5 // Created by Jens Alfke on 3/21/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
14 #import <Security/SecRandom.h>
16 #import "MYCrypto_Private.h"
17 #import "MYKeychain.h"
22 NSString* const CryptorErrorDomain = @"CCCryptor";
25 static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes);
29 @interface MYCryptor ()
30 @property (readwrite, retain) NSError *error;
35 @implementation MYCryptor
38 + (NSData*) randomKeyOfLength: (size_t)length {
39 NSParameterAssert(length<100000);
40 uint8_t *bytes = malloc(length);
41 if (!bytes) return nil;
43 BOOL ok = SecRandomCopyBytes(kSecRandomDefault, length,bytes) >= 0;
45 BOOL ok = generateRandomBytes([[MYKeychain defaultKeychain] CSPHandle], length, bytes);
48 return [NSData dataWithBytesNoCopy: bytes length: length freeWhenDone: YES];
55 + (NSData*) keyOfLength: (size_t)lengthInBits fromPassphrase: (NSString*)passphrase
57 size_t lengthInBytes = (lengthInBits + 7)/8;
58 MYDigest *digest = [[passphrase dataUsingEncoding: NSUTF8StringEncoding] my_SHA256Digest];
59 if (lengthInBytes <= digest.length)
60 return [digest.asData subdataWithRange: NSMakeRange(0,lengthInBytes)];
66 - (id) initWithKey: (NSData*)key
67 algorithm: (CCAlgorithm)algorithm
68 operation: (CCOperation)op {
71 NSParameterAssert(key);
74 _algorithm = algorithm;
75 _options = kCCOptionPKCS7Padding;
80 - (id) initEncryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm {
81 return [self initWithKey: key algorithm: algorithm operation: kCCEncrypt];
84 - (id) initDecryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm {
85 return [self initWithKey: key algorithm: algorithm operation: kCCDecrypt];
91 CCCryptorRelease(_cryptor);
93 [_output autorelease];
94 [_outputStream release];
99 @synthesize key=_key, algorithm=_algorithm, options=_options,
100 outputStream=_outputStream, error=_error;
103 - (BOOL) _check: (CCCryptorStatus)status {
104 if (status == kCCSuccess)
107 Warn(@"MYCryptor: CCCryptor error %i", status);
108 self.error = [NSError errorWithDomain: CryptorErrorDomain code: status userInfo: nil];
114 - (BOOL) _outputBytes: (const void*)bytes length: (size_t)length {
116 NSInteger written = [_outputStream write: bytes maxLength: length];
118 self.error = _outputStream.streamError;
120 Warn(@"MYCryptor: NSOutputStream error %@", _error);
122 [self _check: kMYCryptorErrorOutputStreamChoked];
124 } else if (written < length) {
125 [self _check: kMYCryptorErrorOutputStreamChoked];
128 } else if (length > 0) {
129 [_output appendBytes: bytes length: length];
136 if (!_cryptor && !_error) {
137 if ([self _check: CCCryptorCreate(_operation, _algorithm, _options,
138 _key.bytes, _key.length, NULL, &_cryptor)]) {
139 _output = [[NSMutableData alloc] initWithCapacity: 1024];
146 - (BOOL) addBytes: (const void*)bytes length: (size_t)length {
148 NSParameterAssert(bytes!=NULL);
149 if(!_error && (_cryptor || [self _start])) {
150 size_t outputLength = CCCryptorGetOutputLength(_cryptor,length,false);
151 void *output = malloc(outputLength);
152 if ([self _check: CCCryptorUpdate(_cryptor, bytes, length,
153 output, outputLength, &outputLength)]) {
154 [self _outputBytes: output length: outputLength];
162 - (BOOL) addData: (NSData*)data
164 return [self addBytes: data.bytes length: data.length];
167 - (BOOL) addString: (NSString*)str {
168 return [self addData: [str dataUsingEncoding: NSUTF8StringEncoding]];
172 - (BOOL) addFromStream: (NSInputStream*)input
174 uint8_t inputBuffer[1024];
176 while (!_error && input.hasBytesAvailable) {
177 avail = sizeof(inputBuffer);
