# HG changeset patch # User Jens Alfke # Date 1243973788 25200 # Node ID c409dbc4f06834b9c6058d2e14bf250e993a0cee # Parent 2ac5704e229fed665cdc6e5f5841b636de5fe4a6 * Added ASN.1 / BER / DER utilities, to be used in generating and parsing X.509 certs. * Added Keychain user-interaction-allowed setter. Added doc comments to MYSymmetricKey. diff -r 2ac5704e229f -r c409dbc4f068 MYASN1Object.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYASN1Object.h Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,63 @@ +// +// MYASN1Object.h +// MYCrypto-iPhone +// +// Created by Jens Alfke on 5/28/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import + + +/** A generic ASN.1 data value. The BER parser instantiates these to represent parsed values that + it doesn't know how to represent otherwise. */ +@interface MYASN1Object : NSObject +{ + @private + uint32_t _tag; + uint8_t _tagClass; + BOOL _constructed; + NSData *_value; + NSArray *_components; +} + +- (id) initWithTag: (uint32_t)tag + ofClass: (uint8_t)tagClass + constructed: (BOOL)constructed + value: (NSData*)value; +- (id) initWithTag: (uint32_t)tag + ofClass: (uint8_t)tagClass + components: (NSArray*)components; + +@property (readonly) uint32_t tag; +@property (readonly) uint8_t tagClass; +@property (readonly) BOOL constructed; +@property (readonly) NSData *value; +@property (readonly) NSArray *components; + ++ (NSString*) dump: (id)object; + +@end + + +/** An ASN.1 "big" (arbitrary-length) integer. + The value contains the bytes of the integer, in big-endian order. */ +@interface MYASN1BigInteger : MYASN1Object +@end + + +/** An ordered string of bits, as used in ASN.1. + This differs from NSData in that it need not occupy a whole number of bytes; + that is, the number of bits need not be a multiple of 8. */ +@interface MYBitString : NSObject +{ + NSData *_bits; + NSUInteger _bitCount; +} + +- (id)initWithBits: (NSData*)bits count: (NSUInteger)bitCount; + +@property (readonly, nonatomic) NSData *bits; +@property (readonly, nonatomic) NSUInteger bitCount; + +@end diff -r 2ac5704e229f -r c409dbc4f068 MYASN1Object.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYASN1Object.m Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,132 @@ +// +// MYASN1Object.m +// MYCrypto-iPhone +// +// Created by Jens Alfke on 5/28/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYASN1Object.h" + + +@implementation MYASN1Object + + +- (id) initWithTag: (uint32_t)tag + ofClass: (uint8_t)tagClass + constructed: (BOOL)constructed + value: (NSData*)value +{ + Assert(value); + self = [super init]; + if (self != nil) { + _tag = tag; + _tagClass = tagClass; + _constructed = constructed; + _value = [value copy]; + } + return self; +} + +- (id) initWithTag: (uint32_t)tag + ofClass: (uint8_t)tagClass + components: (NSArray*)components +{ + Assert(components); + self = [super init]; + if (self != nil) { + _tag = tag; + _tagClass = tagClass; + _constructed = YES; + _components = [components copy]; + } + return self; +} + +- (void) dealloc +{ + [_value release]; + [_components release]; + [super dealloc]; +} + + +@synthesize tag=_tag, tagClass=_tagClass, constructed=_constructed, value=_value, components=_components; + + +- (NSString*)description { + if (_components) + return $sprintf(@"%@[%hhu/%u/%u]%@", self.class, _tagClass,(unsigned)_constructed,_tag, _components); + else + return $sprintf(@"%@[%hhu/%u/%u, %u bytes]", self.class, _tagClass,(unsigned)_constructed,_tag, _value.length); +} + +static void dump(id object, NSMutableString *output, NSString *indent) { + if ([object isKindOfClass: [MYASN1Object class]]) { + MYASN1Object *asn1Obj = object; + [output appendFormat: @"%@%@[%hhu/%u]", indent, asn1Obj.class, asn1Obj.tagClass,asn1Obj.tag]; + if (asn1Obj.components) { + [output appendString: @":\n"]; + NSString *subindent = [indent stringByAppendingString: @" "]; + for (id o in asn1Obj.components) + dump(o,output, subindent); + } else + [output appendFormat: @" %@\n", asn1Obj.value]; + } else if([object respondsToSelector: @selector(objectEnumerator)]) { + [output appendString: indent]; + if ([object isKindOfClass: [NSArray class]]) + [output appendString: @"Sequence:\n"]; + else if ([object isKindOfClass: [NSSet class]]) + [output appendString: @"Set:\n"]; + else + [output appendFormat: @"%@:\n", [object class]]; + NSString *subindent = [indent stringByAppendingString: @" "]; + for (id o in object) + dump(o,output, subindent); + } else { + [output appendFormat: @"%@%@\n", indent, object]; + } +} + ++ (NSString*) dump: (id)object { + NSMutableString *output = [NSMutableString stringWithCapacity: 512]; + dump(object,output,@""); + return output; +} + + +@end + + + +@implementation MYASN1BigInteger + +@end + + + +@implementation MYBitString + + +- (id)initWithBits: (NSData*)bits count: (unsigned)bitCount; +{ + Assert(bits); + Assert(bitCount <= 8*bits.length); + self = [super init]; + if (self != nil) { + _bits = [bits copy]; + _bitCount = bitCount; + } + return self; +} + +- (void) dealloc +{ + [_bits release]; + [super dealloc]; +} + + +@synthesize bits=_bits, bitCount=_bitCount; + +@end diff -r 2ac5704e229f -r c409dbc4f068 MYBERParser.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYBERParser.h Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,19 @@ +// +// MYBERParser.h +// MYCrypto +// +// Created by Jens Alfke on 6/2/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import + + +#define MYASN1ErrorDomain @"MYASN1ErrorDomain" + + +/** Parses a block of BER-formatted data into an object tree. */ +id MYBERParse (NSData *ber, NSError **outError); + +NSDateFormatter* MYBERGeneralizedTimeFormatter(); +NSDateFormatter* MYBERUTCTimeFormatter(); diff -r 2ac5704e229f -r c409dbc4f068 MYBERParser.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYBERParser.m Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,298 @@ +// +// MYBERParser.m +// MYCrypto +// +// Created by Jens Alfke on 6/2/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYBERParser.h" +#import "MYASN1Object.h" +#import "MYOID.h" +#import "MYErrorUtils.h" +#import "CollectionUtils.h" +#import "Test.h" + + +#define MYBERParserException @"MYBERParserException" + + + +typedef struct { + const uint8_t *nextChar; + size_t length; +} InputData; + + +static void requireLength (size_t length, size_t expectedLength) { + if (length != expectedLength) + [NSException raise: MYBERParserException format: @"Unexpected value length"]; +} + + +static const void* readOrDie (InputData *input, size_t len) { + if (len > input->length) + [NSException raise: MYBERParserException format: @"Unexpected EOF on input"]; + const void *bytes = input->nextChar; + input->nextChar += len; + input->length -= len; + return bytes; +} + + +static NSData* readDataOrDie(InputData *input, size_t length) { + return [NSMutableData dataWithBytes: readOrDie(input,length) length: length]; +} + + +static NSString* readStringOrDie(InputData *input, size_t length, NSStringEncoding encoding) { + NSString *str = [[NSString alloc] initWithBytes: readOrDie(input,length) + length: length + encoding: encoding]; + if (!str) + [NSException raise: MYBERParserException format: @"Unparseable string"]; + return [str autorelease]; +} + + +static uint32_t readBigEndianUnsignedInteger (InputData *input, size_t length) { + if (length == 0 || length > 4) + [NSException raise: MYBERParserException format: @"Invalid integer length"]; + uint32_t result = 0; + memcpy(((uint8_t*)&result)+(4-length), readOrDie(input, length), length); + return result; +} + +static int32_t readBigEndianSignedInteger (InputData *input, size_t length) { + int32_t result = (int32_t) readBigEndianUnsignedInteger(input,length); + uint8_t *dst = ((uint8_t*)&result)+(4-length); + if (*dst & 0x80) { // sign-extend negative value + while (--dst >= (uint8_t*)&result) + *dst = 0xFF; + } + return result; +} + + +NSDateFormatter* MYBERGeneralizedTimeFormatter() { + static NSDateFormatter *sFmt; + if (!sFmt) { + sFmt = [[NSDateFormatter alloc] init]; + sFmt.dateFormat = @"yyyyMMddHHmmss'Z'"; + sFmt.timeZone = [NSTimeZone timeZoneWithName: @"GMT"]; + } + return sFmt; +} + +NSDateFormatter* MYBERUTCTimeFormatter() { + static NSDateFormatter *sFmt; + if (!sFmt) { + sFmt = [[NSDateFormatter alloc] init]; + sFmt.dateFormat = @"yyMMddHHmmss'Z'"; + sFmt.timeZone = [NSTimeZone timeZoneWithName: @"GMT"]; + } + return sFmt; +} + +static NSDate* parseDate (NSString *dateStr, unsigned tag) { + NSDateFormatter *fmt = (tag==23 ?MYBERUTCTimeFormatter() :MYBERGeneralizedTimeFormatter()); + NSDate *date = [fmt dateFromString: dateStr]; + if (!date) + [NSException raise: MYBERParserException format: @"Unparseable date '%@'", dateStr]; + return date; +} + + +static id parseBER(InputData *input) { + struct { + unsigned tag :5; + unsigned isConstructed :1; + unsigned tagClass :2; + unsigned length :7; + unsigned isLengthLong :1; + } header; + memcpy(&header, readOrDie(input,2), 2); + + if (header.tag == 0x1F) + [NSException raise: MYBERParserException format: @"Long tags not supported"]; + + // Parse the length: + size_t length; + if (!header.isLengthLong) + length = header.length; + else if (header.length == 0) + [NSException raise: MYBERParserException format: @"Indefinite length not supported"]; + else + length = NSSwapBigIntToHost(readBigEndianUnsignedInteger(input,header.length)); + + Class defaultClass = [MYASN1Object class]; + + // Tag values can be found in . I'm not using them here because that + // header does not exist on iPhone! + + if (header.isConstructed) { + // Constructed: + NSMutableArray *items = $marray(); + InputData subInput = {input->nextChar, length}; + while (subInput.length > 0) { + [items addObject: parseBER(&subInput)]; + } + input->nextChar += length; + input->length -= length; + + switch (header.tag) { + case 16: // sequence + return items; + case 17: // set + return [NSSet setWithArray: items]; + default: + return [[[MYASN1Object alloc] initWithTag: header.tag + ofClass: header.tagClass + components: items] autorelease]; + } + } else { + // Primitive: + switch (header.tag) { + case 1: { // boolean + requireLength(length,1); + return *(const uint8_t*)readOrDie(input, 1) ?$true :$false; + } + case 2: // integer + case 10: // enum + { + if (length <= 4) { + int32_t value = NSSwapBigIntToHost(readBigEndianSignedInteger(input,length)); + return [NSNumber numberWithInteger: value]; + } else { + // Big integer! + defaultClass = [MYASN1BigInteger class]; + break; + } + } + case 3: // bitstring + { + UInt8 unusedBits = *(const UInt8*) readOrDie(input, 1); + if (unusedBits) + Log(@"Bit-string has %u unused bits", (unsigned)unusedBits); + if (unusedBits > 7 || length < 1) + [NSException raise: MYBERParserException format: @"Bogus bit-string"]; + return [[[MYBitString alloc] initWithBits: readDataOrDie(input, length-1) + count: 8*(length-1) - unusedBits] autorelease]; + } + case 4: // octetstring + return readDataOrDie(input, length); + case 5: // null + requireLength(length,0); + return [NSNull null]; + case 6: // OID + return [[[MYOID alloc] initWithBEREncoding: readDataOrDie(input, length)] autorelease]; + case 12: // UTF8String + return readStringOrDie(input,length,NSUTF8StringEncoding); + case 18: // numeric string + case 19: // printable string: + return readStringOrDie(input,length,NSASCIIStringEncoding); + case 23: // UTC time: + case 24: // Generalized time: + return parseDate(readStringOrDie(input,length,NSASCIIStringEncoding), header.tag); + default: + break; + } + } + + // Generic case -- create and return a MYASN1Object: + NSData *value = readDataOrDie(input, length); + id result = [[[defaultClass alloc] initWithTag: header.tag + ofClass: header.tagClass + constructed: header.isConstructed + value: value] autorelease]; + if( defaultClass == [MYASN1Object class]) + Warn(@"parseBER: Returning default %@", result); + return result; +} + + +id MYBERParse (NSData *ber, NSError **outError) { + @try{ + InputData input = {ber.bytes, ber.length}; + return parseBER(&input); + }@catch (NSException *x) { + if ($equal(x.name, MYBERParserException)) { + *outError = MYError(1,MYASN1ErrorDomain, @"%@", x.reason); + } else { + @throw(x); + } + } + return nil; +} + + + + +#pragma mark - +#pragma mark TEST CASES: + + +#define $data(BYTES...) ({const uint8_t bytes[] = {BYTES}; [NSData dataWithBytes: bytes length: sizeof(bytes)];}) + +TestCase(ParseBER) { + CAssertEqual(MYBERParse($data(0x05, 0x00), nil), + [NSNull null]); + CAssertEqual(MYBERParse($data(0x01, 0x01, 0xFF), nil), + $true); + CAssertEqual(MYBERParse($data(0x01, 0x01, 0x00), nil), + $false); + + // integers: + CAssertEqual(MYBERParse($data(0x02, 0x01, 0x00), nil), + $object(0)); + CAssertEqual(MYBERParse($data(0x02, 0x01, 0x48), nil), + $object(72)); + CAssertEqual(MYBERParse($data(0x02, 0x01, 0x80), nil), + $object(-128)); + CAssertEqual(MYBERParse($data(0x02, 0x02, 0x00, 0x80), nil), + $object(128)); + CAssertEqual(MYBERParse($data(0x02, 0x02, 0x30,0x39), nil), + $object(12345)); + CAssertEqual(MYBERParse($data(0x02, 0x02, 0xCF, 0xC7), nil), + $object(-12345)); + CAssertEqual(MYBERParse($data(0x02, 0x04, 0x07, 0x5B, 0xCD, 0x15), nil), + $object(123456789)); + CAssertEqual(MYBERParse($data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB), nil), + $object(-123456789)); + CAssertEqual(MYBERParse($data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB), nil), + $object(-123456789)); + + // octet strings: + CAssertEqual(MYBERParse($data(0x04, 0x05, 'h', 'e', 'l', 'l', 'o'), nil), + [@"hello" dataUsingEncoding: NSASCIIStringEncoding]); + CAssertEqual(MYBERParse($data(0x04, 0x00), nil), + [NSData data]); + CAssertEqual(MYBERParse($data(0x0C, 0x05, 'h', 'e', 'l', 'l', 'o'), nil), + @"hello"); + + // sequences: + CAssertEqual(MYBERParse($data(0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF), nil), + $array($object(72), $true)); + CAssertEqual(MYBERParse($data(0x30, 0x10, + 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF, + 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF), nil), + $array( $array($object(72), $true), $array($object(72), $true))); +} + + +TestCase(ParseCert) { + NSData *cert = [NSData dataWithContentsOfFile: @"../../Tests/selfsigned.cer"]; + NSError *error = nil; + id parsed = MYBERParse(cert,&error); + CAssert(parsed); + CAssertNil(error); + NSString *dump = [MYASN1Object dump: parsed]; + CAssert(dump); + + cert = [NSData dataWithContentsOfFile: @"../../Tests/iphonedev.cer"]; + parsed = MYBERParse(cert,&error); + CAssert(parsed); + CAssertNil(error); + dump = [MYASN1Object dump: parsed]; + CAssert(dump); +} diff -r 2ac5704e229f -r c409dbc4f068 MYCertificate.h --- a/MYCertificate.h Sun Apr 19 22:05:51 2009 -0700 +++ b/MYCertificate.h Tue Jun 02 13:16:28 2009 -0700 @@ -12,7 +12,7 @@ #import #endif -@class MYPublicKey; +@class MYPublicKey, MYIdentity; /** An X.509 certificate. */ @@ -57,6 +57,9 @@ type: (CSSM_CERT_TYPE) type encoding: (CSSM_CERT_ENCODING) encoding; +/** The Identity (if any) that this Certificate is part of. */ +@property (readonly) MYIdentity *identity; + /** The list (if any) of the subject's email addresses. */ @property (readonly) NSArray *emailAddresses; diff -r 2ac5704e229f -r c409dbc4f068 MYCertificate.m --- a/MYCertificate.m Sun Apr 19 22:05:51 2009 -0700 +++ b/MYCertificate.m Tue Jun 02 13:16:28 2009 -0700 @@ -8,6 +8,7 @@ #import "MYCertificate.h" #import "MYCrypto_Private.h" +#import "MYIdentity.h" #import "MYDigest.h" #import "MYErrorUtils.h" @@ -103,6 +104,10 @@ return key; } +- (MYIdentity*) identity { + return [[[MYIdentity alloc] initWithCertificateRef: _certificateRef] autorelease]; +} + - (NSString*) commonName { CFStringRef name = NULL; if (!check(SecCertificateCopyCommonName(_certificateRef, &name), diff -r 2ac5704e229f -r c409dbc4f068 MYCrypto-iPhone.xcodeproj/project.pbxproj --- a/MYCrypto-iPhone.xcodeproj/project.pbxproj Sun Apr 19 22:05:51 2009 -0700 +++ b/MYCrypto-iPhone.xcodeproj/project.pbxproj Tue Jun 02 13:16:28 2009 -0700 @@ -23,6 +23,7 @@ 276FB34B0F856CA400CB326E /* MYCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = 276FB34A0F856CA400CB326E /* MYCertificate.m */; }; 27A430120F87C6C10063D362 /* MYKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823110F81D56E0019BE60 /* MYKey.m */; }; 27A430140F87C6D50063D362 /* MYSymmetricKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A430130F87C6D50063D362 /* MYSymmetricKey.m */; }; + 27B8522D0FCEE6F9005631F9 /* MYASN1.