5 // Created by Jens Alfke on 3/31/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import "MYCrypto_Private.h"
15 @interface MYKeyEnumerator : NSEnumerator
22 - (id) initWithQuery: (NSMutableDictionary*)query;
23 + (id) firstItemWithQuery: (NSMutableDictionary*)query;
28 @implementation MYKeychain
31 + (MYKeychain*) allKeychains
33 // iPhone only has a single keychain.
34 return [self defaultKeychain];
37 + (MYKeychain*) defaultKeychain
39 static MYKeychain *sDefaultKeychain;
41 if (!sDefaultKeychain) {
42 sDefaultKeychain = [[self alloc] init];
45 return sDefaultKeychain;
49 - (id) copyWithZone: (NSZone*)zone {
50 // It's not necessary to make copies of Keychain objects. This makes it more efficient
51 // to use instances as NSDictionary keys or store them in NSSets.
58 #pragma mark SEARCHING:
61 - (MYPublicKey*) publicKeyWithDigest: (MYSHA1Digest*)pubKeyDigest {
62 return [MYKeyEnumerator firstItemWithQuery:
63 $mdict({(id)kSecClass, (id)kSecClassKey},
64 {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData},
65 {(id)kSecReturnRef, $true})];
68 - (NSEnumerator*) enumeratePublicKeys {
69 NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
70 {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPublic},
71 {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
72 {(id)kSecReturnRef, $true});
73 return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
77 - (MYKeyPair*) keyPairWithDigest: (MYSHA1Digest*)pubKeyDigest {
78 return [MYKeyEnumerator firstItemWithQuery:
79 $mdict({(id)kSecClass, (id)kSecClassKey},
80 {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPrivate},
81 {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData},
82 {(id)kSecReturnRef, $true})];
85 - (NSEnumerator*) enumerateKeyPairs {
86 NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
87 {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPrivate},
88 {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
89 {(id)kSecReturnRef, $true});
90 return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
93 - (MYCertificate*) certificateWithDigest: (MYSHA1Digest*)pubKeyDigest {
94 return [MYKeyEnumerator firstItemWithQuery:
95 $mdict({(id)kSecClass, (id)kSecClassCertificate},
96 {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData},
97 {(id)kSecReturnRef, $true})];
100 - (NSEnumerator*) enumerateCertificates {
101 NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassCertificate},
102 {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
103 {(id)kSecReturnRef, $true});
104 return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
107 - (NSEnumerator*) enumerateSymmetricKeys {
108 NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
109 {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassSymmetric},
110 {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
111 {(id)kSecReturnRef, $true});
112 return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
115 - (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias {
116 NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey},
117 {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassSymmetric},
118 {(id)kSecAttrApplicationTag, alias},
119 {(id)kSecMatchLimit, (id)kSecMatchLimitAll},
120 {(id)kSecReturnRef, $true});
121 return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease];
129 - (MYPublicKey*) importPublicKey: (NSData*)keyData {
130 return [[[MYPublicKey alloc] _initWithKeyData: keyData
135 - (MYCertificate*) importCertificate: (NSData*)data
138 NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassCertificate},
139 {(id)kSecValueData, data},
140 {(id)kSecReturnRef, $true} );
141 SecCertificateRef cert;
142 if (!check(SecItemAdd((CFDictionaryRef)info, (CFTypeRef*)&cert), @"SecItemAdd"))
144 return [[[MYCertificate alloc] initWithCertificateRef: cert] autorelease];
149 #pragma mark GENERATION:
152 - (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits
153 algorithm: (CCAlgorithm)algorithm
155 return [MYSymmetricKey _generateSymmetricKeyOfSize: keySizeInBits
156 algorithm: algorithm inKeychain: self];
159 - (MYKeyPair*) generateRSAKeyPairOfSize: (unsigned)keySize {
160 return [MYKeyPair _generateRSAKeyPairOfSize: keySize inKeychain: self];
170 @implementation MYKeyEnumerator
172 - (id) initWithQuery: (NSMutableDictionary*)query {
175 if (![query objectForKey: (id)kSecMatchLimit])
176 [query setObject: (id)kSecMatchLimitAll forKey: (id)kSecMatchLimit];
177 OSStatus err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef*)&_results);
178 if (err && err != errSecItemNotFound) {
179 check(err,@"SecItemCopyMatching");
183 if (_results) CFRetain(_results);
184 _itemClass = (CFTypeRef)[query objectForKey: (id)kSecClass];
185 if (_itemClass == kSecClassKey)
186 _itemClass = (CFTypeRef)[query objectForKey: (id)kSecAttrKeyClass];
187 if (_itemClass) CFRetain(_itemClass);
192 + (id) firstItemWithQuery: (NSMutableDictionary*)query {
193 MYKeyEnumerator *e = [[self alloc] initWithQuery: query];
194 MYKeychainItem *item = e.nextObject;
201 if (_itemClass) CFRelease(_itemClass);
202 if (_results) CFRelease(_results);
210 MYKeychainItem *next = nil;
211 for (; next==nil && _index < CFArrayGetCount(_results); _index++) {
212 CFTypeRef found = CFArrayGetValueAtIndex(_results, _index);
213 if (_itemClass == kSecAttrKeyClassPrivate) {
214 MYSHA1Digest *digest = [MYPublicKey _digestOfKey: (SecKeyRef)found];
216 MYPublicKey *publicKey = [[MYKeychain defaultKeychain] publicKeyWithDigest: digest];
218 next = [[[MYKeyPair alloc] initWithPublicKeyRef: publicKey.keyRef
219 privateKeyRef: (SecKeyRef)found]
222 // The matching public key won't turn up if it's embedded in a certificate;
223 // I'd have to search for certs if I wanted to look that up. Skip it for now.
224 //Warn(@"Couldn't find matching public key for private key!");
228 } else if (_itemClass == kSecAttrKeyClassPublic) {
229 next = [[[MYPublicKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease];
231 } else if (_itemClass == kSecAttrKeyClassSymmetric) {
232 next = [[[MYSymmetricKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease];
234 } else if (_itemClass == kSecClassCertificate) {
235 next = [[[MYCertificate alloc] initWithCertificateRef: (SecCertificateRef)found] autorelease];
246 #endif USE_IPHONE_API
250 Copyright (c) 2009, Jens Alfke <jens@mooseyard.com>. All rights reserved.
252 Redistribution and use in source and binary forms, with or without modification, are permitted
253 provided that the following conditions are met:
255 * Redistributions of source code must retain the above copyright notice, this list of conditions
256 and the following disclaimer.
257 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions
258 and the following disclaimer in the documentation and/or other materials provided with the
261 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
262 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
263 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI-
264 BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
265 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
266 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
267 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
268 THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.