api/Encryptor_8m_source.html

/*

 Password Encryptor


 Copyright 2013 Thincast Technologies GmbH, Author: Dorian Johnson


 This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.

 If a copy of the MPL was not distributed with this file, You can obtain one at

 http://mozilla.org/MPL/2.0/.

 */


/* We try to use CommonCrypto as much as possible. PBKDF2 was added to CommonCrypto in iOS 5, so use

 * OpenSSL only as a fallback to do PBKDF2 on pre iOS 5 systems. */


#import "Encryptor.h"

#import <CommonCrypto/CommonKeyDerivation.h>

#import <CommonCrypto/CommonCryptor.h>

#import <CommonCrypto/CommonDigest.h>

#import <openssl/evp.h> // For PBKDF2 on < 5.0

#include <fcntl.h>


#pragma mark -


@interface Encryptor (Private)

- (NSData *)randomInitializationVector;

@end


@implementation Encryptor

@synthesize plaintextPassword = _plaintext_password;


- (id)initWithPassword:(NSString *)plaintext_password

{

  if (plaintext_password == nil)

    return nil;


  if (!(self = [super init]))

    return nil;


  _plaintext_password = [plaintext_password retain];

  const char *plaintext_password_data =

      [plaintext_password length] ? [plaintext_password UTF8String] : " ";


  if (!plaintext_password_data || !strlen(plaintext_password_data))

    [NSException raise:NSInternalInconsistencyException

                format:@"%s: plaintext password data is zero length!", __func__];


  uint8_t *derived_key = calloc(1, TSXEncryptorPBKDF2KeySize);


  if (CCKeyDerivationPBKDF != NULL)

  {

    int ret = CCKeyDerivationPBKDF(

        kCCPBKDF2, plaintext_password_data, strlen(plaintext_password_data) - 1,

        (const uint8_t *)TSXEncryptorPBKDF2Salt, TSXEncryptorPBKDF2SaltLen, kCCPRFHmacAlgSHA1,

        TSXEncryptorPBKDF2Rounds, derived_key, TSXEncryptorPBKDF2KeySize);

    // NSLog(@"CCKeyDerivationPBKDF ret = %d; key: %@", ret, [NSData

    // dataWithBytesNoCopy:derived_key length:TWEncryptorPBKDF2KeySize freeWhenDone:NO]);


    if (ret)

    {

      NSLog(@"%s: CCKeyDerivationPBKDF ret == %d, indicating some sort of failure.", __func__,

            ret);

      free(derived_key);

      [self autorelease];

      return nil;

    }

  }

  else

  {

    // iOS 4.x or earlier -- use OpenSSL

    unsigned long ret = PKCS5_PBKDF2_HMAC_SHA1(

        plaintext_password_data, (int)strlen(plaintext_password_data) - 1,

        (const unsigned char *)TSXEncryptorPBKDF2Salt, TSXEncryptorPBKDF2SaltLen,

        TSXEncryptorPBKDF2Rounds, TSXEncryptorPBKDF2KeySize, derived_key);

    // NSLog(@"PKCS5_PBKDF2_HMAC_SHA1 ret = %lu; key: %@", ret, [NSData

    // dataWithBytesNoCopy:derived_key length:TWEncryptorPBKDF2KeySize freeWhenDone:NO]);


    if (ret != 1)

    {

      NSLog(@"%s: PKCS5_PBKDF2_HMAC_SHA1 ret == %lu, indicating some sort of failure.",

            __func__, ret);

      free(derived_key);

      [self release];

      return nil;

    }

  }


  _encryption_key = [[NSData alloc] initWithBytesNoCopy:derived_key

                                                 length:TSXEncryptorPBKDF2KeySize

                                           freeWhenDone:YES];

  return self;

}


#pragma mark -

#pragma mark Encrypting/Decrypting data


- (NSData *)encryptData:(NSData *)plaintext_data

{

  if (![plaintext_data length])

    return nil;


