# HG changeset patch # User snej@snej.local # Date 1238902923 25200 # Node ID 0a6527af039b29f4284cab7ae91ade96f96774bf Initial checkin. Passes tests on Mac and in iPhone simulator. diff -r 000000000000 -r 0a6527af039b .hgignore --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.hgignore Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,10 @@ +syntax: glob +.DS_Store +build +Documentation +Doxyfile +.svn +*.pbxuser +*.perspectivev3 +*.mpkg +*.framework diff -r 000000000000 -r 0a6527af039b MYCertificate-iPhone.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCertificate-iPhone.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,77 @@ +// +// MYCertificate-iPhone.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 3/30/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYCertificate.h" +#import "MYCrypto_Private.h" + +#if USE_IPHONE_API + + +@implementation MYCertificate + + +/** Creates a MYCertificate object for an existing Keychain certificate reference. */ +- (id) initWithCertificateRef: (SecCertificateRef)certificateRef { + self = [super initWithKeychainItemRef: (SecKeychainItemRef)certificateRef]; + if (self) { + _certificateRef = certificateRef; // superclass has already CFRetained it + } + return self; +} + +/** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */ +- (id) initWithCertificateData: (NSData*)data +{ + SecCertificateRef certificateRef = SecCertificateCreateWithData(NULL, (CFDataRef)data); + self = [self initWithCertificateRef: certificateRef]; + CFRelease(certificateRef); + return self; +} + + +@synthesize certificateRef=_certificateRef; + +- (NSData*) certificateData { + CFDataRef data = SecCertificateCopyData(_certificateRef); + return data ?[(id)CFMakeCollectable(data) autorelease] :nil; +} + +- (MYPublicKey*) publicKey { + SecTrustRef trust = NULL; + SecPolicyRef policy = SecPolicyCreateBasicX509(); + OSStatus err = SecTrustCreateWithCertificates((CFArrayRef)$array((id)_certificateRef), + policy, + &trust); + CFRelease(policy); + if (!check(err,@"SecTrustCreateWithCertificates")) + return nil; + + MYPublicKey *key = nil; + SecKeyRef keyRef = SecTrustCopyPublicKey(trust); + if (keyRef) { + key = [[[MYPublicKey alloc] initWithKeyRef: keyRef] autorelease]; + CFRelease(keyRef); + } + CFRelease(trust); + return key; +} + + +- (NSString*) commonName { + CFStringRef name = SecCertificateCopySubjectSummary(_certificateRef); + return name ?[(id)CFMakeCollectable(name) autorelease] :nil; +} + +- (NSArray*) emailAddresses { + return nil; //FIX UNIMPLEMENTED +} + + +@end + +#endif USE_IPHONE_API diff -r 000000000000 -r 0a6527af039b MYCertificate.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCertificate.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,56 @@ +// +// MYCertificate.h +// MYCrypto +// +// Created by Jens Alfke on 3/26/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeychainItem.h" + +#if !TARGET_OS_IPHONE +#import +#endif + +@class MYPublicKey; + + +/** An X.509 certificate. */ +@interface MYCertificate : MYKeychainItem { + SecCertificateRef _certificateRef; +} + +/** Creates a MYCertificate object for an existing Keychain certificate reference. */ +- (id) initWithCertificateRef: (SecCertificateRef)certificateRef; + +/** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */ +- (id) initWithCertificateData: (NSData*)data; + +#if !TARGET_OS_IPHONE +/** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */ +- (id) initWithCertificateData: (NSData*)data + type: (CSSM_CERT_TYPE) type + encoding: (CSSM_CERT_ENCODING) encoding; +#endif + +/** The Keychain object reference for this key. */ +@property (readonly) SecCertificateRef certificateRef; + +/** The certificate's data. */ +@property (readonly) NSData *certificateData; + +/** The certificate's public key. */ +@property (readonly) MYPublicKey *publicKey; + +@property (readonly) NSString *commonName; +@property (readonly) NSArray *emailAddresses; + +#if !TARGET_OS_IPHONE +/** Finds the current 'preferred' certificate for the given name string. */ ++ (MYCertificate*) preferredCertificateForName: (NSString*)name; + +/** Associates the receiver as the preferred certificate for the given name string. */ +- (BOOL) setPreferredCertificateForName: (NSString*)name; +#endif + +@end diff -r 000000000000 -r 0a6527af039b MYCertificate.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCertificate.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,104 @@ +// +// MYCertificate.m +// MYCrypto +// +// Created by Jens Alfke on 3/26/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYCertificate.h" +#import "MYCrypto_Private.h" + +#if !USE_IPHONE_API + + +@implementation MYCertificate + + +/** Creates a MYCertificate object for an existing Keychain certificate reference. */ +- (id) initWithCertificateRef: (SecCertificateRef)certificateRef { + self = [super initWithKeychainItemRef: (SecKeychainItemRef)certificateRef]; + if (self) { + _certificateRef = certificateRef; // superclass has already CFRetained it + } + return self; +} + +/** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */ +- (id) initWithCertificateData: (NSData*)data + type: (CSSM_CERT_TYPE) type + encoding: (CSSM_CERT_ENCODING) encoding +{ + Assert(data); + CSSM_DATA cssmData = {.Data=(void*)data.bytes, .Length=data.length}; + SecCertificateRef certificateRef = NULL; + if (!check(SecCertificateCreateFromData(&cssmData, type, encoding, &certificateRef), + @"SecCertificateCreateFromData")) { + [self release]; + return nil; + } + self = [self initWithCertificateRef: certificateRef]; + CFRelease(certificateRef); + return self; +} + +- (id) initWithCertificateData: (NSData*)data { + return [self initWithCertificateData: data + type: CSSM_CERT_X_509v3 + encoding: CSSM_CERT_ENCODING_BER]; +} + ++ (MYCertificate*) preferredCertificateForName: (NSString*)name { + SecCertificateRef certRef = NULL; + if (!check(SecCertificateCopyPreference((CFStringRef)name, 0, &certRef), + @"SecCertificateCopyPreference")) + return nil; + return [[[MYCertificate alloc] initWithCertificateRef: certRef] autorelease]; +} + +- (BOOL) setPreferredCertificateForName: (NSString*)name { + return check(SecCertificateSetPreference(_certificateRef, (CFStringRef)name, 0, NULL), + @"SecCertificateSetPreference"); +} + +@synthesize certificateRef=_certificateRef; + +- (NSData*) certificateData { + CSSM_DATA cssmData; + if (!check(SecCertificateGetData(_certificateRef, &cssmData), + @"SecCertificateGetData")) + return nil; + return [NSData dataWithBytes: cssmData.Data length: cssmData.Length]; +} + +- (MYPublicKey*) publicKey { + SecKeyRef keyRef = NULL; + if (!check(SecCertificateCopyPublicKey(_certificateRef, &keyRef), + @"SecCertificateCopyPublicKey") || !keyRef) + return nil; + MYPublicKey *key = [[[MYPublicKey alloc] initWithKeyRef: keyRef] autorelease]; + CFRelease(keyRef); + return key; +} + +- (NSString*) commonName { + CFStringRef name = NULL; + if (!check(SecCertificateCopyCommonName(_certificateRef, &name), + @"SecCertificateCopyCommonName") || !name) + return nil; + return [(id)CFMakeCollectable(name) autorelease]; +} + +- (NSArray*) emailAddresses { + CFArrayRef addrs = NULL; + if (!check(SecCertificateCopyEmailAddresses(_certificateRef, &addrs), + @"SecCertificateCopyEmailAddresses") || !addrs) + return nil; + return [(id)CFMakeCollectable(addrs) autorelease]; +} + + +@end + + +#endif !USE_IPHONE_API diff -r 000000000000 -r 0a6527af039b MYCrypto-iPhone.xcodeproj/project.pbxproj --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto-iPhone.xcodeproj/project.pbxproj Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,367 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 45; + objects = { + +/* Begin PBXBuildFile section */ + 1D3623260D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 1D3623250D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.m */; }; + 1D60589B0D05DD56006BFB54 /* MYCrypto_iPhone_main.m in Sources */ = {isa = PBXBuildFile; fileRef = 29B97316FDCFA39411CA2CEA /* MYCrypto_iPhone_main.m */; }; + 1D60589F0D05DD5A006BFB54 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1D30AB110D05D00D00671497 /* Foundation.framework */; }; + 1DF5F4E00D08C38300B7A737 /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1DF5F4DF0D08C38300B7A737 /* UIKit.framework */; }; + 273391A30F81E5E9009414D9 /* MYKeyPair-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 273391A20F81E5E9009414D9 /* MYKeyPair-iPhone.m */; }; + 273391A50F81E606009414D9 /* MYPublicKey-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 273391A40F81E606009414D9 /* MYPublicKey-iPhone.m */; }; + 273391CD0F81EC70009414D9 /* MYCertificate-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 273391CC0F81EC70009414D9 /* MYCertificate-iPhone.m */; }; + 273392120F8283B8009414D9 /* MYKeychain-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 273392110F8283B8009414D9 /* MYKeychain-iPhone.m */; }; + 276FB13F0F84090900CB326E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 276FB13E0F84090900CB326E /* Security.framework */; }; + 276FB16E0F84152B00CB326E /* MYCryptoTest.m in Sources */ = {isa = PBXBuildFile; fileRef = 276FB16D0F84152B00CB326E /* MYCryptoTest.m */; }; + 276FB3190F856AA700CB326E /* MYPublicKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 276FB3180F856AA700CB326E /* MYPublicKey.m */; }; + 276FB3390F856AC300CB326E /* MYKeyPair.m in Sources */ = {isa = PBXBuildFile; fileRef = 276FB3380F856AC300CB326E /* MYKeyPair.m */; }; + 276FB33B0F856ACB00CB326E /* MYKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 276FB33A0F856ACB00CB326E /* MYKeychain.m */; }; + 276FB34B0F856CA400CB326E /* MYCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = 276FB34A0F856CA400CB326E /* MYCertificate.m */; }; + 27A430120F87C6C10063D362 /* MYKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823110F81D56E0019BE60 /* MYKey.m */; }; + 27A430140F87C6D50063D362 /* MYSymmetricKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A430130F87C6D50063D362 /* MYSymmetricKey.m */; }; + 27E823210F81D56E0019BE60 /* MYCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E8230F0F81D56E0019BE60 /* MYCryptor.m */; }; + 27E823240F81D56E0019BE60 /* MYKeychainItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823150F81D56E0019BE60 /* MYKeychainItem.m */; }; + 27E823270F81D56E0019BE60 /* MYDigest.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E8231C0F81D56E0019BE60 /* MYDigest.m */; }; + 27E823290F81D56E0019BE60 /* MYCrypto.xcconfig in Resources */ = {isa = PBXBuildFile; fileRef = 27E8231E0F81D56E0019BE60 /* MYCrypto.xcconfig */; }; + 27E8232A0F81D56E0019BE60 /* MYCrypto_Debug.xcconfig in Resources */ = {isa = PBXBuildFile; fileRef = 27E8231F0F81D56E0019BE60 /* MYCrypto_Debug.xcconfig */; }; + 27E823370F81D5760019BE60 /* CollectionUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E8232D0F81D5760019BE60 /* CollectionUtils.m */; }; + 27E823380F81D5760019BE60 /* ExceptionUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E8232F0F81D5760019BE60 /* ExceptionUtils.m */; }; + 27E823390F81D5760019BE60 /* Logging.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823310F81D5760019BE60 /* Logging.m */; }; + 27E8233A0F81D5760019BE60 /* Test.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823330F81D5760019BE60 /* Test.m */; }; + 27E8233B0F81D5760019BE60 /* MYErrorUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823350F81D5760019BE60 /* MYErrorUtils.m */; }; + 27E8233C0F81D5760019BE60 /* MYError_CSSMErrorDomain.strings in Resources */ = {isa = PBXBuildFile; fileRef = 27E823360F81D5760019BE60 /* MYError_CSSMErrorDomain.strings */; }; + 27FE453F0F87CC8500A86D63 /* MYKey-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 27FE453E0F87CC8500A86D63 /* MYKey-iPhone.m */; }; + 288765FD0DF74451002DB57D /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 288765FC0DF74451002DB57D /* CoreGraphics.framework */; }; + 28AD733F0D9D9553002E5188 /* MainWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 28AD733E0D9D9553002E5188 /* MainWindow.xib */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + 1D30AB110D05D00D00671497 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; + 1D3623240D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCrypto_iPhoneAppDelegate.h; sourceTree = ""; }; + 1D3623250D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCrypto_iPhoneAppDelegate.m; sourceTree = ""; }; + 1D6058910D05DD3D006BFB54 /* MYCrypto-iPhone.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "MYCrypto-iPhone.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + 1DF5F4DF0D08C38300B7A737 /* UIKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = UIKit.framework; path = System/Library/Frameworks/UIKit.framework; sourceTree = SDKROOT; }; + 273391A20F81E5E9009414D9 /* MYKeyPair-iPhone.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYKeyPair-iPhone.m"; sourceTree = ""; }; + 273391A40F81E606009414D9 /* MYPublicKey-iPhone.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYPublicKey-iPhone.m"; sourceTree = ""; }; + 273391CC0F81EC70009414D9 /* MYCertificate-iPhone.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYCertificate-iPhone.m"; sourceTree = ""; }; + 273392110F8283B8009414D9 /* MYKeychain-iPhone.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYKeychain-iPhone.m"; sourceTree = ""; }; + 276FB13E0F84090900CB326E /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; + 276FB16D0F84152B00CB326E /* MYCryptoTest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCryptoTest.m; sourceTree = ""; }; + 276FB3180F856AA700CB326E /* MYPublicKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYPublicKey.m; sourceTree = ""; }; + 276FB3380F856AC300CB326E /* MYKeyPair.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKeyPair.m; sourceTree = ""; }; + 276FB33A0F856ACB00CB326E /* MYKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKeychain.m; sourceTree = ""; }; + 276FB34A0F856CA400CB326E /* MYCertificate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCertificate.m; sourceTree = ""; }; + 27A430130F87C6D50063D362 /* MYSymmetricKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYSymmetricKey.m; sourceTree = ""; }; + 27A430150F87C6DB0063D362 /* MYSymmetricKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYSymmetricKey.h; sourceTree = ""; }; + 27E8230C0F81D56E0019BE60 /* MYCertificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCertificate.h; sourceTree = ""; }; + 27E8230E0F81D56E0019BE60 /* MYCryptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCryptor.h; sourceTree = ""; }; + 27E8230F0F81D56E0019BE60 /* MYCryptor.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCryptor.m; sourceTree = ""; }; + 27E823100F81D56E0019BE60 /* MYKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKey.h; sourceTree = ""; }; + 27E823110F81D56E0019BE60 /* MYKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKey.m; sourceTree = ""; }; + 27E823120F81D56E0019BE60 /* MYKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKeychain.h; sourceTree = ""; }; + 27E823140F81D56E0019BE60 /* MYKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKeychainItem.h; sourceTree = ""; }; + 27E823150F81D56E0019BE60 /* MYKeychainItem.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKeychainItem.m; sourceTree = ""; }; + 27E823160F81D56E0019BE60 /* MYKeyPair.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKeyPair.h; sourceTree = ""; }; + 27E823180F81D56E0019BE60 /* MYPublicKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYPublicKey.h; sourceTree = ""; }; + 27E8231A0F81D56E0019BE60 /* MYCrypto_Private.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCrypto_Private.h; sourceTree = ""; }; + 27E8231B0F81D56E0019BE60 /* MYDigest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYDigest.h; sourceTree = ""; }; + 27E8231C0F81D56E0019BE60 /* MYDigest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYDigest.m; sourceTree = ""; }; + 27E8231E0F81D56E0019BE60 /* MYCrypto.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = MYCrypto.xcconfig; sourceTree = ""; }; + 27E8231F0F81D56E0019BE60 /* MYCrypto_Debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = MYCrypto_Debug.xcconfig; sourceTree = ""; }; + 27E8232C0F81D5760019BE60 /* CollectionUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CollectionUtils.h; path = ../MYUtilities/CollectionUtils.h; sourceTree = SOURCE_ROOT; }; + 27E8232D0F81D5760019BE60 /* CollectionUtils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CollectionUtils.m; path = ../MYUtilities/CollectionUtils.m; sourceTree = SOURCE_ROOT; }; + 27E8232E0F81D5760019BE60 /* ExceptionUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ExceptionUtils.h; path = ../MYUtilities/ExceptionUtils.h; sourceTree = SOURCE_ROOT; }; + 27E8232F0F81D5760019BE60 /* ExceptionUtils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ExceptionUtils.m; path = ../MYUtilities/ExceptionUtils.m; sourceTree = SOURCE_ROOT; }; + 27E823300F81D5760019BE60 /* Logging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Logging.h; path = ../MYUtilities/Logging.h; sourceTree = SOURCE_ROOT; }; + 27E823310F81D5760019BE60 /* Logging.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Logging.m; path = ../MYUtilities/Logging.m; sourceTree = SOURCE_ROOT; }; + 27E823320F81D5760019BE60 /* Test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Test.h; path = ../MYUtilities/Test.h; sourceTree = SOURCE_ROOT; }; + 27E823330F81D5760019BE60 /* Test.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Test.m; path = ../MYUtilities/Test.m; sourceTree = SOURCE_ROOT; }; + 27E823340F81D5760019BE60 /* MYErrorUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = MYErrorUtils.h; path = ../MYUtilities/MYErrorUtils.h; sourceTree = SOURCE_ROOT; }; + 27E823350F81D5760019BE60 /* MYErrorUtils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = MYErrorUtils.m; path = ../MYUtilities/MYErrorUtils.m; sourceTree = SOURCE_ROOT; }; + 27E823360F81D5760019BE60 /* MYError_CSSMErrorDomain.strings */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.strings; name = MYError_CSSMErrorDomain.strings; path = ../MYUtilities/MYError_CSSMErrorDomain.strings; sourceTree = SOURCE_ROOT; }; + 27FE453E0F87CC8500A86D63 /* MYKey-iPhone.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYKey-iPhone.m"; sourceTree = ""; }; + 288765FC0DF74451002DB57D /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; }; + 28AD733E0D9D9553002E5188 /* MainWindow.