MercurialMYCrypto / file revision
summary | shortlog | changelog | graph | tags | branches | files | changeset | file | latest | revisions | annotate | diff | raw
MYCryptoTest.m
author snej@snej.local
Tue Apr 14 18:34:52 2009 -0700 (2009-04-14)
changeset 11 3568d5fd4b6a
parent 8 4c0eafa7b233
child 12 e4c971be4079
permissions -rw-r--r--
* The build process runs Doxygen only if it's installed (i.e. on the shell search path).
* Added instructions to the README on setting up a named Source Tree for MYUtilities.
* Changed the RSA key size in MYCryptoTest to 2048 and made it a named constant. 
     1 //

     2 //  MYCryptoTest.m

     3 //  MYCrypto-iPhone

     4 //

     5 //  Created by Jens Alfke on 4/1/09.

     6 //  Copyright 2009 Jens Alfke. All rights reserved.

     7 //

     8 

     9 #import "MYPublicKey.h"

    10 #import "MYPrivateKey.h"

    11 #import "MYKeychain.h"

    12 #import "MYDigest.h"

    13 #import "MYIdentity.h"

    14 #import "MYCrypto+Cocoa.h"

    15 #import "MYCrypto_Private.h"

    16 

    17 

    18 #if DEBUG

    19 

    20 

    21 #define kTestCaseRSAKeySize 2048

    22 

    23 #pragma mark -

    24 #pragma mark KEYCHAIN:

    25 

    26 

    27 TestCase(MYKeychain) {

    28     MYKeychain *kc = [MYKeychain defaultKeychain];

    29     Log(@"Default keychain = %@", kc);

    30     CAssert(kc);

    31 #if !MYCRYPTO_USE_IPHONE_API

    32     CAssert(kc.path);

    33 #endif

    34     

    35     kc = [MYKeychain allKeychains];

    36     Log(@"All-keychains = %@", kc);

    37     CAssert(kc);

    38 #if !MYCRYPTO_USE_IPHONE_API

    39     CAssertEq(kc.path,nil);

    40 #endif

    41 }

    42 

    43 

    44 TestCase(EnumerateKeys) {

    45     RequireTestCase(MYKeychain);

    46     NSEnumerator *e = [[MYKeychain allKeychains] enumeratePublicKeys];

    47     Log(@"Public Key Enumerator = %@", e);

    48     CAssert(e);

    49     for (MYPublicKey *key in e) {

    50         Log(@"Found %@ -- name=%@", key, key.name);

    51     }

    52     

    53     e = [[MYKeychain allKeychains] enumeratePrivateKeys];

    54     Log(@"Key-Pair Enumerator = %@", e);

    55     CAssert(e);

    56     for (MYPrivateKey *key in e) {

    57         Log(@"Found %@ -- name=%@", key, key.name);

    58     }

    59     

    60     e = [[MYKeychain allKeychains] enumerateSymmetricKeys];

    61     Log(@"Symmetric Key Enumerator = %@", e);

    62     CAssert(e);

    63     for (MYSymmetricKey *key in e) {

    64         Log(@"Found %@ -- name=%@", key, key.name);

    65     }

    66 }

    67 

    68 

    69 TestCase(EnumerateCerts) {

    70     RequireTestCase(MYKeychain);

    71     NSEnumerator *e = [[MYKeychain allKeychains] enumerateCertificates];

    72     Log(@"Enumerator = %@", e);

    73     CAssert(e);

    74     for (MYCertificate *cert in e) {

    75         //Log(@"Found %@ -- name=%@, email=%@", cert, cert.commonName, cert.emailAddresses);

    76     }

    77 }

    78 

    79 TestCase(EnumerateIdentities) {

    80     RequireTestCase(MYKeychain);

    81     NSEnumerator *e = [[MYKeychain allKeychains] enumerateIdentities];

    82     Log(@"Enumerator = %@", e);

    83     CAssert(e);

    84     for (MYIdentity *ident in e) {

    85         Log(@"Found %@\n\tcommonName=%@\n\temails=(%@)\n\tkey=%@",

    86             ident, ident.commonName, 

    87 #if TARGET_OS_IPHONE

    88             nil,

    89 #else

    90             [ident.emailAddresses componentsJoinedByString: @", "],

    91 #endif

    92             ident.privateKey);

    93     }

    94 }

    95 

    96 

    97 #pragma mark -

    98 #pragma mark SYMMETRIC KEYS:

    99 

   100 

   101 static void testSymmetricKey( CCAlgorithm algorithm, unsigned sizeInBits ) {

   102     NSAutoreleasePool *pool = [NSAutoreleasePool new];

   103     Log(@"--- Testing %3u-bit #%i", sizeInBits, (int)algorithm);

   104     // Generate key:

   105     MYSymmetricKey *key = [MYSymmetricKey generateSymmetricKeyOfSize: sizeInBits

   106                                                            algorithm: algorithm];

   107     Log(@"Created %@", key);

   108     CAssert(key);

   109     CAssertEq(key.algorithm, algorithm);

   110     CAssertEq(key.keySizeInBits, sizeInBits);

   111 #if !TARGET_OS_IPHONE

   112     CAssert(key.cssmKey != NULL);

   113 #endif

   114     

   115     NSData *keyData = key.keyData;

   116     Log(@"Key data = %@", keyData);

   117     CAssertEq(keyData.length, sizeInBits/8);

   118     

   119     // Encrypt a small amount of text:

   120     NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];

   121     NSData *encrypted = [key encryptData: cleartext];

   122     Log(@"Encrypted = %u bytes: %@", encrypted.length, encrypted);

   123     CAssert(encrypted.length >= cleartext.length);

   124     NSData *decrypted = [key decryptData: encrypted];

   125     CAssertEqual(decrypted, cleartext);

   126     

   127     // Encrypt large binary data:

   128     cleartext = [NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"];

   129     CAssert(cleartext);

   130     encrypted = [key encryptData: cleartext];

   131     Log(@"Encrypted = %u bytes", encrypted.length);

   132     CAssert(encrypted.length >= cleartext.length);

   133     decrypted = [key decryptData: encrypted];

   134     CAssertEqual(decrypted, cleartext);

   135     

   136 #if !TARGET_OS_IPHONE

   137     // Try reconstituting the key from its data:

   138     NSData *exported = [key exportKeyInFormat: kSecFormatWrappedPKCS8 withPEM: NO];

   139     Log(@"Exported key: %@", exported);

   140     // CAssert(exported);

   141     //FIX: Exporting symmetric keys isn't working. Temporarily making this optional.

   142     if (exported) {

   143         CAssert(exported);

   144         MYSymmetricKey *key2 = [[MYSymmetricKey alloc] initWithKeyData: exported algorithm: algorithm];

   145         Log(@"Reconstituted as %@", key2);

   146         CAssertEqual(key2,key);

   147         decrypted = [key2 decryptData: encrypted];

   148         CAssertEqual(decrypted, cleartext);

   149     } else

   150         Warn(@"Unable to export key in PKCS8");

   151 #endif

   152     [pool drain];

   153 }

   154 

   155 

   156 TestCase(MYSymmetricKey) {

   157     #define kNTests 11

   158     static const CCAlgorithm kTestAlgorithms[kNTests] = {

   159         kCCAlgorithmAES128, kCCAlgorithmAES128, kCCAlgorithmAES128,

   160         kCCAlgorithmDES, kCCAlgorithm3DES,

   161         kCCAlgorithmCAST, kCCAlgorithmCAST, kCCAlgorithmCAST,

   162         kCCAlgorithmRC4, kCCAlgorithmRC4, kCCAlgorithmRC4};

   163     

   164     static const unsigned kTestBitSizes[kNTests] = {

   165         128, 192, 256,

   166         64, 3*64,

   167         40, 80, 128,

   168         32, 200, 512*8};

   169 

   170     for (int i=0; i<kNTests; i++) 

   171         testSymmetricKey(kTestAlgorithms[i], kTestBitSizes[i]);

   172 }

   173 

   174 

   175 #pragma mark -

   176 #pragma mark KEY-PAIRS:

   177 

   178 

   179 static void TestUseKeyPair(MYPrivateKey *pair) {

   180     Log(@"---- TestUseKeyPair { %@ , %@ }.", pair, pair.publicKey);

   181     CAssert(pair);

   182     CAssert(pair.keyRef);

   183     MYPublicKey *publicKey = pair.publicKey;

   184     CAssert(publicKey.keyRef);

   185     

   186     NSData *pubKeyData = publicKey.keyData;

   187     Log(@"Public key = %@ (%u bytes)",pubKeyData,pubKeyData.length);

   188     CAssert(pubKeyData);

   189     

   190     MYSHA1Digest *pubKeyDigest = publicKey.publicKeyDigest;

   191     Log(@"Public key digest = %@",pubKeyDigest);

   192     CAssertEqual(pair.publicKeyDigest, pubKeyDigest);

   193     

   194     Log(@"SHA1 of pub key = %@", pubKeyData.my_SHA1Digest.asData);

   195     

   196     // Let's sign data:

