diff options
| -rw-r--r-- | Source/SPConstants.h | 2 | ||||
| -rw-r--r-- | Source/SPConstants.m | 2 | ||||
| -rw-r--r-- | Source/SPDataAdditions.h | 2 | ||||
| -rw-r--r-- | Source/SPDataAdditions.m | 100 | ||||
| -rw-r--r-- | UnitTests/SPDataAdditionsTests.m | 77 |
5 files changed, 163 insertions, 20 deletions
diff --git a/Source/SPConstants.h b/Source/SPConstants.h index 2c2555a8..f2816745 100644 --- a/Source/SPConstants.h +++ b/Source/SPConstants.h @@ -622,6 +622,8 @@ extern NSString *SPURLSchemeQueryResultPathHeader; extern NSString *SPURLSchemeQueryResultStatusPathHeader; extern NSString *SPURLSchemeQueryResultMetaPathHeader; +extern NSString *SPCommonCryptoExceptionName; + #define SPAppDelegate ((SPAppController *)[NSApp delegate]) // Provides a standard method for our "[x release], x = nil;" convention. diff --git a/Source/SPConstants.m b/Source/SPConstants.m index 5f3348ed..42631dab 100644 --- a/Source/SPConstants.m +++ b/Source/SPConstants.m @@ -421,6 +421,8 @@ NSString *SPURLSchemeQueryResultPathHeader = @"/tmp/SP_QUERY_RESULT_"; NSString *SPURLSchemeQueryResultStatusPathHeader = @"/tmp/SP_QUERY_RESULT_STATUS_"; NSString *SPURLSchemeQueryResultMetaPathHeader = @"/tmp/SP_QUERY_META_"; +NSString *SPCommonCryptoExceptionName = @"SPCommonCryptoException"; + void inline _SPClear(id *addr) { [*addr release], *addr = nil; } diff --git a/Source/SPDataAdditions.h b/Source/SPDataAdditions.h index 118f47e2..6c404b9e 100644 --- a/Source/SPDataAdditions.h +++ b/Source/SPDataAdditions.h @@ -33,7 +33,9 @@ - (NSData *)sha1Hash; - (NSData *)dataEncryptedWithPassword:(NSString *)password; +- (NSData *)dataEncryptedWithKey:(NSData *)aesKey IV:(NSData *)iv; - (NSData *)dataDecryptedWithPassword:(NSString *)password; + - (NSData *)compress; - (NSData *)decompress; diff --git a/Source/SPDataAdditions.m b/Source/SPDataAdditions.m index 23280c8b..4a07c437 100644 --- a/Source/SPDataAdditions.m +++ b/Source/SPDataAdditions.m @@ -74,38 +74,98 @@ uint32_t LimitUInt32(NSUInteger i); - (NSData *)dataEncryptedWithPassword:(NSString *)password { // Create a random 128-bit initialization vector + // IV is block "-1" of plaintext data, therefore it is blockSize long srand((unsigned int)time(NULL)); NSInteger ivIndex; - unsigned char iv[16]; - for (ivIndex = 0; ivIndex < 16; ivIndex++) + unsigned char iv[kCCBlockSizeAES128]; + for (ivIndex = 0; ivIndex < kCCBlockSizeAES128; ivIndex++) iv[ivIndex] = rand() & 0xff; + NSData *ivData = [NSData dataWithBytes:iv length:sizeof(iv)]; + + // Create the key from first 128-bits of the 160-bit password hash + NSData *passwordDigest = [[[password dataUsingEncoding:NSUTF8StringEncoding] sha1Hash] subdataWithRange:NSMakeRange(0, kCCKeySizeAES128)]; + + return [self dataEncryptedWithKey:passwordDigest IV:ivData]; +} - // Calculate the 16-byte AES block padding - NSInteger dataLength = [self length]; - NSInteger paddedLength = dataLength + (32 - (dataLength % 16)); - NSInteger totalLength = paddedLength + 16; // Data plus IV +/* + * ABNF for the returned data: + * OCTET = <any 8-bit sequence of data> + * ENCRYPTED = IV AES + * IV = 16OCTET ; 16 random bytes + * AES = <AES_128_CBC(PADDED)> + * PADDED = PLAINTEXT 12*28OCTET LEN ; 13-28 bytes padding (value irrelevant) + * PLAINTEXT = *OCTET ; the raw data + * LEN = 4OCTET ; big endian length of plaintext + * + * Examples for padding: + * Data len padding len = total + * --------- -------- ----- -------- + * 0 28 4 