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = MainWindow.xib; sourceTree = ""; }; + 29B97316FDCFA39411CA2CEA /* MYCrypto_iPhone_main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCrypto_iPhone_main.m; sourceTree = ""; }; + 8D1107310486CEB800E47090 /* MYCrypto_iPhone-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "MYCrypto_iPhone-Info.plist"; plistStructureDefinitionIdentifier = "com.apple.xcode.plist.structure-definition.iphone.info-plist"; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 1D60588F0D05DD3D006BFB54 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 1D60589F0D05DD5A006BFB54 /* Foundation.framework in Frameworks */, + 1DF5F4E00D08C38300B7A737 /* UIKit.framework in Frameworks */, + 288765FD0DF74451002DB57D /* CoreGraphics.framework in Frameworks */, + 276FB13F0F84090900CB326E /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 080E96DDFE201D6D7F000001 /* iPhone */ = { + isa = PBXGroup; + children = ( + 1D3623240D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.h */, + 1D3623250D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.m */, + 29B97316FDCFA39411CA2CEA /* MYCrypto_iPhone_main.m */, + 28AD733E0D9D9553002E5188 /* MainWindow.xib */, + 8D1107310486CEB800E47090 /* MYCrypto_iPhone-Info.plist */, + ); + path = iPhone; + sourceTree = ""; + }; + 19C28FACFE9D520D11CA2CBB /* Products */ = { + isa = PBXGroup; + children = ( + 1D6058910D05DD3D006BFB54 /* MYCrypto-iPhone.app */, + ); + name = Products; + sourceTree = ""; + }; + 27E8230B0F81D56E0019BE60 /* Source */ = { + isa = PBXGroup; + children = ( + 27E8230C0F81D56E0019BE60 /* MYCertificate.h */, + 276FB34A0F856CA400CB326E /* MYCertificate.m */, + 273391CC0F81EC70009414D9 /* MYCertificate-iPhone.m */, + 27E8230E0F81D56E0019BE60 /* MYCryptor.h */, + 27E8230F0F81D56E0019BE60 /* MYCryptor.m */, + 27E823100F81D56E0019BE60 /* MYKey.h */, + 27E823110F81D56E0019BE60 /* MYKey.m */, + 27FE453E0F87CC8500A86D63 /* MYKey-iPhone.m */, + 27E823120F81D56E0019BE60 /* MYKeychain.h */, + 276FB33A0F856ACB00CB326E /* MYKeychain.m */, + 273392110F8283B8009414D9 /* MYKeychain-iPhone.m */, + 27E823140F81D56E0019BE60 /* MYKeychainItem.h */, + 27E823150F81D56E0019BE60 /* MYKeychainItem.m */, + 27E823160F81D56E0019BE60 /* MYKeyPair.h */, + 276FB3380F856AC300CB326E /* MYKeyPair.m */, + 273391A20F81E5E9009414D9 /* MYKeyPair-iPhone.m */, + 27E823180F81D56E0019BE60 /* MYPublicKey.h */, + 276FB3180F856AA700CB326E /* MYPublicKey.m */, + 273391A40F81E606009414D9 /* MYPublicKey-iPhone.m */, + 27A430150F87C6DB0063D362 /* MYSymmetricKey.h */, + 27A430130F87C6D50063D362 /* MYSymmetricKey.m */, + 27E8231B0F81D56E0019BE60 /* MYDigest.h */, + 27E8231C0F81D56E0019BE60 /* MYDigest.m */, + 27E8231A0F81D56E0019BE60 /* MYCrypto_Private.h */, + 276FB16D0F84152B00CB326E /* MYCryptoTest.m */, + 27E8231E0F81D56E0019BE60 /* MYCrypto.xcconfig */, + 27E8231F0F81D56E0019BE60 /* MYCrypto_Debug.xcconfig */, + ); + name = Source; + sourceTree = ""; + }; + 27E8232B0F81D5760019BE60 /* MYUtilities */ = { + isa = PBXGroup; + children = ( + 27E8232C0F81D5760019BE60 /* CollectionUtils.h */, + 27E8232D0F81D5760019BE60 /* CollectionUtils.m */, + 27E8232E0F81D5760019BE60 /* ExceptionUtils.h */, + 27E8232F0F81D5760019BE60 /* ExceptionUtils.m */, + 27E823300F81D5760019BE60 /* Logging.h */, + 27E823310F81D5760019BE60 /* Logging.m */, + 27E823320F81D5760019BE60 /* Test.h */, + 27E823330F81D5760019BE60 /* Test.m */, + 27E823340F81D5760019BE60 /* MYErrorUtils.h */, + 27E823350F81D5760019BE60 /* MYErrorUtils.m */, + 27E823360F81D5760019BE60 /* MYError_CSSMErrorDomain.strings */, + ); + name = MYUtilities; + sourceTree = ""; + }; + 29B97314FDCFA39411CA2CEA /* CustomTemplate */ = { + isa = PBXGroup; + children = ( + 27E8230B0F81D56E0019BE60 /* Source */, + 27E8232B0F81D5760019BE60 /* MYUtilities */, + 080E96DDFE201D6D7F000001 /* iPhone */, + 29B97323FDCFA39411CA2CEA /* Frameworks */, + 19C28FACFE9D520D11CA2CBB /* Products */, + 276FB13E0F84090900CB326E /* Security.framework */, + ); + name = CustomTemplate; + sourceTree = ""; + }; + 29B97323FDCFA39411CA2CEA /* Frameworks */ = { + isa = PBXGroup; + children = ( + 1DF5F4DF0D08C38300B7A737 /* UIKit.framework */, + 1D30AB110D05D00D00671497 /* Foundation.framework */, + 288765FC0DF74451002DB57D /* CoreGraphics.framework */, + ); + name = Frameworks; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 1D6058900D05DD3D006BFB54 /* MYCrypto-iPhone */ = { + isa = PBXNativeTarget; + buildConfigurationList = 1D6058960D05DD3E006BFB54 /* Build configuration list for PBXNativeTarget "MYCrypto-iPhone" */; + buildPhases = ( + 1D60588D0D05DD3D006BFB54 /* Resources */, + 1D60588E0D05DD3D006BFB54 /* Sources */, + 1D60588F0D05DD3D006BFB54 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "MYCrypto-iPhone"; + productName = "MYCrypto-iPhone"; + productReference = 1D6058910D05DD3D006BFB54 /* MYCrypto-iPhone.app */; + productType = "com.apple.product-type.application"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 29B97313FDCFA39411CA2CEA /* Project object */ = { + isa = PBXProject; + buildConfigurationList = C01FCF4E08A954540054247B /* Build configuration list for PBXProject "MYCrypto-iPhone" */; + compatibilityVersion = "Xcode 3.1"; + hasScannedForEncodings = 1; + mainGroup = 29B97314FDCFA39411CA2CEA /* CustomTemplate */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 1D6058900D05DD3D006BFB54 /* MYCrypto-iPhone */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 1D60588D0D05DD3D006BFB54 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 28AD733F0D9D9553002E5188 /* MainWindow.xib in Resources */, + 27E823290F81D56E0019BE60 /* MYCrypto.xcconfig in Resources */, + 27E8232A0F81D56E0019BE60 /* MYCrypto_Debug.xcconfig in Resources */, + 27E8233C0F81D5760019BE60 /* MYError_CSSMErrorDomain.strings in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 1D60588E0D05DD3D006BFB54 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 1D60589B0D05DD56006BFB54 /* MYCrypto_iPhone_main.m in Sources */, + 1D3623260D0F684500981E51 /* MYCrypto_iPhoneAppDelegate.m in Sources */, + 27E823210F81D56E0019BE60 /* MYCryptor.m in Sources */, + 27E823240F81D56E0019BE60 /* MYKeychainItem.m in Sources */, + 27E823270F81D56E0019BE60 /* MYDigest.m in Sources */, + 27E823370F81D5760019BE60 /* CollectionUtils.m in Sources */, + 27E823380F81D5760019BE60 /* ExceptionUtils.m in Sources */, + 27E823390F81D5760019BE60 /* Logging.m in Sources */, + 27E8233A0F81D5760019BE60 /* Test.m in Sources */, + 27E8233B0F81D5760019BE60 /* MYErrorUtils.m in Sources */, + 273391A30F81E5E9009414D9 /* MYKeyPair-iPhone.m in Sources */, + 273391A50F81E606009414D9 /* MYPublicKey-iPhone.m in Sources */, + 273391CD0F81EC70009414D9 /* MYCertificate-iPhone.m in Sources */, + 273392120F8283B8009414D9 /* MYKeychain-iPhone.m in Sources */, + 276FB16E0F84152B00CB326E /* MYCryptoTest.m in Sources */, + 276FB3190F856AA700CB326E /* MYPublicKey.m in Sources */, + 276FB3390F856AC300CB326E /* MYKeyPair.m in Sources */, + 276FB33B0F856ACB00CB326E /* MYKeychain.m in Sources */, + 276FB34B0F856CA400CB326E /* MYCertificate.m in Sources */, + 27A430120F87C6C10063D362 /* MYKey.m in Sources */, + 27A430140F87C6D50063D362 /* MYSymmetricKey.m in Sources */, + 27FE453F0F87CC8500A86D63 /* MYKey-iPhone.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 1D6058940D05DD3E006BFB54 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 27E8231F0F81D56E0019BE60 /* MYCrypto_Debug.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + COPY_PHASE_STRIP = NO; + GCC_DYNAMIC_NO_PIC = NO; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = ../MYUtilities/MYUtilities_Prefix.pch; + INFOPLIST_FILE = "iPhone/MYCrypto_iPhone-Info.plist"; + PRODUCT_NAME = "MYCrypto-iPhone"; + }; + name = Debug; + }; + 1D6058950D05DD3E006BFB54 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 27E8231E0F81D56E0019BE60 /* MYCrypto.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + COPY_PHASE_STRIP = YES; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = MYCrypto_iPhone_Prefix.pch; + INFOPLIST_FILE = "MYCrypto_iPhone-Info.plist"; + PRODUCT_NAME = "MYCrypto-iPhone"; + }; + name = Release; + }; + C01FCF4F08A954540054247B /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ARCHS = "$(ARCHS_STANDARD_32_BIT)"; + "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer: Jens Alfke"; + GCC_C_LANGUAGE_STANDARD = c99; + GCC_WARN_ABOUT_RETURN_TYPE = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + ONLY_ACTIVE_ARCH = YES; + PREBINDING = NO; + "PROVISIONING_PROFILE[sdk=iphoneos*]" = "84D61190-B2EB-4F8E-A189-99F18EE9A07E"; + SDKROOT = iphoneos3.0; + }; + name = Debug; + }; + C01FCF5008A954540054247B /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ARCHS = "$(ARCHS_STANDARD_32_BIT)"; + "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; + GCC_C_LANGUAGE_STANDARD = c99; + GCC_WARN_ABOUT_RETURN_TYPE = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + PREBINDING = NO; + SDKROOT = iphoneos3.0; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 1D6058960D05DD3E006BFB54 /* Build configuration list for PBXNativeTarget "MYCrypto-iPhone" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 1D6058940D05DD3E006BFB54 /* Debug */, + 1D6058950D05DD3E006BFB54 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + C01FCF4E08A954540054247B /* Build configuration list for PBXProject "MYCrypto-iPhone" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C01FCF4F08A954540054247B /* Debug */, + C01FCF5008A954540054247B /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 29B97313FDCFA39411CA2CEA /* Project object */; +} diff -r 000000000000 -r 0a6527af039b MYCrypto.xcconfig --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto.xcconfig Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,11 @@ +// +// MYCrypto.xcconfig +// MYCrypto +// +// Created by Jens Alfke on 3/28/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#include "../MYUtilities/MYUtilities.xcconfig" + +GCC_PREFIX_HEADER = ../MYUtilities/MYUtilities_Prefix.pch diff -r 000000000000 -r 0a6527af039b MYCrypto.xcodeproj/TemplateIcon.icns Binary file MYCrypto.xcodeproj/TemplateIcon.icns has changed diff -r 000000000000 -r 0a6527af039b MYCrypto.xcodeproj/project.pbxproj --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto.xcodeproj/project.pbxproj Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,307 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 45; + objects = { + +/* Begin PBXBuildFile section */ + 27A42CBF0F8578B40063D362 /* MYCryptoTest.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42CBE0F8578B40063D362 /* MYCryptoTest.m */; }; + 27A42D1E0F8586CE0063D362 /* MYKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E822A10F81C5660019BE60 /* MYKey.m */; }; + 27A42D420F858ED80063D362 /* MYSymmetricKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42D410F858ED80063D362 /* MYSymmetricKey.m */; }; + 27CFF4C10F7E8535000B418E /* MYCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B20F7E8535000B418E /* MYCertificate.m */; }; + 27CFF4C20F7E8535000B418E /* MYCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B40F7E8535000B418E /* MYCryptor.m */; }; + 27CFF4C30F7E8535000B418E /* MYKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B60F7E8535000B418E /* MYKeychain.m */; }; + 27CFF4C40F7E8535000B418E /* MYKeychainItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B80F7E8535000B418E /* MYKeychainItem.m */; }; + 27CFF4C60F7E8535000B418E /* MYKeyPair.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4BB0F7E8535000B418E /* MYKeyPair.m */; }; + 27CFF4C70F7E8535000B418E /* MYPublicKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4BD0F7E8535000B418E /* MYPublicKey.m */; }; + 27CFF4C80F7E8535000B418E /* MYDigest.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4C00F7E8535000B418E /* MYDigest.m */; }; + 27CFF4D50F7E8726000B418E /* CollectionUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4CE0F7E8726000B418E /* CollectionUtils.m */; }; + 27CFF4D60F7E8726000B418E /* ExceptionUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4D00F7E8726000B418E /* ExceptionUtils.m */; }; + 27CFF4D70F7E8726000B418E /* Logging.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4D20F7E8726000B418E /* Logging.m */; }; + 27CFF4D80F7E8726000B418E /* Test.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4D40F7E8726000B418E /* Test.m */; }; + 27CFF51F0F7E94AE000B418E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 27CFF51E0F7E94AE000B418E /* Security.framework */; }; + 27CFF5220F7E94DF000B418E /* MYCrypto_main.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF5210F7E94DF000B418E /* MYCrypto_main.m */; }; + 27CFF5760F7E999B000B418E /* MYErrorUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF5750F7E999B000B418E /* MYErrorUtils.m */; }; + 27E820720F7EA6260019BE60 /* CoreServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 27E820710F7EA6260019BE60 /* CoreServices.framework */; }; + 8DD76F9C0486AA7600D96B5E /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 08FB779EFE84155DC02AAC07 /* Foundation.framework */; }; +/* End PBXBuildFile section */ + +/* Begin PBXCopyFilesBuildPhase section */ + 8DD76F9E0486AA7600D96B5E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; +/* End PBXCopyFilesBuildPhase section */ + +/* Begin PBXFileReference section */ + 08FB779EFE84155DC02AAC07 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = /System/Library/Frameworks/Foundation.framework; sourceTree = ""; }; + 27A42CBE0F8578B40063D362 /* MYCryptoTest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCryptoTest.m; sourceTree = ""; }; + 27A42D400F858ED80063D362 /* MYSymmetricKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYSymmetricKey.h; sourceTree = ""; }; + 27A42D410F858ED80063D362 /* MYSymmetricKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYSymmetricKey.m; sourceTree = ""; }; + 27A42ECC0F8689D30063D362 /* MYCertGen.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCertGen.h; sourceTree = ""; }; + 27A42ECD0F8689D30063D362 /* MYCertGen.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCertGen.m; sourceTree = ""; }; + 27CFF4B10F7E8535000B418E /* MYCertificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCertificate.h; sourceTree = ""; }; + 27CFF4B20F7E8535000B418E /* MYCertificate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCertificate.m; sourceTree = ""; }; + 27CFF4B30F7E8535000B418E /* MYCryptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCryptor.h; sourceTree = ""; }; + 27CFF4B40F7E8535000B418E /* MYCryptor.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCryptor.m; sourceTree = ""; }; + 27CFF4B50F7E8535000B418E /* MYKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKeychain.h; sourceTree = ""; }; + 27CFF4B60F7E8535000B418E /* MYKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKeychain.m; sourceTree = ""; }; + 27CFF4B70F7E8535000B418E /* MYKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKeychainItem.h; sourceTree = ""; }; + 27CFF4B80F7E8535000B418E /* MYKeychainItem.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKeychainItem.m; sourceTree = ""; }; + 27CFF4BA0F7E8535000B418E /* MYKeyPair.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKeyPair.h; sourceTree = ""; }; + 27CFF4BB0F7E8535000B418E /* MYKeyPair.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKeyPair.m; sourceTree = ""; }; + 27CFF4BC0F7E8535000B418E /* MYPublicKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYPublicKey.h; sourceTree = ""; }; + 27CFF4BD0F7E8535000B418E /* MYPublicKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYPublicKey.m; sourceTree = ""; }; + 27CFF4BE0F7E8535000B418E /* MYCrypto_Private.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCrypto_Private.h; sourceTree = ""; }; + 27CFF4BF0F7E8535000B418E /* MYDigest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYDigest.h; sourceTree = ""; }; + 27CFF4C00F7E8535000B418E /* MYDigest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYDigest.m; sourceTree = ""; }; + 27CFF4CD0F7E8726000B418E /* CollectionUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CollectionUtils.h; path = ../MYUtilities/CollectionUtils.h; sourceTree = SOURCE_ROOT; }; + 27CFF4CE0F7E8726000B418E /* CollectionUtils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CollectionUtils.m; path = ../MYUtilities/CollectionUtils.m; sourceTree = SOURCE_ROOT; }; + 27CFF4CF0F7E8726000B418E /* ExceptionUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ExceptionUtils.h; path = ../MYUtilities/ExceptionUtils.h; sourceTree = SOURCE_ROOT; }; + 27CFF4D00F7E8726000B418E /* ExceptionUtils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ExceptionUtils.m; path = ../MYUtilities/ExceptionUtils.m; sourceTree = SOURCE_ROOT; }; + 27CFF4D10F7E8726000B418E /* Logging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Logging.h; path = ../MYUtilities/Logging.h; sourceTree = SOURCE_ROOT; }; + 27CFF4D20F7E8726000B418E /* Logging.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Logging.m; path = ../MYUtilities/Logging.m; sourceTree = SOURCE_ROOT; }; + 27CFF4D30F7E8726000B418E /* Test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Test.h; path = ../MYUtilities/Test.h; sourceTree = SOURCE_ROOT; }; + 27CFF4D40F7E8726000B418E /* Test.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Test.m; path = ../MYUtilities/Test.m; sourceTree = SOURCE_ROOT; }; + 27CFF5120F7E9212000B418E /* MYCrypto.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = MYCrypto.xcconfig; sourceTree = ""; }; + 27CFF51E0F7E94AE000B418E /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; + 27CFF5210F7E94DF000B418E /* MYCrypto_main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCrypto_main.m; sourceTree = ""; }; + 27CFF5400F7E9653000B418E /* MYCrypto_Debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = MYCrypto_Debug.xcconfig; sourceTree = ""; }; + 27CFF5740F7E999B000B418E /* MYErrorUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYErrorUtils.h; sourceTree = ""; }; + 27CFF5750F7E999B000B418E /* MYErrorUtils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYErrorUtils.m; sourceTree = ""; }; + 27CFF57C0F7EA117000B418E /* MYError_CSSMErrorDomain.strings */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.strings; path = MYError_CSSMErrorDomain.strings; sourceTree = ""; }; + 27E820710F7EA6260019BE60 /* CoreServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreServices.framework; path = System/Library/Frameworks/CoreServices.framework; sourceTree = SDKROOT; }; + 27E822A00F81C5660019BE60 /* MYKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKey.h; sourceTree = ""; }; + 27E822A10F81C5660019BE60 /* MYKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKey.m; sourceTree = ""; }; + 8DD76FA10486AA7600D96B5E /* MYCrypto */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = MYCrypto; sourceTree = BUILT_PRODUCTS_DIR; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 8DD76F9B0486AA7600D96B5E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 8DD76F9C0486AA7600D96B5E /* Foundation.framework in Frameworks */, + 27CFF51F0F7E94AE000B418E /* Security.framework in Frameworks */, + 27E820720F7EA6260019BE60 /* CoreServices.