Initial checkin. Passes tests on Mac and in iPhone simulator.
5 // Created by Jens Alfke on 4/1/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
10 #import "MYKeychain.h"
12 #import "MYCrypto_Private.h"
18 #pragma mark KEYCHAIN:
21 TestCase(MYKeychain) {
22 MYKeychain *kc = [MYKeychain defaultKeychain];
23 Log(@"Default keychain = %@", kc);
29 kc = [MYKeychain allKeychains];
30 Log(@"All-keychains = %@", kc);
32 CAssertEq(kc.path,nil);
36 TestCase(EnumerateKeys) {
37 RequireTestCase(MYKeychain);
38 NSEnumerator *e = [[MYKeychain allKeychains] enumeratePublicKeys];
39 Log(@"Public Key Enumerator = %@", e);
41 for (MYPublicKey *key in e) {
42 Log(@"Found %@ -- name=%@", key, key.name);
45 e = [[MYKeychain allKeychains] enumerateKeyPairs];
46 Log(@"Key-Pair Enumerator = %@", e);
48 for (MYKeyPair *key in e) {
49 Log(@"Found %@ -- name=%@", key, key.name);
52 e = [[MYKeychain allKeychains] enumerateSymmetricKeys];
53 Log(@"Symmetric Key Enumerator = %@", e);
55 for (MYSymmetricKey *key in e) {
56 Log(@"Found %@ -- name=%@", key, key.name);
61 TestCase(EnumerateCerts) {
62 RequireTestCase(MYKeychain);
63 NSEnumerator *e = [[MYKeychain allKeychains] enumerateCertificates];
64 Log(@"Enumerator = %@", e);
66 for (MYCertificate *cert in e) {
67 //Log(@"Found %@ -- name=%@, email=%@", cert, cert.commonName, cert.emailAddresses);
73 #pragma mark SYMMETRIC KEYS:
76 TestCase(MYSymmetricKey) {
78 static const CCAlgorithm kTestAlgorithms[kNTests] = {
79 kCCAlgorithmAES128, kCCAlgorithmAES128, kCCAlgorithmAES128,
80 kCCAlgorithmDES, kCCAlgorithm3DES,
81 kCCAlgorithmCAST, kCCAlgorithmCAST, kCCAlgorithmCAST,
82 kCCAlgorithmRC4, kCCAlgorithmRC4, kCCAlgorithmRC4};
84 static const unsigned kTestBitSizes[kNTests] = {
90 for (int i=0; i<kNTests; i++) {
91 NSAutoreleasePool *pool = [NSAutoreleasePool new];
92 Log(@"Test #%2i: algorithm = %3u-bit #%i", i+1, kTestBitSizes[i], (int)kTestAlgorithms[i]);
94 MYSymmetricKey *key = [MYSymmetricKey generateSymmetricKeyOfSize: kTestBitSizes[i]
95 algorithm: kTestAlgorithms[i]];
98 CAssert(key.cssmKey != NULL);
100 Log(@"Key data = %@", key.keyData);
101 CAssertEq(key.keyData.length, kTestBitSizes[i]/8);
103 // Encrypt a small amount of text:
104 NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];
105 NSData *encrypted = [key encryptData: cleartext];
106 Log(@"Encrypted = %u bytes: %@", encrypted.length, encrypted);
107 CAssert(encrypted.length >= cleartext.length);
108 NSData *decrypted = [key decryptData: encrypted];
109 CAssertEqual(decrypted, cleartext);
111 // Encrypt large binary data:
112 cleartext = [NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"];
114 encrypted = [key encryptData: cleartext];
115 Log(@"Encrypted = %u bytes", encrypted.length);
116 CAssert(encrypted.length >= cleartext.length);
117 decrypted = [key decryptData: encrypted];
118 CAssertEqual(decrypted, cleartext);
126 #pragma mark KEY-PAIRS:
130 RequireTestCase(MYKeychain);
132 Log(@"Generating key pair...");
133 MYKeyPair *pair = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: 512];
135 CAssert(pair.keyRef);
136 CAssert(pair.privateKeyRef);
137 Log(@"...created pair.");
140 [pair setName: @"Test KeyPair Label"];
141 CAssertEqual(pair.name, @"Test KeyPair Label");
142 #if !TARGET_OS_IPHONE
143 [pair setComment: @"This key-pair was generated automatically by a test case."];
144 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
146 [pair setAlias: @"TestCase@mooseyard.com"];
147 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
149 NSData *pubKeyData = pair.keyData;
150 Log(@"Public key = %@ (%u bytes)",pubKeyData,pubKeyData.length);
153 MYSHA1Digest *pubKeyDigest = pair.publicKeyDigest;
154 Log(@"Public key digest = %@",pubKeyDigest);
156 Log(@"SHA1 of pub key = %@", pubKeyData.my_SHA1Digest.asData);
158 NSData *data = [@"This is a test. This is only a test!" dataUsingEncoding: NSUTF8StringEncoding];
159 NSData *sig = [pair signData: data];
160 Log(@"Signature = %@ (%u bytes)",sig,sig.length);
162 CAssert( [pair verifySignature: sig ofData: data] );
164 // Test creating a standalone public key:
165 MYPublicKey *pub = [[MYPublicKey alloc] initWithKeyRef: pair.keyRef];
166 CAssert( [pub verifySignature: sig ofData: data] );
167 Log(@"Verified signature.");
169 // Test creating a public key from data:
170 Log(@"Reconstituting public key from data...");
171 pub = [[MYPublicKey alloc] initWithKeyData: pubKeyData];
173 CAssertEqual(pub.keyData, pubKeyData);
174 CAssertEqual(pub.publicKeyDigest, pubKeyDigest);
175 CAssert( [pub verifySignature: sig ofData: data] );
176 Log(@"Verified signature from reconstituted key.");
178 // Now let's encrypt...