   197     NSData *data = [@"This is a test. This is only a test!" dataUsingEncoding: NSUTF8StringEncoding];

   198     NSData *sig = [pair signData: data];

   199     Log(@"Signature = %@ (%u bytes)",sig,sig.length);

   200     CAssert(sig);

   201     CAssert( [publicKey verifySignature: sig ofData: data] );

   202     

   203     // Now let's encrypt...

   204     NSData *crypted = [publicKey encryptData: data];

   205     Log(@"Encrypted = %@ (%u bytes)",crypted,crypted.length);

   206     CAssert(crypted);

   207     CAssertEqual([pair decryptData: crypted], data);

   208     Log(@"Verified decryption.");

   209     

   210     // Test creating a standalone public key:

   211     MYPublicKey *pub = [[MYPublicKey alloc] initWithKeyRef: publicKey.keyRef];

   212     CAssert( [pub verifySignature: sig ofData: data] );

   213     Log(@"Verified signature.");

   214     

   215     // Test creating a public key from data:

   216     Log(@"Reconstituting public key from data...");

   217     pub = [[MYPublicKey alloc] initWithKeyData: pubKeyData];

   218     CAssert(pub);

   219     CAssertEqual(pub.keyData, pubKeyData);

   220     CAssertEqual(pub.publicKeyDigest, pubKeyDigest);

   221     CAssert( [pub verifySignature: sig ofData: data] );

   222     Log(@"Verified signature from reconstituted key.");

   223 }

   224 

   225 

   226 TestCase(MYGenerateKeyPair) {

   227     RequireTestCase(MYKeychain);

   228     

   229     Log(@"Generating key pair...");

   230     MYPrivateKey *pair = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: kTestCaseRSAKeySize];

   231     MYPublicKey *publicKey = pair.publicKey;

   232     Log(@"...created { %@ , %@ }.", pair, publicKey);

   233     

   234     @try{

   235         TestUseKeyPair(pair);

   236         

   237         [pair setName: @"Test KeyPair Label"];

   238         CAssertEqual(pair.name, @"Test KeyPair Label");

   239         CAssertEqual(publicKey.name, @"Test KeyPair Label");

   240 #if !TARGET_OS_IPHONE

   241         [pair setComment: @"This key-pair was generated automatically by a test case."];

   242         CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");

   243         CAssertEqual(publicKey.comment, @"This key-pair was generated automatically by a test case.");

   244 #endif

   245         [pair setAlias: @"TestCase@mooseyard.com"];

   246         CAssertEqual(pair.alias, @"TestCase@mooseyard.com");

   247         CAssertEqual(publicKey.alias, @"TestCase@mooseyard.com");

   248         

   249         CAssert([pair removeFromKeychain]);

   250         Log(@"Removed key-pair.");

   251         pair = nil;

   252         

   253     }@finally {

   254         if (pair) {

   255             if ([pair removeFromKeychain])

   256                 Log(@"Removed key-pair from keychain.");

   257             else

   258                 Warn(@"Unable to remove test key-pair from keychain");

   259         }

   260     }

   261 }

   262 

   263 

   264 TestCase(MYUseIdentity) {

   265     MYIdentity *me = nil;//[MYIdentity preferredIdentityForName: @"MYCryptoTest"];

   266     if (!me) {

   267         NSArray *idents = [[[MYKeychain allKeychains] enumerateIdentities] allObjects];

   268         SFChooseIdentityPanel *panel = [SFChooseIdentityPanel sharedChooseIdentityPanel];

   269         [panel setAlternateButtonTitle: @"Cancel"];

   270         if ([panel my_runModalForIdentities: idents 

   271                                     message: @"Choose an identity for the MYEncoder test case:"]

   272             != NSOKButton) {

   273             [NSException raise: NSGenericException format: @"User canceled"];

   274         }

   275         me = [panel my_identity];

   276         [me makePreferredIdentityForName: @"MYCryptoTest"];