  NSData *iv = [self randomInitializationVector];

  NSMutableData *encrypted_data = [NSMutableData

      dataWithLength:[iv length] + [plaintext_data length] + TSXEncryptorBlockCipherBlockSize];

  [encrypted_data replaceBytesInRange:NSMakeRange(0, [iv length]) withBytes:[iv bytes]];


  size_t data_out_moved = 0;

  int ret = CCCrypt(kCCEncrypt, TSXEncryptorBlockCipherAlgo, TSXEncryptorBlockCipherOptions,

                    [_encryption_key bytes], TSXEncryptorBlockCipherKeySize, [iv bytes],

                    [plaintext_data bytes], [plaintext_data length],

                    [encrypted_data mutableBytes] + [iv length],

                    [encrypted_data length] - [iv length], &data_out_moved);


  switch (ret)

  {

    case kCCSuccess:

      [encrypted_data setLength:[iv length] + data_out_moved];

      return encrypted_data;


    default:

      NSLog(

          @"%s: uncaught error, ret CCCryptorStatus = %d (plaintext len = %lu; buffer size = "

          @"%lu)",

          __func__, ret, (unsigned long)[plaintext_data length],

          (unsigned long)([encrypted_data length] - [iv length]));

      return nil;

  }


  return nil;

}


- (NSData *)decryptData:(NSData *)encrypted_data

{

  if ([encrypted_data length] <= TSXEncryptorBlockCipherBlockSize)

    return nil;


  NSMutableData *plaintext_data =

      [NSMutableData dataWithLength:[encrypted_data length] + TSXEncryptorBlockCipherBlockSize];

  size_t data_out_moved = 0;


  int ret =

      CCCrypt(kCCDecrypt, TSXEncryptorBlockCipherAlgo, TSXEncryptorBlockCipherOptions,

              [_encryption_key bytes], TSXEncryptorBlockCipherKeySize, [encrypted_data bytes],

              [encrypted_data bytes] + TSXEncryptorBlockCipherBlockSize,

              [encrypted_data length] - TSXEncryptorBlockCipherBlockSize,

              [plaintext_data mutableBytes], [plaintext_data length], &data_out_moved);


  switch (ret)

  {

    case kCCSuccess:

      [plaintext_data setLength:data_out_moved];

      return plaintext_data;


    case kCCBufferTooSmall: // Our output buffer is big enough to decrypt valid data. This

                            // return code indicates malformed data.

    case kCCAlignmentError: // Shouldn't get this, since we're using padding.

    case kCCDecodeError:    // Wrong key.

      return nil;


    default:

      NSLog(@"%s: uncaught error, ret CCCryptorStatus = %d (encrypted data len = %lu; buffer "

            @"size = %lu; dom = %lu)",

            __func__, ret, (unsigned long)[encrypted_data length],

            (unsigned long)[plaintext_data length], data_out_moved);

      return nil;

  }


  return nil;

}


- (NSData *)encryptString:(NSString *)plaintext_string

{

  return [self encryptData:[plaintext_string dataUsingEncoding:NSUTF8StringEncoding]];

}


- (NSString *)decryptString:(NSData *)encrypted_string

{

  return [[[NSString alloc] initWithData:[self decryptData:encrypted_string]

                                encoding:NSUTF8StringEncoding] autorelease];

}


- (NSData *)randomInitializationVector

{

  NSMutableData *iv = [NSMutableData dataWithLength:TSXEncryptorBlockCipherBlockSize];

  int fd;


  if ((fd = open("/dev/urandom", O_RDONLY)) < 0)

    return nil;


  NSInteger bytes_needed = [iv length];

  char *p = [iv mutableBytes];


  while (bytes_needed)

  {

    long bytes_read = read(fd, p, bytes_needed);


    if (bytes_read < 0)

      continue;


    p += bytes_read;

    bytes_needed -= bytes_read;

  }


  close(fd);

  return iv;

}


@end

Encryptor
Definition Encryptor.h:28