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B8522C0FCEE6F9005631F9 /* MYASN1.m */; }; 27E3A6AA0F91B8B30079D4D9 /* MYCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E3A6A70F91B8B30079D4D9 /* MYCryptor.m */; }; 27E823240F81D56E0019BE60 /* MYKeychainItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E823150F81D56E0019BE60 /* MYKeychainItem.m */; }; 27E823270F81D56E0019BE60 /* MYDigest.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E8231C0F81D56E0019BE60 /* MYDigest.m */; }; @@ -60,6 +61,8 @@ 27A430130F87C6D50063D362 /* MYSymmetricKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYSymmetricKey.m; sourceTree = ""; }; 27A430150F87C6DB0063D362 /* MYSymmetricKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYSymmetricKey.h; sourceTree = ""; }; 27AAD9710F8927DB0064DD7C /* MYCryptoConfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCryptoConfig.h; sourceTree = ""; }; + 27B8522B0FCEE6F9005631F9 /* MYASN1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYASN1.h; sourceTree = ""; }; + 27B8522C0FCEE6F9005631F9 /* MYASN1.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYASN1.m; sourceTree = ""; }; 27E3A6A60F91B8B30079D4D9 /* MYCryptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCryptor.h; sourceTree = ""; }; 27E3A6A70F91B8B30079D4D9 /* MYCryptor.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCryptor.m; sourceTree = ""; }; 27E8230C0F81D56E0019BE60 /* MYCertificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCertificate.h; sourceTree = ""; }; @@ -139,6 +142,8 @@ 27E8230B0F81D56E0019BE60 /* Source */ = { isa = PBXGroup; children = ( + 27B8522B0FCEE6F9005631F9 /* MYASN1.h */, + 27B8522C0FCEE6F9005631F9 /* MYASN1.m */, 27AAD9710F8927DB0064DD7C /* MYCryptoConfig.h */, 27E8230C0F81D56E0019BE60 /* MYCertificate.h */, 276FB34A0F856CA400CB326E /* MYCertificate.m */, @@ -290,6 +295,7 @@ 27059CF30F8F0F9200A8422F /* MYIdentity.m in Sources */, 27E3A6AA0F91B8B30079D4D9 /* MYCryptor.m in Sources */, 274110090F99234100AD413F /* MYSymmetricKey-iPhone.m in Sources */, + 27B8522D0FCEE6F9005631F9 /* MYASN1.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -335,7 +341,7 @@ ONLY_ACTIVE_ARCH = YES; PREBINDING = NO; "PROVISIONING_PROFILE[sdk=iphoneos*]" = "84D61190-B2EB-4F8E-A189-99F18EE9A07E"; - SDKROOT = iphoneos3.0; + SDKROOT = iphonesimulator2.2.1; }; name = Debug; }; @@ -348,7 +354,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; PREBINDING = NO; - SDKROOT = iphoneos3.0; + SDKROOT = iphonesimulator2.2.1; }; name = Release; }; diff -r 2ac5704e229f -r c409dbc4f068 MYCrypto.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYCrypto.h Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,15 @@ +// +// MYCrypto.h +// MYCrypto +// +// Created by Jens Alfke on 5/12/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + + +#import "MYDigest.h" +#import "MYKeychain.h" +#import "MYSymmetricKey.h" +#import "MYPublicKey.h" +#import "MYPrivateKey.h" +#import "MYIdentity.h" diff -r 2ac5704e229f -r c409dbc4f068 MYCrypto.xcodeproj/project.pbxproj --- a/MYCrypto.xcodeproj/project.pbxproj Sun Apr 19 22:05:51 2009 -0700 +++ b/MYCrypto.xcodeproj/project.pbxproj Tue Jun 02 13:16:28 2009 -0700 @@ -11,6 +11,39 @@ 27059D770F8FA23100A8422F /* MYCrypto+Cocoa.m in Sources */ = {isa = PBXBuildFile; fileRef = 27059D760F8FA23100A8422F /* MYCrypto+Cocoa.m */; }; 27059D840F8FA82500A8422F /* SecurityInterface.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 27059D830F8FA82500A8422F /* SecurityInterface.framework */; }; 27059DE50F8FAF6500A8422F /* MYDecoder.m in Sources */ = {isa = PBXBuildFile; fileRef = 27059D520F8F9BB500A8422F /* MYDecoder.m */; }; + 2706F1AE0F9D3C7100292CCF /* MYCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = 27CFF4B10F7E8535000B418E /* MYCertificate.h */; }; + 2706F1AF0F9D3C7100292CCF /* MYCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B20F7E8535000B418E /* MYCertificate.m */; }; + 2706F1B00F9D3C7200292CCF /* MYCrypto+Cocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 27059D750F8FA23100A8422F /* MYCrypto+Cocoa.h */; }; + 2706F1B10F9D3C7300292CCF /* MYCrypto+Cocoa.m in Sources */ = {isa = PBXBuildFile; fileRef = 27059D760F8FA23100A8422F /* MYCrypto+Cocoa.m */; }; + 2706F1B20F9D3C7400292CCF /* MYCryptoConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 27AAD97B0F892A0D0064DD7C /* MYCryptoConfig.h */; }; + 2706F1B30F9D3C7600292CCF /* MYDigest.h in Headers */ = {isa = PBXBuildFile; fileRef = 27CFF4BF0F7E8535000B418E /* MYDigest.h */; }; + 2706F1B40F9D3C7700292CCF /* MYDigest.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4C00F7E8535000B418E /* MYDigest.m */; }; + 2706F1B50F9D3C7700292CCF /* MYIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = 274863A00F8EF39400FE617B /* MYIdentity.h */; }; + 2706F1B60F9D3C7800292CCF /* MYIdentity.m in Sources */ = {isa = PBXBuildFile; fileRef = 274863A10F8EF39400FE617B /* MYIdentity.m */; }; + 2706F1B70F9D3C7900292CCF /* MYKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 27E822A00F81C5660019BE60 /* MYKey.h */; }; + 2706F1B80F9D3C7A00292CCF /* MYKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E822A10F81C5660019BE60 /* MYKey.m */; }; + 2706F1B90F9D3C7C00292CCF /* MYKeychain.h in Headers */ = {isa = PBXBuildFile; fileRef = 27CFF4B50F7E8535000B418E /* MYKeychain.h */; }; + 2706F1BA0F9D3C7D00292CCF /* MYKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B60F7E8535000B418E /* MYKeychain.m */; }; + 2706F1BB0F9D3C7D00292CCF /* MYKeychainItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 27CFF4B70F7E8535000B418E /* MYKeychainItem.h */; }; + 2706F1BC0F9D3C7E00292CCF /* MYKeychainItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B80F7E8535000B418E /* MYKeychainItem.m */; }; + 2706F1BD0F9D3C7E00292CCF /* MYPrivateKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 270B879D0F8C565000C56781 /* MYPrivateKey.h */; }; + 2706F1BE0F9D3C7F00292CCF /* MYPrivateKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 270B879E0F8C565000C56781 /* MYPrivateKey.m */; }; + 2706F1BF0F9D3C8000292CCF /* MYPublicKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 27CFF4BC0F7E8535000B418E /* MYPublicKey.h */; }; + 2706F1C00F9D3C8000292CCF /* MYPublicKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4BD0F7E8535000B418E /* MYPublicKey.m */; }; + 2706F1C10F9D3C8100292CCF /* MYSymmetricKey-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 27410FEF0F99200A00AD413F /* MYSymmetricKey-iPhone.m */; }; + 2706F1C20F9D3C8200292CCF /* MYSymmetricKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 27A42D400F858ED80063D362 /* MYSymmetricKey.h */; }; + 2706F1C30F9D3C8300292CCF /* MYSymmetricKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42D410F858ED80063D362 /* MYSymmetricKey.m */; }; + 2706F1C40F9D3C8800292CCF /* MYCryptor.h in Headers */ = {isa = PBXBuildFile; fileRef = 27CFF4B30F7E8535000B418E /* MYCryptor.h */; }; + 2706F1C50F9D3C8900292CCF /* MYCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B40F7E8535000B418E /* MYCryptor.m */; }; + 2706F1C60F9D3C8900292CCF /* MYDecoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 27059D510F8F9BB500A8422F /* MYDecoder.h */; }; + 2706F1C70F9D3C8A00292CCF /* MYDecoder.m in Sources */ = {isa = PBXBuildFile; fileRef = 27059D520F8F9BB500A8422F /* MYDecoder.m */; }; + 2706F1C80F9D3C8B00292CCF /* MYEncoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 27059D4F0F8F9BB500A8422F /* MYEncoder.h */; }; + 2706F1C90F9D3C8B00292CCF /* MYEncoder.m in Sources */ = {isa = PBXBuildFile; fileRef = 27059D500F8F9BB500A8422F /* MYEncoder.m */; }; + 2706F1CA0F9D3C9200292CCF /* MYCertGen.h in Headers */ = {isa = PBXBuildFile; fileRef = 27A42ECC0F8689D30063D362 /* MYCertGen.h */; }; + 2706F1CB0F9D3C9300292CCF /* MYCertGen.