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 08FB7794FE84155DC02AAC07 /* MYCrypto */ = { + isa = PBXGroup; + children = ( + 08FB7795FE84155DC02AAC07 /* Source */, + 27CFF4CC0F7E86E8000B418E /* MYUtilities */, + C6859EA2029092E104C91782 /* Documentation */, + 08FB779DFE84155DC02AAC07 /* External Frameworks and Libraries */, + 1AB674ADFE9D54B511CA2CBB /* Products */, + 27CFF51E0F7E94AE000B418E /* Security.framework */, + 27E820710F7EA6260019BE60 /* CoreServices.framework */, + ); + name = MYCrypto; + sourceTree = ""; + }; + 08FB7795FE84155DC02AAC07 /* Source */ = { + isa = PBXGroup; + children = ( + 27CFF4B10F7E8535000B418E /* MYCertificate.h */, + 27CFF4B20F7E8535000B418E /* MYCertificate.m */, + 27CFF4B30F7E8535000B418E /* MYCryptor.h */, + 27CFF4B40F7E8535000B418E /* MYCryptor.m */, + 27E822A00F81C5660019BE60 /* MYKey.h */, + 27E822A10F81C5660019BE60 /* MYKey.m */, + 27CFF4B50F7E8535000B418E /* MYKeychain.h */, + 27CFF4B60F7E8535000B418E /* MYKeychain.m */, + 27CFF4B70F7E8535000B418E /* MYKeychainItem.h */, + 27CFF4B80F7E8535000B418E /* MYKeychainItem.m */, + 27CFF4BA0F7E8535000B418E /* MYKeyPair.h */, + 27CFF4BB0F7E8535000B418E /* MYKeyPair.m */, + 27CFF4BC0F7E8535000B418E /* MYPublicKey.h */, + 27CFF4BD0F7E8535000B418E /* MYPublicKey.m */, + 27A42D400F858ED80063D362 /* MYSymmetricKey.h */, + 27A42D410F858ED80063D362 /* MYSymmetricKey.m */, + 27CFF4BF0F7E8535000B418E /* MYDigest.h */, + 27CFF4C00F7E8535000B418E /* MYDigest.m */, + 27CFF4BE0F7E8535000B418E /* MYCrypto_Private.h */, + 27A42CBE0F8578B40063D362 /* MYCryptoTest.m */, + 27CFF5210F7E94DF000B418E /* MYCrypto_main.m */, + 27A42ECC0F8689D30063D362 /* MYCertGen.h */, + 27A42ECD0F8689D30063D362 /* MYCertGen.m */, + 27CFF5120F7E9212000B418E /* MYCrypto.xcconfig */, + 27CFF5400F7E9653000B418E /* MYCrypto_Debug.xcconfig */, + ); + name = Source; + sourceTree = ""; + }; + 08FB779DFE84155DC02AAC07 /* External Frameworks and Libraries */ = { + isa = PBXGroup; + children = ( + 08FB779EFE84155DC02AAC07 /* Foundation.framework */, + ); + name = "External Frameworks and Libraries"; + sourceTree = ""; + }; + 1AB674ADFE9D54B511CA2CBB /* Products */ = { + isa = PBXGroup; + children = ( + 8DD76FA10486AA7600D96B5E /* MYCrypto */, + ); + name = Products; + sourceTree = ""; + }; + 27CFF4CC0F7E86E8000B418E /* MYUtilities */ = { + isa = PBXGroup; + children = ( + 27CFF4CD0F7E8726000B418E /* CollectionUtils.h */, + 27CFF4CE0F7E8726000B418E /* CollectionUtils.m */, + 27CFF4CF0F7E8726000B418E /* ExceptionUtils.h */, + 27CFF4D00F7E8726000B418E /* ExceptionUtils.m */, + 27CFF4D10F7E8726000B418E /* Logging.h */, + 27CFF4D20F7E8726000B418E /* Logging.m */, + 27CFF4D30F7E8726000B418E /* Test.h */, + 27CFF4D40F7E8726000B418E /* Test.m */, + 27CFF5740F7E999B000B418E /* MYErrorUtils.h */, + 27CFF5750F7E999B000B418E /* MYErrorUtils.m */, + 27CFF57C0F7EA117000B418E /* MYError_CSSMErrorDomain.strings */, + ); + name = MYUtilities; + sourceTree = MYUtilities; + }; + C6859EA2029092E104C91782 /* Documentation */ = { + isa = PBXGroup; + children = ( + ); + name = Documentation; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 8DD76F960486AA7600D96B5E /* MYCrypto */ = { + isa = PBXNativeTarget; + buildConfigurationList = 1DEB927408733DD40010E9CD /* Build configuration list for PBXNativeTarget "MYCrypto" */; + buildPhases = ( + 8DD76F990486AA7600D96B5E /* Sources */, + 8DD76F9B0486AA7600D96B5E /* Frameworks */, + 8DD76F9E0486AA7600D96B5E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = MYCrypto; + productInstallPath = "$(HOME)/bin"; + productName = MYCrypto; + productReference = 8DD76FA10486AA7600D96B5E /* MYCrypto */; + productType = "com.apple.product-type.tool"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 08FB7793FE84155DC02AAC07 /* Project object */ = { + isa = PBXProject; + buildConfigurationList = 1DEB927808733DD40010E9CD /* Build configuration list for PBXProject "MYCrypto" */; + compatibilityVersion = "Xcode 3.1"; + hasScannedForEncodings = 1; + mainGroup = 08FB7794FE84155DC02AAC07 /* MYCrypto */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 8DD76F960486AA7600D96B5E /* MYCrypto */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXSourcesBuildPhase section */ + 8DD76F990486AA7600D96B5E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 27CFF4C10F7E8535000B418E /* MYCertificate.m in Sources */, + 27CFF4C20F7E8535000B418E /* MYCryptor.m in Sources */, + 27CFF4C30F7E8535000B418E /* MYKeychain.m in Sources */, + 27CFF4C40F7E8535000B418E /* MYKeychainItem.m in Sources */, + 27CFF4C60F7E8535000B418E /* MYKeyPair.m in Sources */, + 27CFF4C70F7E8535000B418E /* MYPublicKey.m in Sources */, + 27CFF4C80F7E8535000B418E /* MYDigest.m in Sources */, + 27CFF4D50F7E8726000B418E /* CollectionUtils.m in Sources */, + 27CFF4D60F7E8726000B418E /* ExceptionUtils.m in Sources */, + 27CFF4D70F7E8726000B418E /* Logging.m in Sources */, + 27CFF4D80F7E8726000B418E /* Test.m in Sources */, + 27CFF5220F7E94DF000B418E /* MYCrypto_main.m in Sources */, + 27CFF5760F7E999B000B418E /* MYErrorUtils.m in Sources */, + 27A42CBF0F8578B40063D362 /* MYCryptoTest.m in Sources */, + 27A42D1E0F8586CE0063D362 /* MYKey.m in Sources */, + 27A42D420F858ED80063D362 /* MYSymmetricKey.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 1DEB927508733DD40010E9CD /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + COPY_PHASE_STRIP = NO; + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = MYCrypto; + }; + name = Debug; + }; + 1DEB927608733DD40010E9CD /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = MYCrypto; + }; + name = Release; + }; + 1DEB927908733DD40010E9CD /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 27CFF5400F7E9653000B418E /* MYCrypto_Debug.xcconfig */; + buildSettings = { + }; + name = Debug; + }; + 1DEB927A08733DD40010E9CD /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 27CFF5120F7E9212000B418E /* MYCrypto.xcconfig */; + buildSettings = { + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 1DEB927408733DD40010E9CD /* Build configuration list for PBXNativeTarget "MYCrypto" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 1DEB927508733DD40010E9CD /* Debug */, + 1DEB927608733DD40010E9CD /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 1DEB927808733DD40010E9CD /* Build configuration list for PBXProject "MYCrypto" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 1DEB927908733DD40010E9CD /* Debug */, + 1DEB927A08733DD40010E9CD /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 08FB7793FE84155DC02AAC07 /* Project object */; +} diff -r 000000000000 -r 0a6527af039b MYCryptoTest.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCryptoTest.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,295 @@ +// +// MYCryptoTest.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 4/1/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeyPair.h" +#import "MYKeychain.h" +#import "MYDigest.h" +#import "MYCrypto_Private.h" + + +#if DEBUG + +#pragma mark - +#pragma mark KEYCHAIN: + + +TestCase(MYKeychain) { + MYKeychain *kc = [MYKeychain defaultKeychain]; + Log(@"Default keychain = %@", kc); + CAssert(kc); +#if !USE_IPHONE_API + CAssert(kc.path); +#endif + + kc = [MYKeychain allKeychains]; + Log(@"All-keychains = %@", kc); + CAssert(kc); + CAssertEq(kc.path,nil); +} + + +TestCase(EnumerateKeys) { + RequireTestCase(MYKeychain); + NSEnumerator *e = [[MYKeychain allKeychains] enumeratePublicKeys]; + Log(@"Public Key Enumerator = %@", e); + CAssert(e); + for (MYPublicKey *key in e) { + Log(@"Found %@ -- name=%@", key, key.name); + } + + e = [[MYKeychain allKeychains] enumerateKeyPairs]; + Log(@"Key-Pair Enumerator = %@", e); + CAssert(e); + for (MYKeyPair *key in e) { + Log(@"Found %@ -- name=%@", key, key.name); + } + + e = [[MYKeychain allKeychains] enumerateSymmetricKeys]; + Log(@"Symmetric Key Enumerator = %@", e); + CAssert(e); + for (MYSymmetricKey *key in e) { + Log(@"Found %@ -- name=%@", key, key.name); + } +} + + +TestCase(EnumerateCerts) { + RequireTestCase(MYKeychain); + NSEnumerator *e = [[MYKeychain allKeychains] enumerateCertificates]; + Log(@"Enumerator = %@", e); + CAssert(e); + for (MYCertificate *cert in e) { + //Log(@"Found %@ -- name=%@, email=%@", cert, cert.commonName, cert.emailAddresses); + } +} + + +#pragma mark - +#pragma mark SYMMETRIC KEYS: + + +TestCase(MYSymmetricKey) { + #define kNTests 11 + static const CCAlgorithm kTestAlgorithms[kNTests] = { + kCCAlgorithmAES128, kCCAlgorithmAES128, kCCAlgorithmAES128, + kCCAlgorithmDES, kCCAlgorithm3DES, + kCCAlgorithmCAST, kCCAlgorithmCAST, kCCAlgorithmCAST, + kCCAlgorithmRC4, kCCAlgorithmRC4, kCCAlgorithmRC4}; + + static const unsigned kTestBitSizes[kNTests] = { + 128, 192, 256, + 64, 3*64, + 40, 80, 128, + 32, 200, 512*8}; + + for (int i=0; i= cleartext.length); + NSData *decrypted = [key decryptData: encrypted]; + CAssertEqual(decrypted, cleartext); + + // Encrypt large binary data: + cleartext = [NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"]; + CAssert(cleartext); + encrypted = [key encryptData: cleartext]; + Log(@"Encrypted = %u bytes", encrypted.length); + CAssert(encrypted.length >= cleartext.length); + decrypted = [key decryptData: encrypted]; + CAssertEqual(decrypted, cleartext); + + [pool drain]; + } +} + + +#pragma mark - +#pragma mark KEY-PAIRS: + + +TestCase(KeyPair) { + RequireTestCase(MYKeychain); + + Log(@"Generating key pair..."); + MYKeyPair *pair = [[MYKeychain defaultKeychain] generateRSAKeyPairOfSize: 512]; + CAssert(pair); + CAssert(pair.keyRef); + CAssert(pair.privateKeyRef); + Log(@"...created pair."); + + @try{ + [pair setName: @"Test KeyPair Label"]; + CAssertEqual(pair.name, @"Test KeyPair Label"); +#if !TARGET_OS_IPHONE + [pair setComment: @"This key-pair was generated automatically by a test case."]; + CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case."); +#endif + [pair setAlias: @"TestCase@mooseyard.com"]; + CAssertEqual(pair.alias, @"TestCase@mooseyard.com"); + + NSData *pubKeyData = pair.keyData; + Log(@"Public key = %@ (%u bytes)",pubKeyData,pubKeyData.length); + CAssert(pubKeyData); + + MYSHA1Digest *pubKeyDigest = pair.publicKeyDigest; + Log(@"Public key digest = %@",pubKeyDigest); + + Log(@"SHA1 of pub key = %@", pubKeyData.my_SHA1Digest.asData); + + NSData *data = [@"This is a test. This is only a test!" dataUsingEncoding: NSUTF8StringEncoding]; + NSData *sig = [pair signData: data]; + Log(@"Signature = %@ (%u bytes)",sig,sig.length); + CAssert(sig); + CAssert( [pair verifySignature: sig ofData: data] ); + + // Test creating a standalone public key: + MYPublicKey *pub = [[MYPublicKey alloc] initWithKeyRef: pair.keyRef]; + CAssert( [pub verifySignature: sig ofData: data] ); + Log(@"Verified signature."); + + // Test creating a public key from data: + Log(@"Reconstituting public key from data..."); + pub = [[MYPublicKey alloc] initWithKeyData: pubKeyData]; + CAssert(pub); + CAssertEqual(pub.keyData, pubKeyData); + CAssertEqual(pub.publicKeyDigest, pubKeyDigest); + CAssert( [pub verifySignature: sig ofData: data] ); + Log(@"Verified signature from reconstituted key."); + + // Now let's encrypt... + NSData *crypted = [pub encryptData: data]; + Log(@"Encrypted = %@ (%u bytes)",crypted,crypted.length); + CAssert(crypted); + + CAssertEqual([pair decryptData: crypted], data); + Log(@"Verified decryption."); + + CAssert([pair removeFromKeychain]); + Log(@"Removed key-pair."); + pair = nil; + + }@finally { + if (pair) { + if ([pair removeFromKeychain]) + Log(@"Removed key-pair from keychain."); + else + Warn(@"Unable to remove test key-pair from keychain"); + } + } +} + + + +#pragma mark - +#pragma mark KEYPAIR EXPORT: + + +static void testKeyPairExportWithPrompt(BOOL withPrompt) { + MYKeychain *keychain = [MYKeychain allKeychains]; + Log(@"Generating key pair..."); + MYKeyPair *pair = [keychain generateRSAKeyPairOfSize: 512]; + CAssert(pair); + CAssert(pair.keyRef); + CAssert(pair.privateKeyRef); + Log(@"...created pair."); + + @try{ + NSData *pubKeyData = pair.keyData; + CAssert(pubKeyData.length >= 512/8); + [pair setName: @"Test KeyPair Label"]; + CAssertEqual(pair.name, @"Test KeyPair Label"); +#if !TARGET_OS_IPHONE + [pair setComment: @"This key-pair was generated automatically by a test case."]; + CAssertEqual(pair.comment, @"This key-pair was generated automatically by a test case."); +#endif + [pair setAlias: @"TestCase@mooseyard.com"]; + CAssertEqual(pair.alias, @"TestCase@mooseyard.com"); + +#if !TARGET_OS_IPHONE + Log(@"Exporting key-pair..."); + NSString *passphrase = @"passphrase"; + NSData *privKeyData; + if (withPrompt) + privKeyData = [pair exportPrivateKey]; + else + privKeyData = [pair _exportPrivateKeyInFormat: kSecFormatWrappedOpenSSL + withPEM: YES + passphrase: passphrase]; + Log(@"Exported data = %@ (%u bytes)", privKeyData,privKeyData.length); + CAssert(privKeyData); + [privKeyData writeToFile: @"ExportedPrivKey" atomically: YES]; +#endif + + // Check key lookup: + Log(@"Looking up public key of pair in keychain..."); + MYSHA1Digest *digest = pair.publicKeyDigest; + MYPublicKey *foundKey = [keychain publicKeyWithDigest: digest]; + CAssertEqual(foundKey, pair.asPublicKey); + CAssert([keychain.enumeratePublicKeys.allObjects containsObject: pair.asPublicKey]); + MYKeyPair *foundPair = [keychain keyPairWithDigest: digest]; + CAssertEqual(foundPair, pair); + CAssert([keychain.enumerateKeyPairs.allObjects containsObject: pair]); + + Log(@"Removing key-pair from keychain..."); + CAssert([pair removeFromKeychain]); + pair = nil; + CAssert([keychain publicKeyWithDigest: digest] == nil); + +#if !TARGET_OS_IPHONE + Log(@"Importing key-pair..."); + if (withPrompt) { + pair = [keychain importPublicKey: pubKeyData + privateKey: privKeyData]; + } else { + pair = [[[MYKeyPair alloc] _initWithPublicKeyData: pubKeyData + privateKeyData: privKeyData + forKeychain: keychain.keychainRefOrDefault + passphrase: passphrase] + autorelease]; + } + CAssert(pair); + CAssertEqual(pair.keyData, pubKeyData); +#endif + }@finally { + if (pair) { + if ([pair removeFromKeychain]) + Log(@"Removed key-pair from keychain."); + else + Warn(@"Unable to remove test key-pair from keychain"); + } + } +} + +TestCase(KeyPairExport) { + RequireTestCase(MYKeychain); + RequireTestCase(KeyPair); + testKeyPairExportWithPrompt(NO); +} + +TestCase(KeyPairExportWithUI) { + RequireTestCase(KeyPairExport); + testKeyPairExportWithPrompt(YES); +} + + +#endif DEBUG + diff -r 000000000000 -r 0a6527af039b MYCrypto_Debug.xcconfig --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto_Debug.xcconfig Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,13 @@ +// +// MYCrypto_Debug.xcconfig +// MYCrypto +// +// Created by Jens Alfke on 3/28/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#include "MYCrypto.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 +GCC_OPTIMIZATION_LEVEL = 0 +COPY_PHASE_STRIP = NO diff -r 000000000000 -r 0a6527af039b MYCrypto_Private.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto_Private.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,124 @@ +// +// MYCrypto_Private.h +// MYCrypto +// +// Created by Jens Alfke on 3/23/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeychain.h" +#import "MYKey.h" +#import "MYSymmetricKey.h" +#import "MYKeyPair.h" +#import "MYCertificate.h" +#import "Test.h" +#import + +/* The iPhone simulator actually has the Mac OS X security API, not the iPhone one. + So don't use the iPhone API when configured to run in the simulator. */ +#if TARGET_OS_IPHONE +#if !TARGET_IPHONE_SIMULATOR +#define USE_IPHONE_API 1 +#endif +#endif + +#ifndef USE_IPHONE_API +#define USE_IPHONE_API 0 +#endif + + +#if USE_IPHONE_API +typedef CFTypeRef SecKeychainAttrType; +typedef CFTypeRef SecKeychainItemRef; +typedef CFTypeRef SecKeychainRef; +#endif + +@interface MYKeychainItem (Private); +- (NSData*) _getContents: (OSStatus*)outError; +- (NSString*) stringValueOfAttribute: (SecKeychainAttrType)attr; +- (BOOL) setValue: (NSString*)valueStr ofAttribute: (SecKeychainAttrType)attr; ++ (NSData*) _getAttribute: (SecKeychainAttrType)attr ofItem: (MYKeychainItemRef)item; +- (id) _attribute: (SecKeychainAttrType)attribute; ++ (NSString*) _getStringAttribute: (SecKeychainAttrType)attr ofItem: (MYKeychainItemRef)item; ++ (BOOL) _setAttribute: (SecKeychainAttrType)attr ofItem: (MYKeychainItemRef)item + stringValue: (NSString*)stringValue; +@end + + +@interface MYKey (Private) +- (id) _initWithKeyData: (NSData*)data + forKeychain: (SecKeychainRef)keychain; +#if !USE_IPHONE_API +@property (readonly) const CSSM_KEY* cssmKey; +- (NSData*) exportKeyInFormat: (SecExternalFormat)format withPEM: (BOOL)withPEM; +#endif +@property (readonly) NSArray* _itemList; +@end + + +@interface MYSymmetricKey (Private) ++ (MYSymmetricKey*) _generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (CCAlgorithm)algorithm + inKeychain: (MYKeychain*)keychain; +@end + + +@interface MYPublicKey (Private) ++ (MYSHA1Digest*) _digestOfKey: (SecKeyRef)key; +- (BOOL) setValue: (NSString*)valueStr ofAttribute: (SecKeychainAttrType)attr; +@end + + +@interface MYKeyPair (Private) ++ (MYKeyPair*) _generateRSAKeyPairOfSize: (unsigned)keySize + inKeychain: (SecKeychainRef)keychain; +- (id) _initWithPublicKeyData: (NSData*)pubKeyData + privateKeyData: (NSData*)privKeyData + forKeychain: (SecKeychainRef)keychain + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt; +- (id) _initWithPublicKeyData: (NSData*)pubKeyData + privateKeyData: (NSData*)privKeyData + forKeychain: (SecKeychainRef)keychain + passphrase: (NSString*)passphrase; +#if !TARGET_OS_IPHONE +- (NSData*) _exportPrivateKeyInFormat: (SecExternalFormat)format + withPEM: (BOOL)withPEM + passphrase: (NSString*)passphrase; +#endif +@end + + +#if TARGET_OS_IPHONE && !USE_IPHONE_API +@interface MYCertificate (Private) +- (id) initWithCertificateData: (NSData*)data + type: (CSSM_CERT_TYPE) type + encoding: (CSSM_CERT_ENCODING) encoding; +@end +#endif + + +#if TARGET_OS_IPHONE && !USE_IPHONE_API +@interface MYKeychain (Private) +- (id) initWithKeychainRef: (SecKeychainRef)keychainRef; +@property (readonly) SecKeychainRef keychainRef, keychainRefOrDefault; +@property (readonly) CSSM_CSP_HANDLE CSPHandle; +@property (readonly) NSString* path; +@end +#endif + + +NSData* _crypt(SecKeyRef key, NSData *data, CCOperation op); + +#undef check +BOOL check(OSStatus err, NSString *what); + +#if !USE_IPHONE_API +BOOL checkcssm(CSSM_RETURN err, NSString *what); + +SecKeyRef importKey(NSData *data, + SecExternalItemType type, + SecKeychainRef keychain, + SecKeyImportExportParameters *params /*non-null*/); +CSSM_CC_HANDLE cssmCreateSignatureContext(SecKeyRef key); +#endif diff -r 000000000000 -r 0a6527af039b MYCrypto_main.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto_main.