MYCrypto: MYPublicKey.m@df9da0f6b358

     1 //

     2 //  MYPublicKey.m

     3 //  MYCrypto

     4 //

     5 //  Created by Jens Alfke on 3/21/09.

     6 //  Copyright 2009 Jens Alfke. All rights reserved.

     7 //

     9 #import "MYPublicKey.h"

    10 #import "MYCrypto_Private.h"

    11 #import "MYDigest.h"

    12 #import "MYErrorUtils.h"

    13 #import <CommonCrypto/CommonDigest.h>

    16 #pragma mark -

    17 @implementation MYPublicKey

    20 - (void) dealloc

    21 {

    22     [_digest release];

    23     [super dealloc];

    24 }

    26 - (SecExternalItemType) keyType {

    27 #if MYCRYPTO_USE_IPHONE_API

    28     return kSecAttrKeyClassPublic;

    29 #else

    30     return kSecItemTypePublicKey;

    31 #endif

    32 }

    34 - (NSUInteger)hash {

    35     return self.publicKeyDigest.hash;

    36 }

    38 - (NSString*) description {

    39     return $sprintf(@"%@[%@]", [self class], self.publicKeyDigest.abbreviatedHexString);

    40 }

    42 - (MYSHA1Digest*) publicKeyDigest {

    43     if (!_digest)

    44         _digest = [[self _keyDigest] retain];

    45     return _digest;

    46 }

    48 #if !MYCRYPTO_USE_IPHONE_API

    49 - (SecExternalFormat) _externalFormat {

    50     return kSecFormatBSAFE;

    51 }

    52 #endif

    55 - (NSData*) rawEncryptData: (NSData*)data {

    56     return [self _crypt: data operation: YES];

    57 }

    60 - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data {

    61     Assert(data);

    62     Assert(signature);

    64 #if MYCRYPTO_USE_IPHONE_API

    65     uint8_t digest[CC_SHA1_DIGEST_LENGTH];

    66     CC_SHA1(data.bytes,data.length, digest);

    67     OSStatus err = SecKeyRawVerify(self.keyRef, kSecPaddingPKCS1SHA1,

    68                                    digest,sizeof(digest), //data.bytes, data.length,

    69                                    signature.bytes, signature.length);

    70     return err==noErr;

    72 #else

    73     CSSM_CC_HANDLE ccHandle = [self _createSignatureContext: CSSM_ALGID_SHA1WithRSA];

    74     if (!ccHandle) return NO;

    75     CSSM_DATA original = {data.length, (void*)data.bytes};

    76     CSSM_DATA sig = {signature.length, (void*)signature.bytes};

    77     CSSM_RETURN cssmErr = CSSM_VerifyData(ccHandle, &original, 1, CSSM_ALGID_NONE, &sig);

    78     CSSM_DeleteContext(ccHandle);

    79     if (cssmErr == CSSM_OK)

    80         return YES;

    81     if (cssmErr != CSSMERR_CSP_VERIFY_FAILED)

    82         Warn(@"CSSM error verifying signature: %u", MYErrorName(MYCSSMErrorDomain,cssmErr));

    83     return NO;

    84 #endif

    85 }

    88 #if !TARGET_OS_IPHONE

    89 - (CSSM_WRAP_KEY*) _unwrappedCSSMKey {

    90     const CSSM_KEY *key = self.cssmKey;

    92     if (key->KeyHeader.BlobType == CSSM_KEYBLOB_WRAPPED) {

    93         Warn(@"Key is already wrapped.\n");

    94         return NULL;

    95     }

    97     if (key->KeyHeader.KeyClass != CSSM_KEYCLASS_PUBLIC_KEY)

    98         Warn(@"Warning: Null wrapping a non-public key - this is a dangerous operation.\n");

   100     const CSSM_ACCESS_CREDENTIALS* credentials;

   101     credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED

   102                                                type: kSecCredentialTypeDefault error: nil];

   103     CSSM_CC_HANDLE ccHandle;

   104     if (!checkcssm(CSSM_CSP_CreateSymmetricContext(self.cssmCSPHandle,

   105                                                    CSSM_ALGID_NONE, CSSM_ALGMODE_WRAP,

   106                                                    NULL, NULL, NULL,

   107                                                    CSSM_PADDING_NONE, NULL,

   108                                                    &ccHandle),

   109                    @"CSSM_CSP_CreateSymmetricContext"))

   110         return NULL;

   112     CSSM_WRAP_KEY *result = malloc(sizeof(CSSM_WRAP_KEY));

   113     if (!checkcssm(CSSM_WrapKey(ccHandle, credentials, key, NULL, result),

   114                       @"CSSM_WrapKey")) {

   115         free(result);

   116         result = NULL;

   117     }

   118     CSSM_DeleteContext(ccHandle);

   119     return result;

   120 }

   123 - (NSData*) wrapSessionKey: (MYSymmetricKey*)sessionKey {

   124     const CSSM_ACCESS_CREDENTIALS* credentials;

   125     credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED

   126                                                type: kSecCredentialTypeDefault error: nil];

   127     CSSM_CSP_HANDLE cspHandle = self.cssmCSPHandle;

   128     CSSM_CC_HANDLE ctx;

   129     if (!checkcssm(CSSM_CSP_CreateAsymmetricContext(cspHandle,

   130                                                     self.cssmAlgorithm,

   131                                                     credentials,

   132                                                     self.cssmKey,

   133                                                     CSSM_PADDING_PKCS1,

   134                                                     &ctx),

   135                    @"CSSM_CSP_CreateAsymmetricContext"))

   136         return nil;

   138     // Now wrap the key:

   139     NSData *result = nil;

   140     CSSM_WRAP_KEY wrappedKey = {};

   141     CSSM_DATA descriptiveData = {};

   142     if (checkcssm(CSSM_WrapKey(ctx, credentials, sessionKey.cssmKey, &descriptiveData, &wrappedKey),

   143                   @"CSSM_WrapKey")) {

   144         // ...and copy the wrapped key data to the result NSData:

   145         result = [NSData dataWithBytes: wrappedKey.KeyData.Data length: wrappedKey.KeyData.Length];

   146         CSSM_FreeKey(cspHandle, credentials, &wrappedKey, NO);

   147     }

   148     // Finally, delete the context

   149     CSSM_DeleteContext(ctx);

   150     return result;

   151 }

   154 #endif

   157 @end

   161 /*

   162  Copyright (c) 2009, Jens Alfke <jens@mooseyard.com>. All rights reserved.

   164  Redistribution and use in source and binary forms, with or without modification, are permitted

   165  provided that the following conditions are met:

   167  * Redistributions of source code must retain the above copyright notice, this list of conditions

   168  and the following disclaimer.

   169  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions

   170  and the following disclaimer in the documentation and/or other materials provided with the

   171  distribution.

   173  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR

   174  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

   175  FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI-

   176  BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

   177  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

   178   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

   179  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF

   180  THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

   181  */

author	Jens Alfke <jens@mooseyard.com>
	Fri Jun 05 08:57:18 2009 -0700 (2009-06-05)
changeset 20	df9da0f6b358
parent 14	3af1d1c0ceb5
child 21	2c300b15b381
permissions	-rw-r--r--