Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 2b2b479448424d0b38b4a6e25d454c87817107a7 / . / src / security / sec-tpm-osx.cpp
blob: ba2464f43f18b6012ca50429a5ecf83230a68fcb [file] [log] [blame]
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * See COPYING for copyright and distribution information.
6 */
7
Alexander Afanasyev19508852014-01-29 01:01:51 -0800[diff] [blame]8#include "sec-tpm-osx.hpp"
9
10#include "security/public-key.hpp"
11#include "util/logging.hpp"
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]12
13#include <fstream>
14#include <sstream>
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]15#include <pwd.h>
16#include <unistd.h>
17#include <stdlib.h>
18#include <string.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]19
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]20#include <CoreFoundation/CoreFoundation.h>
21#include <Security/Security.h>
22#include <CoreServices/CoreServices.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]23
24using namespace std;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]25
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]26INIT_LOGGER("SecTpmOsx");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]27
28namespace ndn
29{
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]30class SecTpmOsx::Impl {
31public:
32 Impl()
33 {}
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]34
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]35 /**
36 * @brief Convert NDN name of a key to internal name of the key.
37 *
38 * @param keyName the NDN name of the key
39 * @param keyClass the class of the key
40 * @return the internal key name
41 */
42 std::string
43 toInternalKeyName(const Name & keyName, KeyClass keyClass);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]44
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]45 /**
46 * @brief Get key.
47 * @param keyName the name of the key
48 * @param keyClass the class of the key
49 * @returns pointer to the key
50 */
51 SecKeychainItemRef
52 getKey(const Name & keyName, KeyClass keyClass);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]53
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]54 /**
55 * convert keyType to MAC OS symmetric key key type
56 * @param keyType
57 * @returns MAC OS key type
58 */
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]59 const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]60 getSymKeyType(KeyType keyType);
61
62 /**
63 * convert keyType to MAC OS asymmetirc key type
64 * @param keyType
65 * @returns MAC OS key type
66 */
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]67 const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]68 getAsymKeyType(KeyType keyType);
69
70 /**
71 * convert keyClass to MAC OS key class
72 * @param keyClass
73 * @returns MAC OS key class
74 */
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]75 const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]76 getKeyClass(KeyClass keyClass);
77
78 /**
79 * convert digestAlgo to MAC OS algorithm id
80 * @param digestAlgo
81 * @returns MAC OS algorithm id
82 */
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]83 const CFStringRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]84 getDigestAlgorithm(DigestAlgorithm digestAlgo);
85
86 /**
87 * get the digest size of the corresponding algorithm
88 * @param digestAlgo the digest algorithm
89 * @return digest size
90 */
91 long
92 getDigestSize(DigestAlgorithm digestAlgo);
93
94 bool
95 getPassWord(string& password, string target);
96
97 ///////////////////////////////////////////////
98 // everything here is public, including data //
99 ///////////////////////////////////////////////
100public:
101 SecKeychainRef m_keyChainRef;
102};
103
104
105SecTpmOsx::SecTpmOsx()
106 : m_impl(new Impl)
107{
108 OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef);
109
110
111 if (res == errSecNoDefaultKeychain) //If no default key chain, create one.
112 {
113 //Get the password for the new key chain.
