snej@0: // snej@0: // MYPublicKey.m snej@0: // MYCrypto snej@0: // snej@0: // Created by Jens Alfke on 3/21/09. snej@0: // Copyright 2009 Jens Alfke. All rights reserved. snej@0: // snej@0: snej@0: #import "MYPublicKey.h" snej@0: #import "MYCrypto_Private.h" snej@0: #import "MYDigest.h" jens@21: #import "MYASN1Object.h" jens@21: #import "MYDEREncoder.h" jens@21: #import "MYBERParser.h" snej@0: #import "MYErrorUtils.h" snej@0: #import snej@0: snej@0: jens@26: @interface MYPublicKey () jens@26: @property (retain) MYCertificate *certificate; jens@26: @end jens@26: jens@26: snej@0: #pragma mark - snej@0: @implementation MYPublicKey snej@0: snej@0: jens@21: - (id) initWithModulus: (NSData*)modulus exponent: (unsigned)exponent { jens@21: // An RSA key is encoded in ASN.1 as a sequence of modulus and exponent, both as integers. jens@21: MYASN1BigInteger *modulusInt = [[MYASN1BigInteger alloc] initWithUnsignedData: modulus]; jens@21: id asn1 = $array( modulusInt, $object(exponent) ); jens@21: [modulusInt release]; jens@21: NSData *keyData = [MYDEREncoder encodeRootObject: asn1 error: nil]; jens@21: return [self initWithKeyData: keyData]; jens@21: } jens@21: snej@0: - (void) dealloc snej@0: { snej@0: [_digest release]; snej@0: [super dealloc]; snej@0: } snej@0: jens@26: @synthesize certificate=_certificate; jens@26: jens@23: - (SecExternalItemType) keyClass { snej@3: #if MYCRYPTO_USE_IPHONE_API snej@3: return kSecAttrKeyClassPublic; snej@3: #else snej@0: return kSecItemTypePublicKey; snej@3: #endif snej@0: } snej@3: jens@23: #if MYCRYPTO_USE_IPHONE_API jens@23: - (SecExternalItemType) keyType { jens@23: return kSecAttrKeyTypeRSA; jens@23: } jens@23: #endif jens@23: snej@0: - (NSUInteger)hash { snej@0: return self.publicKeyDigest.hash; snej@0: } snej@0: snej@0: - (NSString*) description { snej@0: return $sprintf(@"%@[%@]", [self class], self.publicKeyDigest.abbreviatedHexString); snej@0: } snej@0: snej@0: - (MYSHA1Digest*) publicKeyDigest { snej@0: if (!_digest) snej@3: _digest = [[self _keyDigest] retain]; snej@0: return _digest; snej@0: } snej@0: jens@26: #if MYCRYPTO_USE_IPHONE_API jens@26: - (NSData*) keyData { jens@26: if (_certificate) { jens@26: return _certificate.info.subjectPublicKeyData; jens@26: } else { jens@26: return [super keyData]; jens@26: } jens@26: } jens@26: #endif jens@26: snej@3: #if !MYCRYPTO_USE_IPHONE_API snej@13: - (SecExternalFormat) _externalFormat { snej@14: return kSecFormatBSAFE; snej@0: } snej@3: #endif snej@0: snej@0: jens@21: - (BOOL) getModulus: (NSData**)outModulus exponent: (unsigned*)outExponent { jens@21: Assert(outModulus!=nil); jens@21: Assert(outExponent!=nil); jens@21: NSArray *asn1 = $castIf(NSArray, MYBERParse(self.keyData, nil)); jens@21: if (!asn1 || asn1.count != 2) jens@21: return NO; jens@21: *outModulus = $castIf(MYASN1BigInteger, [asn1 objectAtIndex: 0]).unsignedData; jens@21: *outExponent = $castIf(NSNumber, [asn1 objectAtIndex: 1]).unsignedIntValue; jens@21: return (*outModulus!=nil && *outExponent>=3); jens@21: } jens@21: jens@21: snej@13: - (NSData*) rawEncryptData: (NSData*)data { snej@3: return [self _crypt: data operation: YES]; snej@0: } snej@0: snej@0: snej@0: - (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data { snej@0: Assert(data); snej@0: Assert(signature); snej@1: snej@3: #if MYCRYPTO_USE_IPHONE_API snej@3: uint8_t digest[CC_SHA1_DIGEST_LENGTH]; snej@3: CC_SHA1(data.bytes,data.length, digest); snej@3: OSStatus err = SecKeyRawVerify(self.keyRef, kSecPaddingPKCS1SHA1, snej@3: digest,sizeof(digest), //data.bytes, data.length, snej@3: signature.bytes, signature.length); snej@3: return err==noErr; snej@3: snej@3: #else jens@17: CSSM_CC_HANDLE ccHandle = [self _createSignatureContext: CSSM_ALGID_SHA1WithRSA]; snej@0: if (!ccHandle) return NO; snej@0: CSSM_DATA original = {data.length, (void*)data.bytes}; snej@0: CSSM_DATA sig = {signature.length, (void*)signature.bytes}; snej@0: CSSM_RETURN cssmErr = CSSM_VerifyData(ccHandle, &original, 1, CSSM_ALGID_NONE, &sig); snej@0: CSSM_DeleteContext(ccHandle); snej@0: if (cssmErr == CSSM_OK) snej@0: return YES; snej@0: if (cssmErr != CSSMERR_CSP_VERIFY_FAILED) snej@0: Warn(@"CSSM error verifying signature: %u", MYErrorName(MYCSSMErrorDomain,cssmErr)); snej@0: return NO; snej@3: #endif snej@0: } snej@0: snej@0: snej@4: #if !TARGET_OS_IPHONE snej@4: - (CSSM_WRAP_KEY*) _unwrappedCSSMKey { snej@4: const CSSM_KEY *key = self.cssmKey; snej@4: snej@4: if (key->KeyHeader.BlobType == CSSM_KEYBLOB_WRAPPED) { snej@4: Warn(@"Key is already wrapped.