32 + * 1 27 4 32 + * ... + * 15 13 4 32 + * 16 28 4 48 + * 17 27 4 48 + * ... + * + * Note that total has to be a multiple of 16 for AES 128. + * Our padding scheme also requires 4 bytes of storage for len. + * This is were the 32 comes from: Without that 15 data bytes would produce + * only 1 padding byte, which is not enough to store the 4 byte len. + */ +- (NSData *)dataEncryptedWithKey:(NSData *)aesKey IV:(NSData *)iv +{ + if([self length] > UINT32_MAX) + @throw [NSException exceptionWithName:NSInvalidArgumentException reason:@"Length of NSData exceeds 32 Bit, not supported!" userInfo:nil]; + + if([iv length] != kCCBlockSizeAES128) + @throw [NSException exceptionWithName:NSInvalidArgumentException reason:@"Length of ivData must be == kCCBlockSizeAES128!" userInfo:nil]; + if([aesKey length] != kCCKeySizeAES128) + @throw [NSException exceptionWithName:NSInvalidArgumentException reason:@"Key length invalid. Must be kCCKeySizeAES128 bytes!" userInfo:nil]; + + // Calculate the 16-byte AES block padding + uint32_t dataLength = (uint32_t)[self length]; + NSInteger paddedLength = dataLength + (2*kCCBlockSizeAES128 - (dataLength % kCCBlockSizeAES128)); + NSInteger totalLength = paddedLength + kCCBlockSizeAES128; // Data plus IV + // Allocate enough space for the IV + ciphertext unsigned char *encryptedBytes = calloc(1, totalLength); // The first block of the ciphertext buffer is the IV - memcpy(encryptedBytes, iv, 16); + memcpy(encryptedBytes, [iv bytes], kCCBlockSizeAES128); - unsigned char *paddedBytes = calloc(1, paddedLength); + unsigned char *paddedBytes = encryptedBytes + kCCBlockSizeAES128; memcpy(paddedBytes, [self bytes], dataLength); // The last 32-bit chunk is the size of the plaintext, which is encrypted with the plaintext - NSInteger bigIntDataLength = NSSwapHostIntToBig((unsigned int)dataLength); - memcpy(paddedBytes + (paddedLength - 4), &bigIntDataLength, 4); - - // Create the key from first 128-bits of the 160-bit password hash - NSData *passwordDigest = [[password dataUsingEncoding:NSUTF8StringEncoding] sha1Hash]; - AES_KEY aesKey; - AES_set_encrypt_key([passwordDigest bytes], 128, &aesKey); - - // AES-128-cbc encrypt the data, filling in the buffer after the IV - AES_cbc_encrypt(paddedBytes, encryptedBytes + 16, paddedLength, &aesKey, iv, AES_ENCRYPT); - free(paddedBytes); - + uint32_t bigIntDataLength = NSSwapHostIntToBig(dataLength); + unsigned char *lenPtr = paddedBytes + (paddedLength - 4); + memcpy(lenPtr, &bigIntDataLength, 4); + + CCCryptorStatus res = CCCrypt( + kCCEncrypt, // operation mode + kCCAlgorithmAES128, // algorithm + 0, // options. We use our own padding algorithm and CBC is the default + [aesKey bytes], // key bytes + kCCKeySizeAES128, // key length + [iv bytes], // iv bytes (length == block size) + paddedBytes, // raw data + paddedLength, // length of raw data + paddedBytes, // output buffer. overwriting input is OK + paddedLength, // output buffer size + NULL // number of bytes written. not relevant here + ); + + if(res != kCCSuccess) + @throw [NSException exceptionWithName:SPCommonCryptoExceptionName + reason:[NSString stringWithFormat:@"CCCrypt() failed! (CCCryptorStatus=%d)",res] + userInfo:@{@"cryptorStatus":@(res)}]; + + // the return code of CCCrypt() is not always reliable, better check it again + if(memcmp(lenPtr, &bigIntDataLength, 4) == 0) + @throw [NSException exceptionWithName:NSInternalInconsistencyException reason:@"Encrypted