114 string keyChainName("ndnroot.keychain");
115 cerr << "No Default KeyChain! Create " << keyChainName << ":" << endl;
116 string password;
117 while(!m_impl->getPassWord(password, keyChainName))
118 {
119 cerr << "Password mismatch!" << endl;
120 }
121
122 //Create the key chain
123 res = SecKeychainCreate(keyChainName.c_str(), //Keychain path
124 password.size(), //Keychain password length
125 password.c_str(), //Keychain password
126 false, //User prompt
127 NULL, //Initial access of Keychain
128 &m_impl->m_keyChainRef); //Keychain reference
129
130 if(res == errSecSuccess)
131 cerr << keyChainName << " has been created!" << endl;
132 else
133 {
134 char* pw = const_cast<char*>(password.c_str());
135 memset(pw, 0, password.size());
136 throw Error("No default keychain!");
137 }
138
139 //Unlock the default key chain
140 SecKeychainUnlock(m_impl->m_keyChainRef,
141 password.size(),
142 password.c_str(),
143 true);
144
145 char* pw = const_cast<char*>(password.c_str());
146 memset(pw, 0, password.size());
147
148 return;
149 }
150
151 //If the default key chain exists, check if it is unlocked
152 SecKeychainStatus keychainStatus;
153 res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus);
154 if(kSecUnlockStateStatus & keychainStatus)
155 return;
156
157
158 //If the default key chain is locked, unlock the key chain
159 bool locked = true;
160 while(locked)
161 {
162 const char* fmt = "Password to unlock the default keychain: ";
163 char* password = NULL;
164 password = getpass(fmt);
165
166 if (!password)
167 {
168 memset(password, 0, strlen(password));
169 continue;
170 }
171
172 res = SecKeychainUnlock(m_impl->m_keyChainRef,
173 strlen(password),
174 password,
175 true);
176
177 memset(password, 0, strlen(password));
178
179 if(res == errSecSuccess)
180 locked = false;
181 }
182}
183
184SecTpmOsx::~SecTpmOsx(){
185 //TODO: implement
186}
187
188void
189SecTpmOsx::generateKeyPairInTpm(const Name & keyName, KeyType keyType, int keySize)
190{
191
192 if(doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)){
193 _LOG_DEBUG("keyName has existed");
194 throw Error("keyName has existed");
195 }
196
197 string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_PUBLIC);
198
199 SecKeyRef publicKey, privateKey;
200
201 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
202 keyNameUri.c_str(),
203 kCFStringEncodingUTF8);
204
205 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
206 3,
207 &kCFTypeDictionaryKeyCallBacks,
208 NULL);
209
210 CFDictionaryAddValue(attrDict, kSecAttrKeyType, m_impl->getAsymKeyType(keyType));
211 CFDictionaryAddValue(attrDict, kSecAttrKeySizeInBits, CFNumberCreate(NULL, kCFNumberIntType, &keySize));
212 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
213
214 OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict, &publicKey, &privateKey);
215
216 CFRelease(publicKey);
217 CFRelease(privateKey);
218
219 if (res != errSecSuccess){
220 _LOG_DEBUG("Fail to create a key pair: " << res);
221 throw Error("Fail to create a key pair");
222 }
223}
224
225void
226SecTpmOsx::deleteKeyPairInTpm(const Name &keyName)
227{
228 string keyNameUri = keyName.toUri();
229
230 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
231 keyNameUri.c_str(),
232 kCFStringEncodingUTF8);
233
234 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
235 5,
236 &kCFTypeDictionaryKeyCallBacks,
237 NULL);
238
239 CFDictionaryAddValue(attrDict, kSecClass, kSecClassKey);
240 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
241 CFDictionaryAddValue(attrDict, kSecMatchLimit, kSecMatchLimitAll);
242
243 OSStatus res = SecItemDelete((CFDictionaryRef) attrDict);
244
245 if(res != errSecSuccess)
246 _LOG_DEBUG("Fail to find the key!");
247}
248
249void
250SecTpmOsx::generateSymmetricKeyInTpm(const Name & keyName, KeyType keyType, int keySize)
251{
252
253 if(doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
254 throw Error("keyName has existed!");
255
256 string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC);
257
258 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(kCFAllocatorDefault,
259 0,
260 &kCFTypeDictionaryKeyCallBacks,
261 &kCFTypeDictionaryValueCallBacks);
262
263 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
264 keyNameUri.c_str(),
265 kCFStringEncodingUTF8);
266
267 CFDictionaryAddValue(attrDict, kSecAttrKeyType, m_impl->getSymKeyType(keyType));