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,23 @@ +/* + * MYCrypto_main.c + * MYCrypto + * + * Created by Jens Alfke on 3/28/09. + * Copyright 2009 Jens Alfke. All rights reserved. + * + */ + + +#import "Test.h" + + +int main(int argc, const char **argv) { + if (argc<2) { + static const char *testArgs[] = {"MYCrypto", "Test_All"}; + argc = 2; + argv = testArgs; + } + + RunTestCases(argc,argv); + return 0; +} diff -r 000000000000 -r 0a6527af039b MYCryptor.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCryptor.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,86 @@ +// +// Cryptor.h +// MYCrypto +// +// Created by Jens Alfke on 3/21/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import +#import + + +/** Symmetric encryption: a Cocoa wrapper for CommonCrypto/commonCryptor.h */ +@interface MYCryptor : NSObject +{ + NSData *_key; + CCOperation _operation; + CCAlgorithm _algorithm; + CCOptions _options; + CCCryptorRef _cryptor; + NSError *_error; + NSOutputStream *_outputStream; + NSMutableData *_output; + size_t _outputExtraBytes; +} + +/** CommonCryptor.h defines key size and size-range constants, like kCCKeySizeAES128 */ ++ (NSData*) randomKeyOfLength: (size_t)length; + ++ (NSData*) keyOfLength: (size_t)lengthInBits fromPassphrase: (NSString*)passphrase; + +/** Creates a MYCryptor configured to encrypt data. */ +- (id) initEncryptorWithKey: (NSData*)key + algorithm: (CCAlgorithm)algorithm; + +/** Creates a MYCryptor configured to decrypt data. */ +- (id) initDecryptorWithKey: (NSData*)key + algorithm: (CCAlgorithm)algorithm; + +/** Setting this property tells the cryptor to send its output to the stream, + instead of accumulating itself in the outputData property. */ +@property (retain) NSOutputStream *outputStream; + +/** The encryption/decryption key; same as the 'key' parameter to the initializer. */ +@property (readonly) NSData *key; + +/** The cipher to use; initial value is the 'algorithm' parameter to the initializer. + You can change this before the first call to -addData:, but not after. */ +@property CCAlgorithm algorithm; + +/** Block-mode cipher options; you can set flags to enable PKCS7 padding or ECB mode + (default is CBC.) + You can change this before the first call to -addData:, but not after. */ +@property CCOptions options; + +/** The error state, if any, of this cryptor. + After -addData: or -finish: returns NO, check this property. */ +@property (readonly, retain) NSError *error; + +/** Adds input data. + @return YES if the operation succeeded, NO if it failed. */ +- (BOOL) addData: (NSData*)data; + +/** Finishes up the encryption/decryption and flushes the remaining bytes of output. + After this is called, you cannot add any more bytes of data. + @return YES if the operation succeeded, NO if it failed. */ +- (BOOL) finish; + +/** The output of the cryptor. Accessing this property implicitly calls -finish, so don't + do it until you've added all of the input. (And don't add any more input afterwards.) + This property will be nil if the outputStream property has been set. */ +@property (readonly) NSData *outputData; + +@end + + + +/** NSError domain for MYCryptor operations. Error code is interpreted as a CCCryptorStatus, + with additional error code(s) defined below. */ +extern NSString* const CryptorErrorDomain; + +enum { + /** Indicates that the outputStream couldn't write all the bytes given to it (this is legal + behavior for an NSOutputStream, but MYCryptor can't handle this yet.) */ + kMYCryptorErrorOutputStreamChoked = -777000 +}; diff -r 000000000000 -r 0a6527af039b MYCryptor.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCryptor.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,325 @@ +// +// Cryptor.m +// MYCrypto +// +// Created by Jens Alfke on 3/21/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYCryptor.h" +#import "MYDigest.h" +#import "Test.h" + +#if USE_IPHONE_API +#import +#else +#import "MYCrypto_Private.h" +#import "MYKeychain.h" +#import +#endif + + +NSString* const CryptorErrorDomain = @"CCCryptor"; + +#if !USE_IPHONE_API +static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes); +#endif + + +@interface MYCryptor () +@property (readwrite, retain) NSError *error; +@end + + + +@implementation MYCryptor + + ++ (NSData*) randomKeyOfLength: (size_t)length { + NSParameterAssert(length<100000); + uint8_t *bytes = malloc(length); + if (!bytes) return nil; +#if USE_IPHONE_API + BOOL ok = SecRandomCopyBytes(kSecRandomDefault, length,bytes) >= 0; +#else + BOOL ok = generateRandomBytes([[MYKeychain defaultKeychain] CSPHandle], length, bytes); +#endif + if (ok) + return [NSData dataWithBytesNoCopy: bytes length: length freeWhenDone: YES]; + else { + free(bytes); + return nil; + } +} + ++ (NSData*) keyOfLength: (size_t)lengthInBits fromPassphrase: (NSString*)passphrase +{ + size_t lengthInBytes = (lengthInBits + 7)/8; + MYDigest *digest = [[passphrase dataUsingEncoding: NSUTF8StringEncoding] my_SHA256Digest]; + if (lengthInBytes <= digest.length) + return [digest.asData subdataWithRange: NSMakeRange(0,lengthInBytes)]; + else + return nil; +} + + +- (id) initWithKey: (NSData*)key + algorithm: (CCAlgorithm)algorithm + operation: (CCOperation)op { + self = [super init]; + if (self) { + NSParameterAssert(key); + _key = [key copy]; + _operation = op; + _algorithm = algorithm; + _options = kCCOptionPKCS7Padding; + } + return self; +} + +- (id) initEncryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm { + return [self initWithKey: key algorithm: algorithm operation: kCCEncrypt]; +} + +- (id) initDecryptorWithKey: (NSData*)key algorithm: (CCAlgorithm)algorithm { + return [self initWithKey: key algorithm: algorithm operation: kCCDecrypt]; +} + +- (void) dealloc +{ + if (_cryptor) + CCCryptorRelease(_cryptor); + [_key autorelease]; + [_output autorelease]; + [_outputStream release]; + [super dealloc]; +} + + +@synthesize key=_key, algorithm=_algorithm, options=_options, + outputStream=_outputStream, error=_error; + + +- (BOOL) _check: (CCCryptorStatus)status { + if (status == kCCSuccess) + return YES; + else { + Warn(@"MYCryptor: CCCryptor error %i", status); + self.error = [NSError errorWithDomain: CryptorErrorDomain code: status userInfo: nil]; + return NO; + } +} + + +- (BOOL) _outputBytes: (const void*)bytes length: (size_t)length { + if (_outputStream) { + NSInteger written = [_outputStream write: bytes maxLength: length]; + if (written < 0) { + self.error = _outputStream.streamError; + if (_error) + Warn(@"MYCryptor: NSOutputStream error %@", _error); + else + [self _check: kMYCryptorErrorOutputStreamChoked]; + return NO; + } else if (written < length) { + [self _check: kMYCryptorErrorOutputStreamChoked]; + return NO; + } + } else if (length > 0) { + [_output appendBytes: bytes length: length]; + } + return YES; +} + + +- (BOOL) _start { + if (!_cryptor && !_error) { + if ([self _check: CCCryptorCreate(_operation, _algorithm, _options, + _key.bytes, _key.length, NULL, &_cryptor)]) { + _output = [[NSMutableData alloc] initWithCapacity: 1024]; + } + } + return !_error; +} + + +- (BOOL) addBytes: (const void*)bytes length: (size_t)length { + if (length > 0) { + NSParameterAssert(bytes!=NULL); + if(!_error && (_cryptor || [self _start])) { + size_t outputLength = CCCryptorGetOutputLength(_cryptor,length,false); + void *output = malloc(outputLength); + if ([self _check: CCCryptorUpdate(_cryptor, bytes, length, + output, outputLength, &outputLength)]) { + [self _outputBytes: output length: outputLength]; + } + free(output); + } + } + return !_error; +} + +- (BOOL) addData: (NSData*)data +{ + return [self addBytes: data.bytes length: data.length]; +} + +- (BOOL) addString: (NSString*)str { + return [self addData: [str dataUsingEncoding: NSUTF8StringEncoding]]; +} + + +- (BOOL) addFromStream: (NSInputStream*)input +{ + uint8_t inputBuffer[1024]; + size_t avail; + while (!_error && input.hasBytesAvailable) { + avail = sizeof(inputBuffer); + NSInteger nRead = [input read: inputBuffer maxLength: sizeof(inputBuffer)]; + if (nRead < 0) { + self.error = input.streamError; + return NO; + } else if (nRead == 0) { + break; + } else if (![self addBytes: inputBuffer length: nRead]) + return NO; + } + return YES; +} + + +- (BOOL) finish +{ + if(!_error && (_cryptor || [self _start])) { + size_t outputLength = 100; //CCCryptorGetOutputLength(_cryptor,1,true); + void *output = malloc(outputLength); + if ([self _check: CCCryptorFinal(_cryptor, output, outputLength, &outputLength)]) { + [self _outputBytes: output length: outputLength]; + } + free(output); + } + CCCryptorRelease(_cryptor); + _cryptor = NULL; + return !_error; +} + + +- (NSData*) outputData { + if (_cryptor) [self finish]; + if(_error) { + [_output release]; + _output = nil; + } + return _output; +} + +- (NSString*) outputString { + NSData *output = self.outputData; + if (output) { + NSString *str = [[NSString alloc] initWithData: output encoding: NSUTF8StringEncoding]; + return [str autorelease]; + } else + return nil; +} + + +// NSStream delegate method +- (void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode { + switch (eventCode) { + case NSStreamEventHasBytesAvailable: + [self addFromStream: (NSInputStream*)stream]; + break; + case NSStreamEventEndEncountered: + [self finish]; + break; + case NSStreamEventErrorOccurred: + if (!_error) + self.error = stream.streamError; + break; + default: + break; + } +} + + + +@end + + + + +#if !USE_IPHONE_API +static BOOL generateRandomBytes(CSSM_CSP_HANDLE module, uint32_t lengthInBytes, void *dstBytes) { + // Adapted from code in Keychain.framework's KeychainUtils.m by Wade Tregaskis. + CSSM_CC_HANDLE ccHandle; + if (!checkcssm(CSSM_CSP_CreateRandomGenContext(module, CSSM_ALGID_APPLE_YARROW, NULL, + lengthInBytes, &ccHandle), + @"CSSM_CSP_CreateRandomGenContext")) + return NO; + CSSM_DATA data = {.Data=dstBytes, .Length=lengthInBytes}; + BOOL ok = checkcssm(CSSM_GenerateRandom(ccHandle, &data), @"CSSM_GenerateRandom"); + CSSM_DeleteContext(ccHandle); + return ok; +} +#endif + + + + +TestCase(MYCryptor) { + // Encryption: + NSData *key = [MYCryptor randomKeyOfLength: kCCKeySizeAES256]; + Log(@"Key = %@",key); + MYCryptor *enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128]; + CAssert(enc); + CAssert([enc addString: @"This is a test. "]); + CAssert([enc addString: @"This is only a test."]); + CAssertEqual(enc.error, nil); + NSData *encrypted = enc.outputData; + CAssertEqual(enc.error, nil); + CAssert(encrypted.length > 0); + [enc release]; + Log(@"Encrypted = %@", encrypted); + + // Decryption: + MYCryptor *dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128]; + CAssert(dec); + CAssert([dec addData: encrypted]); + NSString *decrypted = dec.outputString; + CAssertEqual(dec.error, nil); + [dec release]; + Log(@"Decrypted = '%@'", decrypted); + CAssertEqual(decrypted, @"This is a test. This is only a test."); + + // Encryption to stream: + key = [MYCryptor randomKeyOfLength: kCCKeySizeAES256]; + Log(@"Key = %@",key); + enc = [[MYCryptor alloc] initEncryptorWithKey: key algorithm: kCCAlgorithmAES128]; + CAssert(enc); + enc.outputStream = [NSOutputStream outputStreamToMemory]; + [enc.outputStream open]; + CAssert([enc addString: @"This is a test. "]); + CAssert([enc addString: @"This is only a test."]); + CAssert([enc finish]); + CAssertEqual(enc.error, nil); + encrypted = [[enc.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey] retain]; + CAssert(encrypted.length > 0); + [enc release]; + Log(@"Encrypted = %@", encrypted); + + dec = [[MYCryptor alloc] initDecryptorWithKey: key algorithm: kCCAlgorithmAES128]; + CAssert(dec); + dec.outputStream = [NSOutputStream outputStreamToMemory]; + [dec.outputStream open]; + CAssert([dec addData: encrypted]); + CAssert([dec finish]); + CAssertEqual(dec.error, nil); + NSData *decryptedData = [dec.outputStream propertyForKey: NSStreamDataWrittenToMemoryStreamKey]; + [dec release]; + decrypted = [[NSString alloc] initWithData: decryptedData + encoding: NSUTF8StringEncoding]; + Log(@"Decrypted = '%@'", decrypted); + CAssertEqual(decrypted, @"This is a test. This is only a test."); + [encrypted release]; + [decrypted release]; +} diff -r 000000000000 -r 0a6527af039b MYDigest.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYDigest.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,81 @@ +// +// MYDigest.h +// MYCrypto +// +// Created by Jens Alfke on 1/4/08. +// Copyright 2008 Jens Alfke. All rights reserved. +// + +#import + + +/** Abstract superclass for cryptographic digests (aka hashes). + Each specific type of digest has its own concrete subclass. */ +@interface MYDigest : NSObject +{ + void *_rawDigest; +} + +- (id) initWithRawDigest: (const void*)rawDigest length: (size_t)length; + ++ (MYDigest*) digestFromDigestData: (NSData*)digestData; ++ (MYDigest*) digestFromHexString: (NSString*)hexString; + ++ (MYDigest*) digestOfData: (NSData*)data; ++ (MYDigest*) digestOfBytes: (const void*)bytes length: (size_t)length; + +- (NSComparisonResult) compare: (MYDigest*)other; + +@property (readonly) NSData *asData; +@property (readonly) NSString *hexString, *abbreviatedHexString; + +@property (readonly) uint32_t /*CSSM_ALGORITHMS*/ algorithm; +@property (readonly) size_t length; +@property (readonly) const void* bytes; + ++ (uint32_t /*CSSM_ALGORITHMS*/) algorithm; ++ (size_t) length; + +/** Primitive digest generation method; abstract of course. */ ++ (void) computeDigest: (void*)dstDigest ofBytes: (const void*)bytes length: (size_t)length; + +@end + + +/** A simple C struct containing a 160-bit SHA-1 digest. */ +typedef struct { + UInt8 bytes[20]; +} RawSHA1Digest; + +/** A 160-bit SHA-1 digest encapsulated in an object. */ +@interface MYSHA1Digest : MYDigest + +- (MYSHA1Digest*) initWithRawSHA1Digest: (const RawSHA1Digest*)rawDigest; ++ (MYSHA1Digest*) digestFromRawSHA1Digest: (const RawSHA1Digest*)rawDigest; + +@property (readonly) const RawSHA1Digest* rawSHA1Digest; + +@end + + +/** A simple C struct containing a 256-bit SHA-256 digest. */ +typedef struct { + UInt8 bytes[32]; +} RawSHA256Digest; + +/** A 256-bit SHA-256 digest encapsulated in an object. */ +@interface MYSHA256Digest : MYDigest + +- (MYSHA256Digest*) initWithRawSHA256Digest: (const RawSHA256Digest*)rawDigest; ++ (MYSHA256Digest*) digestFromRawSHA256Digest: (const RawSHA256Digest*)rawDigest; + +@property (readonly) const RawSHA256Digest* rawSHA256Digest; + +@end + + +/** Convenience methods for NSData objects */ +@interface NSData (MYDigest) +@property (readonly) MYSHA1Digest* my_SHA1Digest; +@property (readonly) MYSHA256Digest* my_SHA256Digest; +@end diff -r 000000000000 -r 0a6527af039b MYDigest.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYDigest.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,278 @@ +// +// MYDigest.m +// MYCrypto +// +// Created by Jens Alfke on 1/4/08. +// Copyright 2008 Jens Alfke. All rights reserved. +// + +#import "MYDigest.h" +#import +#import "MYCrypto_Private.h" + + +#if USE_IPHONE_API +enum { + CSSM_ALGID_SHA1 = 8, + CSSM_ALGID_SHA256 = 0x80000000 + 14 +}; +#endif + + +@implementation MYDigest + ++ (uint32_t) algorithm { + AssertAbstractMethod(); +} + ++ (size_t) length { + AssertAbstractMethod(); +} + ++ (void) computeDigest: (void*)dstDigest ofBytes: (const void*)bytes length: (size_t)length { + AssertAbstractMethod(); +} + + +- (id) initWithRawDigest: (const void*)rawDigest length: (size_t)length { + Assert([self class] != [MYDigest class], @"MYDigest is an abstract class"); + Assert(rawDigest!=NULL); + AssertEq(length,[[self class] length]); + self = [super init]; + if (self) { + _rawDigest = malloc(length); + Assert(_rawDigest); + memcpy(_rawDigest,rawDigest,length); + } + return self; +} + +- (void) dealloc +{ + if(_rawDigest) free(_rawDigest); + [super dealloc]; +} + + +- (id) copyWithZone: (NSZone*)zone +{ + return [self retain]; +} + +- (id)initWithCoder:(NSCoder *)decoder +{ + NSUInteger length; + const void *bytes = [decoder decodeBytesForKey: @"digest" returnedLength: &length]; + return [self initWithRawDigest: bytes length: length]; +} + + +- (void)encodeWithCoder:(NSCoder *)coder +{ + [coder encodeBytes: self.bytes length: self.length forKey: @"digest"]; +} + + ++ (MYDigest*) digestFromDigestData: (NSData*)digestData { + return [[[self alloc] initWithRawDigest: digestData.bytes length: digestData.length] autorelease]; +} + ++ (MYDigest*) digestFromHexString: (NSString*)hexString +{ + const char *cStr = [hexString UTF8String]; + const size_t length = [self length]; + if( !cStr || strlen(cStr)!=2*length ) + return nil; + uint8_t digest[length]; + for( int i=0; i0); + CC_SHA1(bytes,length, dstDigest); +} + ++ (uint32_t) algorithm {return CSSM_ALGID_SHA1;} ++ (size_t) length {return sizeof(RawSHA1Digest);} + +- (MYSHA1Digest*) initWithRawSHA1Digest: (const RawSHA1Digest*)rawDigest { + return [super initWithRawDigest: rawDigest length: sizeof(*rawDigest)]; +} + ++ (MYSHA1Digest*) digestFromRawSHA1Digest: (const RawSHA1Digest*)rawDigest { + return [[[self alloc] initWithRawSHA1Digest: rawDigest] autorelease]; +} + +- (const RawSHA1Digest*) rawSHA1Digest { + return self.bytes; +} + + +@end + + + +@implementation MYSHA256Digest + ++ (void) computeDigest: (void*)dstDigest ofBytes: (const void*)bytes length: (size_t)length { + NSParameterAssert(bytes!=NULL); + NSParameterAssert(length>0); + CC_SHA256(bytes,length, dstDigest); +} + ++ (uint32_t) algorithm {return CSSM_ALGID_SHA256;} ++ (size_t) length {return sizeof(RawSHA256Digest);} + +- (MYSHA256Digest*) initWithRawSHA256Digest: (const RawSHA256Digest*)rawDigest { + return [super initWithRawDigest: rawDigest length: sizeof(*rawDigest)]; +} + ++ (MYSHA256Digest*) digestFromRawSHA256Digest: (const RawSHA256Digest*)rawDigest { + return [[[self alloc] initWithRawSHA256Digest: rawDigest] autorelease]; +} + +- (const RawSHA256Digest*) rawSHA256Digest { + return self.bytes; +} + + +@end + + + +@implementation NSData (MYDigest) + +- (MYSHA1Digest*) my_SHA1Digest +{ + return (MYSHA1Digest*) [MYSHA1Digest digestOfData: self]; +} + +- (MYSHA256Digest*) my_SHA256Digest +{ + return (MYSHA256Digest*) [MYSHA256Digest digestOfData: self]; +} + +@end + + + +#import "Test.h" + + +static void testDigestOf( NSData *src, NSString *expectedSHA1Hex, NSString *expectedSHA256Hex ) +{ + MYSHA1Digest *d1 = [src my_SHA1Digest]; + NSString *hex = d1.hexString; + Log(@"Digesting %u bytes to %@",src.length,hex); + if( expectedSHA1Hex ) + CAssertEqual(hex,expectedSHA1Hex); + MYSHA1Digest *d2 = (MYSHA1Digest*) [MYSHA1Digest digestFromHexString: hex]; + CAssertEqual(d1,d2); + CAssertEqual(d2.hexString,hex); + + MYSHA256Digest *d256 = [src my_SHA256Digest]; + hex = d256.hexString; + Log(@"Digesting %u bytes to %@",src.length,hex); + if( expectedSHA256Hex ) + CAssertEqual(hex,expectedSHA256Hex); + MYSHA256Digest *d256_2 = (MYSHA256Digest*) [MYSHA256Digest digestFromHexString: hex]; + CAssertEqual(d256,d256_2); + CAssertEqual(d256_2.hexString,hex); +} + + +TestCase(MYDigest) { + testDigestOf([@"Pack my box with five dozen liquor jugs, you ugly potatoe pie!" + dataUsingEncoding: NSUTF8StringEncoding], + @"4F254781ED6C0103BE056DD8418EFBAC0C2EBE3C", + @"08AA4BCDDF7654D7AB5CDD25395A4DD8F3BEB5C79FE567D10C1A21B9134F48FD"); + testDigestOf([NSData dataWithContentsOfFile: @"/Library/Desktop Pictures/Nature/Zen Garden.jpg"], + @"62A17839B3B86D3543EB2E34D2718A0FE044FA31", + @"FBD25FA6CEE794049973DE3BDF752345617FCA81018C8FC65350BCDD901142DB"); +} diff -r 000000000000 -r 0a6527af039b MYKey-iPhone.