\n"); snej@4: return NULL; snej@4: } snej@4: snej@4: if (key->KeyHeader.KeyClass != CSSM_KEYCLASS_PUBLIC_KEY) snej@4: Warn(@"Warning: Null wrapping a non-public key - this is a dangerous operation.\n"); snej@4: snej@4: const CSSM_ACCESS_CREDENTIALS* credentials; snej@4: credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED snej@4: type: kSecCredentialTypeDefault error: nil]; snej@4: CSSM_CC_HANDLE ccHandle; snej@4: if (!checkcssm(CSSM_CSP_CreateSymmetricContext(self.cssmCSPHandle, snej@4: CSSM_ALGID_NONE, CSSM_ALGMODE_WRAP, snej@4: NULL, NULL, NULL, snej@4: CSSM_PADDING_NONE, NULL, snej@4: &ccHandle), snej@4: @"CSSM_CSP_CreateSymmetricContext")) snej@4: return NULL; snej@4: snej@4: CSSM_WRAP_KEY *result = malloc(sizeof(CSSM_WRAP_KEY)); snej@4: if (!checkcssm(CSSM_WrapKey(ccHandle, credentials, key, NULL, result), snej@4: @"CSSM_WrapKey")) { snej@4: free(result); snej@4: result = NULL; snej@4: } snej@4: CSSM_DeleteContext(ccHandle); snej@4: return result; snej@4: } snej@13: snej@13: snej@13: - (NSData*) wrapSessionKey: (MYSymmetricKey*)sessionKey { snej@13: const CSSM_ACCESS_CREDENTIALS* credentials; snej@13: credentials = [self cssmCredentialsForOperation: CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED snej@13: type: kSecCredentialTypeDefault error: nil]; snej@13: CSSM_CSP_HANDLE cspHandle = self.cssmCSPHandle; snej@13: CSSM_CC_HANDLE ctx; snej@13: if (!checkcssm(CSSM_CSP_CreateAsymmetricContext(cspHandle, snej@13: self.cssmAlgorithm, snej@13: credentials, snej@13: self.cssmKey, snej@13: CSSM_PADDING_PKCS1, snej@13: &ctx), snej@13: @"CSSM_CSP_CreateAsymmetricContext")) snej@13: return nil; snej@14: snej@13: // Now wrap the key: snej@13: NSData *result = nil; snej@13: CSSM_WRAP_KEY wrappedKey = {}; snej@14: CSSM_DATA descriptiveData = {}; snej@14: if (checkcssm(CSSM_WrapKey(ctx, credentials, sessionKey.cssmKey, &descriptiveData, &wrappedKey), snej@13: @"CSSM_WrapKey")) { snej@13: // ...and copy the wrapped key data to the result NSData: snej@13: result = [NSData dataWithBytes: wrappedKey.KeyData.Data length: wrappedKey.KeyData.Length]; snej@13: CSSM_FreeKey(cspHandle, credentials, &wrappedKey, NO); snej@13: } snej@13: // Finally, delete the context snej@13: CSSM_DeleteContext(ctx); snej@13: return result; snej@13: } snej@13: snej@13: snej@4: #endif snej@4: snej@4: snej@0: @end snej@0: snej@0: snej@0: snej@0: /* snej@0: Copyright (c) 2009, Jens Alfke . All rights reserved. snej@0: snej@0: Redistribution and use in source and binary forms, with or without modification, are permitted snej@0: provided that the following conditions are met: snej@0: snej@0: * Redistributions of source code must retain the above copyright notice, this list of conditions snej@0: and the following disclaimer. snej@0: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions snej@0: and the following disclaimer in the documentation and/or other materials provided with the snej@0: distribution. snej@0: snej@0: THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR snej@0: IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND snej@0: FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- snej@0: BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES snej@0: (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR snej@0: PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN snej@0: CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF snej@0: THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. snej@0: */