2017-09-07 15:51:57 +08:00
|
|
|
//
|
|
|
|
// OpenVPNPrivateKey.m
|
|
|
|
// OpenVPN Adapter
|
|
|
|
//
|
|
|
|
// Created by Sergey Abramchuk on 07.09.17.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
|
2018-01-18 21:39:41 +08:00
|
|
|
#import "OpenVPNPrivateKey.h"
|
|
|
|
|
2018-01-18 22:00:28 +08:00
|
|
|
#include <mbedtls/pk.h>
|
2017-09-07 15:51:57 +08:00
|
|
|
|
2018-01-18 22:00:28 +08:00
|
|
|
#import "OpenVPNKeyType.h"
|
2018-01-18 21:39:41 +08:00
|
|
|
#import "NSError+OpenVPNError.h"
|
2017-09-07 15:51:57 +08:00
|
|
|
|
|
|
|
@interface OpenVPNPrivateKey ()
|
|
|
|
|
2017-09-07 19:07:42 +08:00
|
|
|
@property (nonatomic, assign) mbedtls_pk_context *ctx;
|
2017-09-07 15:51:57 +08:00
|
|
|
|
|
|
|
@end
|
|
|
|
|
|
|
|
@implementation OpenVPNPrivateKey
|
|
|
|
|
2018-02-02 16:40:53 +08:00
|
|
|
+ (OpenVPNPrivateKey *)keyWithPEM:(NSData *)pemData password:(NSString *)password error:(NSError * __autoreleasing *)error {
|
2017-09-07 15:51:57 +08:00
|
|
|
OpenVPNPrivateKey *key = [OpenVPNPrivateKey new];
|
|
|
|
|
2017-09-07 19:07:42 +08:00
|
|
|
NSString *pemString = [[NSString alloc] initWithData:pemData encoding:NSUTF8StringEncoding];
|
|
|
|
|
2017-09-08 01:04:32 +08:00
|
|
|
size_t pem_length = strlen(pemString.UTF8String) + 1;
|
|
|
|
size_t password_length = password != nil ? strlen(password.UTF8String) : 0;
|
|
|
|
|
2018-01-18 21:39:41 +08:00
|
|
|
int result = mbedtls_pk_parse_key(key.ctx, (const unsigned char *)pemString.UTF8String,
|
|
|
|
pem_length, (const unsigned char *)password.UTF8String, password_length);
|
|
|
|
|
2017-09-07 19:07:42 +08:00
|
|
|
if (result < 0) {
|
|
|
|
if (error) {
|
2018-01-18 21:39:41 +08:00
|
|
|
*error = [NSError ovpn_errorObjectForMbedTLSError:result description:@"Failed to read PEM data"];
|
2017-09-07 19:07:42 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil;
|
|
|
|
}
|
|
|
|
|
2017-09-07 15:51:57 +08:00
|
|
|
return key;
|
|
|
|
}
|
|
|
|
|
2018-02-02 16:40:53 +08:00
|
|
|
+ (OpenVPNPrivateKey *)keyWithDER:(NSData *)derData password:(NSString *)password error:(NSError * __autoreleasing *)error {
|
2017-09-07 15:51:57 +08:00
|
|
|
OpenVPNPrivateKey *key = [OpenVPNPrivateKey new];
|
|
|
|
|
2017-09-08 01:04:32 +08:00
|
|
|
size_t password_length = password != nil ? strlen(password.UTF8String) : 0;
|
|
|
|
|
2018-01-18 21:39:41 +08:00
|
|
|
int result = mbedtls_pk_parse_key(key.ctx, derData.bytes,
|
|
|
|
derData.length, (const unsigned char *)password.UTF8String, password_length);
|
|
|
|
|
2017-09-07 19:07:42 +08:00
|
|
|
if (result < 0) {
|
|
|
|
if (error) {
|
2018-01-18 21:39:41 +08:00
|
|
|
*error = [NSError ovpn_errorObjectForMbedTLSError:result description:@"Failed to read DER data"];
|
2017-09-07 19:07:42 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil;