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKey-iPhone.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,151 @@ +// +// MYKey-iPhone.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 4/4/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + + +#import "MYCrypto_Private.h" + +#if USE_IPHONE_API + +#import "MYDigest.h" +#import "MYErrorUtils.h" + + +#pragma mark - +@implementation MYKey + + +- (id) initWithKeyRef: (SecKeyRef)key { + self = [super initWithKeychainItemRef: (SecKeychainItemRef)key]; + if (self) { + _key = key; // superclass has already CFRetained it + } + return self; +} + + +- (id) _initWithKeyData: (NSData*)data + forKeychain: (SecKeychainRef)keychain +{ + NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyType, (id)kSecAttrKeyTypeRSA}, + {(id)kSecValueData, data}, + {(id)kSecAttrIsPermanent, $object(keychain!=nil)}, + {(id)kSecReturnRef, $true} ); + SecKeyRef key; + if (!check(SecItemAdd((CFDictionaryRef)info, (CFTypeRef*)&key), @"SecItemAdd")) + return nil; + else + return [self initWithKeyRef: (SecKeyRef)key]; +} + +- (id) initWithKeyData: (NSData*)data { + return [self _initWithKeyData: data forKeychain: nil]; +} + + +- (NSString*) description { + return $sprintf(@"%@[%p]", [self class], _key); //FIX: Can we do anything better? +} + + +- (SecExternalItemType) keyType { + AssertAbstractMethod(); +} + + +- (NSData*) keyData { + NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyType, (id)self.keyType}, + {(id)kSecMatchItemList, $array((id)_key)}, + {(id)kSecReturnData, $true} ); + CFDataRef data; + if (!check(SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef*)&data), @"SecItemCopyMatching")) + return nil; + else + return [(id)CFMakeCollectable(data) autorelease]; +} + + +@synthesize keyRef=_key; + + +- (MYKey*) asKey { + return self; +} + + +- (id) _attribute: (CFTypeRef)attribute { + NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyType, (id)self.keyType}, + {(id)kSecMatchItemList, $array((id)_key)}, + {(id)kSecReturnAttributes, $true} ); + CFDictionaryRef attrs; + if (!check(SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef*)&attrs), @"SecItemCopyMatching")) + return nil; + CFTypeRef rawValue = CFDictionaryGetValue(attrs,attribute); + id value = rawValue ?[[(id)CFMakeCollectable(rawValue) retain] autorelease] :nil; + CFRelease(attrs); + return value; +} + +- (BOOL) setValue: (NSString*)value ofAttribute: (SecKeychainAttrType)attribute { + if (!value) + value = (id)[NSNull null]; + NSDictionary *query = $dict( {(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyType, (id)self.keyType}, + {(id)kSecMatchItemList, self._itemList} ); + NSDictionary *attrs = $dict( {(id)attribute, value} ); + return check(SecItemUpdate((CFDictionaryRef)query, (CFDictionaryRef)attrs), @"SecItemUpdate"); +} + + +- (NSString*) name { + return [self _attribute: kSecAttrLabel]; +} + +- (void) setName: (NSString*)name { + [self setValue: name ofAttribute: kSecAttrLabel]; +} + +- (NSString*) alias { + return [self _attribute: kSecAttrApplicationTag]; +} + +- (void) setAlias: (NSString*)alias { + [self setValue: alias ofAttribute: kSecAttrApplicationTag]; +} + + +@end + + +#endif USE_IPHONE_API + + + +/* + Copyright (c) 2009, Jens Alfke . All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, are permitted + provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of conditions + and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions + and the following disclaimer in the documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff -r 000000000000 -r 0a6527af039b MYKey.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKey.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,78 @@ +// +// MYKey.h +// MYCrypto +// +// Created by Jens Alfke on 3/30/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeychainItem.h" + +#if TARGET_OS_IPHONE && !TARGET_IPHONE_SIMULATOR +typedef CFTypeRef SecExternalItemType; +#endif + + +@interface MYKey : MYKeychainItem +{ + @private + SecKeyRef _key; +} + +/** Creates a MYKey object for an existing Keychain key reference. */ +- (id) initWithKeyRef: (SecKeyRef)keyRef; + +/** Creates a MYKey object from exported key data, but does not add it to any keychain. */ +- (id) initWithKeyData: (NSData*)data; + +#if !TARGET_OS_IPHONE +/** Converts the key into a data blob in one of several standard formats, suitable for storing in + a file or sending over the network. + @param format The data format: kSecFormatOpenSSL, kSecFormatSSH, kSecFormatBSAFE or kSecFormatSSHv2. + @param withPEM YES if the data should be encoded in PEM format, which converts into short lines + of printable ASCII characters, suitable for sending in email. */ +- (NSData*) exportKeyInFormat: (SecExternalFormat)format withPEM: (BOOL)withPEM; +#endif + +/** The Keychain object reference for this key. */ +@property (readonly) SecKeyRef keyRef; + +/** The key's raw data in OpenSSL format. This is the same as calling + -exportKeyInFormat: kSecFormatOpenSSL withPEM: NO */ +@property (readonly) NSData *keyData; + +@property (readonly) SecExternalItemType keyType; + +/** The user-visible name (kSecKeyPrintName) associated with this key in the Keychain. + The user can edit this, so don't expect it to be immutable. */ +@property (copy) NSString *name; + +/** An application-specific string (kSecKeyAlias) associated with this key in the Keychain. + Not visible to or editable by the user. + If you own this key, you can store any associated metadata you like here, although be aware + that it can be read and modified by any other app that can access this key. */ +@property (copy) NSString *alias; + +#if !TARGET_OS_IPHONE +/** The user-visible comment (kSecKeyApplicationTag) associated with this key in the Keychain. + The user can edit this, so don't expect it to be immutable. */ +@property (copy) NSString *comment; +#endif + +@end + + + +@protocol MYEncryption + +/** Encrypts data using this key, returning the raw encrypted result. */ +- (NSData*) encryptData: (NSData*)data; + +@end + +@protocol MYDecryption + +/** Decrypts data using this key, returning the original data. */ +- (NSData*) decryptData: (NSData*)data; + +@end diff -r 000000000000 -r 0a6527af039b MYKey.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKey.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,174 @@ +// +// MYKey.m +// MYCrypto +// +// Created by Jens Alfke on 3/21/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKey.h" +#import "MYCrypto_Private.h" +#import "MYDigest.h" +#import "MYErrorUtils.h" + +#if !USE_IPHONE_API + + +#pragma mark - +@implementation MYKey + + +- (id) initWithKeyRef: (SecKeyRef)key { + self = [super initWithKeychainItemRef: (SecKeychainItemRef)key]; + if (self) { + _key = key; // superclass has already CFRetained it + } + return self; +} + +- (id) _initWithKeyData: (NSData*)data + forKeychain: (SecKeychainRef)keychain { + SecKeyImportExportParameters params = {}; + SecKeyRef key = importKey(data, self.keyType, keychain, ¶ms); + if (!key) { + [self release]; + return nil; + } + self = [super initWithKeychainItemRef: (SecKeychainItemRef)key]; + if (self) { + _key = key; + } + CFRelease(key); + return self; +} + +- (id) initWithKeyData: (NSData*)data { + return [self _initWithKeyData: data forKeychain: nil]; +} + + +- (NSString*) description { + return $sprintf(@"%@[%p]", [self class], _key); //FIX: Can we do anything better? +} + + +- (SecExternalItemType) keyType { + AssertAbstractMethod(); +} + + +@synthesize keyRef=_key; + + +- (MYKey*) asKey { + return self; +} + +- (const CSSM_KEY*) cssmKey { + const CSSM_KEY *cssmKey = NULL; + Assert(check(SecKeyGetCSSMKey(_key, &cssmKey), @"SecKeyGetCSSMKey"), @"Failed to get CSSM_KEY"); + return cssmKey; +} + +- (NSData*) exportKeyInFormat: (SecExternalFormat)format withPEM: (BOOL)withPEM { + CFDataRef data = NULL; + if (check(SecKeychainItemExport(_key, format, (withPEM ?kSecItemPemArmour :0), NULL, &data), + @"SecKeychainItemExport")) + return [(id)CFMakeCollectable(data) autorelease]; + else + return nil; +} + +- (NSData*) keyData { + return [self exportKeyInFormat: kSecFormatRawKey withPEM: NO]; +} + +- (NSString*) name { + return [self stringValueOfAttribute: kSecKeyPrintName]; +} + +- (void) setName: (NSString*)name { + [self setValue: name ofAttribute: kSecKeyPrintName]; +} + +- (NSString*) comment { + return [self stringValueOfAttribute: kSecKeyApplicationTag]; +} + +- (void) setComment: (NSString*)comment { + [self setValue: comment ofAttribute: kSecKeyApplicationTag]; +} + +- (NSString*) alias { + return [self stringValueOfAttribute: kSecKeyAlias]; +} + +- (void) setAlias: (NSString*)alias { + [self setValue: alias ofAttribute: kSecKeyAlias]; +} + + +@end + + + + +#pragma mark - +#pragma mark UTILITY FUNCTIONS: + + +SecKeyRef importKey(NSData *data, + SecExternalItemType type, + SecKeychainRef keychain, + SecKeyImportExportParameters *params) { + SecExternalFormat inputFormat = (type==kSecItemTypeSessionKey) ?kSecFormatRawKey :kSecFormatOpenSSL; + CFArrayRef items = NULL; + + params->version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; + params->flags |= kSecKeyImportOnlyOne; + if (keychain) { + params->keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; + if (type==kSecItemTypeSessionKey) + params->keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT; + else if (type==kSecItemTypePublicKey) + params->keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY; + else if (type==kSecItemTypePrivateKey) + params->keyUsage = CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN; + } + if (!check(SecKeychainItemImport((CFDataRef)data, NULL, &inputFormat, &type, + 0, params, keychain, &items), + @"SecKeychainItemImport")) + return nil; + if (!items || CFArrayGetCount(items) != 1) + return nil; + SecKeyRef key = (SecKeyRef)CFRetain(CFArrayGetValueAtIndex(items,0)); + CFRelease(items); + return key; // caller must CFRelease +} + + +#endif USE_IPHONE_API + + + +/* + Copyright (c) 2009, Jens Alfke . All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, are permitted + provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of conditions + and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions + and the following disclaimer in the documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff -r 000000000000 -r 0a6527af039b MYKeyPair-iPhone.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeyPair-iPhone.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,81 @@ +// +// MYKeyPair-iPhone.m +// MYNetwork-iPhone +// +// Created by Jens Alfke on 3/22/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + + +#import "MYKeyPair.h" +#import "MYCrypto_Private.h" + +#if USE_IPHONE_API + + +@implementation MYKeyPair + + ++ (MYKeyPair*) _generateKeyPairOfSize: (unsigned)keySize inKeychain: (MYKeychain*)keychain { + Assert( keySize == 512 || keySize == 1024 || keySize == 2048, @"Unsupported key size %u", keySize ); + SecKeyRef pubKey=NULL, privKey=NULL; + OSStatus err; + NSDictionary *pubKeyAttrs = $dict({(id)kSecAttrIsPermanent, $true}); + NSDictionary *privKeyAttrs = $dict({(id)kSecAttrIsPermanent, $true}); + NSDictionary *keyAttrs = $dict( {(id)kSecAttrKeyType, (id)kSecAttrKeyTypeRSA}, + {(id)kSecAttrKeySizeInBits, $object(keySize)}, + {(id)kSecPublicKeyAttrs, pubKeyAttrs}, + {(id)kSecPrivateKeyAttrs, privKeyAttrs} ); + err = SecKeyGeneratePair((CFDictionaryRef)keyAttrs,&pubKey,&privKey); + if (err) { + Warn(@"Failed to create key-pair: %i", err); + return nil; + } else + return [[[self alloc] initWithPublicKeyRef: pubKey privateKeyRef: privKey] autorelease]; +} + +- (id) initWithPublicKeyRef: (SecKeyRef)publicKey privateKeyRef: (SecKeyRef)privateKey { + self = [super initWithKeyRef: publicKey]; + if (self) { + NSParameterAssert(privateKey); + _privateKey = (SecKeyRef) CFRetain(privateKey); + } + return self; +} + + +- (NSArray*) _itemList { + return $array((id)_privateKey,(id)self.keyRef); +} + + +@synthesize privateKeyRef=_privateKey; + + +- (NSData*) decryptData: (NSData*)data { + return _crypt(_privateKey,data,kCCDecrypt); +} + + +- (NSData*) signData: (NSData*)data { + Assert(data); + uint8_t digest[CC_SHA1_DIGEST_LENGTH]; + CC_SHA1(data.bytes,data.length, digest); + + size_t sigLen = 1024; + uint8_t sigBuf[sigLen]; + OSStatus err = SecKeyRawSign(_privateKey, kSecPaddingPKCS1SHA1, + digest,sizeof(digest), //data.bytes, data.length, + sigBuf, &sigLen); + if(err) { + Warn(@"SecKeyRawSign failed: %i",err); + return nil; + } else + return [NSData dataWithBytes: sigBuf length: sigLen]; +} + + +@end + + +#endif USE_IPHONE_API diff -r 000000000000 -r 0a6527af039b MYKeyPair.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeyPair.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,54 @@ +// +// KeyPair.h +// MYCrypto +// +// Created by Jens Alfke on 3/21/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYPublicKey.h" + + +/** A key-pair consisting of a public and a private key. + Can be used for signing and decrypting, as well as the inherited encrypting/verifying. */ +@interface MYKeyPair : MYPublicKey +{ + SecKeyRef _privateKey; +} + +/** Creates a MYKeyPair object from existing Keychain key references. */ +- (id) initWithPublicKeyRef: (SecKeyRef)publicKey privateKeyRef: (SecKeyRef)privateKey; + +#if !TARGET_OS_IPHONE +/** Exports the private key as a data blob, so that it can be stored as a backup, or transferred + to another computer. Since the key is sensitive, it must be exported in encrypted form + using a user-chosen passphrase. This method will display a standard alert panel, run by + the Security agent, that prompts the user to enter a new passphrase for encrypting the key. + The same passphrase must be re-entered when importing the key from the data blob. + @param format The data format: kSecFormatOpenSSL, kSecFormatSSH, kSecFormatBSAFE or kSecFormatSSHv2. + @param withPEM YES if the data should be encoded in PEM format, which converts into short lines + of printable ASCII characters, suitable for sending in email. + @param alertTitle An optional title for the alert panel. (Currently ignored by the OS?) + @param prompt An optional prompt message to display in the alert panel. */ +- (NSData*) exportPrivateKeyInFormat: (SecExternalFormat)format + withPEM: (BOOL)withPEM + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt; + +/** A convenient shorthand for the full exportPrivateKeyInFormat... method. + Uses OpenSSL format, wrapped with PEM, and default title and prompt for the alert. */ +- (NSData*) exportPrivateKey; +#endif + +/** The underlying Keychain key reference for the private key. */ +@property (readonly) SecKeyRef privateKeyRef; + +/** Decrypts data that was encrypted using the public key. */ +- (NSData*) decryptData: (NSData*)data; + +/** Generates a signature of data, using the private key. + The resulting signature can be verified using the matching MYPublicKey's + verifySignature:ofData: method. */ +- (NSData*) signData: (NSData*)data; + +@end diff -r 000000000000 -r 0a6527af039b MYKeyPair.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeyPair.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,234 @@ +// +// KeyPair.m +// MYCrypto +// +// Created by Jens Alfke on 3/21/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeyPair.h" +#import "MYCrypto_Private.h" +#import + +#if !USE_IPHONE_API + + +#pragma mark - + +@implementation MYKeyPair + + ++ (MYKeyPair*) _generateRSAKeyPairOfSize: (unsigned)keySize + inKeychain: (SecKeychainRef)keychain { + Assert( keySize == 512 || keySize == 1024 || keySize == 2048, @"Unsupported key size %u", keySize ); + SecKeyRef pubKey=NULL, privKey=NULL; + OSStatus err; + err = SecKeyCreatePair(keychain, CSSM_ALGID_RSA, keySize, 0LL, + CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY, // public key + CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, + CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN, // private key + CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_PERMANENT, + NULL, // SecAccessRef + &pubKey, &privKey); + if (!check(err, @"SecKeyCreatePair")) { + return nil; + } else + return [[[self alloc] initWithPublicKeyRef: pubKey privateKeyRef: privKey] autorelease]; +} + + +- (id) initWithPublicKeyRef: (SecKeyRef)publicKey privateKeyRef: (SecKeyRef)privateKey { + self = [super initWithKeyRef: publicKey]; + if (self) { + NSParameterAssert(privateKey); + _privateKey = (SecKeyRef) CFRetain(privateKey); + } + return self; +} + +- (id) _initWithPublicKeyData: (NSData*)pubKeyData + privateKey: (SecKeyRef)privateKey + forKeychain: (SecKeychainRef)keychain { + if (!privateKey) { + [self release]; + return nil; + } + self = [self _initWithKeyData: pubKeyData forKeychain: keychain]; + if (self) { + _privateKey = privateKey; + } else { + SecKeychainItemDelete((SecKeychainItemRef)privateKey); + CFRelease(privateKey); + } + return self; +} + + +// The public API for this is in MYKeychain. +- (id) _initWithPublicKeyData: (NSData*)pubKeyData + privateKeyData: (NSData*)privKeyData + forKeychain: (SecKeychainRef)keychain + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt +{ + // Try to import the private key first, since the user might cancel the passphrase alert. + SecKeyImportExportParameters params = { + .flags = kSecKeySecurePassphrase, + .alertTitle = (CFStringRef) title, + .alertPrompt = (CFStringRef) prompt + }; + SecKeyRef privateKey = importKey(privKeyData,kSecItemTypePrivateKey,keychain,¶ms); + return [self _initWithPublicKeyData: pubKeyData privateKey: privateKey forKeychain: keychain]; +} + +// This method is for testing, so unit-tests don't require user intervention. +// It's deliberately not made public, to discourage clients from trying to manage the passphrases +// themselves (this is less secure than letting the Security agent do it.) +- (id) _initWithPublicKeyData: (NSData*)pubKeyData + privateKeyData: (NSData*)privKeyData + forKeychain: (SecKeychainRef)keychain + passphrase: (NSString*)passphrase +{ + SecKeyImportExportParameters params = { + .passphrase = (CFStringRef) passphrase, + }; + SecKeyRef privateKey = importKey(privKeyData,kSecItemTypePrivateKey,keychain,¶ms); + return [self _initWithPublicKeyData: pubKeyData privateKey: privateKey forKeychain: keychain]; +} + + +- (void) dealloc +{ + if (_privateKey) CFRelease(_privateKey); + [super dealloc]; +} + + +- (NSUInteger)hash { + // Ensure that a KeyPair doesn't hash the same as its corresponding PublicKey: + return super.hash ^ 0xFFFFFFFF; +} + + +- (MYPublicKey*) asPublicKey { + return [[[MYPublicKey alloc] initWithKeyRef: self.keyRef] autorelease]; +} + + +- (NSData*) exportPrivateKeyInFormat: (SecExternalFormat)format + withPEM: (BOOL)withPEM + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt +{ + SecKeyImportExportParameters params = { + .version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, + .flags = kSecKeySecurePassphrase, + .alertTitle = (CFStringRef)title, + .alertPrompt = (CFStringRef)prompt + }; + CFDataRef data = NULL; + if (check(SecKeychainItemExport(_privateKey, //$array((id)_publicKey,(id)_privateKey), + format, (withPEM ?kSecItemPemArmour :0), + ¶ms, &data), + @"SecKeychainItemExport")) + return [(id)CFMakeCollectable(data) autorelease]; + else + return nil; +} + +- (NSData*) exportPrivateKey { + return [self exportPrivateKeyInFormat: kSecFormatWrappedOpenSSL withPEM: YES + alertTitle: @"Export Private Key" + alertPrompt: @"Enter a passphrase to protect the private-key file.