5 // Created by Jens Alfke on 4/1/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
10 #import "MYKeychain.h"
12 #import "MYCrypto_Private.h"
18 #pragma mark KEYCHAIN:
21 TestCase(MYKeychain) {
22 MYKeychain *kc = [MYKeychain defaultKeychain];
23 Log(@"Default keychain = %@", kc);
29 kc = [MYKeychain allKeychains];
30 Log(@"All-keychains = %@", kc);
33 CAssertEq(kc.path,nil);
38 TestCase(EnumerateKeys) {
39 RequireTestCase(MYKeychain);
40 NSEnumerator *e = [[MYKeychain allKeychains] enumeratePublicKeys];
41 Log(@"Public Key Enumerator = %@", e);
43 for (MYPublicKey *key in e) {
44 Log(@"Found %@ -- name=%@", key, key.name);
47 e = [[MYKeychain allKeychains] enumerateKeyPairs];
48 Log(@"Key-Pair Enumerator = %@", e);
50 for (MYKeyPair *key in e) {
51 Log(@"Found %@ -- name=%@", key, key.name);
54 e = [[MYKeychain allKeychains] enumerateSymmetricKeys];
55 Log(@"Symmetric Key Enumerator = %@", e);
57 for (MYSymmetricKey *key in e) {
58 Log(@"Found %@ -- name=%@", key, key.name);
63 TestCase(EnumerateCerts) {
64 RequireTestCase(MYKeychain);
65 NSEnumerator *e = [[MYKeychain allKeychains] enumerateCertificates];
66 Log(@"Enumerator = %@", e);
68 for (MYCertificate *cert in e) {
69 //Log(@"Found %@ -- name=%@, email=%@", cert, cert.commonName, cert.emailAddresses);
75 #pragma mark SYMMETRIC KEYS:
78 TestCase(MYSymmetricKey) {
80 static const CCAlgorithm kTestAlgorithms[kNTests] = {
81 kCCAlgorithmAES128, kCCAlgorithmAES128, kCCAlgorithmAES128,
82 kCCAlgorithmDES, kCCAlgorithm3DES,
83 kCCAlgorithmCAST, kCCAlgorithmCAST, kCCAlgorithmCAST,
84 kCCAlgorithmRC4, kCCAlgorithmRC4, kCCAlgorithmRC4};
86 static const unsigned kTestBitSizes[kNTests] = {
92 for (int i=0; i<kNTests; i++) {
93 NSAutoreleasePool *pool = [NSAutoreleasePool new];
94 Log(@"Test #%2i: algorithm = %3u-bit #%i", i+1, kTestBitSizes[i], (int)kTestAlgorithms[i]);
96 MYSymmetricKey *key = [MYSymmetricKey generateSymmetricKeyOfSize: kTestBitSizes[i]
97 algorithm: kTestAlgorithms[i]];
100 CAssert(key.cssmKey != NULL);
102 Log(@"Key data = %@", key.keyData);
103 CAssertEq(key.keyData.length, kTestBitSizes[i]/8);
105 // Encrypt a small amount of text:
106 NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];
107 NSData *encrypted = [key encryptData: cleartext];
108 Log(@"Encrypted = %u bytes: %@", encrypted.length, encrypted);
109 CAssert(encrypted.length >= cleartext.length);
110 NSData *decrypted = [key decryptData: encrypted];
111 CAssertEqual(decrypted, cleartext);
113 // Encrypt large binary data:
114 cleartext = [NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"];
116 encrypted = [key encryptData: cleartext];
117 Log(@"Encrypted = %u bytes", encrypted.length);
118 CAssert(encrypted.length >= cleartext.length);
119 decrypted = [key decryptData: encrypted];
120 CAssertEqual(decrypted, cleartext);
128 #pragma mark KEY-PAIRS:
132 RequireTestCase(MYKeychain);
134 Log(@"Generating key pair...");
135 MYKeyPair *pair = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: 512];
137 CAssert(pair.keyRef);
138 CAssert(pair.privateKeyRef);
139 Log(@"...created pair.");
142 [pair setName: @"Test KeyPair Label"];
143 CAssertEqual(pair.name, @"Test KeyPair Label");
144 #if !TARGET_OS_IPHONE
145 [pair setComment: @"This key-pair was generated automatically by a test case."];
146 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
148 [pair setAlias: @"TestCase@mooseyard.com"];
149 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
151 NSData *pubKeyData = pair.keyData;
152 Log(@"Public key = %@ (%u bytes)",pubKeyData,pubKeyData.length);
155 MYSHA1Digest *pubKeyDigest = pair.publicKeyDigest;
156 Log(@"Public key digest = %@",pubKeyDigest);
158 Log(@"SHA1 of pub key = %@", pubKeyData.my_SHA1Digest.asData);
160 NSData *data = [@"This is a test. This is only a test!" dataUsingEncoding: NSUTF8StringEncoding];
161 NSData *sig = [pair signData: data];
162 Log(@"Signature = %@ (%u bytes)",sig,sig.length);
164 CAssert( [pair verifySignature: sig ofData: data] );
166 // Test creating a standalone public key:
167 MYPublicKey *pub = [[MYPublicKey alloc] initWithKeyRef: pair.keyRef];
168 CAssert( [pub verifySignature: sig ofData: data] );
169 Log(@"Verified signature.");
171 // Test creating a public key from data:
172 Log(@"Reconstituting public key from data...");
173 pub = [[MYPublicKey alloc] initWithKeyData: pubKeyData];
175 CAssertEqual(pub.keyData, pubKeyData);
176 CAssertEqual(pub.publicKeyDigest, pubKeyDigest);
177 CAssert( [pub verifySignature: sig ofData: data] );
178 Log(@"Verified signature from reconstituted key.");
180 // Now let's encrypt...
