Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

NSData+AES : cryptOperation now takes an optional initialisation vector

If the vector is not supplied, now uses NULL which has the same effect
 as creating a zero filled vector, but is probably a bit more
 efficient.

Also reordered the parameter validation so if it fails, it fails faster...

And fixed up some comments (mostly pragma marks)

Comment fixup in NSData+AES
  • Loading branch information...
commit de4177a58c8cd5855649a8184fff1ec2b4a82b08 1 parent d1dd739
PureAbstract authored

Showing 1 changed file with 28 additions and 7 deletions. Show diff stats Hide diff stats

  1. 35  Classes/NSData+AES.m
35  Classes/NSData+AES.m
@@ -15,6 +15,9 @@
15 15
 #endif
16 16
 
17 17
 @implementation NSData (AES)
  18
+#pragma mark -
  19
+#pragma mark Random data generator
  20
+// see also 'wipeRandom'
18 21
 +(NSMutableData *)randomBytes:(size_t)length
19 22
 {
20 23
     NSMutableData *bytes = [NSMutableData dataWithLength:length];
@@ -24,18 +27,26 @@ +(NSMutableData *)randomBytes:(size_t)length
24 27
     return bytes;
25 28
 }
26 29
 
27  
-
  30
+#pragma mark -
  31
+#pragma mark Internal: cryptOperation
28 32
 -(NSMutableData *)cryptOperation:(CCOperation) operation
29 33
                          withKey:(NSData *)key
  34
+                      initVector:(NSData *)iv // init vector; may be NULL
30 35
 {
31 36
     if( !key ) {
32  
-        NSAssert( key, @"Null key!");
  37
+        NSAssert( key, @"Null key");
  38
+        return nil;
  39
+    }
  40
+    // Null init vector is ok
  41
+    if( iv && ( iv.length != kCCBlockSizeAES128 ) ) {
  42
+        NSLog(@"Init Vector too short (have %d, need %d)",iv.length,kCCBlockSizeAES128);
33 43
         return nil;
34 44
     }
35 45
     if( key.length != kCCKeySizeAES256 ) {
36 46
         // Key the wrong size, go hash with SHA256...
37 47
         key = [key sha256];
38 48
     }
  49
+    // This should never fail...
39 50
     NSAssert( key.length == kCCKeySizeAES256, @"Bad key size" );
40 51
     if( key.length != kCCKeySizeAES256 ) {
41 52
         return nil;
@@ -47,15 +58,13 @@ -(NSMutableData *)cryptOperation:(CCOperation) operation
47 58
     // isn't really a big deal.
48 59
     NSUInteger outputLen = (1+self.length/kCCBlockSizeAES128)*kCCBlockSizeAES128;
49 60
     NSMutableData *result = [NSMutableData dataWithLength:outputLen];
50  
-    // Init vector - just use zero
51  
-    NSData *iv = [NSMutableData dataWithLength:kCCBlockSizeAES128];
52 61
     size_t dataOut = 0;
53 62
     CCCryptorStatus status = CCCrypt( operation,
54 63
                                       kCCAlgorithmAES128,
55 64
                                       kCCOptionPKCS7Padding,
56 65
                                       key.bytes,
57 66
                                       key.length,
58  
-                                      iv.bytes,
  67
+                                      ( iv ? iv.bytes : NULL ),
59 68
                                       self.bytes,
60 69
                                       self.length,
61 70
                                       result.mutableBytes,
@@ -65,24 +74,31 @@ -(NSMutableData *)cryptOperation:(CCOperation) operation
65 74
         NSLog(@"CCCrypt error %d",status);
66 75
         result = nil;
67 76
     } else {
  77
+        NSAssert( dataOut <= result.length, @"Result buffer too short" );
68 78
         NSLog(@"CCCrypt : Allocated %d, Output was %d@", result.length, dataOut );
69 79
         result.length = dataOut;
70 80
     }
71 81
     return result;
72 82
 }
73 83
 
  84
+#pragma mark -
  85
+#pragma mark encrypt/decrypt data with key
74 86
 -(NSMutableData *)encryptWithKey:(NSData *)key
75 87
 {
76 88
     return [self cryptOperation:kCCEncrypt
77  
-                        withKey:key];
  89
+                        withKey:key
  90
+                     initVector:nil];
78 91
 }
79 92
 
80 93
 -(NSMutableData *)decryptWithKey:(NSData *)key
81 94
 {
82 95
     return [self cryptOperation:kCCDecrypt
83  
-                        withKey:key];
  96
+                        withKey:key
  97
+                     initVector:nil];
84 98
 }
85 99
 
  100
+#pragma mark -
  101
+#pragma mark encrypt/decrypt data with key and salt
86 102
 // Append some random salt, and then encrypt with key
87 103
 // Note: We append rather than prepend, primarily so when we decrypt
88 104
 // we can remve the salt by simple truncation, rather than by copying.
@@ -131,12 +147,17 @@ -(NSMutableData *)decryptWithKey:(NSData *)key saltLength:(size_t)saltLength
131 147
 @end
132 148
 
133 149
 @implementation NSMutableData (AES)
  150
+#pragma mark -
  151
+#pragma mark Zero fill data
134 152
 -(void)wipeZero
135 153
 {
136 154
     if( self.length ) {
137 155
         bzero( self.mutableBytes, self.length );
138 156
     }
139 157
 }
  158
+
  159
+#pragma mark -
  160
+#pragma mark Random fill data
140 161
 -(void)wipeRandom
141 162
 {
142 163
     if( self.length ) {

0 notes on commit de4177a

Please sign in to comment.
Something went wrong with that request. Please try again.