178 NSInteger nRead = [input read: inputBuffer maxLength: sizeof(inputBuffer)];
180 self.error = input.streamError;
182 } else if (nRead == 0) {
184 } else if (![self addBytes: inputBuffer length: nRead])
193 if(!_error && (_cryptor || [self _start])) {
194 size_t outputLength = 100; //CCCryptorGetOutputLength(_cryptor,1,true);
195 void *output = malloc(outputLength);
196 if ([self _check: CCCryptorFinal(_cryptor, output, outputLength, &outputLength)]) {
197 [self _outputBytes: output length: outputLength];
201 CCCryptorRelease(_cryptor);
207 - (NSData*) outputData {
208 if (_cryptor) [self finish];
216 - (NSString*) outputString {
217 NSData *output = self.outputData;
219 NSString *str = [[NSString alloc] initWithData: output encoding: NSUTF8StringEncoding];
220 return [str autorelease];
226 // NSStream delegate method
227 - (void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode {
229 case NSStreamEventHasBytesAvailable:
230 [self addFromStream: (NSInputStream*)stream];
232 case NSStreamEventEndEncountered:
235 case NSStreamEventErrorOccurred:
237 self.error = stream.streamError;
252 static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes) {
253 // Adapted from code in Keychain.framework's KeychainUtils.m by Wade Tregaskis.
254 CSSM_CC_HANDLE ccHandle;
255 if (!checkcssm(CSSM_CSP_CreateRandomGenContext(module, CSSM_ALGID_APPLE_YARROW, NULL,
256 lengthInBytes, &ccHandle),
257 @"CSSM_CSP_CreateRandomGenContext"))
259 CSSM_DATA data = {.Data=dstBytes, .Length=lengthInBytes};
260 BOOL ok = checkcssm(CSSM_GenerateRandom(ccHandle, &data), @"CSSM_GenerateRandom");
261 CSSM_DeleteContext(ccHandle);
269 TestCase(MYCryptor) {
271 NSData *key = [MYCryptor randomKeyOfLength: kCCKeySizeAES256];
272 Log(@"Key = %@",key);
273 MYCryptor *enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128];
275 CAssert([enc addString: @"This is a test. "]);
276 CAssert([enc addString: @"This is only a test."]);
277 CAssertEqual(enc.error, nil);
278 NSData *encrypted = enc.outputData;
279 CAssertEqual(enc.error, nil);
280 CAssert(encrypted.length > 0);
282 Log(@"Encrypted = %@", encrypted);
285 MYCryptor *dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128];
287 CAssert([dec addData: encrypted]);
288 NSString *decrypted = dec.outputString;
289 CAssertEqual(dec.error, nil);
291 Log(@"Decrypted = '%@'", decrypted);
292 CAssertEqual(decrypted, @"This is a test. This is only a test.");
294 // Encryption to stream:
295 key = [MYCryptor randomKeyOfLength: kCCKeySizeAES256];
296 Log(@"Key = %@",key);
297 enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128];
299 enc.outputStream = [NSOutputStream outputStreamToMemory];
300 [enc.outputStream open];
301 CAssert([enc addString: @"This is a test. "]);
302 CAssert([enc addString: @"This is only a test."]);
303 CAssert([enc finish]);
304 CAssertEqual(enc.error, nil);
305 encrypted = [[enc.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey] retain];
306 CAssert(encrypted.length > 0);
308 Log(@"Encrypted = %@", encrypted);
310 dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128];
312 dec.outputStream = [NSOutputStream outputStreamToMemory];
313 [dec.outputStream open];
314 CAssert([dec addData: encrypted]);
315 CAssert([dec finish]);
316 CAssertEqual(dec.error, nil);
317 NSData *decryptedData = [dec.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey];
319 decrypted = [[NSString alloc] initWithData: decryptedData
320 encoding: NSUTF8StringEncoding];
321 Log(@"Decrypted = '%@'", decrypted);
322 CAssertEqual(decrypted, @"This is a test. This is only a test.");