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42ECD0F8689D30063D362 /* MYCertGen.m */; }; + 270A7A730FD58FF200770C4D /* MYBERParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 270A7A710FD58FF200770C4D /* MYBERParser.h */; }; + 270A7A740FD58FF200770C4D /* MYBERParser.m in Sources */ = {isa = PBXBuildFile; fileRef = 270A7A720FD58FF200770C4D /* MYBERParser.m */; }; + 270A7A750FD58FF200770C4D /* MYBERParser.m in Sources */ = {isa = PBXBuildFile; fileRef = 270A7A720FD58FF200770C4D /* MYBERParser.m */; }; 270B879F0F8C565000C56781 /* MYPrivateKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 270B879E0F8C565000C56781 /* MYPrivateKey.m */; }; 27410FF00F99200A00AD413F /* MYSymmetricKey-iPhone.m in Sources */ = {isa = PBXBuildFile; fileRef = 27410FEF0F99200A00AD413F /* MYSymmetricKey-iPhone.m */; }; 274861D50F8E4B5200FE617B /* MYCertGen.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42ECD0F8689D30063D362 /* MYCertGen.m */; }; @@ -18,6 +51,15 @@ 27A42CBF0F8578B40063D362 /* MYCryptoTest.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42CBE0F8578B40063D362 /* MYCryptoTest.m */; }; 27A42D1E0F8586CE0063D362 /* MYKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27E822A10F81C5660019BE60 /* MYKey.m */; }; 27A42D420F858ED80063D362 /* MYSymmetricKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 27A42D410F858ED80063D362 /* MYSymmetricKey.m */; }; + 27B852F50FCF4EB7005631F9 /* MYASN1Object.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B852F40FCF4EB7005631F9 /* MYASN1Object.m */; }; + 27B852F60FCF4EB7005631F9 /* MYASN1Object.h in Headers */ = {isa = PBXBuildFile; fileRef = 27B852F30FCF4EB6005631F9 /* MYASN1Object.h */; }; + 27B852F70FCF4EB7005631F9 /* MYASN1Object.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B852F40FCF4EB7005631F9 /* MYASN1Object.m */; }; + 27B852FE0FCF4ECB005631F9 /* MYOID.h in Headers */ = {isa = PBXBuildFile; fileRef = 27B852FC0FCF4ECB005631F9 /* MYOID.h */; }; + 27B852FF0FCF4ECB005631F9 /* MYOID.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B852FD0FCF4ECB005631F9 /* MYOID.m */; }; + 27B853000FCF4ECB005631F9 /* MYOID.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B852FD0FCF4ECB005631F9 /* MYOID.m */; }; + 27B855270FD077A6005631F9 /* MYDEREncoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 27B855250FD077A6005631F9 /* MYDEREncoder.h */; }; + 27B855280FD077A7005631F9 /* MYDEREncoder.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B855260FD077A6005631F9 /* MYDEREncoder.m */; }; + 27B855290FD077A7005631F9 /* MYDEREncoder.m in Sources */ = {isa = PBXBuildFile; fileRef = 27B855260FD077A6005631F9 /* MYDEREncoder.m */; }; 27CFF4C10F7E8535000B418E /* MYCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B20F7E8535000B418E /* MYCertificate.m */; }; 27CFF4C20F7E8535000B418E /* MYCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B40F7E8535000B418E /* MYCryptor.m */; }; 27CFF4C30F7E8535000B418E /* MYKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF4B60F7E8535000B418E /* MYKeychain.m */; }; @@ -32,6 +74,7 @@ 27CFF5220F7E94DF000B418E /* MYCrypto_main.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF5210F7E94DF000B418E /* MYCrypto_main.m */; }; 27CFF5760F7E999B000B418E /* MYErrorUtils.m in Sources */ = {isa = PBXBuildFile; fileRef = 27CFF5750F7E999B000B418E /* MYErrorUtils.m */; }; 27E820720F7EA6260019BE60 /* CoreServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 27E820710F7EA6260019BE60 /* CoreServices.framework */; }; + 27FEB3E70FBA63D200290049 /* MYCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 27FEB3E60FBA63D200290049 /* MYCrypto.h */; }; 8DD76F9C0486AA7600D96B5E /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 08FB779EFE84155DC02AAC07 /* Foundation.framework */; }; /* End PBXBuildFile section */ @@ -56,6 +99,9 @@ 27059D750F8FA23100A8422F /* MYCrypto+Cocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "MYCrypto+Cocoa.h"; sourceTree = ""; }; 27059D760F8FA23100A8422F /* MYCrypto+Cocoa.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYCrypto+Cocoa.m"; sourceTree = ""; }; 27059D830F8FA82500A8422F /* SecurityInterface.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SecurityInterface.framework; path = /System/Library/Frameworks/SecurityInterface.framework; sourceTree = ""; }; + 2706F1AB0F9D3C5F00292CCF /* libMYCrypto.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libMYCrypto.a; sourceTree = BUILT_PRODUCTS_DIR; }; + 270A7A710FD58FF200770C4D /* MYBERParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYBERParser.h; sourceTree = ""; }; + 270A7A720FD58FF200770C4D /* MYBERParser.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYBERParser.m; sourceTree = ""; }; 270B879D0F8C565000C56781 /* MYPrivateKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYPrivateKey.h; sourceTree = ""; }; 270B879E0F8C565000C56781 /* MYPrivateKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYPrivateKey.m; sourceTree = ""; }; 27410FEF0F99200A00AD413F /* MYSymmetricKey-iPhone.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MYSymmetricKey-iPhone.m"; sourceTree = ""; }; @@ -68,6 +114,12 @@ 27A42ECC0F8689D30063D362 /* MYCertGen.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCertGen.h; sourceTree = ""; }; 27A42ECD0F8689D30063D362 /* MYCertGen.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCertGen.m; sourceTree = ""; }; 27AAD97B0F892A0D0064DD7C /* MYCryptoConfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCryptoConfig.h; sourceTree = ""; }; + 27B852F30FCF4EB6005631F9 /* MYASN1Object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYASN1Object.h; sourceTree = ""; }; + 27B852F40FCF4EB7005631F9 /* MYASN1Object.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYASN1Object.m; sourceTree = ""; }; + 27B852FC0FCF4ECB005631F9 /* MYOID.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYOID.h; sourceTree = ""; }; + 27B852FD0FCF4ECB005631F9 /* MYOID.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYOID.m; sourceTree = ""; }; + 27B855250FD077A6005631F9 /* MYDEREncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYDEREncoder.h; sourceTree = ""; }; + 27B855260FD077A6005631F9 /* MYDEREncoder.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYDEREncoder.m; sourceTree = ""; }; 27CFF4B10F7E8535000B418E /* MYCertificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCertificate.h; sourceTree = ""; }; 27CFF4B20F7E8535000B418E /* MYCertificate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYCertificate.m; sourceTree = ""; }; 27CFF4B30F7E8535000B418E /* MYCryptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCryptor.h; sourceTree = ""; }; @@ -100,10 +152,18 @@ 27E822A00F81C5660019BE60 /* MYKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYKey.h; sourceTree = ""; }; 27E822A10F81C5660019BE60 /* MYKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MYKey.m; sourceTree = ""; }; 27EAF0390F8B2D700091AF95 /* README.textile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README.textile; sourceTree = ""; }; + 27FEB3E60FBA63D200290049 /* MYCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MYCrypto.h; sourceTree = ""; }; 8DD76FA10486AA7600D96B5E /* MYCrypto */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = MYCrypto; sourceTree = BUILT_PRODUCTS_DIR; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ + 2706F1A90F9D3C5F00292CCF /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; 8DD76F9B0486AA7600D96B5E /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; @@ -123,7 +183,7 @@ children = ( 08FB7795FE84155DC02AAC07 /* Source */, 27059D4E0F8F9B9E00A8422F /* Encryption */, - 274861440F8D757600FE617B /* Certificate Generation */, + 274861440F8D757600FE617B /* Certificates */, 270B881C0F8D055A00C56781 /* Internal */, 27CFF4CC0F7E86E8000B418E /* MYUtilities */, C6859EA2029092E104C91782 /* Documentation */, @@ -162,6 +222,7 @@ 27059D750F8FA23100A8422F /* MYCrypto+Cocoa.h */, 27059D760F8FA23100A8422F /* MYCrypto+Cocoa.m */, 27EAF0390F8B2D700091AF95 /* README.textile */, + 27FEB3E60FBA63D200290049 /* MYCrypto.h */, ); name = Source; sourceTree = ""; @@ -178,6 +239,7 @@ isa = PBXGroup; children = ( 8DD76FA10486AA7600D96B5E /* MYCrypto */, + 2706F1AB0F9D3C5F00292CCF /* libMYCrypto.a */, ); name = Products; sourceTree = ""; @@ -208,13 +270,21 @@ name = Internal; sourceTree = ""; }; - 274861440F8D757600FE617B /* Certificate Generation */ = { + 274861440F8D757600FE617B /* Certificates */ = { isa = PBXGroup; children = ( 27A42ECC0F8689D30063D362 /* MYCertGen.h */, 27A42ECD0F8689D30063D362 /* MYCertGen.m */, + 27B852F30FCF4EB6005631F9 /* MYASN1Object.h */, + 27B852F40FCF4EB7005631F9 /* MYASN1Object.m */, + 270A7A710FD58FF200770C4D /* MYBERParser.h */, + 270A7A720FD58FF200770C4D /* MYBERParser.m */, + 27B855250FD077A6005631F9 /* MYDEREncoder.h */, + 27B855260FD077A6005631F9 /* MYDEREncoder.m */, + 27B852FC0FCF4ECB005631F9 /* MYOID.h */, + 27B852FD0FCF4ECB005631F9 /* MYOID.m */, ); - name = "Certificate Generation"; + name = Certificates; sourceTree = ""; }; 27CFF4CC0F7E86E8000B418E /* MYUtilities */ = { @@ -244,7 +314,54 @@ }; /* End PBXGroup section */ +/* Begin PBXHeadersBuildPhase section */ + 2706F1A70F9D3C5F00292CCF /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + 2706F1AE0F9D3C7100292CCF /* MYCertificate.h in Headers */, + 2706F1B00F9D3C7200292CCF /* MYCrypto+Cocoa.h in Headers */, + 2706F1B20F9D3C7400292CCF /* MYCryptoConfig.h in Headers */, + 2706F1B30F9D3C7600292CCF /* MYDigest.h in Headers */, + 2706F1B50F9D3C7700292CCF /* MYIdentity.h in Headers */, + 2706F1B70F9D3C7900292CCF /* MYKey.h in Headers */, + 2706F1B90F9D3C7C00292CCF /* MYKeychain.h in Headers */, + 2706F1BB0F9D3C7D00292CCF /* MYKeychainItem.h in Headers */, + 2706F1BD0F9D3C7E00292CCF /* MYPrivateKey.h in Headers */, + 2706F1BF0F9D3C8000292CCF /* MYPublicKey.h in Headers */, + 2706F1C20F9D3C8200292CCF /* MYSymmetricKey.h in Headers */, + 2706F1C40F9D3C8800292CCF /* MYCryptor.h in Headers */, + 2706F1C60F9D3C8900292CCF /* MYDecoder.h in Headers */, + 2706F1C80F9D3C8B00292CCF /* MYEncoder.h in Headers */, + 2706F1CA0F9D3C9200292CCF /* MYCertGen.h in Headers */, + 27FEB3E70FBA63D200290049 /* MYCrypto.h in Headers */, + 27B852F60FCF4EB7005631F9 /* MYASN1Object.h in Headers */, + 27B852FE0FCF4ECB005631F9 /* MYOID.h in Headers */, + 27B855270FD077A6005631F9 /* MYDEREncoder.h in Headers */, + 270A7A730FD58FF200770C4D /* MYBERParser.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXHeadersBuildPhase section */ + /* Begin PBXNativeTarget section */ + 2706F1AA0F9D3C5F00292CCF /* Static Lib */ = { + isa = PBXNativeTarget; + buildConfigurationList = 2706F1CE0F9D3CDD00292CCF /* Build configuration list for PBXNativeTarget "Static Lib" */; + buildPhases = ( + 2706F1A70F9D3C5F00292CCF /* Headers */, + 2706F1A80F9D3C5F00292CCF /* Sources */, + 2706F1A90F9D3C5F00292CCF /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "Static Lib"; + productName = "Static Lib"; + productReference = 2706F1AB0F9D3C5F00292CCF /* libMYCrypto.a */; + productType = "com.apple.product-type.library.static"; + }; 8DD76F960486AA7600D96B5E /* MYCrypto */ = { isa = PBXNativeTarget; buildConfigurationList = 1DEB927408733DD40010E9CD /* Build configuration list for PBXNativeTarget "MYCrypto" */; @@ -277,6 +394,7 @@ projectRoot = ""; targets = ( 8DD76F960486AA7600D96B5E /* MYCrypto */, + 2706F1AA0F9D3C5F00292CCF /* Static Lib */, ); }; /* End PBXProject section */ @@ -299,6 +417,32 @@ /* End PBXShellScriptBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ + 2706F1A80F9D3C5F00292CCF /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 2706F1AF0F9D3C7100292CCF /* MYCertificate.m in Sources */, + 2706F1B10F9D3C7300292CCF /* MYCrypto+Cocoa.m in Sources */, + 2706F1B40F9D3C7700292CCF /* MYDigest.m in Sources */, + 2706F1B60F9D3C7800292CCF /* MYIdentity.m in Sources */, + 2706F1B80F9D3C7A00292CCF /* MYKey.m in Sources */, + 2706F1BA0F9D3C7D00292CCF /* MYKeychain.m in Sources */, + 2706F1BC0F9D3C7E00292CCF /* MYKeychainItem.m in Sources */, + 2706F1BE0F9D3C7F00292CCF /* MYPrivateKey.m in Sources */, + 2706F1C00F9D3C8000292CCF /* MYPublicKey.m in Sources */, + 2706F1C10F9D3C8100292CCF /* MYSymmetricKey-iPhone.m in Sources */, + 2706F1C30F9D3C8300292CCF /* MYSymmetricKey.m in Sources */, + 2706F1C50F9D3C8900292CCF /* MYCryptor.m in Sources */, + 2706F1C70F9D3C8A00292CCF /* MYDecoder.m in Sources */, + 2706F1C90F9D3C8B00292CCF /* MYEncoder.m in Sources */, + 2706F1CB0F9D3C9300292CCF /* MYCertGen.m in Sources */, + 27B852F70FCF4EB7005631F9 /* MYASN1Object.m in Sources */, + 27B852FF0FCF4ECB005631F9 /* MYOID.m in Sources */, + 27B855280FD077A7005631F9 /* MYDEREncoder.m in Sources */, + 270A7A740FD58FF200770C4D /* MYBERParser.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; 8DD76F990486AA7600D96B5E /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; @@ -325,6 +469,10 @@ 27059D770F8FA23100A8422F /* MYCrypto+Cocoa.m in Sources */, 27059DE50F8FAF6500A8422F /* MYDecoder.m in Sources */, 27410FF00F99200A00AD413F /* MYSymmetricKey-iPhone.m in Sources */, + 27B852F50FCF4EB7005631F9 /* MYASN1Object.m in Sources */, + 27B853000FCF4ECB005631F9 /* MYOID.m in Sources */, + 27B855290FD077A7005631F9 /* MYDEREncoder.m in Sources */, + 270A7A750FD58FF200770C4D /* MYBERParser.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -368,6 +516,27 @@ }; name = Release; }; + 2706F1AC0F9D3C6200292CCF /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + COPY_PHASE_STRIP = NO; + INSTALL_PATH = /usr/local/lib; + PRODUCT_NAME = MYCrypto; + }; + name = Debug; + }; + 2706F1AD0F9D3C6200292CCF /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + COPY_PHASE_STRIP = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + INSTALL_PATH = /usr/local/lib; + PRODUCT_NAME = MYCrypto; + }; + name = Release; + }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ @@ -389,6 +558,15 @@ defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; + 2706F1CE0F9D3CDD00292CCF /* Build configuration list for PBXNativeTarget "Static Lib" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 2706F1AC0F9D3C6200292CCF /* Debug */, + 2706F1AD0F9D3C6200292CCF /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; /* End XCConfigurationList section */ }; rootObject = 08FB7793FE84155DC02AAC07 /* Project object */; diff -r 2ac5704e229f -r c409dbc4f068 MYCryptoTest.m --- a/MYCryptoTest.m Sun Apr 19 22:05:51 2009 -0700 +++ b/MYCryptoTest.m Tue Jun 02 13:16:28 2009 -0700 @@ -155,7 +155,7 @@ #endif #if !TARGET_OS_IPHONE -#if 0 // TEMPORARILY OUT OF ORDER +#if 1 // TEMP-ORARILY OUT OF ORDER // Try exporting and importing a wrapped key: Log(@"Testing export/import..."); NSData *exported = [key exportWrappedKeyWithPassphrasePrompt: @"Export symmetric key with passphrase:"]; @@ -163,14 +163,13 @@ #if 1 CAssert(exported); #else - //FIX: Exporting symmetric keys isn't working. Temporarily making this optional. if (!exported) Warn(@"Unable to export wrapped key"); else #endif { CAssert(exported); - MYSymmetricKey *key2 = [[MYSymmetricKey alloc] initWithKeyData: exported algorithm: algorithm]; + MYSymmetricKey *key2 = [[MYSymmetricKey alloc] initWithWrappedKeyData: exported]; Log(@"Reconstituted as %@", key2); CAssertEqual(key2.keyData,key.keyData); decrypted = [key2 decryptData: encrypted]; diff -r 2ac5704e229f -r c409dbc4f068 MYDEREncoder.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYDEREncoder.h Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,25 @@ +// +// MYDEREncoder.h +// MYCrypto +// +// Created by Jens Alfke on 5/29/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import + + +@interface MYDEREncoder : NSObject +{ + id _rootObject; + NSMutableData *_output; + NSError *_error; +} + +- (id) initWithRootObject: (id)object; ++ (NSData*) encodeRootObject: (id)rootObject error: (NSError**)outError; + +@property (readonly) NSData* output; +@property (readonly, retain) NSError *error; + +@end diff -r 2ac5704e229f -r c409dbc4f068 MYDEREncoder.