Permalink
Browse files

NSData+AES : cryptOperation now takes an optional initialisation vector

If the vector is not supplied, now uses NULL which has the same effect
 as creating a zero filled vector, but is probably a bit more
 efficient.

Also reordered the parameter validation so if it fails, it fails faster...

And fixed up some comments (mostly pragma marks)

Comment fixup in NSData+AES
  • Loading branch information...
1 parent d1dd739 commit de4177a58c8cd5855649a8184fff1ec2b4a82b08 @PureAbstract committed Jun 9, 2012
Showing with 28 additions and 7 deletions.
  1. +28 −7 Classes/NSData+AES.m
View
@@ -15,6 +15,9 @@
#endif
@implementation NSData (AES)
+#pragma mark -
+#pragma mark Random data generator
+// see also 'wipeRandom'
+(NSMutableData *)randomBytes:(size_t)length
{
NSMutableData *bytes = [NSMutableData dataWithLength:length];
@@ -24,18 +27,26 @@ +(NSMutableData *)randomBytes:(size_t)length
return bytes;
}
-
+#pragma mark -
+#pragma mark Internal: cryptOperation
-(NSMutableData *)cryptOperation:(CCOperation) operation
withKey:(NSData *)key
+ initVector:(NSData *)iv // init vector; may be NULL
{
if( !key ) {
- NSAssert( key, @"Null key!");
+ NSAssert( key, @"Null key");
+ return nil;
+ }
+ // Null init vector is ok
+ if( iv && ( iv.length != kCCBlockSizeAES128 ) ) {
+ NSLog(@"Init Vector too short (have %d, need %d)",iv.length,kCCBlockSizeAES128);
return nil;
}
if( key.length != kCCKeySizeAES256 ) {
// Key the wrong size, go hash with SHA256...
key = [key sha256];
}
+ // This should never fail...
NSAssert( key.length == kCCKeySizeAES256, @"Bad key size" );
if( key.length != kCCKeySizeAES256 ) {
return nil;
@@ -47,15 +58,13 @@ -(NSMutableData *)cryptOperation:(CCOperation) operation
// isn't really a big deal.
NSUInteger outputLen = (1+self.length/kCCBlockSizeAES128)*kCCBlockSizeAES128;
NSMutableData *result = [NSMutableData dataWithLength:outputLen];
- // Init vector - just use zero
- NSData *iv = [NSMutableData dataWithLength:kCCBlockSizeAES128];
size_t dataOut = 0;
CCCryptorStatus status = CCCrypt( operation,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
key.bytes,
key.length,
- iv.bytes,
+ ( iv ? iv.bytes : NULL ),
self.bytes,
self.length,
result.mutableBytes,
@@ -65,24 +74,31 @@ -(NSMutableData *)cryptOperation:(CCOperation) operation
NSLog(@"CCCrypt error %d",status);
result = nil;
} else {
+ NSAssert( dataOut <= result.length, @"Result buffer too short" );
NSLog(@"CCCrypt : Allocated %d, Output was %d@", result.length, dataOut );
result.length = dataOut;
}
return result;
}
+#pragma mark -
+#pragma mark encrypt/decrypt data with key
-(NSMutableData *)encryptWithKey:(NSData *)key
{
return [self cryptOperation:kCCEncrypt
- withKey:key];
+ withKey:key
+ initVector:nil];
}
-(NSMutableData *)decryptWithKey:(NSData *)key
{
return [self cryptOperation:kCCDecrypt
- withKey:key];
+ withKey:key
+ initVector:nil];
}
+#pragma mark -
+#pragma mark encrypt/decrypt data with key and salt
// Append some random salt, and then encrypt with key
// Note: We append rather than prepend, primarily so when we decrypt
// we can remve the salt by simple truncation, rather than by copying.
@@ -131,12 +147,17 @@ -(NSMutableData *)decryptWithKey:(NSData *)key saltLength:(size_t)saltLength
@end
@implementation NSMutableData (AES)
+#pragma mark -
+#pragma mark Zero fill data
-(void)wipeZero
{
if( self.length ) {
bzero( self.mutableBytes, self.length );
}
}
+
+#pragma mark -
+#pragma mark Random fill data
-(void)wipeRandom
{
if( self.length ) {

0 comments on commit de4177a

Please sign in to comment.