\n" + "You will need to re-enter the passphrase later when importing the key from this file, " + "so keep it in a safe place."]; + //FIX: Should make these messages localizable. +} + + +- (NSData*) _exportPrivateKeyInFormat: (SecExternalFormat)format + withPEM: (BOOL)withPEM + passphrase: (NSString*)passphrase +{ + SecKeyImportExportParameters params = { + .version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION, + .passphrase = (CFStringRef)passphrase + }; + CFDataRef data = NULL; + if (check(SecKeychainItemExport(_privateKey, + format, (withPEM ?kSecItemPemArmour :0), + ¶ms, &data), + @"SecKeychainItemExport")) + return [(id)CFMakeCollectable(data) autorelease]; + else + return nil; +} + +- (BOOL) removeFromKeychain { + return check(SecKeychainItemDelete((SecKeychainItemRef)_privateKey), @"delete private key") + && [super removeFromKeychain]; +} + + +@synthesize privateKeyRef=_privateKey; + + +- (NSData*) decryptData: (NSData*)data { + return _crypt(_privateKey,data,kCCDecrypt); +} + + +- (NSData*) signData: (NSData*)data { + Assert(data); + uint8_t digest[CC_SHA1_DIGEST_LENGTH]; + CC_SHA1(data.bytes,data.length, digest); + NSData *signature = nil; + CSSM_CC_HANDLE ccHandle = cssmCreateSignatureContext(_privateKey); + if (!ccHandle) return nil; + CSSM_DATA original = {data.length, (void*)data.bytes}; + CSSM_DATA result = {0,NULL}; + if (checkcssm(CSSM_SignData(ccHandle, &original, 1, CSSM_ALGID_NONE, &result), @"CSSM_SignData")) + signature = [NSData dataWithBytesNoCopy: result.Data length: result.Length + freeWhenDone: YES]; + CSSM_DeleteContext(ccHandle); + return signature; +} + + +- (BOOL) setValue: (NSString*)valueStr ofAttribute: (SecKeychainAttrType)attr { + return [super setValue: valueStr ofAttribute: attr] + && [[self class] _setAttribute: attr + ofItem: (SecKeychainItemRef)_privateKey + stringValue: valueStr]; +} + + +@end + + +#endif !USE_IPHONE_API + + + + +/* + Copyright (c) 2009, Jens Alfke . All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, are permitted + provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of conditions + and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions + and the following disclaimer in the documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff -r 000000000000 -r 0a6527af039b MYKeychain-iPhone.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeychain-iPhone.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,269 @@ +// +// MYKeychain-iPhone.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 3/31/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYCrypto_Private.h" +#import "MYDigest.h" + +#if USE_IPHONE_API + + +@interface MYKeyEnumerator : NSEnumerator +{ + CFArrayRef _results; + CFTypeRef _itemClass; + CFIndex _index; +} + +- (id) initWithQuery: (NSMutableDictionary*)query; ++ (id) firstItemWithQuery: (NSMutableDictionary*)query; +@end + + + +@implementation MYKeychain + + ++ (MYKeychain*) allKeychains +{ + // iPhone only has a single keychain. + return [self defaultKeychain]; +} + ++ (MYKeychain*) defaultKeychain +{ + static MYKeychain *sDefaultKeychain; + @synchronized(self) { + if (!sDefaultKeychain) { + sDefaultKeychain = [[self alloc] init]; + } + } + return sDefaultKeychain; +} + + +- (id) copyWithZone: (NSZone*)zone { + // It's not necessary to make copies of Keychain objects. This makes it more efficient + // to use instances as NSDictionary keys or store them in NSSets. + return [self retain]; +} + + + +#pragma mark - +#pragma mark SEARCHING: + + +- (MYPublicKey*) publicKeyWithDigest: (MYSHA1Digest*)pubKeyDigest { + return [MYKeyEnumerator firstItemWithQuery: + $mdict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData}, + {(id)kSecReturnRef, $true})]; +} + +- (NSEnumerator*) enumeratePublicKeys { + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPublic}, + {(id)kSecMatchLimit, (id)kSecMatchLimitAll}, + {(id)kSecReturnRef, $true}); + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease]; +} + + +- (MYKeyPair*) keyPairWithDigest: (MYSHA1Digest*)pubKeyDigest { + return [MYKeyEnumerator firstItemWithQuery: + $mdict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPrivate}, + {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData}, + {(id)kSecReturnRef, $true})]; +} + +- (NSEnumerator*) enumerateKeyPairs { + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassPrivate}, + {(id)kSecMatchLimit, (id)kSecMatchLimitAll}, + {(id)kSecReturnRef, $true}); + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease]; +} + +- (MYCertificate*) certificateWithDigest: (MYSHA1Digest*)pubKeyDigest { + return [MYKeyEnumerator firstItemWithQuery: + $mdict({(id)kSecClass, (id)kSecClassCertificate}, + {(id)kSecAttrPublicKeyHash, pubKeyDigest.asData}, + {(id)kSecReturnRef, $true})]; +} + +- (NSEnumerator*) enumerateCertificates { + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassCertificate}, + {(id)kSecMatchLimit, (id)kSecMatchLimitAll}, + {(id)kSecReturnRef, $true}); + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease]; +} + +- (NSEnumerator*) enumerateSymmetricKeys { + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassSymmetric}, + {(id)kSecMatchLimit, (id)kSecMatchLimitAll}, + {(id)kSecReturnRef, $true}); + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease]; +} + +- (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias { + NSMutableDictionary *query = $mdict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyClass, (id)kSecAttrKeyClassSymmetric}, + {(id)kSecAttrApplicationTag, alias}, + {(id)kSecMatchLimit, (id)kSecMatchLimitAll}, + {(id)kSecReturnRef, $true}); + return [[[MYKeyEnumerator alloc] initWithQuery: query] autorelease]; +} + + +#pragma mark - +#pragma mark IMPORT: + + +- (MYPublicKey*) importPublicKey: (NSData*)keyData { + return [[[MYPublicKey alloc] _initWithKeyData: keyData + forKeychain: self] + autorelease]; +} + +- (MYCertificate*) importCertificate: (NSData*)data +{ + Assert(data); + NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassCertificate}, + {(id)kSecValueData, data}, + {(id)kSecReturnRef, $true} ); + SecCertificateRef cert; + if (!check(SecItemAdd((CFDictionaryRef)info, (CFTypeRef*)&cert), @"SecItemAdd")) + return nil; + return [[[MYCertificate alloc] initWithCertificateRef: cert] autorelease]; +} + + +#pragma mark - +#pragma mark GENERATION: + + +- (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (CCAlgorithm)algorithm +{ + return [MYSymmetricKey _generateSymmetricKeyOfSize: keySizeInBits + algorithm: algorithm inKeychain: self]; +} + +- (MYKeyPair*) generateRSAKeyPairOfSize: (unsigned)keySize { + return [MYKeyPair _generateRSAKeyPairOfSize: keySize inKeychain: self]; +} + + + +@end + + + +#pragma mark - +@implementation MYKeyEnumerator + +- (id) initWithQuery: (NSMutableDictionary*)query { + self = [super init]; + if (self) { + if (![query objectForKey: (id)kSecMatchLimit]) + [query setObject: (id)kSecMatchLimitAll forKey: (id)kSecMatchLimit]; + OSStatus err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef*)&_results); + if (err && err != errSecItemNotFound) { + check(err,@"SecItemCopyMatching"); + [self release]; + return nil; + } + if (_results) CFRetain(_results); + _itemClass = (CFTypeRef)[query objectForKey: (id)kSecClass]; + if (_itemClass == kSecClassKey) + _itemClass = (CFTypeRef)[query objectForKey: (id)kSecAttrKeyClass]; + if (_itemClass) CFRetain(_itemClass); + } + return self; +} + ++ (id) firstItemWithQuery: (NSMutableDictionary*)query { + MYKeyEnumerator *e = [[self alloc] initWithQuery: query]; + MYKeychainItem *item = e.nextObject; + [e release]; + return item; +} + +- (void) dealloc +{ + if (_itemClass) CFRelease(_itemClass); + if (_results) CFRelease(_results); + [super dealloc]; +} + + +- (id) nextObject { + if (!_results) + return nil; + MYKeychainItem *next = nil; + for (; next==nil && _index < CFArrayGetCount(_results); _index++) { + CFTypeRef found = CFArrayGetValueAtIndex(_results, _index); + if (_itemClass == kSecAttrKeyClassPrivate) { + MYSHA1Digest *digest = [MYPublicKey _digestOfKey: (SecKeyRef)found]; + if (digest) { + MYPublicKey *publicKey = [[MYKeychain defaultKeychain] publicKeyWithDigest: digest]; + if (publicKey) + next = [[[MYKeyPair alloc] initWithPublicKeyRef: publicKey.keyRef + privateKeyRef: (SecKeyRef)found] + autorelease]; + else { + // The matching public key won't turn up if it's embedded in a certificate; + // I'd have to search for certs if I wanted to look that up. Skip it for now. + //Warn(@"Couldn't find matching public key for private key!"); + } + } + break; + } else if (_itemClass == kSecAttrKeyClassPublic) { + next = [[[MYPublicKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease]; + break; + } else if (_itemClass == kSecAttrKeyClassSymmetric) { + next = [[[MYSymmetricKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease]; + break; + } else if (_itemClass == kSecClassCertificate) { + next = [[[MYCertificate alloc] initWithCertificateRef: (SecCertificateRef)found] autorelease]; + break; + } + CFRelease(found); + } + return next; +} + + +@end + +#endif USE_IPHONE_API + + +/* + Copyright (c) 2009, Jens Alfke . All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, are permitted + provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of conditions + and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions + and the following disclaimer in the documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff -r 000000000000 -r 0a6527af039b MYKeychain.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeychain.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,162 @@ +// +// MYKeychain.h +// MYCrypto +// +// Created by Jens Alfke on 3/23/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import +@class MYSymmetricKey, MYPublicKey, MYKeyPair, MYCertificate, MYSHA1Digest; + + +/** A Keychain, a secure database of cryptographic keys. + This class wraps the Security framework's SecKeychain API. */ +@interface MYKeychain : NSObject +{ +#if !TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR + SecKeychainRef _keychain; +#endif +} + +/** Returns a MYKeychain instance representing the user's default keychain. + This is the instance you'll usually want to add keys to. */ ++ (MYKeychain*) defaultKeychain; + +/** Returns a MYKeychain instance representing the aggregate of all open keychains. + This is the instance you'll usually want to search for keys with. */ ++ (MYKeychain*) allKeychains; + +#pragma mark SYMMETRIC KEYS: + +- (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (uint32_t/*CCAlgorithm*/)algorithm; +- (NSEnumerator*) enumerateSymmetricKeys; +- (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias; + +/** Enumerates all symmetric keys in the keychain. */ +- (NSEnumerator*) enumerateSymmetricKeys; + +#pragma mark PUBLIC KEYS: + +/** Looks up an existing public key with the given digest. + Returns nil if there is no such key in the keychain. + (This method does not look for keys embedded in certificates, only 'bare' keys.) */ +- (MYPublicKey*) publicKeyWithDigest: (MYSHA1Digest*)pubKeyDigest; + +/** Enumerates all public keys in the keychain. + (This method does not find keys embedded in certificates, only 'bare' keys.) */ +- (NSEnumerator*) enumeratePublicKeys; + +/** Imports a public key into the keychain, given its external representation + (as generated by -[MYPublicKey exportDataInFormat:withPEM:].) */ +- (MYPublicKey*) importPublicKey: (NSData*)keyData; + +#pragma mark CERTIFICATES: + +/** Looks up an existing certificate with the given public-key digest. + Returns nil if there is no such certificate in the keychain. */ +- (MYCertificate*) certificateWithDigest: (MYSHA1Digest*)pubKeyDigest; + +/** Enumerates all certificates in the keychain. */ +- (NSEnumerator*) enumerateCertificates; + +/** Imports a certificate into the keychain, given its external representation. */ +- (MYCertificate*) importCertificate: (NSData*)data; + +#pragma mark KEY-PAIRS: + +/** Looks up an existing key-pair whose public key has the given digest. + Returns nil if there is no such key-pair in the keychain. + (This method does not look for keys embedded in certificates, only 'bare' keys.) */ +- (MYKeyPair*) keyPairWithDigest: (MYSHA1Digest*)pubKeyDigest; + +/** Enumerates all key-pairs in the keychain. + (This method does not find keys embedded in certificates, only 'bare' keys.) */ +- (NSEnumerator*) enumerateKeyPairs; + +/** Generates a new RSA key-pair and adds both keys to the keychain. + This is very slow -- it may take several seconds, depending on the key size, CPU speed, + and other random factors. You should probably show some kind of progress indicator before + calling this method, so the user doesn't think the app has locked up! + @param keySize The RSA key length in bits. Must be a power of two. Longer keys are harder + to break, but operate more slowly and generate larger signatures. + 2048 is a good default choice. You could use 1024 if the data and signatures won't need + to stay secure for years; or you could use 4096 if you're extremely paranoid. */ +- (MYKeyPair*) generateRSAKeyPairOfSize: (unsigned)keySize; + +@end + + + + +#pragma mark - +#pragma mark METHODS NOT SUPPORTED ON IPHONE: + + +#if !TARGET_OS_IPHONE + +@interface MYKeychain (MacOnly) + +/** Creates a MYKeychain for an existing SecKeychainRef. */ +- (id) initWithKeychainRef: (SecKeychainRef)keychainRef; + +/** Opens a keychain file. */ ++ (MYKeychain*) openKeychainAtPath: (NSString*)path; + +/** Creates a new keychain file. */ ++ (MYKeychain*) createKeychainAtPath: (NSString*)path + withPassword: (NSString*)password; + +/** Closes and deletes the keychain's file. You should not use this object any more. */ +- (BOOL) deleteKeychainFile; + +/** Returns the underlying SecKeychainRef for this keychain. + This will be NULL for the special allKeychains instance, because it doesn't + represent a single specific keychain. To handle that case, use the + keychainRefOrDefault property instead. */ +@property (readonly) SecKeychainRef keychainRef; + +/** Returns the underlying SecKeychainRef for this keychain. + The special allKeychains instance returns a reference to the default keychain, + as a convenience. */ +@property (readonly) SecKeychainRef keychainRefOrDefault; + +/** The path of this keychain's file. */ +@property (readonly) NSString* path; + +/** The underlying CSSM storage handle; used when calling CSSM APIs. */ +@property (readonly) CSSM_CSP_HANDLE CSPHandle; + + +/** Enumerates all public keys in the keychain that have the given alias string. */ +- (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias; + +/** Enumerates all public keys in the keychain that have the given alias string. */ +- (NSEnumerator*) publicKeysWithAlias: (NSString*)alias; + + +/** Imports a certificate into the keychain, given its external representation. */ +- (MYCertificate*) importCertificate: (NSData*)data + type: (CSSM_CERT_TYPE) type + encoding: (CSSM_CERT_ENCODING) encoding; + +/** Imports a key-pair into the keychain, given the external representations + of both the public and private keys. + Since the private key data is encrypted, the Security agent will prompt the user to enter + the passphrase. */ +- (MYKeyPair*) importPublicKey: (NSData*)pubKeyData + privateKey: (NSData*)privKeyData; + +/** Imports a key-pair into the keychain, given the external representations + of both the public and private keys. + Since the private key data is encrypted, the Security agent will prompt the user to enter + the passphrase. You can specify the title and prompt message for this alert panel. */ +- (MYKeyPair*) importPublicKey: (NSData*)pubKeyData + privateKey: (NSData*)privKeyData + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt; + +@end + +#endif diff -r 000000000000 -r 0a6527af039b MYKeychain.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeychain.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,443 @@ +// +// MYKeychain.m +// MYCrypto +// +// Created by Jens Alfke on 3/23/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeychain.h" +#import "MYCrypto_Private.h" +#import "MYDigest.h" + +#if !USE_IPHONE_API + + +@interface MYKeyEnumerator : NSEnumerator +{ + MYKeychain *_keychain; + SecKeychainSearchRef _search; + SecItemClass _itemClass; +} + +- (id) initWithKeychain: (MYKeychain*)keychain + itemClass: (SecItemClass)itemClass + attributes: (SecKeychainAttribute[])attributes + count: (unsigned)count; +@end + + + +@implementation MYKeychain + + +- (id) initWithKeychainRef: (SecKeychainRef)keychainRef +{ + self = [super init]; + if (self != nil) { + if (keychainRef) { + CFRetain(keychainRef); + _keychain = keychainRef; + } + } + return self; +} + ++ (MYKeychain*) _readableKeychainWithRef: (SecKeychainRef)keychainRef fromPath: (NSString*)path { + if (!keychainRef) + return nil; + SecKeychainStatus status; + BOOL ok = check(SecKeychainGetStatus(keychainRef, &status), @"SecKeychainGetStatus"); + if (ok && !