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYDEREncoder.m Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,352 @@ +// +// MYDEREncoder.m +// MYCrypto +// +// Created by Jens Alfke on 5/29/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYDEREncoder.h" +#import "MYASN1Object.h" +#import "MYBERParser.h" +#import "MYOID.h" +#import "MYErrorUtils.h" + + +#define MYDEREncoderException @"MYDEREncoderException" + + +@interface MYDEREncoder () +- (void) _encode: (id)object; +@property (retain) NSError *error; +@end + + +@implementation MYDEREncoder + + +- (id) initWithRootObject: (id)rootObject +{ + self = [super init]; + if (self != nil) { + _rootObject = [rootObject retain]; + } + return self; +} + ++ (NSData*) encodeRootObject: (id)rootObject error: (NSError**)outError { + MYDEREncoder *encoder = [[self alloc] initWithRootObject: rootObject]; + NSData *output = [encoder.output copy]; + if (outError) *outError = [[encoder.error retain] autorelease]; + [encoder release]; + return [output autorelease]; +} + +- (void) dealloc +{ + [_rootObject release]; + [_output release]; + [super dealloc]; +} + + + +static unsigned sizeOfUnsignedInt (UInt64 n) { + unsigned bytes = 0; + for (; n; n >>= 8) + bytes++; + return bytes; +} + +static unsigned encodeUnsignedInt (UInt64 n, UInt8 buf[], BOOL padHighBit) { + unsigned size = MAX(1U, sizeOfUnsignedInt(n)); + UInt64 bigEndian = NSSwapHostLongLongToBig(n); + const UInt8* src = (UInt8*)&bigEndian + (8-size); + UInt8 *dst = &buf[0]; + if (padHighBit && (*src & 0x80)) { + *dst++ = 0; + size++; + } + memcpy(dst, src, size); + return size; +} + +static unsigned encodeSignedInt (SInt64 n, UInt8 buf[]) { + if (n >= 0) + return encodeUnsignedInt(n, buf, YES); + else { + unsigned size = MAX(1U, sizeOfUnsignedInt(~n)); + UInt64 bigEndian = NSSwapHostLongLongToBig(n); + const UInt8* src = (UInt8*)&bigEndian + (8-size); + UInt8 *dst = &buf[0]; + if (!(*src & 0x80)) { + *dst++ = 0xFF; + size++; + } + memcpy(dst, src, size); + return size; + } +} + + +- (void) _writeTag: (unsigned)tag + class: (unsigned)tagClass + constructed: (BOOL) constructed + length: (size_t)length +{ + struct { + unsigned tag :5; + unsigned isConstructed :1; + unsigned tagClass :2; + unsigned length :7; + unsigned isLengthLong :1; + UInt8 extraLength[9]; + } header; + size_t headerSize = 2; + + header.tag = tag; + header.isConstructed = constructed; + header.tagClass = tagClass; + if (length < 128) { + header.isLengthLong = NO; + header.length = length; + } else { + header.isLengthLong = YES; + header.length = encodeUnsignedInt(length, header.extraLength, NO); + headerSize += header.length; + } + [_output appendBytes: &header length: headerSize]; +} + +- (void) _writeTag: (unsigned)tag + class: (unsigned)tagClass + constructed: (BOOL) constructed + bytes: (const void*)bytes + length: (size_t)length +{ + [self _writeTag: tag class: tagClass constructed: constructed length: length]; + [_output appendBytes: bytes length: length]; +} + +- (void) _writeTag: (unsigned)tag + class: (unsigned)tagClass + constructed: (BOOL) constructed + data: (NSData*)data +{ + Assert(data); + [self _writeTag: tag class: tagClass constructed: constructed bytes: data.bytes length: data.length]; +} + + +- (void) _encodeNumber: (NSNumber*)number { + // Special-case detection of booleans by pointer equality, because otherwise they appear + // identical to 0 and 1: + if (number==$true || number==$false) { + UInt8 value = number==$true ?0xFF :0x00; + [self _writeTag: 1 class: 0 constructed: NO bytes: &value length: 1]; + return; + } + + const char *type = number.objCType; + if (strlen(type) == 1) { + switch(type[0]) { + case 'c': + case 'i': + case 's': + case 'l': + case 'q': + { // Signed integers: + UInt8 buf[9]; + size_t size = encodeSignedInt(number.longLongValue, buf); + [self _writeTag: 2 class: 0 constructed: NO bytes: buf length: size]; + return; + } + case 'C': + case 'I': + case 'S': + case 'L': + case 'Q': + { // Unsigned integers: + UInt8 buf[9]; + size_t size = encodeUnsignedInt(number.unsignedLongLongValue, buf, YES); + [self _writeTag: 2 class: 0 constructed: NO bytes: buf length: size]; + return; + } + case 'B': + { // bool + UInt8 value = number.boolValue ?0xFF :0x00; + [self _writeTag: 1 class: 0 constructed: NO bytes: &value length: 1]; + return; + } + } + } + [NSException raise: MYDEREncoderException format: @"Can't DER-encode value %@ (typecode=%s)", number,type]; +} + + +- (void) _encodeString: (NSString*)string { + NSData *data = [string dataUsingEncoding: NSASCIIStringEncoding]; + if (data) + [self _writeTag: 19 class: 0 constructed: NO data: data]; + else + [self _writeTag: 12 class: 0 constructed: NO data: [string dataUsingEncoding: NSUTF8StringEncoding]]; +} + + +- (void) _encodeBitString: (MYBitString*)bitString { + NSUInteger bitCount = bitString.bitCount; + [self _writeTag: 3 class: 0 constructed: NO length: 1 + (bitCount/8)]; + UInt8 unused = (8 - (bitCount % 8)) % 8; + [_output appendBytes: &unused length: 1]; + [_output appendBytes: bitString.bits.bytes length: bitCount/8]; +} + +- (void) _encodeDate: (NSDate*)date { + NSString *dateStr = [MYBERGeneralizedTimeFormatter() stringFromDate: date]; + Log(@"Encoded %@ as '%@'",date,dateStr);//TEMP + [self _writeTag: 24 class: 0 constructed: NO data: [dateStr dataUsingEncoding: NSASCIIStringEncoding]]; +} + + +- (void) _encodeCollection: (id)collection tag: (unsigned)tag class: (unsigned)tagClass { + MYDEREncoder *subEncoder = [[[self class] alloc] init]; + for (id object in collection) + [subEncoder _encode: object]; + [self _writeTag: tag class: tagClass constructed: YES data: subEncoder.output]; + [subEncoder release]; +} + + +- (void) _encode: (id)object { + if (!_output) + _output = [[NSMutableData alloc] initWithCapacity: 1024]; + if ([object isKindOfClass: [NSNumber class]]) { + [self _encodeNumber: object]; + } else if ([object isKindOfClass: [NSData class]]) { + [self _writeTag: 4 class: 0 constructed: NO data: object]; + } else if ([object isKindOfClass: [MYBitString class]]) { + [self _encodeBitString: object]; + } else if ([object isKindOfClass: [NSString class]]) { + [self _encodeString: object]; + } else if ([object isKindOfClass: [NSDate class]]) { + [self _encodeDate: object]; + } else if ([object isKindOfClass: [NSNull class]]) { + [self _writeTag: 5 class: 0 constructed: NO bytes: NULL length: 0]; + } else if ([object isKindOfClass: [NSArray class]]) { + [self _encodeCollection: object tag: 16 class: 0]; + } else if ([object isKindOfClass: [NSSet class]]) { + [self _encodeCollection: object tag: 17 class: 0]; + } else if ([object isKindOfClass: [MYOID class]]) { + [self _writeTag: 6 class: 0 constructed: NO data: [object DEREncoding]]; + } else if ([object isKindOfClass: [MYASN1Object class]]) { + MYASN1Object *asn = object; + if (asn.components) + [self _encodeCollection: asn.components tag: asn.tag class: asn.tagClass]; + else + [self _writeTag: asn.tag + class: asn.tagClass + constructed: asn.constructed + data: asn.value]; + } else { + [NSException raise: MYDEREncoderException format: @"Can't DER-encode a %@", [object class]]; + } +} + + +- (NSData*) output { + if (!_output && !