181 NSData *crypted = [pub encryptData: data];
182 Log(@"Encrypted = %@ (%u bytes)",crypted,crypted.length);
185 CAssertEqual([pair decryptData: crypted], data);
186 Log(@"Verified decryption.");
188 CAssert([pair removeFromKeychain]);
189 Log(@"Removed key-pair.");
194 if ([pair removeFromKeychain])
195 Log(@"Removed key-pair from keychain.");
197 Warn(@"Unable to remove test key-pair from keychain");
205 #pragma mark KEYPAIR EXPORT:
208 static void testKeyPairExportWithPrompt(BOOL withPrompt) {
209 MYKeychain *keychain = [MYKeychain allKeychains];
210 Log(@"Generating key pair...");
211 MYKeyPair *pair = [keychain generateRSAKeyPairOfSize: 512];
213 CAssert(pair.keyRef);
214 CAssert(pair.privateKeyRef);
215 Log(@"...created pair.");
218 NSData *pubKeyData = pair.keyData;
219 CAssert(pubKeyData.length >= 512/8);
220 [pair setName: @"Test KeyPair Label"];
221 CAssertEqual(pair.name, @"Test KeyPair Label");
222 #if !TARGET_OS_IPHONE
223 [pair setComment: @"This key-pair was generated automatically by a test case."];
224 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
226 [pair setAlias: @"TestCase@mooseyard.com"];
227 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
229 #if !TARGET_OS_IPHONE
230 Log(@"Exporting key-pair...");
231 NSString *passphrase = @"passphrase";
234 privKeyData = [pair exportPrivateKey];
236 privKeyData = [pair _exportPrivateKeyInFormat: kSecFormatWrappedOpenSSL
238 passphrase: passphrase];
239 Log(@"Exported data = %@ (%u bytes)", privKeyData,privKeyData.length);
240 CAssert(privKeyData);
241 [privKeyData writeToFile: @"ExportedPrivKey" atomically: YES];
245 Log(@"Looking up public key of pair in keychain...");
246 MYSHA1Digest *digest = pair.publicKeyDigest;
247 MYPublicKey *foundKey = [keychain publicKeyWithDigest: digest];
248 CAssertEqual(foundKey, pair.asPublicKey);
249 CAssert([keychain.enumeratePublicKeys.allObjects containsObject: pair.asPublicKey]);
250 MYKeyPair *foundPair = [keychain keyPairWithDigest: digest];
251 CAssertEqual(foundPair, pair);
252 CAssert([keychain.enumerateKeyPairs.allObjects containsObject: pair]);
254 Log(@"Removing key-pair from keychain...");
255 CAssert([pair removeFromKeychain]);
257 CAssert([keychain publicKeyWithDigest: digest] == nil);
259 #if !TARGET_OS_IPHONE
260 Log(@"Importing key-pair...");
262 pair = [keychain importPublicKey: pubKeyData
263 privateKey: privKeyData];
265 pair = [[[MYKeyPair alloc] _initWithPublicKeyData: pubKeyData
266 privateKeyData: privKeyData
267 forKeychain: keychain.keychainRefOrDefault
268 passphrase: passphrase]
272 CAssertEqual(pair.keyData, pubKeyData);
276 if ([pair removeFromKeychain])
277 Log(@"Removed key-pair from keychain.");
279 Warn(@"Unable to remove test key-pair from keychain");
284 TestCase(KeyPairExport) {
285 RequireTestCase(MYKeychain);
286 RequireTestCase(KeyPair);
287 testKeyPairExportWithPrompt(NO);
290 TestCase(KeyPairExportWithUI) {
291 RequireTestCase(KeyPairExport);
292 testKeyPairExportWithPrompt(YES);