268 CFDictionaryAddValue(attrDict, kSecAttrKeySizeInBits, CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keySize));
269 CFDictionaryAddValue(attrDict, kSecAttrIsPermanent, kCFBooleanTrue);
270 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
271
272 CFErrorRef error = NULL;
273
274 SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error);
275
276 if (error)
277 throw Error("Fail to create a symmetric key");
278}
279
280ptr_lib::shared_ptr<PublicKey>
281SecTpmOsx::getPublicKeyFromTpm(const Name & keyName)
282{
283 _LOG_TRACE("OSXPrivateKeyStorage::getPublickey");
284
285 SecKeychainItemRef publicKey = m_impl->getKey(keyName, KEY_CLASS_PUBLIC);
286
287 CFDataRef exportedKey;
288
289 OSStatus res = SecItemExport(publicKey,
290 kSecFormatOpenSSL,
291 0,
292 NULL,
293 &exportedKey);
294
295 return ptr_lib::make_shared<PublicKey>(CFDataGetBytePtr(exportedKey), CFDataGetLength(exportedKey));
296}
297
298Block
299SecTpmOsx::signInTpm(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm)
300{
301 _LOG_TRACE("OSXPrivateKeyStorage::Sign");
302
303 CFDataRef dataRef = CFDataCreateWithBytesNoCopy(NULL,
304 data,
305 dataLength,
306 kCFAllocatorNull
307 );
308
309 SecKeyRef privateKey = (SecKeyRef)m_impl->getKey(keyName, KEY_CLASS_PRIVATE);
310
311 CFErrorRef error;
312 SecTransformRef signer = SecSignTransformCreate((SecKeyRef)privateKey, &error);
313 if (error) throw Error("Fail to create signer");
314
315 // Set input
316 Boolean set_res = SecTransformSetAttribute(signer,
317 kSecTransformInputAttributeName,
318 dataRef,
319 &error);
320 if (error) throw Error("Fail to configure input of signer");
321
322 // Enable use of padding
323 SecTransformSetAttribute(
324 signer,
325 kSecPaddingKey,
326 kSecPaddingPKCS1Key,
327 &error);
328 if (error) throw Error("Fail to configure digest algorithm of signer");
329
330 // Set padding type
331 set_res = SecTransformSetAttribute(signer,
332 kSecDigestTypeAttribute,
333 m_impl->getDigestAlgorithm(digestAlgorithm),
334 &error);
335 if (error) throw Error("Fail to configure digest algorithm of signer");
336
337 // Set padding attribute
338 long digestSize = m_impl->getDigestSize(digestAlgorithm);
339 set_res = SecTransformSetAttribute(signer,
340 kSecDigestLengthAttribute,
341 CFNumberCreate(NULL, kCFNumberLongType, &digestSize),
342 &error);
343 if (error) throw Error("Fail to configure digest size of signer");
344
345 // Actually sign
346 CFDataRef signature = (CFDataRef) SecTransformExecute(signer, &error);
347 if (error) {
348 CFShow(error);
349 throw Error("Fail to sign data");
350 }
351
352 if (!signature) throw Error("Signature is NULL!\n");
353
354 return Block(Tlv::SignatureValue,
355 ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
356}
357
358ConstBufferPtr
359SecTpmOsx::decryptInTpm(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
360{
361 _LOG_TRACE("OSXPrivateKeyStorage::Decrypt");
362
363 KeyClass keyClass;
364 if(sym)
365 keyClass = KEY_CLASS_SYMMETRIC;
366 else
367 keyClass = KEY_CLASS_PRIVATE;
368
369 CFDataRef dataRef = CFDataCreate(NULL,
370 reinterpret_cast<const unsigned char*>(data),
371 dataLength
372 );
373
374 // _LOG_DEBUG("CreateData");
375
376 SecKeyRef decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass);
377
378 // _LOG_DEBUG("GetKey");
379
380 CFErrorRef error;
381 SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error);
382 if (error) throw Error("Fail to create decrypt");
383
384 Boolean set_res = SecTransformSetAttribute(decrypt,
385 kSecTransformInputAttributeName,
386 dataRef,
387 &error);
388 if (error) throw Error("Fail to configure decrypt");
389
390 CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error);
391 if (error)
392 {
393 CFShow(error);
394 throw Error("Fail to decrypt data");
395 }
396 if (!output) throw Error("Output is NULL!\n");
397
398 return ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output));
399}
400
401bool
402SecTpmOsx::setACL(const Name & keyName, KeyClass keyClass, int acl, const string & appPath)
403{
404 SecKeychainItemRef privateKey = m_impl->getKey(keyName, keyClass);
405
406 SecAccessRef accRef;
407 OSStatus acc_res = SecKeychainItemCopyAccess(privateKey, &accRef);
408
409 CFArrayRef signACL = SecAccessCopyMatchingACLList(accRef,
410 kSecACLAuthorizationSign);
411
412 SecACLRef aclRef = (SecACLRef) CFArrayGetValueAtIndex(signACL, 0);
413
414 CFArrayRef appList;
415 CFStringRef description;