(status & kSecReadPermStatus)) { + Warn(@"Can't open keychain at %@ : not readable (status=%i)", path,status); + ok = NO; + } + MYKeychain *keychain = nil; + if (ok) + keychain = [[[self alloc] initWithKeychainRef: keychainRef] autorelease]; + CFRelease(keychainRef); + return keychain; +} + ++ (MYKeychain*) openKeychainAtPath: (NSString*)path +{ + Assert(path); + SecKeychainRef keychainRef = NULL; + if (!check(SecKeychainOpen(path.fileSystemRepresentation, &keychainRef), @"SecKeychainOpen")) + return nil; + return [self _readableKeychainWithRef: keychainRef fromPath: path]; +} + ++ (MYKeychain*) createKeychainAtPath: (NSString*)path + withPassword: (NSString*)password +{ + Assert(path); + const char *passwordStr = [password UTF8String]; + SecKeychainRef keychainRef = NULL; + if (!check(SecKeychainCreate(path.fileSystemRepresentation, + passwordStr ?strlen(passwordStr) :0, + passwordStr, + (password==nil), + NULL, + &keychainRef), + @"SecKeychainCreate")) + return nil; + return [self _readableKeychainWithRef: keychainRef fromPath: path]; +} + +- (BOOL) deleteKeychainFile { + Assert(_keychain); + return check(SecKeychainDelete(_keychain), @"SecKeychainDelete"); +} + + +- (void) dealloc +{ + if (_keychain) CFRelease(_keychain); + [super dealloc]; +} + + ++ (MYKeychain*) allKeychains +{ + static MYKeychain *sAllKeychains; + @synchronized(self) { + if (!sAllKeychains) + sAllKeychains = [[self alloc] initWithKeychainRef: nil]; + } + return sAllKeychains; +} + + ++ (MYKeychain*) defaultKeychain +{ + static MYKeychain *sDefaultKeychain; + @synchronized(self) { + if (!sDefaultKeychain) { + SecKeychainRef kc = NULL; + OSStatus err = SecKeychainCopyDomainDefault(kSecPreferencesDomainUser,&kc); +#if TARGET_OS_IPHONE + // In the simulator, an app is run in a sandbox that has no keychain by default. + // As a convenience, create one if necessary: + if (err == errSecNoDefaultKeychain) { + Log(@"No default keychain in simulator; creating one..."); + NSString *path = [NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, + NSUserDomainMask, YES) objectAtIndex: 0]; + path = [path stringByAppendingPathComponent: @"MYCrypto.keychain"]; + sDefaultKeychain = [[self createKeychainAtPath: path withPassword: nil] retain]; + Assert(sDefaultKeychain, @"Couldn't create default keychain"); + SecKeychainSetDomainDefault(kSecPreferencesDomainUser, sDefaultKeychain.keychainRef); + Log(@"...created %@", sDefaultKeychain); + return sDefaultKeychain; + } +#endif + if (!check(err, @"SecKeychainCopyDefault")) + kc = NULL; + + Assert(kc, @"No default keychain"); + sDefaultKeychain = [[self alloc] initWithKeychainRef: kc]; + CFRelease(kc); + } + } + return sDefaultKeychain; +} + + +- (id) copyWithZone: (NSZone*)zone { + // It's not necessary to make copies of Keychain objects. This makes it more efficient + // to use instances as NSDictionary keys or store them in NSSets. + return [self retain]; +} + +- (BOOL) isEqual: (id)obj { + return (obj == self) || + ([obj isKindOfClass: [MYKeychain class]] && CFEqual(_keychain, [obj keychainRef])); +} + + +- (SecKeychainRef) keychainRef { + return _keychain; +} + + +- (SecKeychainRef) keychainRefOrDefault { + if (_keychain) + return _keychain; + else + return [[[self class] defaultKeychain] keychainRef]; +} + + +- (NSString*) path { + if (!_keychain) + return nil; + char pathBuf[PATH_MAX]; + UInt32 pathLen = sizeof(pathBuf); + if (!check(SecKeychainGetPath(_keychain, &pathLen, pathBuf), @"SecKeychainGetPath")) + return nil; + return [[NSFileManager defaultManager] stringWithFileSystemRepresentation: pathBuf length: pathLen]; +} + +- (NSString*) description { + if (_keychain) + return $sprintf(@"%@[%p, %@]", [self class], _keychain, self.path); + else + return $sprintf(@"%@[all]", [self class]); +} + + +#pragma mark - +#pragma mark SEARCHING: + + +- (MYKeychainItem*) itemOfClass: (SecItemClass)itemClass + withDigest: (MYSHA1Digest*)pubKeyDigest +{ + SecKeychainAttribute attr = {.tag= (itemClass==kSecCertificateItemClass ?kSecPublicKeyHashItemAttr :kSecKeyLabel), + .length= pubKeyDigest.length, + .data= (void*) pubKeyDigest.bytes}; + MYKeyEnumerator *e = [[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: itemClass + attributes: &attr count: 1]; + MYKeychainItem *item = e.nextObject; + [e release]; + return item; +} + +- (MYPublicKey*) publicKeyWithDigest: (MYSHA1Digest*)pubKeyDigest { + return (MYPublicKey*) [self itemOfClass: kSecPublicKeyItemClass withDigest: pubKeyDigest]; +} + +- (NSEnumerator*) enumeratePublicKeys { + return [[[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: kSecPublicKeyItemClass + attributes: NULL count: 0] autorelease]; +} + +- (NSEnumerator*) publicKeysWithAlias: (NSString*)alias { + NSData *utf8 = [alias dataUsingEncoding: NSUTF8StringEncoding]; + SecKeychainAttribute attr = {.tag=kSecKeyAlias, .length=utf8.length, .data=(void*)utf8.bytes}; + return [[[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: kSecPublicKeyItemClass + attributes: &attr count: 1] autorelease]; +} + + +- (MYKeyPair*) keyPairWithDigest: (MYSHA1Digest*)pubKeyDigest { + return (MYKeyPair*) [self itemOfClass: kSecPrivateKeyItemClass withDigest: pubKeyDigest]; +} + +- (NSEnumerator*) enumerateKeyPairs { + return [[[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: kSecPrivateKeyItemClass + attributes: NULL count: 0] autorelease]; +} + +- (MYCertificate*) certificateWithDigest: (MYSHA1Digest*)pubKeyDigest { + return (MYCertificate*) [self itemOfClass: kSecCertificateItemClass withDigest: pubKeyDigest]; +} + +- (NSEnumerator*) enumerateCertificates { + return [[[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: kSecCertificateItemClass + attributes: NULL count: 0] autorelease]; +} + +- (NSEnumerator*) enumerateSymmetricKeys { + return [[[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: kSecSymmetricKeyItemClass + attributes: NULL count: 0] autorelease]; +} + +- (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias { + NSData *utf8 = [alias dataUsingEncoding: NSUTF8StringEncoding]; + SecKeychainAttribute attr = {.tag=kSecKeyAlias, .length=utf8.length, .data=(void*)utf8.bytes}; + return [[[MYKeyEnumerator alloc] initWithKeychain: self + itemClass: kSecSymmetricKeyItemClass + attributes: &attr count: 1] autorelease]; +} + + + +#pragma mark - +#pragma mark IMPORT: + + +- (MYPublicKey*) importPublicKey: (NSData*)keyData { + return [[[MYPublicKey alloc] _initWithKeyData: keyData + forKeychain: self.keychainRefOrDefault] + autorelease]; +} + +- (MYKeyPair*) importPublicKey: (NSData*)pubKeyData + privateKey: (NSData*)privKeyData + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt { + return [[[MYKeyPair alloc] _initWithPublicKeyData: pubKeyData + privateKeyData: privKeyData + forKeychain: self.keychainRefOrDefault + alertTitle: (NSString*)title + alertPrompt: (NSString*)prompt] + autorelease]; +} + +- (MYKeyPair*) importPublicKey: (NSData*)pubKeyData + privateKey: (NSData*)privKeyData +{ + return [self importPublicKey: pubKeyData privateKey: privKeyData + alertTitle: @"Import Private Key" + alertPrompt: @"To import your saved private key, please re-enter the " + "passphrase you used when you exported it."]; +} + +- (MYCertificate*) importCertificate: (NSData*)data + type: (CSSM_CERT_TYPE) type + encoding: (CSSM_CERT_ENCODING) encoding; +{ + MYCertificate *cert = [[[MYCertificate alloc] initWithCertificateData: data + type: type + encoding: encoding] + autorelease]; + if (cert) { + if (!check(SecCertificateAddToKeychain(cert.certificateRef, self.keychainRefOrDefault), + @"SecCertificateAddToKeychain")) + cert = nil; + } + return cert; +} + +- (MYCertificate*) importCertificate: (NSData*)data { + return [self importCertificate: data + type: CSSM_CERT_X_509v3 + encoding: CSSM_CERT_ENCODING_BER]; +} + + +- (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (CCAlgorithm)algorithm +{ + return [MYSymmetricKey _generateSymmetricKeyOfSize: keySizeInBits + algorithm: algorithm inKeychain: self]; +} + +- (MYKeyPair*) generateRSAKeyPairOfSize: (unsigned)keySize { + return [MYKeyPair _generateRSAKeyPairOfSize: keySize inKeychain: self.keychainRefOrDefault]; +} + + +- (CSSM_CSP_HANDLE) CSPHandle { + CSSM_CSP_HANDLE cspHandle = 0; + Assert(check(SecKeychainGetCSPHandle(self.keychainRefOrDefault, &cspHandle), @"SecKeychainGetCSPHandle")); + return cspHandle; +} + + +@end + + + +#pragma mark - +@implementation MYKeyEnumerator + +- (id) initWithKeychain: (MYKeychain*)keychain + itemClass: (SecItemClass)itemClass + attributes: (SecKeychainAttribute[])attributes + count: (unsigned)count { + self = [super init]; + if (self) { + _keychain = [keychain retain]; + _itemClass = itemClass; + SecKeychainAttributeList list = {.count=count, .attr=attributes}; + if (!check(SecKeychainSearchCreateFromAttributes(keychain.keychainRef, + itemClass, + &list, + &_search), + @"SecKeychainSearchCreateFromAttributes")) { + [self release]; + return nil; + } + } + return self; +} + +- (void) dealloc +{ + [_keychain release]; + if (_search) CFRelease(_search); + [super dealloc]; +} + + +- (id) nextObject { + if (!_search) + return nil; + MYPublicKey *key = nil; + do{ + SecKeychainItemRef found = NULL; + OSStatus err = SecKeychainSearchCopyNext(_search, &found); + if (err || !found) { + if (err != errSecItemNotFound) + check(err,@"SecKeychainSearchCopyNext"); + CFRelease(_search); + _search = NULL; + return nil; + } + + switch (_itemClass) { + case kSecPrivateKeyItemClass: { + MYSHA1Digest *digest = [MYPublicKey _digestOfKey: (SecKeyRef)found]; + if (digest) { + MYPublicKey *publicKey = [_keychain publicKeyWithDigest: digest]; + if (publicKey) + key = [[[MYKeyPair alloc] initWithPublicKeyRef: publicKey.keyRef + privateKeyRef: (SecKeyRef)found] + autorelease]; + else { + // The matching public key won't turn up if it's embedded in a certificate; + // I'd have to search for certs if I wanted to look that up. Skip it for now. + //Warn(@"Couldn't find matching public key for private key! digest=%@",digest); + } + } + break; + } + case kSecCertificateItemClass: + key = [[[MYCertificate alloc] initWithCertificateRef: (SecCertificateRef)found] autorelease]; + break; + case kSecPublicKeyItemClass: + key = [[[MYPublicKey alloc] initWithKeyRef: (SecKeyRef)found] autorelease]; + break; + } + CFRelease(found); + } while (key==nil); + return key; +} + + +@end + + +#endif !USE_IPHONE_API + + + +/* + Copyright (c) 2009, Jens Alfke . All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, are permitted + provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of conditions + and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions + and the following disclaimer in the documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff -r 000000000000 -r 0a6527af039b MYKeychainItem.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeychainItem.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,36 @@ +// +// MYKeychainItem.h +// MYCrypto +// +// Created by Jens Alfke on 3/26/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import +#import +@class MYKeychain; + +#if TARGET_OS_IPHONE && !TARGET_IPHONE_SIMULATOR +typedef CFTypeRef MYKeychainItemRef; +#else +typedef SecKeychainItemRef MYKeychainItemRef; +#endif + + +/** Abstract base class for keychain items: MYPublicKey, MYKeyPair and MYCertificate. */ +@interface MYKeychainItem : NSObject +{ + @private + MYKeychainItemRef _itemRef; +} + +- (id) initWithKeychainItemRef: (MYKeychainItemRef)itemRef; + +@property (readonly) MYKeychainItemRef keychainItemRef; + +@property (readonly) MYKeychain *keychain; + +/** Removes the item from its keychain, if any. */ +- (BOOL) removeFromKeychain; + +@end diff -r 000000000000 -r 0a6527af039b MYKeychainItem.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYKeychainItem.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,216 @@ +// +// MYKeychainItem.m +// MYCrypto +// +// Created by Jens Alfke on 3/26/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKeychainItem.h" +#import "MYCrypto_Private.h" +#import "MYErrorUtils.h" + + +NSString* const MYCSSMErrorDomain = @"CSSMErrorDomain"; + + +@implementation MYKeychainItem + + +- (id) initWithKeychainItemRef: (MYKeychainItemRef)itemRef; +{ + Assert(itemRef!=NULL); + self = [super init]; + if (self != nil) { + _itemRef = itemRef; + CFRetain(_itemRef); + } + return self; +} + + +@synthesize keychainItemRef=_itemRef; + +- (void) dealloc +{ + if (_itemRef) CFRelease(_itemRef); + [super dealloc]; +} + +- (id) copyWithZone: (NSZone*)zone { + // As keys are immutable, it's not necessary to make copies of them. This makes it more efficient + // to use instances as NSDictionary keys or store them in NSSets. + return [self retain]; +} + +- (BOOL) isEqual: (id)obj { + // Require the objects to be of the same class, so that a MYPublicKey will not be equal to a + // MYKeyPair with the same public key. + return (obj == self) || + ([obj class] == [self class] && CFEqual(_itemRef, [obj keychainItemRef])); +} + +- (NSUInteger) hash { + return CFHash(_itemRef); +} + +- (NSArray*) _itemList { + return $array((id)_itemRef); +} + +#if USE_IPHONE_API +- (CFDictionaryRef) asQuery { + return (CFDictionaryRef) $dict( {(id)kSecClass, (id)kSecClassKey},//FIX + {(id)kSecMatchItemList, self._itemList} ); +} +#endif + + +- (MYKeychain*) keychain { +#if USE_IPHONE_API + return [MYKeychain defaultKeychain]; +#else + MYKeychain *keychain = nil; + SecKeychainRef keychainRef = NULL; + if (check(SecKeychainItemCopyKeychain((SecKeychainItemRef)_itemRef, &keychainRef), @"SecKeychainItemCopyKeychain")) { + if (keychainRef) { + keychain = [[[MYKeychain alloc] initWithKeychainRef: keychainRef] autorelease]; + CFRelease(keychainRef); + } + } + return keychain; +#endif +} + +- (BOOL) removeFromKeychain { +#if USE_IPHONE_API + return check(SecItemDelete(self.asQuery), @"SecItemDelete"); +#else + return check(SecKeychainItemDelete((SecKeychainItemRef)_itemRef), @"SecKeychainItemDelete"); +#endif +} + + +#pragma mark - +#pragma mark DATA / METADATA ACCESSORS: + + +- (NSData*) _getContents: (OSStatus*)outError { + NSData *contents = nil; +#if USE_IPHONE_API +#else + UInt32 length = 0; + void *bytes = NULL; + *outError = SecKeychainItemCopyAttributesAndData(_itemRef, NULL, NULL, NULL, &length, &bytes); + if (!*outError && bytes) { + contents = [NSData dataWithBytes: bytes length: length]; + SecKeychainItemFreeAttributesAndData(NULL, bytes); + } +#endif + return contents; +} + ++ (NSData*) _getAttribute: (SecKeychainAttrType)attr ofItem: (MYKeychainItemRef)item { + NSData *value = nil; +#if USE_IPHONE_API + NSDictionary *info = $dict( {(id)kSecClass, (id)kSecClassKey}, + {(id)kSecMatchItemList, $array((id)item)}, + {(id)kSecReturnAttributes, $true} ); + CFDictionaryRef attrs; + if (!check(SecItemCopyMatching((CFDictionaryRef)info, (CFTypeRef*)&attrs), @"SecItemCopyMatching")) + return nil; + CFTypeRef rawValue = CFDictionaryGetValue(attrs,attr); + value = rawValue ?[[(id)CFMakeCollectable(rawValue) retain] autorelease] :nil; + CFRelease(attrs); + +#else + UInt32 format = kSecFormatUnknown; + SecKeychainAttributeInfo info = {.count=1, .tag=(UInt32*)&attr, .format=&format}; + SecKeychainAttributeList *list = NULL; + + if (check(SecKeychainItemCopyAttributesAndData((SecKeychainItemRef)item, &info, + NULL, &list, NULL, NULL), + @"SecKeychainItemCopyAttributesAndData")) { + if (list) { + if (list->count == 1) + value = [NSData dataWithBytes: list->attr->data + length: list->attr->length]; + else if (list->count > 1) + Warn(@"Multiple values for keychain item attribute"); + SecKeychainItemFreeAttributesAndData(list, NULL); + } + } +#endif + return value; +} + ++ (NSString*) _getStringAttribute: (SecKeychainAttrType)attr ofItem: (MYKeychainItemRef)item { + NSData *value = [self _getAttribute: attr ofItem: item]; + if (!value) return nil; + const char *bytes = value.bytes; + size_t length = value.length; + if (length>0 && bytes[length-1] == 0) + length--; // Some values are null-terminated!? + NSString *str = [[NSString alloc] initWithBytes: bytes length: length + encoding: NSUTF8StringEncoding]; + if (!str) + Warn(@"MYKeychainItem: Couldn't decode attr value as string"); + return [str autorelease]; +} + +- (NSString*) stringValueOfAttribute: (SecKeychainAttrType)attr { + return [[self class] _getStringAttribute: attr ofItem: _itemRef]; +} + + ++ (BOOL) _setAttribute: (SecKeychainAttrType)attr ofItem: (MYKeychainItemRef)item + stringValue: (NSString*)stringValue +{ +#if USE_IPHONE_API + id value = stringValue ?(id)stringValue :(id)[NSNull null]; + NSDictionary *query = $dict({(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyType, (id)attr}, + {(id)kSecMatchItemList, $array((id)item)}); + NSDictionary *attrs = $dict({(id)attr, value}); + return check(SecItemUpdate((CFDictionaryRef)query, (CFDictionaryRef)attrs), @"SecItemUpdate"); + +#else + NSData *data = [stringValue dataUsingEncoding: NSUTF8StringEncoding]; + SecKeychainAttribute attribute = {.tag=attr, .length=data.length, .data=(void*)data.bytes}; + SecKeychainAttributeList list = {.count=1, .attr=&attribute}; + return check(SecKeychainItemModifyAttributesAndData((SecKeychainItemRef)item, &list, 0, NULL), + @"SecKeychainItemModifyAttributesAndData"); +#endif +} + +- (BOOL) setValue: (NSString*)valueStr ofAttribute: (SecKeychainAttrType)attr { + return [[self class] _setAttribute: attr ofItem: _itemRef stringValue: valueStr]; +} + + +@end + + + + +BOOL check(OSStatus err, NSString *what) { + if (err) { +#if !USE_IPHONE_API + if (err < -2000000000) + return checkcssm(err,what); +#endif + Warn(@"MYCrypto error, %@: %@", what, MYErrorName(NSOSStatusErrorDomain,err)); + return NO; + } else + return YES; +} + +#if !USE_IPHONE_API +BOOL checkcssm(CSSM_RETURN err, NSString *what) { + if (err != CSSM_OK) { + Warn(@"MYCrypto error, %@: %@", what, MYErrorName(MYCSSMErrorDomain,err)); + return NO; + } else + return YES; +} +#endif diff -r 000000000000 -r 0a6527af039b MYPublicKey-iPhone.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYPublicKey-iPhone.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,96 @@ +// +// MYPublicKey-iPhone.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 3/30/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYPublicKey.h" +#import "MYCrypto_Private.h" + +#if USE_IPHONE_API + +#import "MYDigest.h" +#import "MYErrorUtils.h" + + +@implementation MYPublicKey + + +- (void) dealloc +{ + [_digest release]; + [super dealloc]; +} + + +- (SecExternalItemType) keyType { + return kSecAttrKeyClassPublic; +} + + +- (MYPublicKey*) asPublicKey { + return self; +} + + + +- (MYSHA1Digest*) publicKeyDigest { + NSData *digestData = [self _attribute: kSecAttrApplicationLabel]; + if (digestData) + return (MYSHA1Digest*) [MYSHA1Digest digestFromDigestData: digestData]; + else { + Warn(@"MYKeyPair: public key didn't have digest attribute"); + return nil; + } +} + + +- (NSData*) encryptData: (NSData*)data { + return _crypt(self.keyRef,data,kCCEncrypt); +} + + +- (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data { + Assert(data); + Assert(signature); + uint8_t digest[CC_SHA1_DIGEST_LENGTH]; + CC_SHA1(data.bytes,data.length, digest); + OSStatus err = SecKeyRawVerify(self.keyRef, kSecPaddingPKCS1SHA1, + digest,sizeof(digest), //data.bytes, data.length, + signature.bytes, signature.length); + return err==noErr; +} + + +@end + + + + +NSData* _crypt(SecKeyRef key, NSData *data, CCOperation op) { + CAssert(data); + size_t dataLength = data.length; + size_t outputLength = MAX(dataLength, SecKeyGetBlockSize(key)); + void *outputBuf = malloc(outputLength); + if (!outputBuf) return nil; + OSStatus err; + if (op==kCCEncrypt) + err = SecKeyEncrypt(key, kSecPaddingNone,//PKCS1, + data.bytes, dataLength, + outputBuf, &outputLength); + else + err = SecKeyDecrypt(key, kSecPaddingNone,//PKCS1, + data.bytes, dataLength, + outputBuf, &outputLength); + if (err) { + free(outputBuf); + Warn(@"%scrypting failed (%i)", (op==kCCEncrypt ?"En" :"De"), err); + // Note: One of the errors I've seen is -9809, which is errSSLCrypto (SecureTransport.h) + return nil; + } else + return [NSData dataWithBytesNoCopy: outputBuf length: outputLength freeWhenDone: YES]; +} + +#endif USE_IPHONE_API diff -r 000000000000 -r 0a6527af039b MYPublicKey.