179 NSData *crypted = [pub encryptData: data];
180 Log(@"Encrypted = %@ (%u bytes)",crypted,crypted.length);
183 CAssertEqual([pair decryptData: crypted], data);
184 Log(@"Verified decryption.");
186 CAssert([pair removeFromKeychain]);
187 Log(@"Removed key-pair.");
192 if ([pair removeFromKeychain])
193 Log(@"Removed key-pair from keychain.");
195 Warn(@"Unable to remove test key-pair from keychain");
203 #pragma mark KEYPAIR EXPORT:
206 static void testKeyPairExportWithPrompt(BOOL withPrompt) {
207 MYKeychain *keychain = [MYKeychain allKeychains];
208 Log(@"Generating key pair...");
209 MYKeyPair *pair = [keychain generateRSAKeyPairOfSize: 512];
211 CAssert(pair.keyRef);
212 CAssert(pair.privateKeyRef);
213 Log(@"...created pair.");
216 NSData *pubKeyData = pair.keyData;
217 CAssert(pubKeyData.length >= 512/8);
218 [pair setName: @"Test KeyPair Label"];
219 CAssertEqual(pair.name, @"Test KeyPair Label");
220 #if !TARGET_OS_IPHONE
221 [pair setComment: @"This key-pair was generated automatically by a test case."];
222 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
224 [pair setAlias: @"TestCase@mooseyard.com"];
225 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
227 #if !TARGET_OS_IPHONE
228 Log(@"Exporting key-pair...");
229 NSString *passphrase = @"passphrase";
232 privKeyData = [pair exportPrivateKey];
234 privKeyData = [pair _exportPrivateKeyInFormat: kSecFormatWrappedOpenSSL
236 passphrase: passphrase];
237 Log(@"Exported data = %@ (%u bytes)", privKeyData,privKeyData.length);
238 CAssert(privKeyData);
239 [privKeyData writeToFile: @"ExportedPrivKey" atomically: YES];
243 Log(@"Looking up public key of pair in keychain...");
244 MYSHA1Digest *digest = pair.publicKeyDigest;
245 MYPublicKey *foundKey = [keychain publicKeyWithDigest: digest];
246 CAssertEqual(foundKey, pair.asPublicKey);
247 CAssert([keychain.enumeratePublicKeys.allObjects containsObject: pair.asPublicKey]);
248 MYKeyPair *foundPair = [keychain keyPairWithDigest: digest];
249 CAssertEqual(foundPair, pair);
250 CAssert([keychain.enumerateKeyPairs.allObjects containsObject: pair]);
252 Log(@"Removing key-pair from keychain...");
253 CAssert([pair removeFromKeychain]);
255 CAssert([keychain publicKeyWithDigest: digest] == nil);
257 #if !TARGET_OS_IPHONE
258 Log(@"Importing key-pair...");
260 pair = [keychain importPublicKey: pubKeyData
261 privateKey: privKeyData];
263 pair = [[[MYKeyPair alloc] _initWithPublicKeyData: pubKeyData
264 privateKeyData: privKeyData
265 forKeychain: keychain.keychainRefOrDefault
266 passphrase: passphrase]
270 CAssertEqual(pair.keyData, pubKeyData);
274 if ([pair removeFromKeychain])
275 Log(@"Removed key-pair from keychain.");
277 Warn(@"Unable to remove test key-pair from keychain");
282 TestCase(KeyPairExport) {
283 RequireTestCase(MYKeychain);
284 RequireTestCase(KeyPair);
285 testKeyPairExportWithPrompt(NO);
288 TestCase(KeyPairExportWithUI) {
289 RequireTestCase(KeyPairExport);
290 testKeyPairExportWithPrompt(YES);