snej@0: // snej@0: // MYKey.m snej@0: // MYCrypto snej@0: // snej@0: // Created by Jens Alfke on 3/21/09. snej@0: // Copyright 2009 Jens Alfke. All rights reserved. snej@0: // snej@0: snej@0: #import "MYKey.h" snej@0: #import "MYCrypto_Private.h" snej@0: #import "MYDigest.h" snej@0: #import "MYErrorUtils.h" snej@0: snej@2: #if !MYCRYPTO_USE_IPHONE_API snej@0: snej@0: snej@0: #pragma mark - snej@0: @implementation MYKey snej@0: snej@0: snej@0: - (id) initWithKeyRef: (SecKeyRef)key { snej@1: return [super initWithKeychainItemRef: (SecKeychainItemRef)key]; snej@0: } snej@0: jens@21: - (id) _initWithKeyData: (NSData*)keyData snej@0: forKeychain: (SecKeychainRef)keychain { jens@21: Assert(keyData!=nil); snej@0: SecKeyImportExportParameters params = {}; jens@23: SecKeyRef key = importKey(keyData, self.keyClass, keychain, ¶ms); snej@0: if (!key) { snej@0: [self release]; snej@0: return nil; snej@0: } snej@1: self = [self initWithKeyRef: key]; snej@0: CFRelease(key); jens@26: if (self) { jens@26: #if MYCRYPTO_USE_IPHONE_API jens@26: if (!keychain) jens@26: self.isPersistent = NO; jens@26: #endif jens@26: } snej@0: return self; snej@0: } snej@0: snej@0: - (id) initWithKeyData: (NSData*)data { snej@0: return [self _initWithKeyData: data forKeychain: nil]; snej@0: } snej@0: snej@0: snej@8: - (NSString*) description { snej@8: return $sprintf(@"%@[%@ /%p]", [self class], (self.name ?:@""), self.keychainItemRef); snej@8: } snej@8: jens@23: - (SecExternalItemType) keyClass { snej@0: AssertAbstractMethod(); snej@0: } snej@0: jens@23: #if MYCRYPTO_USE_IPHONE_API jens@23: - (SecExternalItemType) keyType { jens@23: return NULL; jens@23: } jens@23: #endif snej@0: snej@1: - (SecKeyRef) keyRef { snej@1: return (SecKeyRef) self.keychainItemRef; snej@0: } snej@0: snej@0: - (const CSSM_KEY*) cssmKey { snej@0: const CSSM_KEY *cssmKey = NULL; snej@2: Assert(check(SecKeyGetCSSMKey(self.keyRef, &cssmKey), @"SecKeyGetCSSMKey"), snej@2: @"Failed to get CSSM_KEY"); snej@0: return cssmKey; snej@0: } snej@0: snej@2: - (const CSSM_CSP_HANDLE) cssmCSPHandle { snej@2: CSSM_CSP_HANDLE cspHandle = 0; snej@2: Assert(check(SecKeyGetCSPHandle(self.keyRef, &cspHandle), @"SecKeyGetCSPHandle"), snej@2: @"Failed to get CSSM_CSP_HANDLE"); snej@2: return cspHandle; snej@2: } snej@2: snej@13: - (CSSM_ALGORITHMS) cssmAlgorithm { snej@13: return self.cssmKey->KeyHeader.AlgorithmId; snej@13: } snej@13: snej@2: - (const CSSM_ACCESS_CREDENTIALS*) cssmCredentialsForOperation: (CSSM_ACL_AUTHORIZATION_TAG)operation snej@2: type: (SecCredentialType)type snej@2: error: (NSError**)outError snej@2: { snej@2: const CSSM_ACCESS_CREDENTIALS *credentials = NULL; snej@2: OSStatus err = SecKeyGetCredentials(self.keyRef, snej@2: operation, snej@2: type, snej@2: &credentials); snej@2: if (!MYReturnError(outError, err,NSOSStatusErrorDomain, @"Couldn't get credentials for key")) snej@2: return NULL; snej@2: return credentials; snej@2: } snej@2: snej@13: - (SecExternalFormat) _externalFormat { snej@13: return kSecFormatRawKey; snej@13: } snej@13: snej@13: - (NSData*) keyData { snej@0: CFDataRef data = NULL; snej@13: if (check(SecKeychainItemExport(self.keyRef, self._externalFormat, 0, NULL, &data), snej@0: @"SecKeychainItemExport")) snej@0: return [(id)CFMakeCollectable(data) autorelease]; snej@0: else snej@0: return nil; snej@0: } snej@0: jens@26: - (unsigned) keySizeInBits { jens@26: const CSSM_KEY *key = self.cssmKey; jens@26: Assert(key); jens@26: return key->KeyHeader.LogicalKeySizeInBits; jens@26: } jens@26: snej@0: - (NSString*) name { snej@0: return [self stringValueOfAttribute: kSecKeyPrintName]; snej@0: } snej@0: snej@0: - (void) setName: (NSString*)name { snej@0: [self setValue: name ofAttribute: kSecKeyPrintName]; snej@0: } snej@0: snej@0: - (NSString*) comment { snej@0: return [self stringValueOfAttribute: kSecKeyApplicationTag]; snej@0: } snej@0: snej@0: - (void) setComment: (NSString*)comment { snej@0: [self setValue: comment ofAttribute: kSecKeyApplicationTag]; snej@0: } snej@0: snej@0: - (NSString*) alias { snej@0: return [self stringValueOfAttribute: kSecKeyAlias]; snej@0: } snej@0: snej@0: - (void) setAlias: (NSString*)alias { snej@0: [self setValue: alias ofAttribute: kSecKeyAlias]; snej@0: } snej@0: snej@0: snej@0: #pragma mark - snej@0: #pragma mark UTILITY FUNCTIONS: snej@0: snej@0: snej@0: SecKeyRef importKey(NSData *data, snej@0: SecExternalItemType type, snej@0: SecKeychainRef keychain, snej@0: SecKeyImportExportParameters *params) { snej@14: SecExternalFormat inputFormat = (type==kSecItemTypeSessionKey) ?kSecFormatRawKey :kSecFormatUnknown; snej@0: CFArrayRef items = NULL; snej@0: snej@0: params->version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; snej@0: params->flags |= kSecKeyImportOnlyOne; snej@2: params->keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; snej@0: if (keychain) { snej@2: params->keyAttributes |= CSSM_KEYATTR_PERMANENT; snej@0: if (type==kSecItemTypeSessionKey) snej@0: params->keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT; snej@0: else if (type==kSecItemTypePublicKey) snej@14: params->keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP; snej@0: else if (type==kSecItemTypePrivateKey) snej@0: params->keyUsage = CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN; snej@0: } snej@0: if (!check(SecKeychainItemImport((CFDataRef)data, NULL, &inputFormat, &type, snej@0: 0, params, keychain, &items), snej@0: @"SecKeychainItemImport")) snej@0: return nil; snej@0: if (!items || CFArrayGetCount(items) != 1) snej@0: return nil; snej@0: SecKeyRef key = (SecKeyRef)CFRetain(CFArrayGetValueAtIndex(items,0)); snej@0: CFRelease(items); snej@0: return key; // caller must CFRelease snej@3: } snej@0: snej@0: snej@3: - (MYSHA1Digest*) _keyDigest { snej@3: MYSHA1Digest *digest = nil; snej@3: CSSM_DATA *keyDigest = NULL; snej@3: CSSM_CC_HANDLE context = [self _createPassThroughContext]; snej@3: if (context) { snej@3: if (checkcssm(CSSM_CSP_PassThrough(context, CSSM_APPLECSP_KEYDIGEST, NULL, (void**)&keyDigest), snej@3: @"CSSM_CSP_PassThrough")) { snej@3: if (keyDigest && keyDigest->Data) { snej@3: digest = [[[MYSHA1Digest alloc] initWithRawDigest: keyDigest->Data snej@3: length: keyDigest->Length] autorelease]; snej@3: } snej@3: } else { snej@3: SecKeyRef keyRef = self.keyRef; snej@3: // Note - CSSM_CSP_PassThrough fails on a couple of private keys I've seen; it seems to snej@3: // be ones that are either expired or don't have a matching public key at all (?) snej@3: Warn(@"Failed to get digest of SecKeyRef %p (name='%@' appTag='%@')", snej@3: keyRef, snej@3: self.name, snej@3: self.comment); snej@3: NSData *digestData = [[self class] _getAttribute: kSecKeyLabel snej@3: ofItem: (SecKeychainItemRef)keyRef]; snej@3: if (digestData) { snej@3: digest = (MYSHA1Digest*) [MYSHA1Digest digestFromDigestData: digestData]; snej@3: if (!digest) snej@3: Warn(@"Digest property of key %p was invalid SHA-1: %@", keyRef,digestData); snej@3: } snej@3: } snej@3: CSSM_DeleteContext(context); snej@3: } snej@3: return digest; snej@3: } snej@3: snej@3: snej@3: /** Asymmetric encryption/decryption; used by MYPublicKey and MYPrivateKey. */ snej@3: - (NSData*) _crypt: (NSData*)data operation: (BOOL)operation { snej@3: CAssert(data); snej@3: const CSSM_ACCESS_CREDENTIALS *credentials; snej@3: credentials = [self cssmCredentialsForOperation: (operation ?CSSM_ACL_AUTHORIZATION_ENCRYPT snej@3: :CSSM_ACL_AUTHORIZATION_DECRYPT) snej@3: type: kSecCredentialTypeDefault snej@3: error: nil]; snej@3: if (!credentials) snej@3: return nil; snej@3: snej@3: CSSM_CC_HANDLE ccHandle; snej@3: if (!checkcssm(CSSM_CSP_CreateAsymmetricContext(self.cssmCSPHandle, snej@3: CSSM_ALGID_RSA, snej@3: credentials, snej@3: self.cssmKey, snej@3: CSSM_PADDING_PKCS1, snej@3: &ccHandle), snej@3: @"CSSM_CSP_CreateAsymmetricContext")) snej@3: return nil; snej@3: snej@3: CSSM_DATA original = {data.length, (void*)data.bytes}; snej@3: CSSM_DATA result = {}; snej@3: size_t outputLength; snej@3: BOOL ok; snej@3: if (operation) snej@3: ok = checkcssm(CSSM_EncryptData(ccHandle, &original, 1, &result, 1, &outputLength, &result), snej@3: @"CSSM_EncryptData"); snej@3: else snej@3: ok = checkcssm(CSSM_DecryptData(ccHandle, &original, 1, &result, 1, &outputLength, &result), snej@3: @"CSSM_DecryptData"); snej@3: CSSM_DeleteContext(ccHandle); snej@3: return ok ?[NSData dataWithBytesNoCopy: result.Data length: outputLength freeWhenDone: YES] :nil; snej@3: } snej@3: snej@3: snej@3: - (CSSM_CC_HANDLE) _createSignatureContext: (CSSM_ALGORITHMS)algorithm { snej@3: const CSSM_ACCESS_CREDENTIALS *credentials; snej@3: credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_SIGN snej@3: type: kSecCredentialTypeDefault snej@3: error: nil]; snej@3: if (credentials) { snej@3: CSSM_CC_HANDLE ccHandle = 0; snej@3: if (checkcssm(CSSM_CSP_CreateSignatureContext(self.cssmCSPHandle, snej@3: algorithm, snej@3: credentials, snej@3: self.cssmKey, snej@3: &ccHandle), snej@3: @"CSSM_CSP_CreateSignatureContext") ) snej@3: return ccHandle; snej@3: } snej@3: return 0; snej@3: } snej@3: snej@3: - (CSSM_CC_HANDLE) _createPassThroughContext snej@3: { snej@3: CSSM_CC_HANDLE ccHandle = 0; snej@3: if (checkcssm(CSSM_CSP_CreatePassThroughContext(self.cssmCSPHandle, self.cssmKey, &ccHandle), snej@3: @"CSSM_CSP_CreatePassThroughContext") ) snej@3: return ccHandle; snej@3: else snej@3: return 0; snej@3: } snej@3: snej@3: snej@3: @end snej@3: snej@2: #endif MYCRYPTO_USE_IPHONE_API snej@0: snej@0: snej@0: snej@0: /* snej@0: Copyright (c) 2009, Jens Alfke . All rights reserved. snej@0: snej@0: Redistribution and use in source and binary forms, with or without modification, are permitted snej@0: provided that the following conditions are met: snej@0: snej@0: * Redistributions of source code must retain the above copyright notice, this list of conditions snej@0: and the following disclaimer. snej@0: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions snej@0: and the following disclaimer in the documentation and/or other materials provided with the snej@0: distribution. snej@0: snej@0: THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR snej@0: IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND snej@0: FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- snej@0: BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES snej@0: (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR snej@0: PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN snej@0: CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF snej@0: THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. snej@0: */