   277     }

   278     CAssert(me,@"No default identity has been set up in the Keychain");

   279     TestUseKeyPair(me.privateKey);

   280 }

   281 

   282 

   283 #pragma mark -

   284 #pragma mark KEYPAIR EXPORT:

   285 

   286 

   287 static void testKeyPairExportWithPrompt(BOOL withPrompt) {

   288     MYKeychain *keychain = [MYKeychain allKeychains];

   289     Log(@"Generating key pair...");

   290     MYPrivateKey *pair = [keychain generateRSAKeyPairOfSize: kTestCaseRSAKeySize];

   291     CAssert(pair);

   292     CAssert(pair.keyRef);

   293     CAssert(pair.publicKey.keyRef);

   294     Log(@"...created pair.");

   295     

   296     @try{

   297         NSData *pubKeyData = pair.publicKey.keyData;

   298         CAssert(pubKeyData.length >= kTestCaseRSAKeySize/8);

   299         [pair setName: @"Test KeyPair Label"];

   300         CAssertEqual(pair.name, @"Test KeyPair Label");

   301 #if !TARGET_OS_IPHONE

   302         [pair setComment: @"This key-pair was generated automatically by a test case."];

   303         CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");

   304 #endif

   305         [pair setAlias: @"TestCase@mooseyard.com"];

   306         CAssertEqual(pair.alias, @"TestCase@mooseyard.com");

   307         

   308 #if !TARGET_OS_IPHONE

   309         Log(@"Exporting key-pair...");

   310         NSString *passphrase = @"passphrase";

   311         NSData *privKeyData;

   312         if (withPrompt)

   313             privKeyData = [pair exportKey];

   314         else

   315             privKeyData = [pair _exportKeyInFormat: kSecFormatWrappedOpenSSL

   316                                           withPEM: YES

   317                                        passphrase: passphrase];

   318         Log(@"Exported data = %@ (%u bytes)", privKeyData,privKeyData.length);

   319         CAssert(privKeyData);

   320         [privKeyData writeToFile: @"ExportedPrivKey" atomically: YES];

   321 #endif

   322         

   323         // Check key lookup:

   324         Log(@"Looking up public key of pair in keychain...");

   325         MYSHA1Digest *digest = pair.publicKeyDigest;

   326         MYPublicKey *foundKey = [keychain publicKeyWithDigest: digest];

   327         CAssertEqual(foundKey, pair.publicKey);

   328         CAssert([keychain.enumeratePublicKeys.allObjects containsObject: pair.publicKey]);

   329         MYPrivateKey *foundPair = [keychain privateKeyWithDigest: digest];

   330         CAssertEqual(foundPair, pair);

   331         CAssert([keychain.enumeratePrivateKeys.allObjects containsObject: pair]);

   332         

   333         Log(@"Removing key-pair from keychain...");

   334         CAssert([pair removeFromKeychain]);

   335         pair = nil;

   336         CAssert([keychain publicKeyWithDigest: digest] == nil);

   337         

   338 #if !TARGET_OS_IPHONE

   339         Log(@"Importing key-pair...");

   340         if (withPrompt) {

   341             pair = [keychain importPublicKey: pubKeyData 

   342                                   privateKey: privKeyData];

   343         } else {

   344             pair = [[[MYPrivateKey alloc] _initWithKeyData: privKeyData

   345                                              publicKeyData: pubKeyData

   346                                                forKeychain: keychain.keychainRefOrDefault

   347                                                 passphrase: passphrase]

   348                     autorelease];

   349         }

   350         CAssert(pair);

   351         CAssertEqual(pair.publicKey.keyData, pubKeyData);

   352 #endif

   353     }@finally {

   354         if (pair) {

   355             if ([pair removeFromKeychain])

   356                 Log(@"Removed key-pair from keychain.");

   357             else

   358                 Warn(@"Unable to remove test key-pair from keychain");

   359         }

   360     }

   361 }

   362 

   363 TestCase(KeyPairExport) {

   364     RequireTestCase(MYKeychain);

   365     RequireTestCase(MYPrivateKey);

   366     testKeyPairExportWithPrompt(NO);

   367 }

   368 

   369 TestCase(KeyPairExportWithUI) {

   370     RequireTestCase(KeyPairExport);

   371     testKeyPairExportWithPrompt(YES);

   372 }

   373 

   374 

   375 #endif DEBUG

   376
MYCrypto