snej@0: // snej@0: // Cryptor.m snej@0: // MYCrypto snej@0: // snej@0: // Created by Jens Alfke on 3/21/09. snej@0: // Copyright 2009 Jens Alfke. All rights reserved. snej@0: // snej@0: snej@0: #import "MYCryptor.h" snej@0: #import "MYDigest.h" snej@0: #import "Test.h" snej@0: snej@2: #if MYCRYPTO_USE_IPHONE_API snej@0: #import snej@0: #else snej@0: #import "MYCrypto_Private.h" snej@0: #import "MYKeychain.h" snej@0: #import snej@0: #endif snej@0: snej@0: snej@0: NSString* const CryptorErrorDomain = @"CCCryptor"; snej@0: snej@2: #if !MYCRYPTO_USE_IPHONE_API snej@0: static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes); snej@0: #endif snej@0: snej@0: snej@0: @interface MYCryptor () snej@0: @property (readwrite, retain) NSError *error; snej@0: @end snej@0: snej@0: snej@0: snej@0: @implementation MYCryptor snej@0: snej@0: snej@2: + (NSData*) randomKeyOfLength: (size_t)lengthInBits { snej@2: size_t lengthInBytes = (lengthInBits + 7)/8; snej@2: NSParameterAssert(lengthInBytes<100000); snej@2: uint8_t *bytes = malloc(lengthInBytes); snej@0: if (!bytes) return nil; snej@2: #if MYCRYPTO_USE_IPHONE_API snej@2: BOOL ok = SecRandomCopyBytes(kSecRandomDefault, lengthInBytes,bytes) >= 0; snej@0: #else snej@2: BOOL ok = generateRandomBytes([[MYKeychain defaultKeychain] CSPHandle], lengthInBytes, bytes); snej@0: #endif snej@0: if (ok) snej@2: return [NSData dataWithBytesNoCopy: bytes length: lengthInBytes freeWhenDone: YES]; snej@0: else { snej@0: free(bytes); snej@0: return nil; snej@0: } snej@0: } snej@0: snej@2: + (NSData*) keyOfLength: (size_t)lengthInBits snej@2: fromPassphrase: (NSString*)passphrase snej@2: salt: (id)salt snej@0: { snej@3: // This follows algorithm PBKDF1 from PKCS#5 v2.0, with Hash=SHA-256 and c=13. snej@2: Assert(passphrase); snej@2: Assert(salt); snej@2: passphrase = $sprintf(@"MYCrypto|%@|%@", passphrase, salt); snej@0: size_t lengthInBytes = (lengthInBits + 7)/8; snej@0: MYDigest *digest = [[passphrase dataUsingEncoding: NSUTF8StringEncoding] my_SHA256Digest]; snej@3: for (int i=0; i<12; i++) snej@3: digest = digest.asData.my_SHA256Digest; snej@0: if (lengthInBytes <= digest.length) snej@0: return [digest.asData subdataWithRange: NSMakeRange(0,lengthInBytes)]; snej@0: else snej@0: return nil; snej@0: } snej@0: snej@0: snej@0: - (id) initWithKey: (NSData*)key snej@0: algorithm: (CCAlgorithm)algorithm snej@0: operation: (CCOperation)op { snej@0: self = [super init]; snej@0: if (self) { snej@0: NSParameterAssert(key); snej@0: _key = [key copy]; snej@0: _operation = op; snej@0: _algorithm = algorithm; snej@0: _options = kCCOptionPKCS7Padding; snej@0: } snej@0: return self; snej@0: } snej@0: snej@0: - (id) initEncryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm { snej@0: return [self initWithKey: key algorithm: algorithm operation: kCCEncrypt]; snej@0: } snej@0: snej@0: - (id) initDecryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm { snej@0: return [self initWithKey: key algorithm: algorithm operation: kCCDecrypt]; snej@0: } snej@0: snej@0: - (void) dealloc snej@0: { snej@0: if (_cryptor) snej@0: CCCryptorRelease(_cryptor); snej@0: [_key autorelease]; snej@0: [_output autorelease]; snej@0: [_outputStream release]; snej@0: [super dealloc]; snej@0: } snej@0: snej@2: - (void) finalize snej@2: { snej@2: if (_cryptor) snej@2: CCCryptorRelease(_cryptor); snej@2: [super finalize]; snej@2: } snej@2: snej@0: snej@0: @synthesize key=_key, algorithm=_algorithm, options=_options, snej@0: outputStream=_outputStream, error=_error; snej@0: snej@0: snej@0: - (BOOL) _check: (CCCryptorStatus)status { snej@0: if (status == kCCSuccess) snej@0: return YES; snej@0: else { snej@0: Warn(@"MYCryptor: CCCryptor error %i", status); snej@0: self.error = [NSError errorWithDomain: CryptorErrorDomain code: status userInfo: nil]; snej@0: return NO; snej@0: } snej@0: } snej@0: snej@0: snej@0: - (BOOL) _outputBytes: (const void*)bytes length: (size_t)length { snej@0: if (_outputStream) { snej@3: size_t written = [_outputStream write: bytes maxLength: length]; snej@0: if (written < 0) { snej@0: self.error = _outputStream.streamError; snej@0: if (_error) snej@0: Warn(@"MYCryptor: NSOutputStream error %@", _error); snej@0: else snej@0: [self _check: kMYCryptorErrorOutputStreamChoked]; snej@0: return NO; snej@0: } else if (written < length) { snej@0: [self _check: kMYCryptorErrorOutputStreamChoked]; snej@0: return NO; snej@0: } snej@0: } else if (length > 0) { snej@0: [_output appendBytes: bytes length: length]; snej@0: } snej@0: return YES; snej@0: } snej@0: snej@0: snej@0: - (BOOL) _start { snej@0: if (!