5 // Created by Jens Alfke on 4/1/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import "MYPublicKey.h"
10 #import "MYPrivateKey.h"
11 #import "MYKeychain.h"
13 #import "MYIdentity.h"
15 #import "MYCrypto+Cocoa.h"
17 #import "MYCrypto_Private.h"
23 #define kTestCaseRSAKeySize 2048
26 #pragma mark KEYCHAIN:
29 TestCase(MYKeychain) {
30 MYKeychain *kc = [MYKeychain defaultKeychain];
31 Log(@"Default keychain = %@", kc);
33 #if !MYCRYPTO_USE_IPHONE_API
37 kc = [MYKeychain allKeychains];
38 Log(@"All-keychains = %@", kc);
40 #if !MYCRYPTO_USE_IPHONE_API
41 CAssertEq(kc.path,nil);
46 TestCase(EnumerateKeys) {
47 RequireTestCase(MYKeychain);
48 NSEnumerator *e = [[MYKeychain allKeychains] enumeratePublicKeys];
49 Log(@"Public Key Enumerator = %@", e);
51 for (MYPublicKey *key in e) {
52 Log(@"Found %@ -- name=%@", key, key.name);
55 e = [[MYKeychain allKeychains] enumeratePrivateKeys];
56 Log(@"Key-Pair Enumerator = %@", e);
58 for (MYPrivateKey *key in e) {
59 Log(@"Found %@ -- name=%@", key, key.name);
62 e = [[MYKeychain allKeychains] enumerateSymmetricKeys];
63 Log(@"Symmetric Key Enumerator = %@", e);
65 for (MYSymmetricKey *key in e) {
66 Log(@"Found %@ -- name=%@", key, key.name);
71 TestCase(EnumerateCerts) {
72 RequireTestCase(MYKeychain);
73 NSEnumerator *e = [[MYKeychain allKeychains] enumerateCertificates];
74 Log(@"Enumerator = %@", e);
76 for (MYCertificate *cert in e) {
77 //Log(@"Found %@ -- name=%@, email=%@", cert, cert.commonName, cert.emailAddresses);
81 TestCase(EnumerateIdentities) {
82 RequireTestCase(MYKeychain);
83 NSEnumerator *e = [[MYKeychain allKeychains] enumerateIdentities];
84 Log(@"Enumerator = %@", e);
86 for (MYIdentity *ident in e) {
87 Log(@"Found %@\n\tcommonName=%@\n\temails=(%@)\n\tkey=%@",
88 ident, ident.commonName,
92 [ident.emailAddresses componentsJoinedByString: @", "],
100 #pragma mark SYMMETRIC KEYS:
103 static void testSymmetricKey( CCAlgorithm algorithm, unsigned sizeInBits, MYKeychain *inKeychain ) {
104 NSAutoreleasePool *pool = [NSAutoreleasePool new];
105 MYSymmetricKey *key = nil;
107 Log(@"--- Testing %3u-bit #%i %s", sizeInBits, (int)algorithm,
108 (inKeychain ?", in keychain" :""));
111 key = [inKeychain generateSymmetricKeyOfSize: sizeInBits algorithm: algorithm];
113 key = [MYSymmetricKey generateSymmetricKeyOfSize: sizeInBits algorithm: algorithm];
114 Log(@"Created %@", key);
116 CAssertEq(key.algorithm, algorithm);
117 CAssertEq(key.keySizeInBits, sizeInBits);
118 #if !TARGET_OS_IPHONE
119 CAssert(key.cssmKey != NULL);
122 NSData *keyData = key.keyData;
123 Log(@"Key data = %@", keyData);
124 CAssertEq(keyData.length, sizeInBits/8);
126 // Encrypt a small amount of text:
127 Log(@"Testing encryption / decryption ...");
128 NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];
129 NSData *encrypted = [key encryptData: cleartext];
130 Log(@"Encrypted = %u bytes: %@", encrypted.length, encrypted);
131 CAssert(encrypted.length >= cleartext.length);
132 NSData *decrypted = [key decryptData: encrypted];
133 CAssertEqual(decrypted, cleartext);
135 // Encrypt large binary data:
136 cleartext = [NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"];
138 encrypted = [key encryptData: cleartext];
139 Log(@"Encrypted = %u bytes", encrypted.length);
140 CAssert(encrypted.length >= cleartext.length);
141 decrypted = [key decryptData: encrypted];
142 CAssertEqual(decrypted, cleartext);
145 Log(@"Testing initWithKeyData:...");
146 MYSymmetricKey *key2 = [[MYSymmetricKey alloc] initWithKeyData: keyData algorithm: algorithm];
148 Log(@"Key from data = %@",key2);
149 CAssertEqual(key2.keyData, keyData);
150 CAssertEq(key2.algorithm, algorithm);
151 CAssertEq(key2.keySizeInBits, sizeInBits);
152 decrypted = [key2 decryptData: encrypted];
153 CAssertEqual(decrypted, cleartext);
157 #if !TARGET_OS_IPHONE
158 #if 0 // TEMPORARILY OUT OF ORDER
159 // Try exporting and importing a wrapped key:
160 Log(@"Testing export/import...");
161 NSData *exported = [key exportWrappedKeyWithPassphrasePrompt: @"Export symmetric key with passphrase:"];
162 Log(@"Exported key: %@", exported);
166 //FIX: Exporting symmetric keys isn't working. Temporarily making this optional.
