublicKey: (NSData*)keyData {
1.133 + return [[[MYPublicKey alloc] _initWithKeyData: keyData
1.134 + forKeychain: self]
1.135 + autorelease];
1.136 +}
1.137 +
1.138 +- (MYCertificate*) importCertificate: (NSData*)data
1.139 +{
1.140 + Assert(data);
1.141 + NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassCertificate},
1.142 + {(id)kSecValueData, data},
1.143 + {(id)kSecReturnRef, $true} );
1.144 + SecCertificateRef cert;
1.145 + if (!check(SecItemAdd((CFDictionaryRef)info, (CFTypeRef*)&cert), @"SecItemAdd"))
1.146 + return nil;
1.147 + return [[[MYCertificate alloc] initWithCertificateRef: cert] autorelease];
1.148 +}
1.149 +
1.150 +
1.151 +#pragma mark -
1.152 +#pragma mark GENERATION:
1.153 +
1.154 +
1.155 +- (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits
1.156 + algorithm: (CCAlgorithm)algorithm
1.157 +{
1.158 + return [MYSymmetricKey _generateSymmetricKeyOfSize: keySizeInBits
1.159 + algorithm: algorithm inKeychain: self];
1.160 +}
1.161 +
1.162 +- (MYKeyPair*) generateRSAKeyPairOfSize: (unsigned)keySize {
1.163 + return [MYKeyPair _generateRSAKeyPairOfSize: keySize inKeychain: self];
1.164 +}
1.165 +
1.166 +
1.167 +
1.168 +@end
1.169 +
1.170 +
1.171 +
1.172 +#pragma mark -
1.173 +@implementation MYKeyEnumerator
1.174 +
1.175 +- (id) initWithQuery: (NSMutableDictionary*)query {
1.176 + self = [super init];
1.177 + if (self) {
1.178 + if (![query objectForKey: (id)kSecMatchLimit])
1.179 + [query setObject: (id)kSecMatchLimitAll forKey: (id)kSecMatchLimit];
1.180 + OSStatus err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef*)&_results);
1.181 + if (err && err != errSecItemNotFound) {
1.182 + check(err,@"SecItemCopyMatching");
1.183 + [self release];
1.184 + return nil;
1.185 + }
1.186 + if (_results) CFRetain(_results);
1.187 + _itemClass = (CFTypeRef)[query objectForKey: (id)kSecClass];
1.188 + if (_itemClass == kSecClassKey)
1.189 + _itemClass = (CFTypeRef)[query objectForKey: (id)kSecAttrKeyClass];
1.190 + if (_itemClass) CFRetain(_itemClass);
1.191 + }
1.192 + return self;
1.193 +}
1.194 +
1.195 ++ (id) firstItemWithQuery: (NSMutableDictionary*)query {
1.196 + MYKeyEnumerator *e = [[self alloc] initWithQuery: query];
1.197 + MYKeychainItem *item = e.nextObject;
1.198 + [e release];
1.199 + return item;
1.200 +}
1.201 +
1.202 +- (void) dealloc
1.203 +{
1.204 + if (_itemClass) CFRelease(_itemClass);
1.205 + if (_results) CFRelease(_results);
1.206 + [super dealloc];
1.207 +}
1.208 +
1.209 +
1.210 +- (id) nextObject {
1.211 + if (!_results)
1.212 + return nil;
1.213 + MYKeychainItem *next = nil;
1.214 + for (; next==nil && _index < CFArrayGetCount(_results); _index++) {
1.215 + CFTypeRef found = CFArrayGetValueAtIndex(_results, _index);
1.216 + if (_itemClass == kSecAttrKeyClassPrivate) {
1.217 + MYSHA1Digest *digest = [MYPublicKey _digestOfKey: (SecKeyRef)found];
1.218 + if (digest) {
1.219 + MYPublicKey *publicKey = [[MYKeychain defaultKeychain] publicKeyWithDigest: digest];
1.220 + if (publicKey)
1.221 + next = [[[MYKeyPair alloc] initWithPublicKeyRef: publicKey.keyRef
1.222 + privateKeyRef: (SecKeyRef)found]
1.223 + autorelease];
1.224 + else {
1.225 + // The matching public key won't turn up if it's embedded in a certificate;
1.226 + // I'd have to search for certs if I wanted to look that up. Skip it for now.
1.227 + //Warn(@"Couldn't find matching public key for private key!");
1.228 + }
1.229 + }
1.230 + break;
1.231 + } else if (_itemClass == kSecAttrKeyClassPublic) {
1.232 + next = [[[MYPublicKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease];
1.233 + break;
1.234 + } else if (_itemClass == kSecAttrKeyClassSymmetric) {
1.235 + next = [[[MYSymmetricKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease];
1.236 + break;
1.237 + } else if (_itemClass == kSecClassCertificate) {
1.238 + next = [[[MYCertificate alloc] initWithCertificateRef: (SecCertificateRef)found] autorelease];
1.239 + break;
1.240 + }
1.241 + CFRelease(found);
1.242 + }
1.243 + return next;
1.244 +}
1.245 +
1.246 +
1.247 +@end
1.248 +
1.249 +#endif USE_IPHONE_API
1.250 +
1.251 +
1.252 +/*
1.253 + Copyright (c) 2009, Jens Alfke <jens@mooseyard.com>. All rights reserved.
1.254 +
1.255 + Redistribution and use in source and binary forms, with or without modification, are permitted
1.256 + provided that the following conditions are met:
1.257 +
1.258 + * Redistributions of source code must retain the above copyright notice, this list of conditions
1.259 + and the following disclaimer.
1.260 + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions
1.261 + and the following disclaimer in the documentation and/or other materials provided with the
1.262 + distribution.
1.263 +
1.264 + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
1.265 + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
1.266 + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI-
1.267 + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1.268 + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
1.269 + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
1.270 + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1.271 + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.272 + */