_cryptor && !_error) { snej@0: if ([self _check: CCCryptorCreate(_operation, _algorithm, _options, snej@0: _key.bytes, _key.length, NULL, &_cryptor)]) { snej@0: _output = [[NSMutableData alloc] initWithCapacity: 1024]; snej@0: } snej@0: } snej@0: return !_error; snej@0: } snej@0: snej@0: snej@0: - (BOOL) addBytes: (const void*)bytes length: (size_t)length { snej@0: if (length > 0) { snej@0: NSParameterAssert(bytes!=NULL); snej@0: if(!_error && (_cryptor || [self _start])) { snej@0: size_t outputLength = CCCryptorGetOutputLength(_cryptor,length,false); snej@0: void *output = malloc(outputLength); snej@0: if ([self _check: CCCryptorUpdate(_cryptor, bytes, length, snej@0: output, outputLength, &outputLength)]) { snej@0: [self _outputBytes: output length: outputLength]; snej@0: } snej@0: free(output); snej@0: } snej@0: } snej@0: return !_error; snej@0: } snej@0: snej@0: - (BOOL) addData: (NSData*)data snej@0: { snej@0: return [self addBytes: data.bytes length: data.length]; snej@0: } snej@0: snej@0: - (BOOL) addString: (NSString*)str { snej@0: return [self addData: [str dataUsingEncoding: NSUTF8StringEncoding]]; snej@0: } snej@0: snej@0: snej@0: - (BOOL) addFromStream: (NSInputStream*)input snej@0: { snej@0: uint8_t inputBuffer[1024]; snej@0: size_t avail; snej@0: while (!_error && input.hasBytesAvailable) { snej@0: avail = sizeof(inputBuffer); snej@0: NSInteger nRead = [input read: inputBuffer maxLength: sizeof(inputBuffer)]; snej@0: if (nRead < 0) { snej@0: self.error = input.streamError; snej@0: return NO; snej@0: } else if (nRead == 0) { snej@0: break; snej@0: } else if (![self addBytes: inputBuffer length: nRead]) snej@0: return NO; snej@0: } snej@0: return YES; snej@0: } snej@0: snej@0: snej@0: - (BOOL) finish snej@0: { snej@0: if(!_error && (_cryptor || [self _start])) { snej@0: size_t outputLength = 100; //CCCryptorGetOutputLength(_cryptor,1,true); snej@0: void *output = malloc(outputLength); snej@0: if ([self _check: CCCryptorFinal(_cryptor, output, outputLength, &outputLength)]) { snej@0: [self _outputBytes: output length: outputLength]; snej@0: } snej@0: free(output); snej@0: } snej@0: CCCryptorRelease(_cryptor); snej@0: _cryptor = NULL; snej@0: return !_error; snej@0: } snej@0: snej@0: snej@0: - (NSData*) outputData { snej@0: if (_cryptor) [self finish]; snej@0: if(_error) { snej@0: [_output release]; snej@0: _output = nil; snej@0: } snej@0: return _output; snej@0: } snej@0: snej@0: - (NSString*) outputString { snej@0: NSData *output = self.outputData; snej@0: if (output) { snej@0: NSString *str = [[NSString alloc] initWithData: output encoding: NSUTF8StringEncoding]; snej@0: return [str autorelease]; snej@0: } else snej@0: return nil; snej@0: } snej@0: snej@0: snej@0: // NSStream delegate method snej@0: - (void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode { snej@0: switch (eventCode) { snej@0: case NSStreamEventHasBytesAvailable: snej@0: [self addFromStream: (NSInputStream*)stream]; snej@0: break; snej@0: case NSStreamEventEndEncountered: snej@0: [self finish]; snej@0: break; snej@0: case NSStreamEventErrorOccurred: snej@0: if (!