_error) { + @try{ + [self _encode: _rootObject]; + }@catch (NSException *x) { + if ($equal(x.name, MYDEREncoderException)) { + self.error = MYError(2,MYASN1ErrorDomain, @"%@", x.reason); + return nil; + } else + @throw(x); + } + } + return _output; +} + +@synthesize error=_error; + + +@end + + + +#define $data(BYTES...) ({const uint8_t bytes[] = {BYTES}; [NSData dataWithBytes: bytes length: sizeof(bytes)];}) + +TestCase(DEREncoder) { + CAssertEqual([MYDEREncoder encodeRootObject: [NSNull null] error: nil], + $data(0x05, 0x00)); + CAssertEqual([MYDEREncoder encodeRootObject: $true error: nil], + $data(0x01, 0x01, 0xFF)); + CAssertEqual([MYDEREncoder encodeRootObject: $false error: nil], + $data(0x01, 0x01, 0x00)); + + // Integers: + CAssertEqual([MYDEREncoder encodeRootObject: $object(0) error: nil], + $data(0x02, 0x01, 0x00)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(1) error: nil], + $data(0x02, 0x01, 0x01)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(-1) error: nil], + $data(0x02, 0x01, 0xFF)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(72) error: nil], + $data(0x02, 0x01, 0x48)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(-128) error: nil], + $data(0x02, 0x01, 0x80)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(128) error: nil], + $data(0x02, 0x02, 0x00, 0x80)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(255) error: nil], + $data(0x02, 0x02, 0x00, 0xFF)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(-256) error: nil], + $data(0x02, 0x02, 0xFF, 0x00)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(12345) error: nil], + $data(0x02, 0x02, 0x30,0x39)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(-12345) error: nil], + $data(0x02, 0x02, 0xCF, 0xC7)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(123456789) error: nil], + $data(0x02, 0x04, 0x07, 0x5B, 0xCD, 0x15)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(-123456789) error: nil], + $data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB)); + CAssertEqual([MYDEREncoder encodeRootObject: $object(-123456789) error: nil], + $data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB)); + + // Strings: + CAssertEqual([MYDEREncoder encodeRootObject: @"hello" error: nil], + $data(0x13, 0x05, 'h', 'e', 'l', 'l', 'o')); + CAssertEqual([MYDEREncoder encodeRootObject: @"thérè" error: nil], + $data(0x0C, 0x07, 't', 'h', 0xC3, 0xA9, 'r', 0xC3, 0xA8)); + + // Dates: + CAssertEqual([MYDEREncoder encodeRootObject: [NSDate dateWithTimeIntervalSinceReferenceDate: 265336576] + error: nil], + $data(0x18, 0x0F, '2', '0', '0', '9', '0', '5', '3', '0', '0', '0', '3', '6', '1', '6', 'Z')); + + // Sequences: + CAssertEqual([MYDEREncoder encodeRootObject: $array($object(72), $true) error: nil], + $data(0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF)); + CAssertEqual([MYDEREncoder encodeRootObject: $array( $array($object(72), $true), + $array($object(72), $true)) + error: nil], + $data(0x30, 0x10, + 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF, + 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF)); +} + + +TestCase(EncodeCert) { + NSError *error = nil; + NSData *cert = [NSData dataWithContentsOfFile: @"../../Tests/selfsigned.cer"]; //TEMP + id certObjects = MYBERParse(cert,&error); + CAssertNil(error); + Log(@"Decoded as:\n%@", [MYASN1Object dump: certObjects]); + NSData *encoded = [MYDEREncoder encodeRootObject: certObjects error: &error]; + CAssertNil(error); + id reDecoded = MYBERParse(encoded, &error); + CAssertNil(error); + Log(@"Re-decoded as:\n%@", [MYASN1Object dump: reDecoded]); + [encoded writeToFile: @"../../Tests/selfsigned_reencoded.cer" atomically: YES]; + CAssertEqual(encoded,cert); +} diff -r 2ac5704e229f -r c409dbc4f068 MYKey-iPhone.m --- a/MYKey-iPhone.m Sun Apr 19 22:05:51 2009 -0700 +++ b/MYKey-iPhone.m Tue Jun 02 13:16:28 2009 -0700 @@ -59,6 +59,11 @@ return nil; else return [(id)CFMakeCollectable(data) autorelease]; + + // The format of this data is not documented. There's been some reverse-engineering: + // https://devforums.apple.com/message/32089#32089 + // Apparently it is a DER-formatted sequence of a modulus followed by an exponent. + // This can be converted to OpenSSL format by wrapping it in some additional DER goop. } diff -r 2ac5704e229f -r c409dbc4f068 MYKeychain.h --- a/MYKeychain.h Sun Apr 19 22:05:51 2009 -0700 +++ b/MYKeychain.h Tue Jun 02 13:16:28 2009 -0700 @@ -102,6 +102,11 @@ //@{ #if !TARGET_OS_IPHONE +/** Sets whether the keychain is allowed to pop up panels to interact with the user, + for example to ask for permission to access keys. If user interaction is not + allowed, all such requests will fail. */ ++ (void) setUserInteractionAllowed: (BOOL)allowed; + /** Enumerates all public keys in the keychain that have the given alias string. */ - (NSEnumerator*) symmetricKeysWithAlias: (NSString*)alias; diff -r 2ac5704e229f -r c409dbc4f068 MYKeychain.m --- a/MYKeychain.m Sun Apr 19 22:05:51 2009 -0700 +++ b/MYKeychain.m Tue Jun 02 13:16:28 2009 -0700 @@ -206,6 +206,11 @@ } ++ (void) setUserInteractionAllowed: (BOOL)allowed { + SecKeychainSetUserInteractionAllowed(allowed); +} + + #pragma mark - #pragma mark SEARCHING: diff -r 2ac5704e229f -r c409dbc4f068 MYOID.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYOID.h Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,25 @@ +// +// MYOID.h +// MYCrypto +// +// Created by Jens Alfke on 5/28/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import + + +/** An ASN.1 Object-ID, which is a sequence of integer components that define namespaces. */ +@interface MYOID : NSObject +{ + NSData *_data; +} + +- (id) initWithComponents: (const UInt32*)components count: (unsigned)componentCount; +- (id) initWithBEREncoding: (NSData*)encoding; +- (NSData*) DEREncoding; + +- (const UInt32*) components; +- (unsigned) componentCount; + +@end diff -r 2ac5704e229f -r c409dbc4f068 MYOID.m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MYOID.m Tue Jun 02 13:16:28 2009 -0700 @@ -0,0 +1,152 @@ +// +// MYOID.m +// MYCrypto +// +// Created by Jens Alfke on 5/28/09. +// Copyright 2009 Jens Alfke. All rights reserved. +// + +#import "MYOID.h" + + +@implementation MYOID + + +- (id) initWithComponents: (const UInt32*)components count: (unsigned)count +{ + self = [super init]; + if (self != nil) { + _data = [[NSData alloc] initWithBytes: components length: count*sizeof(UInt32)]; + } + return self; +} + +- (id) initWithBEREncoding: (NSData*)encoding +{ + self = [super init]; + if (self != nil) { + size_t len = encoding.length; + const UInt8 *src = encoding.bytes; + const UInt8 *end = src+len; + NSMutableData *data = [NSMutableData dataWithLength: (len+1)*sizeof(UInt32)]; + UInt32* dst = data.mutableBytes; + + if (len >= 2) { + *dst++ = *src / 40; + *dst++ = *src % 40; + src++; + } + while (src < end) { + UInt32 component = 0; + UInt8 byte; + do{ + if (src >= end) { + [self release]; + return nil; + } + byte = *src++; + component = (component << 7) | (byte & 0x7F); + }while (byte & 0x80); + *dst++ = component; + } + data.length = (UInt8*)dst - (UInt8*)data.mutableBytes; + _data = [data copy]; + } + return self; +} + ++ (MYOID*) OIDWithEncoding: (NSData*)encoding { + return [[[self alloc] initWithBEREncoding: encoding] autorelease]; +} + + +- (id) copyWithZone: (NSZone*)zone { + return [self retain]; +} + +- (void) dealloc +{ + [_data release]; + [super dealloc]; +} + + +- (NSString*) description { + NSMutableString *desc = [NSMutableString stringWithString: @"{"]; + const UInt32* components = self.components; + unsigned count = self.componentCount; + for (unsigned i=0; i0) + [desc appendString: @" "]; + [desc appendFormat: @"%u", components[i]]; + } + [desc appendString: @"}"]; + return desc; +} + + +- (NSData*) componentData {return _data;} +- (const UInt32*) components {return (const UInt32*)_data.bytes;} +- (unsigned) componentCount {return _data.length / sizeof(UInt32);} + +- (NSUInteger)hash { + return _data.hash; +} + +- (BOOL)isEqual:(id)object { + return [object isKindOfClass: [MYOID class]] && [_data isEqual: [object componentData]]; +} + + +- (NSData*) DEREncoding { + unsigned count = self.componentCount; + UInt8 encoding[5*count]; // worst-case size + const UInt32 *src=self.components, *end=src+count; + UInt8 *dst = encoding; + if (count >= 2 && src[0]<=3 && src[1]<40) { + // Weird collapsing of 1st two components into one byte: + *dst++ = src[0]*40 + src[1]; + src += 2; + } + while (src=0; shift -= 7) { + UInt8 byte = (component >> shift) & 0x7F; + if (byte || any) { + if (any) + dst[-1] |= 0x80; + *dst++ = byte; + any = YES; + } + } + } + return [NSData dataWithBytes: encoding length: dst-encoding]; +} + + +@end + + + +#define $data(BYTES...) ({const uint8_t bytes[] = {BYTES}; [NSData dataWithBytes: bytes length: sizeof(bytes)];}) + +#define $components(INTS...) ({const UInt32 components[] = {INTS}; components;}) + +TestCase(OID) { + CAssertEqual([[MYOID OIDWithEncoding: $data(0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01)] description], + @"{1 2 840 113549 1 1 1}"); + CAssertEqual([[MYOID OIDWithEncoding: $data(0x55,0x04,0x04)] description], + @"{2 