This repository has been archived by the owner on Oct 18, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 12
/
MYCryptor.h
105 lines (85 loc) · 4.19 KB
/
MYCryptor.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
//
// MYCryptor.h
// MYCrypto
//
// Created by Jens Alfke on 3/21/09.
// Copyright 2009 Jens Alfke. All rights reserved.
//
#import <Foundation/Foundation.h>
#import <CommonCrypto/CommonCryptor.h>
/** Symmetric encryption: a streaming interface for encrypting/decrypting data.
This is a simple Cocoa wrapper for CommonCrypto/commonCryptor.h. It will probably be
merged into, or integrated with, MYSymmetricKey. */
@interface MYCryptor : NSObject
{
@private
NSData *_key;
CCOperation _operation;
CCAlgorithm _algorithm;
CCOptions _options;
CCCryptorRef _cryptor;
NSError *_error;
NSOutputStream *_outputStream;
NSMutableData *_output;
}
/** Returns a randomly-generated symmetric key of the desired length (in bits).
* @param lengthInBits The length of the desired key, in bits (not bytes).
*/
+ (NSData*) randomKeyOfLength: (size_t)lengthInBits;
/** Converts a passphrase into a symmetric key of the desired length (in bits).
* The same passphrase (and salt) will always return the same key, so you can use this method
* to encrypt and decrypt data using a user-entered passphrase, without having to store the key
* itself in the keychain.
* @param lengthInBits The length of the desired key, in bits (not bytes).
* @param passphrase The user-entered passphrase.
* @param salt An arbitrary value whose description will be appended to the passphrase before
* hashing, to perturb the resulting bits. The purpose of this is to make it harder for
* an attacker to brute-force the key using a precompiled list of digests of common
* passwords. Changing the salt changes the key, so you need to pass the same value when
* re-deriving the key as you did when first generating it.
*/
+ (NSData*) keyOfLength: (size_t)lengthInBits
fromPassphrase: (NSString*)passphrase
salt: (id)salt;
/** Creates a MYCryptor configured to encrypt data. */
- (id) initEncryptorWithKey: (NSData*)key
algorithm: (CCAlgorithm)algorithm;
/** Creates a MYCryptor configured to decrypt data. */
- (id) initDecryptorWithKey: (NSData*)key
algorithm: (CCAlgorithm)algorithm;
/** The encryption/decryption key; same as the 'key' parameter to the initializer. */
@property (readonly) NSData *key;
/** The cipher to use; initial value is the 'algorithm' parameter to the initializer.
You can change this <i>before</i> the first call to -addData:, but not after. */
@property CCAlgorithm algorithm;
/** Block-mode cipher options; you can set flags to enable PKCS7 padding or ECB mode
(default is CBC.)
You can change this <i>before</i> the first call to -addData:, but not after. */
@property CCOptions options;
/** Setting this property tells the cryptor to send its output to the stream,
instead of accumulating it in the outputData property.
You can change this <i>before</i> the first call to -addData:, but not after. */
@property (strong) NSOutputStream *outputStream;
/** The error state, if any, of this cryptor.
After -addData: or -finish: returns NO, check this property. */
@property (readonly, strong) NSError *error;
/** Adds input data.
@return YES if the operation succeeded, NO if it failed. */
- (BOOL) addData: (NSData*)data;
/** Finishes up the encryption/decryption and flushes the remaining bytes of output.
After this is called, you cannot add any more bytes of data.
@return YES if the operation succeeded, NO if it failed. */
- (BOOL) finish;
/** The output of the cryptor. Accessing this property implicitly calls -finish, so don't
do it until you've added all of the input. (And don't add any more input afterwards.)
This property will be nil if the outputStream property has been set. */
@property (weak, readonly) NSData *outputData;
@end
/** NSError domain for MYCryptor operations. Error code is interpreted as a CCCryptorStatus,
with additional error code(s) defined below. */
extern NSString* const MYCryptorErrorDomain;
enum {
/** Indicates that the outputStream couldn't write all the bytes given to it (this is legal
behavior for an NSOutputStream, but MYCryptor can't handle this yet.) */
kMYCryptorErrorOutputStreamChoked = -777000
};