5 // Created by Jens Alfke on 4/1/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import "MYPublicKey.h"
10 #import "MYPrivateKey.h"
11 #import "MYKeychain.h"
13 #import "MYIdentity.h"
14 #import "MYCrypto_Private.h"
20 #pragma mark KEYCHAIN:
23 TestCase(MYKeychain) {
24 MYKeychain *kc = [MYKeychain defaultKeychain];
25 Log(@"Default keychain = %@", kc);
27 #if !MYCRYPTO_USE_IPHONE_API
31 kc = [MYKeychain allKeychains];
32 Log(@"All-keychains = %@", kc);
34 #if !MYCRYPTO_USE_IPHONE_API
35 CAssertEq(kc.path,nil);
40 TestCase(EnumerateKeys) {
41 RequireTestCase(MYKeychain);
42 NSEnumerator *e = [[MYKeychain allKeychains] enumeratePublicKeys];
43 Log(@"Public Key Enumerator = %@", e);
45 for (MYPublicKey *key in e) {
46 Log(@"Found %@ -- name=%@", key, key.name);
49 e = [[MYKeychain allKeychains] enumeratePrivateKeys];
50 Log(@"Key-Pair Enumerator = %@", e);
52 for (MYPrivateKey *key in e) {
53 Log(@"Found %@ -- name=%@", key, key.name);
56 e = [[MYKeychain allKeychains] enumerateSymmetricKeys];
57 Log(@"Symmetric Key Enumerator = %@", e);
59 for (MYSymmetricKey *key in e) {
60 Log(@"Found %@ -- name=%@", key, key.name);
65 TestCase(EnumerateCerts) {
66 RequireTestCase(MYKeychain);
67 NSEnumerator *e = [[MYKeychain allKeychains] enumerateCertificates];
68 Log(@"Enumerator = %@", e);
70 for (MYCertificate *cert in e) {
71 //Log(@"Found %@ -- name=%@, email=%@", cert, cert.commonName, cert.emailAddresses);
75 TestCase(EnumerateIdentities) {
76 RequireTestCase(MYKeychain);
77 NSEnumerator *e = [[MYKeychain allKeychains] enumerateIdentities];
78 Log(@"Enumerator = %@", e);
80 for (MYIdentity *ident in e) {
81 Log(@"Found %@ -- name=%@, emails=(%@), key=%@",
82 ident, ident.commonName,
83 [ident.emailAddresses componentsJoinedByString: @", "],
90 #pragma mark SYMMETRIC KEYS:
93 static void testSymmetricKey( CCAlgorithm algorithm, unsigned sizeInBits ) {
94 NSAutoreleasePool *pool = [NSAutoreleasePool new];
95 Log(@"--- Testing %3u-bit #%i", sizeInBits, (int)algorithm);
97 MYSymmetricKey *key = [MYSymmetricKey generateSymmetricKeyOfSize: sizeInBits
98 algorithm: algorithm];
99 Log(@"Created %@", key);
101 CAssertEq(key.algorithm, algorithm);
102 CAssertEq(key.keySizeInBits, sizeInBits);
103 #if !TARGET_OS_IPHONE
104 CAssert(key.cssmKey != NULL);
107 NSData *keyData = key.keyData;
108 Log(@"Key data = %@", keyData);
109 CAssertEq(keyData.length, sizeInBits/8);
111 // Encrypt a small amount of text:
112 NSData *cleartext = [@"This is a test. This is only a test." dataUsingEncoding: NSUTF8StringEncoding];
113 NSData *encrypted = [key encryptData: cleartext];
114 Log(@"Encrypted = %u bytes: %@", encrypted.length, encrypted);
115 CAssert(encrypted.length >= cleartext.length);
116 NSData *decrypted = [key decryptData: encrypted];
117 CAssertEqual(decrypted, cleartext);
119 // Encrypt large binary data:
120 cleartext = [NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"];
122 encrypted = [key encryptData: cleartext];
123 Log(@"Encrypted = %u bytes", encrypted.length);
124 CAssert(encrypted.length >= cleartext.length);
125 decrypted = [key decryptData: encrypted];
126 CAssertEqual(decrypted, cleartext);
128 #if !TARGET_OS_IPHONE
129 // Try reconstituting the key from its data:
130 NSData *exported = [key exportKeyInFormat: kSecFormatWrappedPKCS8 withPEM: NO];
131 Log(@"Exported key: %@", exported);
132 // CAssert(exported);
133 //FIX: Exporting symmetric keys isn't working. Temporarily making this optional.
