Operations/QCCAESCryptor.h

/*
    Copyright (C) 2016 Apple Inc. All Rights Reserved.
    See LICENSE.txt for this sample’s licensing information
    
    Abstract:
    Implements AES encryption and decryption without padding.
 */
 
@import Foundation;
 
NS_ASSUME_NONNULL_BEGIN
 
/*! Implements AES encryption and decryption without padding.
 *  \details In unpadded AES, both the input and output are an even multiple of 
 *      the AES block size (`kCCBlockSizeAES128`, or 16).  This supports both EBC and CBC 
 *      mode.
 *      
 *  \warning In most cases you will want to use AES in CBC mode; to do that securely, set the 
 *      initialisation vector (via the `ivData` property) to some cryptographically sound 
 *      random data.  If you need to use EBC mode, which is generally not recommended, set 
 *      the `ivData` property to nil.
 *      
 *  \note The designated initialiser for this class is private.  In the unlikely event you 
 *      need to subclass it, you will have to make that public.
 */
 
@interface QCCAESCryptor : NSOperation
 
/*! Initialise the object to encrypt data using a key.
 *  \param inputData The data to encrypt; its length must be an even multiple of the AES 
 *      block size (`kCCBlockSizeAES128`, or 16).
 *  \param keyData The key used to encrypt the data; its length must must be one of the 
 *      standard AES key sizes (128 bits, `kCCKeySizeAES128`, 16 bytes; 192 bits, 
 *      `kCCKeySizeAES192`, 24 bytes; 256 bits, `kCCKeySizeAES256`, or 32 bytes).
 *  \returns The initialised object.
 */
 
- (instancetype)initToEncryptInputData:(NSData *)inputData keyData:(NSData *)keyData;
 
/*! Initialise the object to decrypt data using a key.
 *  \param inputData The data to decrypt; its length must be an even multiple of the AES 
 *      block size (`kCCBlockSizeAES128`, or 16).
 *  \param keyData The key used to decrypt the data; its length must must be one of the 
 *      standard AES key sizes (128 bits, `kCCKeySizeAES128`, 16 bytes; 192 bits, 
 *      `kCCKeySizeAES192`, 24 bytes; 256 bits, `kCCKeySizeAES256`, or 32 bytes).
 *  \returns The initialised object.
 */
 
- (instancetype)initToDecryptInputData:(NSData *)inputData keyData:(NSData *)keyData;
 
- (instancetype)init NS_UNAVAILABLE;
 
/*! The data to be encrypted or decrypted.
 *  \details This is set by the init method.
 */
 
@property (atomic, copy,   readonly ) NSData *              inputData; 
 
/*! The key with which to do the encryption or decryption.
 *  \details This is set by the init method.
 */
 
@property (atomic, copy,   readonly ) NSData *              keyData; 
 
/*! The initialisation vector for the encryption or decryption. 
 *  \details Set this to nil to use EBC mode.  To use CBC mode securely, set this to an 
 *      initialisation vector generated by a cryptographically sound random number generator.  
 *      Its length must be the AES block size (`kCCBlockSizeAES128`, or 16).
 *      
 *      If you set this, you must set it before queuing the operation.
 *
 *  \warning The default value is an initialisation vector all zeroes.  This is not good 
 *      from a security standard, although still better than EBC mode.
 */
 
@property (atomic, copy,   readwrite, nullable) NSData *    ivData; 
 
/*! The error, if any, resulting from encryption or decryption operation.
 *  \details This is set when the operation is finished.  On success, it will be nil.  Or error, 
 *      it will hold a value describing that error.  You should expect errors to be in the 
 *      `QCCAESCryptorErrorDomain` error domain.
 */
 
@property (atomic, copy,   readonly, nullable) NSError *    error;
 
/*! The output data.
 *  \details This is only meaningful when the operation has finished without error.
 *      If this is an encryption operation, this will be the input data encrypted using the 
 *      key.  If this is a decryption operation, this will be the input data decrypted 
 *      using the key.  It both cases it will be the same length as the input data because 
 *      this operation does no padding.
 */
 
@property (atomic, copy,   readonly, nullable) NSData *     outputData;
 
@end
 
/*! The error domain for the QCCAESCryptor operation.
 *  \details Codes are Common Crypto error codes, that is, `kCCParamError` and its friends.
 */
 
extern NSString * QCCAESCryptorErrorDomain;
 
NS_ASSUME_NONNULL_END