416 SecKeychainPromptSelector promptSelector;
417 OSStatus acl_res = SecACLCopyContents(aclRef,
418 &appList,
419 &description,
420 &promptSelector);
421
422 CFMutableArrayRef newAppList = CFArrayCreateMutableCopy(NULL,
423 0,
424 appList);
425
426 SecTrustedApplicationRef trustedApp;
427 acl_res = SecTrustedApplicationCreateFromPath(appPath.c_str(),
428 &trustedApp);
429
430 CFArrayAppendValue(newAppList, trustedApp);
431
432
433 CFArrayRef authList = SecACLCopyAuthorizations(aclRef);
434
435 acl_res = SecACLRemove(aclRef);
436
437 SecACLRef newACL;
438 acl_res = SecACLCreateWithSimpleContents(accRef,
439 newAppList,
440 description,
441 promptSelector,
442 &newACL);
443
444 acl_res = SecACLUpdateAuthorizations(newACL, authList);
445
446 acc_res = SecKeychainItemSetAccess(privateKey, accRef);
447
448 return true;
449}
450
451// bool
452// OSXPrivateKeyStorage::verifyData(const Name & keyName, const Blob & pData, const Blob & pSig, DigestAlgorithm digestAlgo)
453// {
454// _LOG_TRACE("OSXPrivateKeyStorage::Verify");
455
456// CFDataRef dataRef = CFDataCreate(NULL,
457// reinterpret_cast<const unsigned char*>(pData.buf()),
458// pData.size());
459
460// CFDataRef sigRef = CFDataCreate(NULL,
461// reinterpret_cast<const unsigned char*>(pSig.buf()),
462// pSig.size());
463
464// SecKeyRef publicKey = (SecKeyRef)m_impl->getKey(keyName, KEY_CLASS_PUBLIC);
465
466// CFErrorRef error;
467// SecTransformRef verifier = SecVerifyTransformCreate(publicKey, sigRef, &error);
468// if (error) throw Error("Fail to create verifier");
469
470// Boolean set_res = SecTransformSetAttribute(verifier,
471// kSecTransformInputAttributeName,
472// dataRef,
473// &error);
474// if (error) throw Error("Fail to configure input of verifier");
475
476// set_res = SecTransformSetAttribute(verifier,
477// kSecDigestTypeAttribute,
478// m_impl->getDigestAlgorithm(digestAlgo),
479// &error);
480// if (error) throw Error("Fail to configure digest algorithm of verifier");
481
482// long digestSize = m_impl->getDigestSize(digestAlgo);
483// set_res = SecTransformSetAttribute(verifier,
484// kSecDigestLengthAttribute,
485// CFNumberCreate(NULL, kCFNumberLongType, &digestSize),
486// &error);
487// if (error) throw Error("Fail to configure digest size of verifier");
488
489// CFBooleanRef result = (CFBooleanRef) SecTransformExecute(verifier, &error);
490// if (error) throw Error("Fail to verify data");
491
492// if (result == kCFBooleanTrue)
493// return true;
494// else
495// return false;
496// }
497
498ConstBufferPtr
499SecTpmOsx::encryptInTpm(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
500{
501 _LOG_TRACE("OSXPrivateKeyStorage::Encrypt");
502
503 KeyClass keyClass;
504 if(sym)
505 keyClass = KEY_CLASS_SYMMETRIC;
506 else
507 keyClass = KEY_CLASS_PUBLIC;
508
509 CFDataRef dataRef = CFDataCreate(NULL,
510 reinterpret_cast<const unsigned char*>(data),
511 dataLength
512 );
513
514 SecKeyRef encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass);
515
516 CFErrorRef error;
517 SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error);
518 if (error) throw Error("Fail to create encrypt");
519
520 Boolean set_res = SecTransformSetAttribute(encrypt,
521 kSecTransformInputAttributeName,
522 dataRef,
523 &error);
524 if (error) throw Error("Fail to configure encrypt");
525
526 CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error);
527 if (error) throw Error("Fail to encrypt data");
528
529 if (!output) throw Error("Output is NULL!\n");
530
531 return ptr_lib::make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output));
532}
533
534bool
535SecTpmOsx::doesKeyExistInTpm(const Name & keyName, KeyClass keyClass)
536{
537 _LOG_TRACE("OSXPrivateKeyStorage::doesKeyExist");
538
539 string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass);
540
541 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
542 keyNameUri.c_str(),
543 kCFStringEncodingUTF8);
544
545 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
546 4,
547 &kCFTypeDictionaryKeyCallBacks,
548 NULL);
549
550 CFDictionaryAddValue(attrDict, kSecClass, kSecClassKey);
551 CFDictionaryAddValue(attrDict, kSecAttrKeyClass, m_impl->getKeyClass(keyClass));
552 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
553 CFDictionaryAddValue(attrDict, kSecReturnRef, kCFBooleanTrue);
554
555 SecKeychainItemRef itemRef;
556 OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict, (CFTypeRef*)&itemRef);