|
|
|
|
}
|
|
|
|
|
2017-09-07 15:51:57 +08:00
|
|
|
return key;
|
|
|
|
}
|
|
|
|
|
2018-01-18 22:00:28 +08:00
|
|
|
- (instancetype)init {
|
|
|
|
if (self = [super init]) {
|
|
|
|
_ctx = malloc(sizeof(mbedtls_pk_context));
|
|
|
|
mbedtls_pk_init(_ctx);
|
|
|
|
}
|
|
|
|
return self;
|
|
|
|
}
|
|
|
|
|
|
|
|
- (NSInteger)size {
|
|
|
|
return mbedtls_pk_get_bitlen(self.ctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
- (OpenVPNKeyType)type {
|
|
|
|
return (OpenVPNKeyType)mbedtls_pk_get_type(self.ctx);
|
|
|
|
}
|
|
|
|
|
2018-02-02 16:40:53 +08:00
|
|
|
- (NSData *)pemData:(NSError * __autoreleasing *)error {
|
2017-09-08 01:04:32 +08:00
|
|
|
size_t buffer_length = mbedtls_pk_get_len(self.ctx) * 10;
|
2017-09-08 01:09:14 +08:00
|
|
|
unsigned char *pem_buffer = malloc(buffer_length);
|
2017-09-07 19:50:08 +08:00
|
|
|
|
|
|
|
int result = mbedtls_pk_write_key_pem(self.ctx, pem_buffer, buffer_length);
|
|
|
|
if (result < 0) {
|
|
|
|
if (error) {
|
2018-01-18 21:39:41 +08:00
|
|
|
*error = [NSError ovpn_errorObjectForMbedTLSError:result description:@"Failed to write PEM data"];
|
2017-09-07 19:50:08 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
free(pem_buffer);
|
|
|
|
return nil;
|
|
|
|
}
|
|
|
|
|
2018-01-18 21:39:41 +08:00
|
|
|
NSData *pemData = [[NSString stringWithCString:(const char *)pem_buffer
|
|
|
|
encoding:NSUTF8StringEncoding] dataUsingEncoding:NSUTF8StringEncoding];
|
2017-09-07 19:50:08 +08:00
|
|
|
|
|
|
|
free(pem_buffer);
|
|
|
|
return pemData;
|
|
|
|
}
|
|
|
|
|
2018-02-02 16:40:53 +08:00
|
|
|
- (NSData *)derData:(NSError * __autoreleasing *)error {
|
2017-09-08 01:04:32 +08:00
|
|
|
size_t buffer_length = mbedtls_pk_get_len(self.ctx) * 10;
|
2017-09-08 01:09:14 +08:00
|
|
|
unsigned char *der_buffer = malloc(buffer_length);
|
2017-09-07 19:50:08 +08:00
|
|
|
|
|
|
|
int result = mbedtls_pk_write_key_der(self.ctx, der_buffer, buffer_length);
|
|
|
|
if (result < 0) {
|
|
|
|
if (error) {
|
2018-01-18 21:39:41 +08:00
|
|
|
*error = [NSError ovpn_errorObjectForMbedTLSError:result description:@"Failed to write DER data"];
|
2017-09-07 19:50:08 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
free(der_buffer);
|
|
|
|
return nil;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSUInteger location = buffer_length - result;
|
|
|
|
NSRange range = NSMakeRange(location, result);
|
|
|
|
|
|
|
|
NSData *derData = [[NSData dataWithBytes:der_buffer length:buffer_length] subdataWithRange:range];
|
|
|
|
|
|
|
|
free(der_buffer);
|
|
|
|
return derData;
|
|
|
|
}
|
|
|
|
|
2017-09-07 15:51:57 +08:00
|
|
|
- (void)dealloc {
|
2018-01-18 22:00:28 +08:00
|
|
|
mbedtls_pk_free(_ctx);
|
|
|
|
free(_ctx);
|
2017-09-07 15:51:57 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
@end
|