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYPublicKey.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,51 @@ +// +// MYPublicKey.h +// MYCrypto +// +// Created by Jens Alfke on 3/25/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKey.h" +@class MYSHA1Digest; + +#if !TARGET_OS_IPHONE +#import +#endif + + +/** Error domain for CSSM (low-level crypto) errors */ +extern NSString* const MYCSSMErrorDomain; + + +/** A public key, which can be used for encrypting data and verifying signatures. */ +@interface MYPublicKey : MYKey +{ + MYSHA1Digest *_digest; +} + +/** The public key's SHA-1 digest. This is a convenient short (20-byte) identifier for the key. */ +@property (readonly) MYSHA1Digest *publicKeyDigest; + +/** Returns the receiver as a MYPublicKey. + If the receiver already is a MYPublicKey, this just returns self. + If it's a MYKeyPair, it returns a new MYPublicKey containing just the public key. */ +@property (readonly) MYPublicKey *asPublicKey; + +/** Encrypts a short piece of data using this key, returning the raw encrypted result. + RSA can encrypt only short pieces of data, smaller than the key size in bits; this + method will fail and return nil if the data is too long. + RSA encryption is also much slower than regular symmetric-key encryption, so the correct + way to encrypt a large block of data using a public key is to first generate a random + symmetric key, called the "session key" (using a Cryptor), encrypt that session key with the + public key, and then encrypt your data with the session key. Send the encrypted session key + and the encrypted data. */ +- (NSData*) encryptData: (NSData*)data; + +/** Verifies the signature of a block of data. If the result is YES, you can be assured that + the signature was generated from the data using this key's matching private key. + If the result is NO, something is wrong: either the data or the signature was modified, + or the signature was generated by a different private key. */ +- (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data; + +@end diff -r 000000000000 -r 0a6527af039b MYPublicKey.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYPublicKey.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,211 @@ +// +// MYPublicKey.m +// MYCrypto +// +// Created by Jens Alfke on 3/21/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYPublicKey.h" +#import "MYCrypto_Private.h" + +#if !USE_IPHONE_API + +#import "MYDigest.h" +#import "MYErrorUtils.h" +#import + + +static CSSM_CC_HANDLE cssmCreatePassThroughContext(SecKeyRef key); + + +#pragma mark - +@implementation MYPublicKey + + +- (void) dealloc +{ + [_digest release]; + [super dealloc]; +} + +- (SecExternalItemType) keyType { + return kSecItemTypePublicKey; +} +- (NSUInteger)hash { + return self.publicKeyDigest.hash; +} + +- (NSString*) description { + return $sprintf(@"%@[%@]", [self class], self.publicKeyDigest.abbreviatedHexString); +} + +- (MYPublicKey*) asPublicKey { + return self; +} + + ++ (MYSHA1Digest*) _digestOfKey: (SecKeyRef)key { + Assert(key); + MYSHA1Digest *digest = nil; + CSSM_DATA *keyDigest = NULL; + CSSM_CC_HANDLE context = cssmCreatePassThroughContext(key); + if (context) { + if (checkcssm(CSSM_CSP_PassThrough(context, CSSM_APPLECSP_KEYDIGEST, NULL, (void**)&keyDigest), + @"CSSM_CSP_PassThrough")) { + if (keyDigest && keyDigest->Data) { + digest = [[[MYSHA1Digest alloc] initWithRawDigest: keyDigest->Data + length: keyDigest->Length] autorelease]; + } + } else { + // Note - CSSM_CSP_PassThrough fails on a couple of private keys I've seen; it seems to + // be ones that are either expired or don't have a matching public key at all (?) + Warn(@"Failed to get digest of SecKeyRef %p (name='%@' appTag='%@')", key, + [self _getStringAttribute: kSecKeyPrintName ofItem: (SecKeychainItemRef)key], + [self _getStringAttribute: kSecKeyApplicationTag ofItem: (SecKeychainItemRef)key]); + NSData *digestData = [self _getAttribute: kSecKeyLabel ofItem: (SecKeychainItemRef)key]; + if (digestData) { + digest = (MYSHA1Digest*) [MYSHA1Digest digestFromDigestData: digestData]; + if (!digest) + Warn(@"Digest property of key %p was invalid SHA-1: %@", key,digestData); + } + } + CSSM_DeleteContext(context); + } + return digest; +} + +- (MYSHA1Digest*) publicKeyDigest { + if (!_digest) + _digest = [[[self class] _digestOfKey: self.keyRef] retain]; + return _digest; +} + +- (NSData*) keyData { + return [self exportKeyInFormat: kSecFormatOpenSSL withPEM: NO]; +} + + +- (NSData*) encryptData: (NSData*)data { + return _crypt(self.keyRef,data,kCCEncrypt); +} + + +- (BOOL) verifySignature: (NSData*)signature ofData: (NSData*)data { + Assert(data); + Assert(signature); + uint8_t digest[CC_SHA1_DIGEST_LENGTH]; + CC_SHA1(data.bytes,data.length, digest); + CSSM_CC_HANDLE ccHandle = cssmCreateSignatureContext(self.keyRef); + if (!ccHandle) return NO; + CSSM_DATA original = {data.length, (void*)data.bytes}; + CSSM_DATA sig = {signature.length, (void*)signature.bytes}; + CSSM_RETURN cssmErr = CSSM_VerifyData(ccHandle, &original, 1, CSSM_ALGID_NONE, &sig); + CSSM_DeleteContext(ccHandle); + if (cssmErr == CSSM_OK) + return YES; + if (cssmErr != CSSMERR_CSP_VERIFY_FAILED) + Warn(@"CSSM error verifying signature: %u", MYErrorName(MYCSSMErrorDomain,cssmErr)); + return NO; +} + + +@end + + + + +#pragma mark - +#pragma mark UTILITY FUNCTIONS: + + +NSData* _crypt(SecKeyRef key, NSData *data, CCOperation op) { + CAssert(data); + const CSSM_KEY* cssmKey; + const CSSM_ACCESS_CREDENTIALS *credentials; + CSSM_CSP_HANDLE cspHandle; + CSSM_CC_HANDLE ccHandle; + if (!check(SecKeyGetCSSMKey(key, &cssmKey), @"GetCSSMKey") + || !check(SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeWithUI, + &credentials), @"GetCredentials") + || !check(SecKeyGetCSPHandle(key, &cspHandle), @"GetCSPHandle") + + || !checkcssm(CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA, + credentials, cssmKey, + CSSM_PADDING_PKCS1, &ccHandle), + @"CSSM_CSP_CreateAsymmetricContext")) + return nil; + + CSSM_DATA original = {data.length, (void*)data.bytes}; + CSSM_DATA result = {}; + size_t outputLength; + BOOL ok; + if (op==kCCEncrypt) + ok = checkcssm(CSSM_EncryptData(ccHandle, &original, 1, &result, 1, &outputLength, &result), + @"CSSM_EncryptData"); + else + ok = checkcssm(CSSM_DecryptData(ccHandle, &original, 1, &result, 1, &outputLength, &result), + @"CSSM_DecryptData"); + CSSM_DeleteContext(ccHandle); + return ok ?[NSData dataWithBytesNoCopy: result.Data length: outputLength freeWhenDone: YES] :nil; +} + + +CSSM_CC_HANDLE cssmCreateSignatureContext(SecKeyRef key) +{ + const CSSM_KEY* cssmKey; + const CSSM_ACCESS_CREDENTIALS *credentials; + CSSM_CSP_HANDLE cspHandle; + CSSM_CC_HANDLE ccHandle; + if (check(SecKeyGetCSSMKey(key, &cssmKey), @"GetCSSMKey") + && check(SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeWithUI, + &credentials), @"GetCredentials") + && check(SecKeyGetCSPHandle(key, &cspHandle), @"GetCSPHandle") + && checkcssm(CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_SHA1WithRSA, + credentials, + cssmKey, &ccHandle), + @"CSSM_CSP_CreateSignatureContext") ) + return ccHandle; + else + return 0; +} + +static CSSM_CC_HANDLE cssmCreatePassThroughContext(SecKeyRef key) +{ + const CSSM_KEY* cssmKey; + CSSM_CSP_HANDLE cspHandle; + CSSM_CC_HANDLE ccHandle; + if (check(SecKeyGetCSSMKey(key, &cssmKey), @"GetCSSMKey") + && check(SecKeyGetCSPHandle(key, &cspHandle), @"GetCSPHandle") + && checkcssm(CSSM_CSP_CreatePassThroughContext(cspHandle, cssmKey, &ccHandle), + @"CSSM_CSP_CreatePassThroughContext") ) + return ccHandle; + else + return 0; +} + +#endif !USE_IPHONE_API + + + +/* + Copyright (c) 2009, Jens Alfke . All rights reserved. + + Redistribution and use in source and binary forms, with or without modification, are permitted + provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this list of conditions + and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions + and the following disclaimer in the documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- + BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff -r 000000000000 -r 0a6527af039b MYSymmetricKey.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYSymmetricKey.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,20 @@ +// +// MYSymmetricKey.h +// MYCrypto +// +// Created by Jens Alfke on 4/2/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYKey.h" +#import + + +@interface MYSymmetricKey : MYKey + ++ (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (CCAlgorithm)algorithm; + +@property (readonly) CCAlgorithm algorithm; + +@end diff -r 000000000000 -r 0a6527af039b MYSymmetricKey.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYSymmetricKey.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,180 @@ +// +// MYSymmetricKey.m +// MYCrypto +// +// Created by Jens Alfke on 4/2/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYSymmetricKey.h" +#import "MYCryptor.h" +#import "MYCrypto_Private.h" + + +#if USE_IPHONE_API +typedef uint32_t CSSM_ALGORITHMS; +enum { +// Taken from cssmtype.h in OS X 10.5 SDK: + CSSM_ALGID_NONE = 0x00000000L, + CSSM_ALGID_DES = CSSM_ALGID_NONE + 14, + CSSM_ALGID_3DES_3KEY_EDE = CSSM_ALGID_NONE + 17, + CSSM_ALGID_3DES_3KEY = CSSM_ALGID_3DES_3KEY_EDE, + CSSM_ALGID_RC4 = CSSM_ALGID_NONE + 25, + CSSM_ALGID_CAST = CSSM_ALGID_NONE + 27, + CSSM_ALGID_VENDOR_DEFINED = CSSM_ALGID_NONE + 0x80000000L, + CSSM_ALGID_AES +}; +#else +#import +#endif + +static const CSSM_ALGORITHMS kCSSMAlgorithms[] = { + CSSM_ALGID_AES, CSSM_ALGID_DES, CSSM_ALGID_3DES_3KEY, CSSM_ALGID_CAST, CSSM_ALGID_RC4 +}; + + +#pragma mark - +@implementation MYSymmetricKey + + ++ (MYSymmetricKey*) _generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (CCAlgorithm)algorithm + inKeychain: (MYKeychain*)keychain +{ + Assert(algorithm <= kCCAlgorithmRC4); + SecKeyRef keyRef = NULL; + +#if USE_IPHONE_API + NSData *keyBits = [MYCryptor randomKeyOfLength: (keySizeInBits+7)/8]; + NSDictionary *keyAttrs = $dict( {(id)kSecClass, (id)kSecClassKey}, + {(id)kSecAttrKeyType, $object(kCSSMAlgorithms[algorithm])}, + {(id)kSecAttrKeySizeInBits, $object(keySizeInBits)}, + {(id)kSecAttrEffectiveKeySize, $object(keySizeInBits)}, + {(id)kSecAttrIsPermanent, keychain ?$true :$false}, + {(id)kSecValueData, keyBits} ); + if (!check(SecItemAdd((CFDictionaryRef)keyAttrs, (CFTypeRef*)&keyRef), @"SecItemAdd")) + return nil; + +#else + CSSM_KEYATTR_FLAGS flags = CSSM_KEYATTR_EXTRACTABLE; + if (keychain) + flags |= CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_EXTRACTABLE; + CSSM_KEYUSE usage = CSSM_KEYUSE_ANY; + if (!check(SecKeyGenerate(keychain.keychainRefOrDefault, // nil kc generates a transient key + kCSSMAlgorithms[algorithm], + keySizeInBits, + 0, usage, flags, NULL, &keyRef), + @"SecKeyGenerate")) { + return nil; + } +#endif + return [[[self alloc] initWithKeyRef: keyRef] autorelease]; +} + ++ (MYSymmetricKey*) generateSymmetricKeyOfSize: (unsigned)keySizeInBits + algorithm: (CCAlgorithm)algorithm { + return [self _generateSymmetricKeyOfSize: keySizeInBits + algorithm: algorithm + inKeychain: nil]; +} + + + +- (SecExternalItemType) keyType { +#if USE_IPHONE_API + return kSecAttrKeyClassSymmetric; +#else + return kSecItemTypeSessionKey; +#endif +} + +- (CCAlgorithm) algorithm { + CSSM_ALGORITHMS cssmAlg; +#if USE_IPHONE_API + id keyType = [self _attribute: kSecAttrKeyType]; + Assert(keyType!=nil, @"Key has no kSecAttrKeyType"); + cssmAlg = [keyType unsignedIntValue]; +#else + cssmAlg = self.cssmKey->KeyHeader.AlgorithmId; +#endif + switch(cssmAlg) { + case CSSM_ALGID_AES: + return kCCAlgorithmAES128; + case CSSM_ALGID_DES: + return kCCAlgorithmDES; + case CSSM_ALGID_3DES_3KEY: + return kCCAlgorithm3DES; + case CSSM_ALGID_CAST: + return kCCAlgorithmCAST; + case CSSM_ALGID_RC4: + return kCCAlgorithmRC4; + default: + Warn(@"CSSM_ALGORITHMS #%u doesn't map to any CCAlgorithm", cssmAlg); + return (CCAlgorithm)-1; + } +} + + +- (NSData*) _cryptData: (NSData*)data operation: (CCOperation)op options: (CCOptions)options +{ + NSData *keyData = self.keyData; + Assert(keyData, @"Couldn't get key data"); + NSMutableData *output = [NSMutableData dataWithLength: data.length + 256]; + size_t bytesWritten = 0; + CCCryptorStatus status = CCCrypt(op, self.algorithm, options, + keyData.bytes, keyData.length, NULL, + data.bytes, data.length, output.mutableBytes, output.length, + &bytesWritten); + if (status) { + Warn(@"MYSymmetricKey: CCCrypt returned error %i",status); + return nil; + } + output.length = bytesWritten; + return output; +} + +- (NSData*) encryptData: (NSData*)data { + return [self _cryptData: data operation: kCCEncrypt options: kCCOptionPKCS7Padding]; +} + + +- (NSData*) decryptData: (NSData*)data { + return [self _cryptData: data operation: kCCDecrypt options: kCCOptionPKCS7Padding]; +} + + +@end + + +/* (Turned out I could just use SecKeyExport for this.) + +static NSData* wrap(SecKeyRef key, CSSM_ALGORITHMS algorithm) { + CAssert(key); + const CSSM_KEY* cssmKey; + const CSSM_ACCESS_CREDENTIALS *credentials; + CSSM_CSP_HANDLE cspHandle; + CSSM_CC_HANDLE ccHandle; + if (!check(SecKeyGetCSSMKey(key, &cssmKey), @"GetCSSMKey") + || !check(SecKeyGetCredentials(key, + CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED, + kSecCredentialTypeDefault, + &credentials), @"GetCredentials") + || !check(SecKeyGetCSPHandle(key, &cspHandle), @"GetCSPHandle") + + || !checkcssm(CSSM_CSP_CreateSymmetricContext(cspHandle, algorithm, CSSM_ALGMODE_WRAP, + NULL, NULL, NULL, + CSSM_PADDING_NONE, NULL, &ccHandle), + @"CSSM_CSP_CreateSymmetricContext")) + return nil; + + CSSM_WRAP_KEY wrapped; + NSData *result = nil; + if(checkcssm(CSSM_WrapKey(ccHandle, credentials, cssmKey, NULL, &wrapped), + @"CSSM_WrapKey")) { + result = [NSData dataWithBytes: wrapped.KeyData.Data + length: wrapped.KeyData.Length]; + } + CSSM_DeleteContext(ccHandle); + return result; +} +*/ diff -r 000000000000 -r 0a6527af039b iPhone/MYCrypto_iPhone-Info.plist --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/iPhone/MYCrypto_iPhone-Info.plist Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,30 @@ + + + + + CFBundleDevelopmentRegion + English + CFBundleDisplayName + ${PRODUCT_NAME} + CFBundleExecutable + ${EXECUTABLE_NAME} + CFBundleIconFile + + CFBundleIdentifier + com.yourcompany.${PRODUCT_NAME:rfc1034identifier} + CFBundleInfoDictionaryVersion + 6.0 + CFBundleName + ${PRODUCT_NAME} + CFBundlePackageType + APPL + CFBundleSignature + ???? + CFBundleVersion + 1.0 + LSRequiresIPhoneOS + + NSMainNibFile + MainWindow + + diff -r 000000000000 -r 0a6527af039b iPhone/MYCrypto_iPhoneAppDelegate.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/iPhone/MYCrypto_iPhoneAppDelegate.h Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,18 @@ +// +// MYCrypto_iPhoneAppDelegate.h +// MYCrypto-iPhone +// +// Created by Jens Alfke on 3/30/09. +// Copyright Jens Alfke 2009. All rights reserved. +// + +#import + +@interface MYCrypto_iPhoneAppDelegate : NSObject { + UIWindow *window; +} + +@property (nonatomic, retain) IBOutlet UIWindow *window; + +@end + diff -r 000000000000 -r 0a6527af039b iPhone/MYCrypto_iPhoneAppDelegate.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/iPhone/MYCrypto_iPhoneAppDelegate.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,36 @@ +// +// MYCrypto_iPhoneAppDelegate.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 3/30/09. +// Copyright Jens Alfke 2009. All rights reserved. +// + +#import "MYCrypto_iPhoneAppDelegate.h" +#import "MYErrorUtils.h" + + +@implementation MYCrypto_iPhoneAppDelegate + +@synthesize window; + + +- (void)applicationDidFinishLaunching:(UIApplication *)application { + + // Override point for customization after application launch + [window makeKeyAndVisible]; + + static const char *testArgs[] = {"MYCrypto", "Test_All"}; + int argc = 2; + const char **argv = testArgs; + RunTestCases(argc,argv); +} + + +- (void)dealloc { + [window release]; + [super dealloc]; +} + + +@end diff -r 000000000000 -r 0a6527af039b iPhone/MYCrypto_iPhone_main.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/iPhone/MYCrypto_iPhone_main.m Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,25 @@ +// +// main.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 3/30/09. +// Copyright Jens Alfke 2009. All rights reserved. +// + +#import + +int main(int argc, char *argv[]) { + /* + if (argc<2) { + static char *testArgs[] = {"MYCrypto", "Test_All"}; + argc = 2; + argv = testArgs; + } + RunTestCases(argc,(const char**)argv); + */ + + NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; + int retVal = UIApplicationMain(argc, argv, nil, nil); + [pool release]; + return retVal; +} diff -r 000000000000 -r 0a6527af039b iPhone/MainWindow.xib --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/iPhone/MainWindow.xib Sat Apr 04 20:42:03 2009 -0700 @@ -0,0 +1,190 @@ + + + + 768 + 10A288 + 715 + 1010 + 411.00 + + com.apple.InterfaceBuilder.IBCocoaTouchPlugin + 46 + + + YES + + + + YES + com.apple.InterfaceBuilder.IBCocoaTouchPlugin + + + YES + + YES + + + YES + + + + YES + + IBFilesOwner + + + IBFirstResponder + + + + + 1316 + + {320, 480} + + + 1 + MSAxIDEAA + + NO + NO + + + + + + YES + + + delegate + + + + 4 + + + + window + + + + 5 + + + + + YES + + 0 + + + + + + 2 + + + YES + + + + + -1 + + + File's Owner + + + 3 + + + + + -2 + + + + + + + YES + + YES + -1.CustomClassName + -2.CustomClassName + 2.IBAttributePlaceholdersKey + 2.IBEditorWindowLastContentRect + 2.IBPluginDependency + 3.CustomClassName + 3.IBPluginDependency + + + YES + UIApplication + UIResponder + + YES + + + YES + + + {{438, 320}, {320, 480}} + com.apple.InterfaceBuilder.IBCocoaTouchPlugin + MYCrypto_iPhoneAppDelegate + com.apple.InterfaceBuilder.IBCocoaTouchPlugin + + + + YES + + + YES + + + + + YES + + + YES + + + + 9 + + + + YES + + MYCrypto_iPhoneAppDelegate + NSObject + + window + UIWindow + + + IBProjectSource + Classes/MYCrypto_iPhoneAppDelegate.h + + + + MYCrypto_iPhoneAppDelegate + NSObject + + IBUserSource + + + + + + 0 + + com.apple.InterfaceBuilder.CocoaTouchPlugin.InterfaceBuilder3 + + + YES + MYCrypto-iPhone.xcodeproj + 3 + +