168 Warn(@"Unable to export wrapped key");
173 MYSymmetricKey *key2 = [[MYSymmetricKey alloc] initWithKeyData: exported algorithm: algorithm];
174 Log(@"Reconstituted as %@", key2);
175 CAssertEqual(key2.keyData,key.keyData);
176 decrypted = [key2 decryptData: encrypted];
177 CAssertEqual(decrypted, cleartext);
182 [key removeFromKeychain];
188 TestCase(MYSymmetricKey) {
190 static const CCAlgorithm kTestAlgorithms[kNTests] = {
191 kCCAlgorithmAES128, kCCAlgorithmAES128, kCCAlgorithmAES128,
192 kCCAlgorithmDES, kCCAlgorithm3DES,
193 kCCAlgorithmCAST, kCCAlgorithmCAST, kCCAlgorithmCAST,
194 kCCAlgorithmRC4, kCCAlgorithmRC4, kCCAlgorithmRC4};
196 static const unsigned kTestBitSizes[kNTests] = {
202 for (int useKeychain=0; useKeychain<=1; useKeychain++)
203 for (int testNo=0; testNo<kNTests; testNo++)
204 testSymmetricKey(kTestAlgorithms[testNo],
205 kTestBitSizes[testNo],
206 useKeychain ?[MYKeychain defaultKeychain] :nil);
210 #if !TARGET_OS_IPHONE
211 TestCase(MYSymmetricKeyPassphrase) {
212 Log(@"Prompting for raw passphrase --");
213 NSString *rawPassphrase = [MYSymmetricKey promptForPassphraseWithAlertTitle: @"Raw Passphrase Test"
214 alertPrompt: @"Enter the passphrase 'Testing':"
216 Log(@"You entered: '%@'", rawPassphrase);
217 CAssertEqual(rawPassphrase, @"Testing");
219 Log(@"Prompting for passphrase for key --");
220 MYSymmetricKey *key = [MYSymmetricKey generateFromUserPassphraseWithAlertTitle: @"Symmetric Key Passphrase Test Case"
221 alertPrompt: @"Please enter a passphrase to generate a key:"
224 Log(@"Key from passphrase = %@", key);
227 // Encrypt a small amount of text:
228 Log(@"Testing encryption / decryption ...");
229 NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];
230 NSData *encrypted = [key encryptData: cleartext];
231 Log(@"Encrypted = %u bytes: %@", encrypted.length, encrypted);
232 CAssert(encrypted.length >= cleartext.length);
233 NSData *decrypted = [key decryptData: encrypted];
234 CAssertEqual(decrypted, cleartext);
236 // Now test decryption by re-entered passphrase:
237 Log(@"Testing decryption using re-entered passphrase...");
238 MYSymmetricKey *key2 = [MYSymmetricKey generateFromUserPassphraseWithAlertTitle: @"Symmetric Key Passphrase Test Case"
239 alertPrompt: @"Please re-enter the same passphrase:"
242 Log(@"Key from passphrase = %@", key2);
244 decrypted = [key2 decryptData: encrypted];
245 CAssertEqual(decrypted, cleartext);
251 #pragma mark KEY-PAIRS:
254 static void TestUseKeyPair(MYPrivateKey *pair) {
255 Log(@"---- TestUseKeyPair { %@ , %@ }.", pair, pair.publicKey);
257 CAssert(pair.keyRef);
258 MYPublicKey *publicKey = pair.publicKey;
259 CAssert(publicKey.keyRef);
261 NSData *pubKeyData = publicKey.keyData;
262 Log(@"Public key = %@ (%u bytes)",pubKeyData,pubKeyData.length);
265 MYSHA1Digest *pubKeyDigest = publicKey.publicKeyDigest;
266 Log(@"Public key digest = %@",pubKeyDigest);
267 CAssertEqual(pair.publicKeyDigest, pubKeyDigest);
269 Log(@"SHA1 of pub key = %@", pubKeyData.my_SHA1Digest.asData);
270 CAssertEqual(pubKeyData.my_SHA1Digest,pubKeyDigest);
273 NSData *data = [@"This is a test. This is only a test!" dataUsingEncoding: NSUTF8StringEncoding];
274 NSData *sig = [pair signData: data];
275 Log(@"Signature = %@ (%u bytes)",sig,sig.length);
277 CAssert( [publicKey verifySignature: sig ofData: data] );
279 // Now let's encrypt...
