Added a few comments. That is all.
5 // Created by Jens Alfke on 3/21/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import "MYPublicKey.h"
10 #import "MYCrypto_Private.h"
12 #import "MYASN1Object.h"
13 #import "MYDEREncoder.h"
14 #import "MYBERParser.h"
15 #import "MYErrorUtils.h"
16 #import <CommonCrypto/CommonDigest.h>
20 @implementation MYPublicKey
23 - (id) initWithModulus: (NSData*)modulus exponent: (unsigned)exponent {
24 // An RSA key is encoded in ASN.1 as a sequence of modulus and exponent, both as integers.
25 MYASN1BigInteger *modulusInt = [[MYASN1BigInteger alloc] initWithUnsignedData: modulus];
26 id asn1 = $array( modulusInt, $object(exponent) );
28 NSData *keyData = [MYDEREncoder encodeRootObject: asn1 error: nil];
29 return [self initWithKeyData: keyData];
39 - (SecExternalItemType) keyType {
40 #if MYCRYPTO_USE_IPHONE_API
41 return kSecAttrKeyClassPublic;
43 return kSecItemTypePublicKey;
48 return self.publicKeyDigest.hash;
51 - (NSString*) description {
52 return $sprintf(@"%@[%@]", [self class], self.publicKeyDigest.abbreviatedHexString);
55 - (MYSHA1Digest*) publicKeyDigest {
57 _digest = [[self _keyDigest] retain];
61 #if !MYCRYPTO_USE_IPHONE_API
62 - (SecExternalFormat) _externalFormat {
63 return kSecFormatBSAFE;
68 - (BOOL) getModulus: (NSData**)outModulus exponent: (unsigned*)outExponent {
69 Assert(outModulus!=nil);
70 Assert(outExponent!=nil);
71 NSArray *asn1 = $castIf(NSArray, MYBERParse(self.keyData, nil));
72 if (!asn1 || asn1.count != 2)
74 *outModulus = $castIf(MYASN1BigInteger, [asn1 objectAtIndex: 0]).unsignedData;
75 *outExponent = $castIf(NSNumber, [asn1 objectAtIndex: 1]).unsignedIntValue;
76 return (*outModulus!=nil && *outExponent>=3);
80 - (NSData*) rawEncryptData: (NSData*)data {
81 return [self _crypt: data operation: YES];
85 - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data {
89 #if MYCRYPTO_USE_IPHONE_API
90 uint8_t digest[CC_SHA1_DIGEST_LENGTH];
91 CC_SHA1(data.bytes,data.length, digest);
92 OSStatus err = SecKeyRawVerify(self.keyRef, kSecPaddingPKCS1SHA1,
93 digest,sizeof(digest), //data.bytes, data.length,
94 signature.bytes, signature.length);
98 CSSM_CC_HANDLE ccHandle = [self _createSignatureContext: CSSM_ALGID_SHA1WithRSA];
99 if (!ccHandle) return NO;
100 CSSM_DATA original = {data.length, (void*)data.bytes};
101 CSSM_DATA sig = {signature.length, (void*)signature.bytes};
102 CSSM_RETURN cssmErr = CSSM_VerifyData(ccHandle, &original, 1, CSSM_ALGID_NONE, &sig);
103 CSSM_DeleteContext(ccHandle);
104 if (cssmErr == CSSM_OK)
106 if (cssmErr != CSSMERR_CSP_VERIFY_FAILED)
107 Warn(@"CSSM error verifying signature: %u", MYErrorName(MYCSSMErrorDomain,cssmErr));
113 #if !TARGET_OS_IPHONE
114 - (CSSM_WRAP_KEY*) _unwrappedCSSMKey {
115 const CSSM_KEY *key = self.cssmKey;
117 if (key->KeyHeader.BlobType == CSSM_KEYBLOB_WRAPPED) {
118 Warn(@"Key is already wrapped.\n");
122 if (key->KeyHeader.KeyClass != CSSM_KEYCLASS_PUBLIC_KEY)
123 Warn(@"Warning: Null wrapping a non-public key - this is a dangerous operation.\n");
125 const CSSM_ACCESS_CREDENTIALS* credentials;
126 credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED
127 type: kSecCredentialTypeDefault error: nil];
128 CSSM_CC_HANDLE ccHandle;
129 if (!checkcssm(CSSM_CSP_CreateSymmetricContext(self.cssmCSPHandle,
130 CSSM_ALGID_NONE, CSSM_ALGMODE_WRAP,
132 CSSM_PADDING_NONE, NULL,
134 @"CSSM_CSP_CreateSymmetricContext"))
137 CSSM_WRAP_KEY *result = malloc(sizeof(CSSM_WRAP_KEY));
138 if (!checkcssm(CSSM_WrapKey(ccHandle, credentials, key, NULL, result),
143 CSSM_DeleteContext(ccHandle);
148 - (NSData*) wrapSessionKey: (MYSymmetricKey*)sessionKey {
149 const CSSM_ACCESS_CREDENTIALS* credentials;
150 credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED
151 type: kSecCredentialTypeDefault error: nil];
152 CSSM_CSP_HANDLE cspHandle = self.cssmCSPHandle;
154 if (!checkcssm(CSSM_CSP_CreateAsymmetricContext(cspHandle,
160 @"CSSM_CSP_CreateAsymmetricContext"))
164 NSData *result = nil;
165 CSSM_WRAP_KEY wrappedKey = {};
166 CSSM_DATA descriptiveData = {};
167 if (checkcssm(CSSM_WrapKey(ctx, credentials, sessionKey.cssmKey, &descriptiveData, &wrappedKey),
169 // ...and copy the wrapped key data to the result NSData:
170 result = [NSData dataWithBytes: wrappedKey.KeyData.Data length: wrappedKey.KeyData.Length];
171 CSSM_FreeKey(cspHandle, credentials, &wrappedKey, NO);
173 // Finally, delete the context
174 CSSM_DeleteContext(ctx);
187 Copyright (c) 2009, Jens Alfke <jens@mooseyard.com>. All rights reserved.
189 Redistribution and use in source and binary forms, with or without modification, are permitted
190 provided that the following conditions are met:
192 * Redistributions of source code must retain the above copyright notice, this list of conditions
193 and the following disclaimer.
194 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions
195 and the following disclaimer in the documentation and/or other materials provided with the
198 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
199 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
200 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI-
201 BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
202 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
203 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
204 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
205 THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.