136 MYSymmetricKey *key2 = [[MYSymmetricKey alloc] initWithKeyData: exported algorithm: algorithm];
137 Log(@"Reconstituted as %@", key2);
138 CAssertEqual(key2,key);
139 decrypted = [key2 decryptData: encrypted];
140 CAssertEqual(decrypted, cleartext);
142 Warn(@"Unable to export key in PKCS8");
148 TestCase(MYSymmetricKey) {
150 static const CCAlgorithm kTestAlgorithms[kNTests] = {
151 kCCAlgorithmAES128, kCCAlgorithmAES128, kCCAlgorithmAES128,
152 kCCAlgorithmDES, kCCAlgorithm3DES,
153 kCCAlgorithmCAST, kCCAlgorithmCAST, kCCAlgorithmCAST,
154 kCCAlgorithmRC4, kCCAlgorithmRC4, kCCAlgorithmRC4};
156 static const unsigned kTestBitSizes[kNTests] = {
162 for (int i=0; i<kNTests; i++)
163 testSymmetricKey(kTestAlgorithms[i], kTestBitSizes[i]);
168 #pragma mark KEY-PAIRS:
171 TestCase(MYPrivateKey) {
172 RequireTestCase(MYKeychain);
174 Log(@"Generating key pair...");
175 MYPrivateKey *pair = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: 512];
176 Log(@"...created { %@ , %@ }.", pair, pair.publicKey);
178 CAssert(pair.keyRef);
179 MYPublicKey *publicKey = pair.publicKey;
180 CAssert(publicKey.keyRef);
183 NSData *pubKeyData = publicKey.keyData;
184 Log(@"Public key = %@ (%u bytes)",pubKeyData,pubKeyData.length);
187 MYSHA1Digest *pubKeyDigest = publicKey.publicKeyDigest;
188 Log(@"Public key digest = %@",pubKeyDigest);
189 CAssertEqual(pair.publicKeyDigest, pubKeyDigest);
191 Log(@"SHA1 of pub key = %@", pubKeyData.my_SHA1Digest.asData);
193 NSData *data = [@"This is a test. This is only a test!" dataUsingEncoding: NSUTF8StringEncoding];
194 NSData *sig = [pair signData: data];
195 Log(@"Signature = %@ (%u bytes)",sig,sig.length);
197 CAssert( [publicKey verifySignature: sig ofData: data] );
199 [pair setName: @"Test KeyPair Label"];
200 CAssertEqual(pair.name, @"Test KeyPair Label");
201 CAssertEqual(publicKey.name, @"Test KeyPair Label");
202 #if !TARGET_OS_IPHONE
203 [pair setComment: @"This key-pair was generated automatically by a test case."];
204 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
205 CAssertEqual(publicKey.comment, @"This key-pair was generated automatically by a test case.");
207 [pair setAlias: @"TestCase@mooseyard.com"];
208 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
209 CAssertEqual(publicKey.alias, @"TestCase@mooseyard.com");
211 // Test creating a standalone public key:
212 MYPublicKey *pub = [[MYPublicKey alloc] initWithKeyRef: publicKey.keyRef];
213 CAssert( [pub verifySignature: sig ofData: data] );
214 Log(@"Verified signature.");
216 // Test creating a public key from data:
217 Log(@"Reconstituting public key from data...");
218 pub = [[MYPublicKey alloc] initWithKeyData: pubKeyData];
220 CAssertEqual(pub.keyData, pubKeyData);
221 CAssertEqual(pub.publicKeyDigest, pubKeyDigest);
222 CAssert( [pub verifySignature: sig ofData: data] );
223 Log(@"Verified signature from reconstituted key.");
225 // Now let's encrypt...