557
558 if(res == errSecItemNotFound)
559 return false;
560 else
561 return true;
562
563}
564
565
566////////////////////////////////
567// OSXPrivateKeyStorage::Impl //
568////////////////////////////////
569
570SecKeychainItemRef
571SecTpmOsx::Impl::getKey(const Name & keyName, KeyClass keyClass)
572{
573 string keyNameUri = toInternalKeyName(keyName, keyClass);
574
575 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
576 keyNameUri.c_str(),
577 kCFStringEncodingUTF8);
578
579 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
580 5,
581 &kCFTypeDictionaryKeyCallBacks,
582 NULL);
583
584 CFDictionaryAddValue(attrDict, kSecClass, kSecClassKey);
585 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
586 CFDictionaryAddValue(attrDict, kSecAttrKeyClass, getKeyClass(keyClass));
587 CFDictionaryAddValue(attrDict, kSecReturnRef, kCFBooleanTrue);
588
589 SecKeychainItemRef keyItem;
590
591 OSStatus res = SecItemCopyMatching((CFDictionaryRef) attrDict, (CFTypeRef*)&keyItem);
592
593 if(res != errSecSuccess){
594 _LOG_DEBUG("Fail to find the key!");
595 return NULL;
596 }
597 else
598 return keyItem;
599}
600
601string
602SecTpmOsx::Impl::toInternalKeyName(const Name & keyName, KeyClass keyClass)
603{
604 string keyUri = keyName.toUri();
605
606 if(KEY_CLASS_SYMMETRIC == keyClass)
607 return keyUri + "/symmetric";
608 else
609 return keyUri;
610}
611
612const CFTypeRef
613SecTpmOsx::Impl::getAsymKeyType(KeyType keyType)
614{
615 switch(keyType){
616 case KEY_TYPE_RSA:
617 return kSecAttrKeyTypeRSA;
618 default:
619 _LOG_DEBUG("Unrecognized key type!")
620 return NULL;
621 }
622}
623
624const CFTypeRef
625SecTpmOsx::Impl::getSymKeyType(KeyType keyType)
626{
627 switch(keyType){
628 case KEY_TYPE_AES:
629 return kSecAttrKeyTypeAES;
630 default:
631 _LOG_DEBUG("Unrecognized key type!")
632 return NULL;
633 }
634}
635
636const CFTypeRef
637SecTpmOsx::Impl::getKeyClass(KeyClass keyClass)
638{
639 switch(keyClass){
640 case KEY_CLASS_PRIVATE:
641 return kSecAttrKeyClassPrivate;
642 case KEY_CLASS_PUBLIC:
643 return kSecAttrKeyClassPublic;
644 case KEY_CLASS_SYMMETRIC:
645 return kSecAttrKeyClassSymmetric;
646 default:
647 _LOG_DEBUG("Unrecognized key class!");
648 return NULL;
649 }
650}
651
652const CFStringRef
653SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
654{
655 switch(digestAlgo){
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]656 // case DIGEST_MD2:
657 // return kSecDigestMD2;
658 // case DIGEST_MD5:
659 // return kSecDigestMD5;
660 // case DIGEST_SHA1:
661 // return kSecDigestSHA1;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]662 case DIGEST_ALGORITHM_SHA256:
663 return kSecDigestSHA2;
664 default:
665 _LOG_DEBUG("Unrecognized digest algorithm!");
666 return NULL;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]667 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]668}
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]669
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]670long
671SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo)
672{
673 switch(digestAlgo){
674 case DIGEST_ALGORITHM_SHA256:
675 return 256;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]676 // case DIGEST_SHA1:
677 // case DIGEST_MD2:
678 // case DIGEST_MD5:
679 // return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]680 default:
681 _LOG_DEBUG("Unrecognized digest algorithm! Unknown digest size");
682 return -1;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]683 }
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]684}
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame^]685
686bool
687SecTpmOsx::Impl::getPassWord(string& password, string target)
688{
689 int result = false;
690
691 string prompt1 = "Password for " + target + ":";
692 string prompt2 = "Confirm password for " + target + ":";
693 char* pw0 = NULL;
694
695 pw0 = getpass(prompt1.c_str());
696 if(!pw0)
697 return false;
698 string password1 = pw0;
699 memset(pw0, 0, strlen(pw0));
700
701 pw0 = getpass(prompt2.c_str());
702 if(!pw0)
703 {
704 char* pw1 = const_cast<char*>(password1.c_str());
705 memset(pw1, 0, password1.size());
706 return false;
707 }
708
709 if(!password1.compare(pw0))
710 {
711 result = true;
712 password.swap(password1);
713 }
714
715 char* pw1 = const_cast<char*>(password1.c_str());
716 memset(pw1, 0, password1.size());
717 memset(pw0, 0, strlen(pw0));
718 return result;
719}
720
721}// ndn