snej@0: // snej@0: // KeyPair.m snej@0: // MYCrypto snej@0: // snej@0: // Created by Jens Alfke on 3/21/09. snej@0: // Copyright 2009 Jens Alfke. All rights reserved. snej@0: // snej@0: snej@0: #import "MYKeyPair.h" snej@0: #import "MYCrypto_Private.h" snej@0: #import snej@0: snej@0: #if !USE_IPHONE_API snej@0: snej@0: snej@0: #pragma mark - snej@0: snej@0: @implementation MYKeyPair snej@0: snej@0: snej@0: + (MYKeyPair*) _generateRSAKeyPairOfSize: (unsigned)keySize snej@0: inKeychain: (SecKeychainRef)keychain { snej@0: Assert( keySize == 512 || keySize == 1024 || keySize == 2048, @"Unsupported key size %u", keySize ); snej@0: SecKeyRef pubKey=NULL, privKey=NULL; snej@0: OSStatus err; snej@0: err = SecKeyCreatePair(keychain, CSSM_ALGID_RSA, keySize, 0LL, snej@0: CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY, // public key snej@0: CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, snej@0: CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN, // private key snej@0: CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_PERMANENT, snej@0: NULL, // SecAccessRef snej@0: &pubKey, &privKey); snej@0: if (!check(err, @"SecKeyCreatePair")) { snej@0: return nil; snej@0: } else snej@0: return [[[self alloc] initWithPublicKeyRef: pubKey privateKeyRef: privKey] autorelease]; snej@0: } snej@0: snej@0: snej@0: - (id) initWithPublicKeyRef: (SecKeyRef)publicKey privateKeyRef: (SecKeyRef)privateKey { snej@0: self = [super initWithKeyRef: publicKey]; snej@0: if (self) { snej@0: NSParameterAssert(privateKey); snej@0: _privateKey = (SecKeyRef) CFRetain(privateKey); snej@0: } snej@0: return self; snej@0: } snej@0: snej@0: - (id) _initWithPublicKeyData: (NSData*)pubKeyData snej@0: privateKey: (SecKeyRef)privateKey snej@0: forKeychain: (SecKeychainRef)keychain { snej@0: if (!privateKey) { snej@0: [self release]; snej@0: return nil; snej@0: } snej@0: self = [self _initWithKeyData: pubKeyData forKeychain: keychain]; snej@0: if (self) { snej@0: _privateKey = privateKey; snej@0: } else { snej@0: SecKeychainItemDelete((SecKeychainItemRef)privateKey); snej@0: CFRelease(privateKey); snej@0: } snej@0: return self; snej@0: } snej@0: snej@0: snej@0: // The public API for this is in MYKeychain. snej@0: - (id) _initWithPublicKeyData: (NSData*)pubKeyData snej@0: privateKeyData: (NSData*)privKeyData snej@0: forKeychain: (SecKeychainRef)keychain snej@0: alertTitle: (NSString*)title snej@0: alertPrompt: (NSString*)prompt snej@0: { snej@0: // Try to import the private key first, since the user might cancel the passphrase alert. snej@0: SecKeyImportExportParameters params = { snej@0: .flags = kSecKeySecurePassphrase, snej@0: .alertTitle = (CFStringRef) title, snej@0: .alertPrompt = (CFStringRef) prompt snej@0: }; snej@0: SecKeyRef privateKey = importKey(privKeyData,kSecItemTypePrivateKey,keychain,¶ms); snej@0: return [self _initWithPublicKeyData: pubKeyData privateKey: privateKey forKeychain: keychain]; snej@0: } snej@0: snej@0: // This method is for testing, so unit-tests don't require user intervention. snej@0: // It's deliberately not made public, to discourage clients from trying to manage the passphrases snej@0: // themselves (this is less secure than letting the Security agent do it.) snej@0: - (id) _initWithPublicKeyData: (NSData*)pubKeyData snej@0: privateKeyData: (NSData*)privKeyData snej@0: forKeychain: (SecKeychainRef)keychain snej@0: passphrase: (NSString*)passphrase snej@0: { snej@0: SecKeyImportExportParameters params = { snej@0: .passphrase = (CFStringRef) passphrase, snej@0: }; snej@0: SecKeyRef privateKey = importKey(privKeyData,kSecItemTypePrivateKey,keychain,¶ms); snej@0: return [self _initWithPublicKeyData: pubKeyData privateKey: privateKey forKeychain: keychain]; snej@0: } snej@0: snej@0: snej@0: - (void) dealloc snej@0: { snej@0: if (_privateKey) CFRelease(_privateKey); snej@0: [super dealloc]; snej@0: } snej@0: snej@0: snej@0: - (NSUInteger)hash { snej@0: // Ensure that a KeyPair doesn't hash the same as its corresponding PublicKey: snej@0: return super.hash ^ 0xFFFFFFFF; snej@0: } snej@0: snej@0: snej@0: - (MYPublicKey*) asPublicKey { snej@0: return [[[MYPublicKey alloc] initWithKeyRef: self.keyRef] autorelease]; snej@0: } snej@0: snej@0: snej@0: - (NSData*) exportPrivateKeyInFormat: (SecExternalFormat)format snej@0: withPEM: (BOOL)withPEM snej@0: alertTitle: (NSString*)title snej@0: alertPrompt: (NSString*)prompt snej@0: { snej@0: SecKeyImportExportParameters params = { snej@0: .version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, snej@0: .flags = kSecKeySecurePassphrase, snej@0: .alertTitle = (CFStringRef)title, snej@0: .alertPrompt = (CFStringRef)prompt snej@0: }; snej@0: CFDataRef data = NULL; snej@0: if (check(SecKeychainItemExport(_privateKey, //$array((id)_publicKey,(id)_privateKey), snej@0: format, (withPEM ?kSecItemPemArmour :0), snej@0: ¶ms, &data), snej@0: @"SecKeychainItemExport")) snej@0: return [(id)CFMakeCollectable(data) autorelease]; snej@0: else snej@0: return nil; snej@0: } snej@0: snej@0: - (NSData*) exportPrivateKey { snej@0: return [self exportPrivateKeyInFormat: kSecFormatWrappedOpenSSL withPEM: YES snej@0: alertTitle: @"Export Private Key" snej@0: alertPrompt: @"Enter a passphrase to protect the private-key file.\n" snej@0: "You will need to re-enter the passphrase later when importing the key from this file, " snej@0: "so keep it in a safe place."]; snej@0: //FIX: Should make these messages localizable. snej@0: } snej@0: snej@0: snej@0: - (NSData*) _exportPrivateKeyInFormat: (SecExternalFormat)format snej@0: withPEM: (BOOL)withPEM snej@0: passphrase: (NSString*)passphrase snej@0: { snej@0: SecKeyImportExportParameters params = { snej@0: .version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, snej@0: .passphrase = (CFStringRef)passphrase snej@0: }; snej@0: CFDataRef data = NULL; snej@0: if (check(SecKeychainItemExport(_privateKey, snej@0: format, (withPEM ?kSecItemPemArmour :0), snej@0: ¶ms, &data), snej@0: @"SecKeychainItemExport")) snej@0: return [(id)CFMakeCollectable(data) autorelease]; snej@0: else snej@0: return nil; snej@0: } snej@0: snej@0: - (BOOL) removeFromKeychain { snej@0: return check(SecKeychainItemDelete((SecKeychainItemRef)_privateKey), @"delete private key") snej@0: && [super removeFromKeychain]; snej@0: } snej@0: snej@0: snej@1: - (SecKeyRef) privateKeyRef { snej@1: return _privateKey; snej@1: } snej@0: snej@0: snej@0: - (NSData*) decryptData: (NSData*)data { snej@0: return _crypt(_privateKey,data,kCCDecrypt); snej@0: } snej@0: snej@0: snej@0: - (NSData*) signData: (NSData*)data { snej@0: Assert(data); snej@1: uint8_t digest[CC_SHA256_DIGEST_LENGTH]; snej@1: CC_SHA256(data.bytes,data.length, digest); snej@1: snej@0: NSData *signature = nil; snej@0: CSSM_CC_HANDLE ccHandle = cssmCreateSignatureContext(_privateKey); snej@0: if (!ccHandle) return nil; snej@0: CSSM_DATA original = {data.length, (void*)data.bytes}; snej@0: CSSM_DATA result = {0,NULL}; snej@0: if (checkcssm(CSSM_SignData(ccHandle, &original, 1, CSSM_ALGID_NONE, &result), @"CSSM_SignData")) snej@0: signature = [NSData dataWithBytesNoCopy: result.Data length: result.Length snej@0: freeWhenDone: YES]; snej@0: CSSM_DeleteContext(ccHandle); snej@0: return signature; snej@0: } snej@0: snej@0: snej@0: - (BOOL) setValue: (NSString*)valueStr ofAttribute: (SecKeychainAttrType)attr { snej@0: return [super setValue: valueStr ofAttribute: attr] snej@0: && [[self class] _setAttribute: attr snej@0: ofItem: (SecKeychainItemRef)_privateKey snej@0: stringValue: valueStr]; snej@0: } snej@0: snej@0: snej@0: @end snej@0: snej@0: snej@0: #endif !USE_IPHONE_API snej@0: snej@0: snej@0: snej@0: snej@0: /* snej@0: Copyright (c) 2009, Jens Alfke . All rights reserved. snej@0: snej@0: Redistribution and use in source and binary forms, with or without modification, are permitted snej@0: provided that the following conditions are met: snej@0: snej@0: * Redistributions of source code must retain the above copyright notice, this list of conditions snej@0: and the following disclaimer. snej@0: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions snej@0: and the following disclaimer in the documentation and/or other materials provided with the snej@0: distribution. snej@0: snej@0: THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR snej@0: IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND snej@0: FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- snej@0: BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES snej@0: (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR snej@0: PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN snej@0: CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF snej@0: THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. snej@0: */