Initial checkin. Passes tests on Mac and in iPhone simulator.
5 // Created by Jens Alfke on 3/21/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
10 #import "MYCrypto_Private.h"
11 #import <CommonCrypto/CommonDigest.h>
18 @implementation MYKeyPair
21 + (MYKeyPair*) _generateRSAKeyPairOfSize: (unsigned)keySize
22 inKeychain: (SecKeychainRef)keychain {
23 Assert( keySize == 512 || keySize == 1024 || keySize == 2048, @"Unsupported key size %u", keySize );
24 SecKeyRef pubKey=NULL, privKey=NULL;
26 err = SecKeyCreatePair(keychain, CSSM_ALGID_RSA, keySize, 0LL,
27 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY, // public key
28 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT,
29 CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN, // private key
30 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_PERMANENT,
33 if (!check(err, @"SecKeyCreatePair")) {
36 return [[[self alloc] initWithPublicKeyRef: pubKey privateKeyRef: privKey] autorelease];
40 - (id) initWithPublicKeyRef: (SecKeyRef)publicKey privateKeyRef: (SecKeyRef)privateKey {
41 self = [super initWithKeyRef: publicKey];
43 NSParameterAssert(privateKey);
44 _privateKey = (SecKeyRef) CFRetain(privateKey);
49 - (id) _initWithPublicKeyData: (NSData*)pubKeyData
50 privateKey: (SecKeyRef)privateKey
51 forKeychain: (SecKeychainRef)keychain {
56 self = [self _initWithKeyData: pubKeyData forKeychain: keychain];
58 _privateKey = privateKey;
60 SecKeychainItemDelete((SecKeychainItemRef)privateKey);
61 CFRelease(privateKey);
67 // The public API for this is in MYKeychain.
68 - (id) _initWithPublicKeyData: (NSData*)pubKeyData
69 privateKeyData: (NSData*)privKeyData
70 forKeychain: (SecKeychainRef)keychain
71 alertTitle: (NSString*)title
72 alertPrompt: (NSString*)prompt
74 // Try to import the private key first, since the user might cancel the passphrase alert.
75 SecKeyImportExportParameters params = {
76 .flags = kSecKeySecurePassphrase,
77 .alertTitle = (CFStringRef) title,
78 .alertPrompt = (CFStringRef) prompt
80 SecKeyRef privateKey = importKey(privKeyData,kSecItemTypePrivateKey,keychain,¶ms);
81 return [self _initWithPublicKeyData: pubKeyData privateKey: privateKey forKeychain: keychain];
84 // This method is for testing, so unit-tests don't require user intervention.
85 // It's deliberately not made public, to discourage clients from trying to manage the passphrases
86 // themselves (this is less secure than letting the Security agent do it.)
87 - (id) _initWithPublicKeyData: (NSData*)pubKeyData
88 privateKeyData: (NSData*)privKeyData
89 forKeychain: (SecKeychainRef)keychain
90 passphrase: (NSString*)passphrase
92 SecKeyImportExportParameters params = {
93 .passphrase = (CFStringRef) passphrase,
95 SecKeyRef privateKey = importKey(privKeyData,kSecItemTypePrivateKey,keychain,¶ms);
96 return [self _initWithPublicKeyData: pubKeyData privateKey: privateKey forKeychain: keychain];
102 if (_privateKey) CFRelease(_privateKey);
108 // Ensure that a KeyPair doesn't hash the same as its corresponding PublicKey:
109 return super.hash ^ 0xFFFFFFFF;
113 - (MYPublicKey*) asPublicKey {
114 return [[[MYPublicKey alloc] initWithKeyRef: self.keyRef] autorelease];
118 - (NSData*) exportPrivateKeyInFormat: (SecExternalFormat)format
119 withPEM: (BOOL)withPEM
120 alertTitle: (NSString*)title
121 alertPrompt: (NSString*)prompt
123 SecKeyImportExportParameters params = {
124 .version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION,
125 .flags = kSecKeySecurePassphrase,
126 .alertTitle = (CFStringRef)title,
127 .alertPrompt = (CFStringRef)prompt
129 CFDataRef data = NULL;
130 if (check(SecKeychainItemExport(_privateKey, //$array((id)_publicKey,(id)_privateKey),
131 format, (withPEM ?kSecItemPemArmour :0),
133 @"SecKeychainItemExport"))
134 return [(id)CFMakeCollectable(data) autorelease];
139 - (NSData*) exportPrivateKey {
140 return [self exportPrivateKeyInFormat: kSecFormatWrappedOpenSSL withPEM: YES
141 alertTitle: @"Export Private Key"
142 alertPrompt: @"Enter a passphrase to protect the private-key file.\n"
143 "You will need to re-enter the passphrase later when importing the key from this file, "
144 "so keep it in a safe place."];
145 //FIX: Should make these messages localizable.
149 - (NSData*) _exportPrivateKeyInFormat: (SecExternalFormat)format
150 withPEM: (BOOL)withPEM
151 passphrase: (NSString*)passphrase
153 SecKeyImportExportParameters params = {
154 .version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION,
155 .passphrase = (CFStringRef)passphrase
157 CFDataRef data = NULL;
158 if (check(SecKeychainItemExport(_privateKey,
159 format, (withPEM ?kSecItemPemArmour :0),
161 @"SecKeychainItemExport"))
162 return [(id)CFMakeCollectable(data) autorelease];
167 - (BOOL) removeFromKeychain {
168 return check(SecKeychainItemDelete((SecKeychainItemRef)_privateKey), @"delete private key")
169 && [super removeFromKeychain];
173 @synthesize privateKeyRef=_privateKey;
176 - (NSData*) decryptData: (NSData*)data {
177 return _crypt(_privateKey,data,kCCDecrypt);
181 - (NSData*) signData: (NSData*)data {
183 uint8_t digest[CC_SHA1_DIGEST_LENGTH];
184 CC_SHA1(data.bytes,data.length, digest);
185 NSData *signature = nil;
186 CSSM_CC_HANDLE ccHandle = cssmCreateSignatureContext(_privateKey);
187 if (!ccHandle) return nil;
188 CSSM_DATA original = {data.length, (void*)data.bytes};
189 CSSM_DATA result = {0,NULL};
190 if (checkcssm(CSSM_SignData(ccHandle, &original, 1, CSSM_ALGID_NONE, &result), @"CSSM_SignData"))
191 signature = [NSData dataWithBytesNoCopy: result.Data length: result.Length
193 CSSM_DeleteContext(ccHandle);
198 - (BOOL) setValue: (NSString*)valueStr ofAttribute: (SecKeychainAttrType)attr {
199 return [super setValue: valueStr ofAttribute: attr]
200 && [[self class] _setAttribute: attr
201 ofItem: (SecKeychainItemRef)_privateKey
202 stringValue: valueStr];
209 #endif !USE_IPHONE_API
215 Copyright (c) 2009, Jens Alfke <jens@mooseyard.com>. All rights reserved.
217 Redistribution and use in source and binary forms, with or without modification, are permitted
218 provided that the following conditions are met:
220 * Redistributions of source code must retain the above copyright notice, this list of conditions
221 and the following disclaimer.
222 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions
223 and the following disclaimer in the documentation and/or other materials provided with the
226 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
227 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
228 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI-
229 BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
230 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
231 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
232 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
233 THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.