5 4 4}"); + CAssertEqual([[MYOID OIDWithEncoding: $data(0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01)] description], + @"{1 2 840 113549 1 9 1}"); + + CAssertEqual([[[MYOID alloc] initWithComponents: $components(1,2,840,113549,1,1,1) count: 7] description], + @"{1 2 840 113549 1 1 1}"); + + CAssertEqual([[[MYOID alloc] initWithComponents: $components(1,2,840,113549,1,1,1) count: 7] DEREncoding], + $data(0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01)); + CAssertEqual([[[MYOID alloc] initWithComponents: $components(2,5,4,4) count: 4] DEREncoding], + $data(0x55,0x04,0x04)); +} diff -r 2ac5704e229f -r c409dbc4f068 MYSymmetricKey.h --- a/MYSymmetricKey.h Sun Apr 19 22:05:51 2009 -0700 +++ b/MYSymmetricKey.h Tue Jun 02 13:16:28 2009 -0700 @@ -10,8 +10,17 @@ #import +/** An old-fashioned symmetric key, so named because it both encrypts and decrypts. + A key can be generated at random, stored in the keychain, or derived from a user-entered + passphrase. + + These days, symmetric encryption is used mostly on local data such as files, with + passphrases; or as a transient "session key" for data sent between users, with the + session key itself encrypted in the message using public-key encryption. (The + MYEncoder/MYDecoder classes manage this second usage, whose details are tricky.) */ @interface MYSymmetricKey : MYKey { + @private #if !MYCRYPTO_USE_IPHONE_API CSSM_KEY *_ownedCSSMKey; #endif @@ -36,7 +45,17 @@ #if !TARGET_OS_IPHONE -- (NSData*) exportWrappedKeyWithPassphrasePrompt: (NSString*)prompt; +/** Exports the key as a data blob, so that it can be stored as a backup, or transferred + to another computer. Since the key is sensitive, it must be exported in encrypted form + using a user-chosen passphrase. This method will display a standard alert panel, run by + the Security agent, that prompts the user to enter a new passphrase for encrypting the key. + The same passphrase must be re-entered when importing the key from the data blob. */ + - (NSData*) exportWrappedKeyWithPassphrasePrompt: (NSString*)prompt; + +/** Recreates a symmetric key from its wrapped (encrypted) form. The user will be prompted for + the passphrase to decrypt the key; this must be the same passphrase that was entered when + wrapping the key, e.g. when -exportWrappedKeyWithPassphrasePrompt: was called. */ +- (id) initWithWrappedKeyData: (NSData*)wrappedKeyData; /** Converts a passphrase into a symmetric key. The same passphrase (and salt) will always return the same key, so you can use this method @@ -48,12 +67,12 @@ passphrase twice, to check for errors, and the nifty passphrase-strength meter will be displayed. If NO, there's only one text-field, and an option to display its contents in the clear. - @param salt An arbitrary value whose data will be mixed in with the passphrase before + @param saltObj An arbitrary value whose data will be mixed in with the passphrase before hashing, to perturb the resulting bits. The purpose of this is to make it harder for an attacker to brute-force the key using a precompiled list of digests of common passwords. Changing the salt changes the key, so you need to pass the same value when re-deriving the key as you did when first generating it. */ - + (MYSymmetricKey*) generateFromUserPassphraseWithAlertTitle: (NSString*)alertTitle ++ (MYSymmetricKey*) generateFromUserPassphraseWithAlertTitle: (NSString*)alertTitle alertPrompt: (NSString*)prompt creating: (BOOL)creating salt: (id)saltObj; diff -r 2ac5704e229f -r c409dbc4f068 MYSymmetricKey.m --- a/MYSymmetricKey.m Sun Apr 19 22:05:51 2009 -0700 +++ b/MYSymmetricKey.m Tue Jun 02 13:16:28 2009 -0700 @@ -34,8 +34,15 @@ static CSSM_KEY* cssmKeyFromData( NSData *keyData, CSSM_ALGORITHMS algorithm, MYKeychain *keychain); -//static CSSM_ENCRYPT_MODE defaultModeForAlgorithm(CSSM_ALGORITHMS algorithm); -//CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm); + +#if !TARGET_OS_IPHONE +static CSSM_KEY* unwrapCssmKeyFromData(NSData *wrappedData, + CSSM_ALGORITHMS algorithm, + unsigned sizeInBits); +static CSSM_ENCRYPT_MODE defaultModeForAlgorithm(CSSM_ALGORITHMS algorithm); +static CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm); +#endif + static CSSM_DATA makeSalt( id salty, size_t length ); static CSSM_RETURN impExpCreatePassKey( const SecKeyImportExportParameters *keyParams, // required @@ -49,6 +56,10 @@ - (id) _initWithCSSMKey: (CSSM_KEY*)cssmKey { + if (!cssmKey) { + [self release]; + return nil; + } SecKeyRef keyRef = NULL; if (SecKeyCreate == NULL) { // If weak-linked SPI fn no longer exists @@ -75,10 +86,6 @@ Assert(algorithm <= kCCAlgorithmRC4); Assert(keyData); CSSM_KEY *key = cssmKeyFromData(keyData, CSSMFromCCAlgorithm(algorithm), keychain); - if (!key) { - [self release]; - return nil; - } return [self _initWithCSSMKey: key]; } @@ -223,9 +230,15 @@ #if !TARGET_OS_IPHONE +- (id) initWithWrappedKeyData: (NSData*)wrappedKeyData { + return [self _initWithCSSMKey: unwrapCssmKeyFromData(wrappedKeyData, + CSSM_ALGID_AES,128)]; +} + + - (NSData*) exportWrappedKeyWithPassphrasePrompt: (NSString*)prompt { - // Prompt use for a passphrase to use for the wrapping key: + // Prompt user for a passphrase to use for the wrapping key: MYSymmetricKey *wrappingKey = [MYSymmetricKey generateFromUserPassphraseWithAlertTitle: @"Export Key" alertPrompt: prompt @@ -238,15 +251,17 @@ // Create the context: CSSM_ACCESS_CREDENTIALS credentials = {}; CSSM_CSP_HANDLE cspHandle = self.cssmCSPHandle; - //CSSM_ALGORITHMS algorithm = wrappingKey.cssmAlgorithm; + CSSM_ALGORITHMS algorithm = wrappingKey.cssmAlgorithm; + uint8 iv[16] = {0}; // Right size for AES. Are zeros OK? //FIX: Support other algorithms + CSSM_DATA ivData = {.Data=(void*)&iv, .Length=sizeof(iv)}; CSSM_CC_HANDLE ctx; if (!checkcssm(CSSM_CSP_CreateSymmetricContext(cspHandle, - wrappingKey.cssmAlgorithm, //CSSM_ALGID_3DES_3KEY_EDE, //algorithm, - CSSM_ALGMODE_CBCPadIV8, //defaultModeForAlgorithm(algorithm), + algorithm, //CSSM_ALGID_3DES_3KEY_EDE + defaultModeForAlgorithm(algorithm), &credentials, wrappingKey.cssmKey, - NULL, - CSSM_PADDING_PKCS7, //defaultPaddingForAlgorithm(algorithm), + &ivData, + defaultPaddingForAlgorithm(algorithm), NULL, &ctx), @"CSSM_CSP_CreateSymmetricContext")) @@ -396,6 +411,35 @@ } +#if !TARGET_OS_IPHONE +static CSSM_KEY* unwrapCssmKeyFromData(NSData *wrappedData, + CSSM_ALGORITHMS algorithm, + unsigned sizeInBits) { + Warn(@"MYSymmetricKey: unwrapping is unimplemented; sorry"); + return nil; +#if 0 //not finished yet + // First create a wrapped-key structure from the data: + CSSM_WRAP_KEY wrappedKey = { + .KeyHeader = { + .BlobType = CSSM_KEYBLOB_WRAPPED, + .Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS3, + .AlgorithmId = algorithm, + .KeyClass = CSSM_KEYCLASS_SESSION_KEY, + .LogicalKeySizeInBits = sizeInBits, + .KeyAttr = CSSM_KEYATTR_EXTRACTABLE, + .KeyUsage = CSSM_KEYUSE_ANY, + .WrapAlgorithmId = CSSM_ALGID_AES, + }, + .KeyData = { + .Data = (void*)wrappedData.bytes, + .Length = wrappedData.length + } + }; +#endif +} +#endif + + // Create salt data of a specific length from an arbitrary NSObject. */ static CSSM_DATA makeSalt( id salty, size_t length ) { // Convert to NSData if necessary: @@ -416,7 +460,9 @@ #pragma mark - // Code from Keychain.framework: -#if 0 + +#if !TARGET_OS_IPHONE +#if 1 static CSSM_ENCRYPT_MODE defaultModeForAlgorithm(CSSM_ALGORITHMS algorithm) { switch(algorithm) { // 8-byte block ciphers @@ -438,8 +484,10 @@ return CSSM_ALGMODE_NONE; } } +#endif -CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm) { +#if 1 +static CSSM_PADDING defaultPaddingForAlgorithm(CSSM_ALGORITHMS algorithm) { switch(algorithm) { /* 8-byte block ciphers */ case CSSM_ALGID_DES: @@ -465,6 +513,7 @@ } } #endif +#endif #pragma mark - // Code below was copied from SecImportExportUtils.cpp in Apple's libsecurity_keychain project diff -r 2ac5704e229f -r c409dbc4f068 Tests/iphonedev.cer Binary file Tests/iphonedev.cer has changed diff -r 2ac5704e229f -r c409dbc4f068 Tests/selfsigned.cer Binary file Tests/selfsigned.cer has changed