280 NSData *crypted = [publicKey rawEncryptData: data];
281 Log(@"Encrypted = %@ (%u bytes)",crypted,crypted.length);
283 CAssertEqual([pair rawDecryptData: crypted], data);
284 Log(@"Verified decryption.");
286 // Test creating a standalone public key:
287 MYPublicKey *pub = [[MYPublicKey alloc] initWithKeyRef: publicKey.keyRef];
288 CAssert( [pub verifySignature: sig ofData: data] );
289 Log(@"Verified signature.");
291 // Test creating a public key from data:
292 Log(@"Reconstituting public key from data...");
293 pub = [[MYPublicKey alloc] initWithKeyData: pubKeyData];
295 CAssertEqual(pub.keyData, pubKeyData);
296 CAssertEqual(pub.publicKeyDigest, pubKeyDigest);
297 CAssert( [pub verifySignature: sig ofData: data] );
298 Log(@"Verified signature from reconstituted key.");
302 static void TestWrapSessionKey( MYPrivateKey *privateKey ) {
303 #if !TARGET_OS_IPHONE
304 MYSymmetricKey *sessionKey = [MYSymmetricKey generateSymmetricKeyOfSize: 128 algorithm:kCCAlgorithmAES128];
306 NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];
307 NSData *encrypted = [sessionKey encryptData: cleartext];
309 Log(@"Wrapping session key %@, %@", sessionKey, sessionKey.keyData);
310 NSData *wrapped = [privateKey.publicKey wrapSessionKey: sessionKey];
311 Log(@"Wrapped session key = %u bytes: %@", wrapped.length,wrapped);
312 CAssert(wrapped.length >= 128/8);
314 MYSymmetricKey *unwrappedKey = [privateKey unwrapSessionKey: wrapped
315 withAlgorithm: kCCAlgorithmAES128
317 Log(@"Unwrapped session key = %@, %@", unwrappedKey, unwrappedKey.keyData);
318 CAssert(unwrappedKey);
319 CAssertEq(unwrappedKey.algorithm, sessionKey.algorithm);
320 CAssertEq(unwrappedKey.keySizeInBits, sessionKey.keySizeInBits);
321 CAssertEqual(unwrappedKey.keyData, sessionKey.keyData);
323 Log(@"Verifying that unwrapped key works");
324 NSData *decrypted = [unwrappedKey decryptData: encrypted];
325 CAssertEqual(decrypted, cleartext);
330 TestCase(MYGenerateKeyPair) {
331 RequireTestCase(MYKeychain);
333 Log(@"Generating key pair...");
334 MYPrivateKey *pair = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: kTestCaseRSAKeySize];
335 MYPublicKey *publicKey = pair.publicKey;
336 Log(@"...created { %@ , %@ }.", pair, publicKey);
339 TestUseKeyPair(pair);
340 TestWrapSessionKey(pair);
342 [pair setName: @"Test KeyPair Label"];
343 CAssertEqual(pair.name, @"Test KeyPair Label");
344 CAssertEqual(publicKey.name, @"Test KeyPair Label");
345 #if !TARGET_OS_IPHONE
346 [pair setComment: @"This key-pair was generated automatically by a test case."];
347 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
348 CAssertEqual(publicKey.comment, @"This key-pair was generated automatically by a test case.");
350 [pair setAlias: @"TestCase@mooseyard.com"];
351 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
352 CAssertEqual(publicKey.alias, @"TestCase@mooseyard.com");
354 CAssert([pair removeFromKeychain]);
355 Log(@"Removed key-pair.");
360 if ([pair removeFromKeychain])
361 Log(@"Removed key-pair from keychain.");
363 Warn(@"Unable to remove test key-pair from keychain");
369 #if !TARGET_OS_IPHONE
370 TestCase(MYUseIdentity) {
371 MYIdentity *me = nil;//[MYIdentity preferredIdentityForName: @"MYCryptoTest"];
