/* Password Encryption Controller Copyright 2013 Thincast Technologies GmbH, Author: Dorian Johnson This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #import "EncryptionController.h" #import "SFHFKeychainUtils.h" #import "TSXAdditions.h" @interface EncryptionController (Private) - (BOOL)verifyPassword:(Encryptor *)decryptor; - (NSData *)encryptedVerificationData; - (void)setEncryptedVerificationData:(Encryptor *)encryptor; - (NSString *)keychainServerName; - (NSString *)keychainUsername; - (void)setKeychainPassword:(NSString *)password; - (NSString *)keychainPassword; - (NSString *)keychainDefaultPassword; @end static EncryptionController *_shared_encryption_controller = nil; #pragma mark - @implementation EncryptionController + (EncryptionController *)sharedEncryptionController { @synchronized(self) { if (_shared_encryption_controller == nil) _shared_encryption_controller = [[EncryptionController alloc] init]; } return _shared_encryption_controller; } #pragma mark Getting an encryptor or decryptor - (Encryptor *)encryptor { if (_shared_encryptor) return _shared_encryptor; NSString *saved_password = [self keychainPassword]; if (saved_password == nil) { saved_password = [self keychainDefaultPassword]; Encryptor *encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease]; [self setEncryptedVerificationData:encryptor]; _shared_encryptor = [encryptor retain]; } else { Encryptor *encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease]; if ([self verifyPassword:encryptor]) _shared_encryptor = [encryptor retain]; } return _shared_encryptor; } // For the current implementation, decryptors and encryptors are equivilant. - (Encryptor *)decryptor { return [self encryptor]; } @end #pragma mark - @implementation EncryptionController (Private) #pragma mark - #pragma mark Keychain password storage - (NSString *)keychainServerName { return [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleName"]; } - (NSString *)keychainUsername { return @"master.password"; } - (void)setKeychainPassword:(NSString *)password { NSError *error; if (password == nil) { [SFHFKeychainUtils deleteItemForUsername:[self keychainUsername] andServerName:[self keychainServerName] error:&error]; return; } [SFHFKeychainUtils storeUsername:[self keychainUsername] andPassword:password forServerName:[self keychainServerName] updateExisting:YES error:&error]; } - (NSString *)keychainPassword { NSError *error; return [SFHFKeychainUtils getPasswordForUsername:[self keychainUsername] andServerName:[self keychainServerName] error:&error]; } - (NSString *)keychainDefaultPassword { NSString *password = [[NSUserDefaults standardUserDefaults] stringForKey:@"UUID"]; if ([password length] == 0) { password = [NSString stringWithUUID]; [[NSUserDefaults standardUserDefaults] setObject:password forKey:@"UUID"]; [[NSUserDefaults standardUserDefaults] removeObjectForKey:@"TSXMasterPasswordVerification"]; } return password; } #pragma mark - #pragma mark Verification of encryption key against verification data - (BOOL)verifyPassword:(Encryptor *)decryptor { return [[decryptor plaintextPassword] isEqualToString:[decryptor decryptString:[self encryptedVerificationData]]]; } - (NSData *)encryptedVerificationData { return [[NSUserDefaults standardUserDefaults] dataForKey:@"TSXMasterPasswordVerification"]; } - (void)setEncryptedVerificationData:(Encryptor *)encryptor { [[NSUserDefaults standardUserDefaults] setObject:[encryptor encryptString:[encryptor plaintextPassword]] forKey:@"TSXMasterPasswordVerification"]; } @end