data is same as plaintext data!" userInfo:nil]; + return [NSData dataWithBytesNoCopy:encryptedBytes length:totalLength]; } diff --git a/UnitTests/SPDataAdditionsTests.m b/UnitTests/SPDataAdditionsTests.m index dc0df069..0ecad9e7 100644 --- a/UnitTests/SPDataAdditionsTests.m +++ b/UnitTests/SPDataAdditionsTests.m @@ -36,6 +36,8 @@ @interface SPDataAdditionsTests : SenTestCase - (void)testSha1Hash; +- (void)testDataEncryptedWithPassword; +- (void)testDataEncryptedWithKeyIV; @end @@ -109,4 +111,79 @@ } +- (void)testDataEncryptedWithPassword +{ + //this method generates random data, so we can only test it by doing a full round-trip + NSData *raw = [@"foo bar baz!" dataUsingEncoding:NSASCIIStringEncoding]; + NSString *password = @"123456"; + + NSData *encrypted = [raw dataEncryptedWithPassword:password]; + //check that our encrypted data is not the plaintext data + NSData *encCore = [encrypted subdataWithRange:NSMakeRange(16, [raw length])]; + STAssertFalse([encCore isEqualToData:raw], @"encrypted equal to plain text!"); + + //decrypt again and verify + NSData *decrypted = [encrypted dataDecryptedWithPassword:password]; + STAssertEqualObjects(decrypted, raw, @"decrypted data not equal to plaintext data!"); +} + +- (void)testDataEncryptedWithKeyIV +{ + NSData *iv = [@"0123456789ABCDEF" dataUsingEncoding:NSASCIIStringEncoding]; + NSData *raw = [@" " dataUsingEncoding:NSASCIIStringEncoding]; + // ^^^^^^^^^^^^^^^^ spaces because their pattern is easily recognizable in hexdumps + + unsigned char keyRaw[] = {0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09}; // sha1("") + NSData *key = [NSData dataWithBytes:keyRaw length:16]; + + //argument tests: + //key too short + { + @try { + [raw dataEncryptedWithKey:[@"password" dataUsingEncoding:NSASCIIStringEncoding] IV:iv]; + STFail(@"Password should not be a valid key!"); + } + @catch (NSException *exception) { + //expected + } + } + //iv too short + { + @try { + [raw dataEncryptedWithKey:key IV:[NSData data]]; + STFail(@"Empty IV should throw exception!"); + } + @catch (NSException *exception) { + // expected + } + } + //simple test: encrypting empty + { + NSData *enc = [[NSData data] dataEncryptedWithKey:key IV:iv]; + unsigned char expect[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, + 0x42, 0x43, 0x44, 0x45, 0x46, 0x50, 0xc9, 0xca, 0x75, 0x14, 0xd3, + 0x6e, 0xec, 0x9e, 0xc6, 0x4c, 0x25, 0x02, 0x33, 0xdd, 0x86, 0x00, + 0x02, 0x5c, 0x2c, 0xf9, 0xa5, 0x22, 0x79, 0xa4, 0x14, 0x61, 0x90, + 0x1d, 0x9f, 0x0c, 0x7a + }; // reference data generated with OpenSSL + NSData *expData = [NSData dataWithBytesNoCopy:expect length:sizeof(expect) freeWhenDone:NO]; + STAssertEqualObjects(enc, expData, @"Encryption of empty data"); + } + //simple encryption test + { + NSData *enc = [raw dataEncryptedWithKey:key IV:iv]; + unsigned char expect[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, + 0x42, 0x43, 0x44, 0x45, 0x46, 0xd3, 0x58, 0x30, 0x95, 0x6d, 0x7f, + 0xf5, 0x1e, 0x18, 0xb0, 0xbc, 0x1f, 0xb3, 0xe4, 0x52, 0xb1, 0x75, + 0x4c, 0xc3, 0x52, 0xd0, 0x93, 0xad, 0xff, 0x36, 0x4a, 0xae, 0xbe, + 0x60, 0x32, 0xdd, 0x71, 0xef, 0xce, 0x2e, 0x8b, 0x09, 0xcb, 0x9a, + 0x44, 0x32, 0xb3, 0xda, 0x42, 0x58, 0x29, 0x78, 0xc3 + }; // reference data generated with OpenSSL + NSData *expData = [NSData dataWithBytesNoCopy:expect length:sizeof(expect) freeWhenDone:NO]; + STAssertEqualObjects(enc, expData, @"Simple encryption test"); + } +} + @end |