226 NSData *crypted = [pub encryptData: data];
227 Log(@"Encrypted = %@ (%u bytes)",crypted,crypted.length);
230 CAssertEqual([pair decryptData: crypted], data);
231 Log(@"Verified decryption.");
233 CAssert([pair removeFromKeychain]);
234 Log(@"Removed key-pair.");
239 if ([pair removeFromKeychain])
240 Log(@"Removed key-pair from keychain.");
242 Warn(@"Unable to remove test key-pair from keychain");
250 #pragma mark KEYPAIR EXPORT:
253 static void testKeyPairExportWithPrompt(BOOL withPrompt) {
254 MYKeychain *keychain = [MYKeychain allKeychains];
255 Log(@"Generating key pair...");
256 MYPrivateKey *pair = [keychain generateRSAKeyPairOfSize: 512];
258 CAssert(pair.keyRef);
259 CAssert(pair.publicKey.keyRef);
260 Log(@"...created pair.");
263 NSData *pubKeyData = pair.publicKey.keyData;
264 CAssert(pubKeyData.length >= 512/8);
265 [pair setName: @"Test KeyPair Label"];
266 CAssertEqual(pair.name, @"Test KeyPair Label");
267 #if !TARGET_OS_IPHONE
268 [pair setComment: @"This key-pair was generated automatically by a test case."];
269 CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case.");
271 [pair setAlias: @"TestCase@mooseyard.com"];
272 CAssertEqual(pair.alias, @"TestCase@mooseyard.com");
274 #if !TARGET_OS_IPHONE
275 Log(@"Exporting key-pair...");
276 NSString *passphrase = @"passphrase";
279 privKeyData = [pair exportKey];
281 privKeyData = [pair _exportKeyInFormat: kSecFormatWrappedOpenSSL
283 passphrase: passphrase];
284 Log(@"Exported data = %@ (%u bytes)", privKeyData,privKeyData.length);
285 CAssert(privKeyData);
286 [privKeyData writeToFile: @"ExportedPrivKey" atomically: YES];
290 Log(@"Looking up public key of pair in keychain...");
291 MYSHA1Digest *digest = pair.publicKeyDigest;
292 MYPublicKey *foundKey = [keychain publicKeyWithDigest: digest];
293 CAssertEqual(foundKey, pair.publicKey);
294 CAssert([keychain.enumeratePublicKeys.allObjects containsObject: pair.publicKey]);
295 MYPrivateKey *foundPair = [keychain privateKeyWithDigest: digest];
296 CAssertEqual(foundPair, pair);
297 CAssert([keychain.enumeratePrivateKeys.allObjects containsObject: pair]);
299 Log(@"Removing key-pair from keychain...");
300 CAssert([pair removeFromKeychain]);
302 CAssert([keychain publicKeyWithDigest: digest] == nil);
304 #if !TARGET_OS_IPHONE
305 Log(@"Importing key-pair...");
307 pair = [keychain importPublicKey: pubKeyData
308 privateKey: privKeyData];
310 pair = [[[MYPrivateKey alloc] _initWithKeyData: privKeyData
311 publicKeyData: pubKeyData
312 forKeychain: keychain.keychainRefOrDefault
313 passphrase: passphrase]
317 CAssertEqual(pair.publicKey.keyData, pubKeyData);
321 if ([pair removeFromKeychain])
322 Log(@"Removed key-pair from keychain.");
324 Warn(@"Unable to remove test key-pair from keychain");
329 TestCase(KeyPairExport) {
330 RequireTestCase(MYKeychain);
331 RequireTestCase(MYPrivateKey);
332 testKeyPairExportWithPrompt(NO);
335 TestCase(KeyPairExportWithUI) {
336 RequireTestCase(KeyPairExport);
337 testKeyPairExportWithPrompt(YES);