_error) snej@0: self.error = stream.streamError; snej@0: break; snej@0: default: snej@0: break; snej@0: } snej@0: } snej@0: snej@0: snej@0: snej@0: @end snej@0: snej@0: snej@0: snej@0: snej@2: #if !MYCRYPTO_USE_IPHONE_API snej@0: static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes) { snej@0: // Adapted from code in Keychain.framework's KeychainUtils.m by Wade Tregaskis. snej@0: CSSM_CC_HANDLE ccHandle; snej@0: if (!checkcssm(CSSM_CSP_CreateRandomGenContext(module, CSSM_ALGID_APPLE_YARROW, NULL, snej@0: lengthInBytes, &ccHandle), snej@0: @"CSSM_CSP_CreateRandomGenContext")) snej@0: return NO; snej@0: CSSM_DATA data = {.Data=dstBytes, .Length=lengthInBytes}; snej@0: BOOL ok = checkcssm(CSSM_GenerateRandom(ccHandle, &data), @"CSSM_GenerateRandom"); snej@0: CSSM_DeleteContext(ccHandle); snej@0: return ok; snej@0: } snej@0: #endif snej@0: snej@0: snej@0: snej@0: snej@0: TestCase(MYCryptor) { snej@0: // Encryption: snej@2: NSData *key = [MYCryptor randomKeyOfLength: 256]; snej@0: Log(@"Key = %@",key); snej@0: MYCryptor *enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128]; snej@0: CAssert(enc); snej@0: CAssert([enc addString: @"This is a test. "]); snej@0: CAssert([enc addString: @"This is only a test."]); snej@0: CAssertEqual(enc.error, nil); snej@0: NSData *encrypted = enc.outputData; snej@0: CAssertEqual(enc.error, nil); snej@0: CAssert(encrypted.length > 0); snej@0: [enc release]; snej@0: Log(@"Encrypted = %@", encrypted); snej@0: snej@0: // Decryption: snej@0: MYCryptor *dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128]; snej@0: CAssert(dec); snej@0: CAssert([dec addData: encrypted]); snej@0: NSString *decrypted = dec.outputString; snej@0: CAssertEqual(dec.error, nil); snej@0: [dec release]; snej@0: Log(@"Decrypted = '%@'", decrypted); snej@0: CAssertEqual(decrypted, @"This is a test. This is only a test."); snej@0: snej@0: // Encryption to stream: snej@2: key = [MYCryptor randomKeyOfLength: 256]; snej@0: Log(@"Key = %@",key); snej@0: enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128]; snej@0: CAssert(enc); snej@0: enc.outputStream = [NSOutputStream outputStreamToMemory]; snej@0: [enc.outputStream open]; snej@0: CAssert([enc addString: @"This is a test. "]); snej@0: CAssert([enc addString: @"This is only a test."]); snej@0: CAssert([enc finish]); snej@0: CAssertEqual(enc.error, nil); snej@0: encrypted = [[enc.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey] retain]; snej@0: CAssert(encrypted.length > 0); snej@0: [enc release]; snej@0: Log(@"Encrypted = %@", encrypted); snej@0: snej@0: dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128]; snej@0: CAssert(dec); snej@0: dec.outputStream = [NSOutputStream outputStreamToMemory]; snej@0: [dec.outputStream open]; snej@0: CAssert([dec addData: encrypted]); snej@0: CAssert([dec finish]); snej@0: CAssertEqual(dec.error, nil); snej@0: NSData *decryptedData = [dec.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey]; snej@0: [dec release]; snej@0: decrypted = [[NSString alloc] initWithData: decryptedData snej@0: encoding: NSUTF8StringEncoding]; snej@0: Log(@"Decrypted = '%@'", decrypted); snej@0: CAssertEqual(decrypted, @"This is a test. This is only a test."); snej@0: [encrypted release]; snej@0: [decrypted release]; snej@0: } snej@14: snej@14: snej@14: snej@14: /* snej@14: Copyright (c) 2009, Jens Alfke . All rights reserved. snej@14: snej@14: Redistribution and use in source and binary forms, with or without modification, are permitted snej@14: provided that the following conditions are met: snej@14: snej@14: * Redistributions of source code must retain the above copyright notice, this list of conditions snej@14: and the following disclaimer. snej@14: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions snej@14: and the following disclaimer in the documentation and/or other materials provided with the snej@14: distribution. snej@14: snej@14: THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR snej@14: IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND snej@14: FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- snej@14: BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES snej@14: (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR snej@14: PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN snej@14: CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF snej@14: THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. snej@14: */