373 NSArray *idents = [[[MYKeychain allKeychains] enumerateIdentities] allObjects];
374 SFChooseIdentityPanel *panel = [SFChooseIdentityPanel sharedChooseIdentityPanel];
375 [panel setAlternateButtonTitle: @"Cancel"];
376 if ([panel my_runModalForIdentities: idents
377 message: @"Choose an identity for the MYEncoder test case:"]
379 [NSException raise: NSGenericException format: @"User canceled"];
381 me = [panel my_identity];
382 [me makePreferredIdentityForName: @"MYCryptoTest"];
384 CAssert(me,@"No default identity has been set up in the Keychain");
385 TestUseKeyPair(me.privateKey);
391 #pragma mark KEYPAIR EXPORT:
394 static void testKeyPairExportWithPrompt(BOOL withPrompt) {
395 MYKeychain *keychain = [MYKeychain allKeychains];
396 Log(@"Generating key pair...");
397 MYPrivateKey *pair = [keychain generateRSAKeyPairOfSize: kTestCaseRSAKeySize];
399 CAssert(pair.keyRef);
400 CAssert(pair.publicKey.keyRef);
401 Log(@"...created pair.");
404 NSData *pubKeyData = pair.publicKey.keyData;
405 CAssert(pubKeyData.length >= kTestCaseRSAKeySize/8);
406 [pair setName: @"Test KeyPair Label"];
407 CAssertEqual(pair.name, @"Test KeyPair Label");
408 #if !TARGET_OS_IPHONE
409 [pair setComment: @"This key-pair was generated automatically by a test case."];
410 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
412 [pair setAlias: @"TestCase@mooseyard.com"];
413 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
415 #if !TARGET_OS_IPHONE
416 Log(@"Exporting key-pair...");
417 NSString *passphrase = @"passphrase";
420 privKeyData = [pair exportKey];
422 privKeyData = [pair _exportKeyInFormat: kSecFormatWrappedOpenSSL
424 passphrase: passphrase];
425 Log(@"Exported data = %@ (%u bytes)", privKeyData,privKeyData.length);
426 CAssert(privKeyData);
427 [privKeyData writeToFile: @"ExportedPrivKey" atomically: YES];
431 Log(@"Looking up public key of pair in keychain...");
432 MYSHA1Digest *digest = pair.publicKeyDigest;
433 MYPublicKey *foundKey = [keychain publicKeyWithDigest: digest];
434 CAssertEqual(foundKey, pair.publicKey);
435 CAssert([keychain.enumeratePublicKeys.allObjects containsObject: pair.publicKey]);
436 MYPrivateKey *foundPair = [keychain privateKeyWithDigest: digest];
437 CAssertEqual(foundPair, pair);
438 CAssert([keychain.enumeratePrivateKeys.allObjects containsObject: pair]);
440 Log(@"Removing key-pair from keychain...");
441 CAssert([pair removeFromKeychain]);
443 CAssert([keychain publicKeyWithDigest: digest] == nil);
445 #if !TARGET_OS_IPHONE
446 Log(@"Importing key-pair...");
448 pair = [keychain importPublicKey: pubKeyData
449 privateKey: privKeyData];
451 pair = [[[MYPrivateKey alloc] _initWithKeyData: privKeyData
452 publicKeyData: pubKeyData
453 forKeychain: keychain.keychainRefOrDefault
454 passphrase: passphrase]
458 CAssertEqual(pair.publicKey.keyData, pubKeyData);
462 if ([pair removeFromKeychain])
463 Log(@"Removed key-pair from keychain.");
465 Warn(@"Unable to remove test key-pair from keychain");
470 TestCase(KeyPairExport) {
471 RequireTestCase(MYKeychain);
472 RequireTestCase(MYGenerateKeyPair);
473 testKeyPairExportWithPrompt(NO);
476 TestCase(KeyPairExportWithUI) {
477 RequireTestCase(KeyPairExport);
478 testKeyPairExportWithPrompt(YES);