Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 3 | * Copyright (c) 2013-2014 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 22 | */ |
| 23 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 24 | #include "common.hpp" |
| 25 | |
Alexander Afanasyev | 1950885 | 2014-01-29 01:01:51 -0800 | [diff] [blame] | 26 | #include "sec-tpm-osx.hpp" |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 27 | #include "public-key.hpp" |
Alexander Afanasyev | 258ec2b | 2014-05-14 16:15:37 -0700 | [diff] [blame] | 28 | #include "../encoding/oid.hpp" |
| 29 | #include "../encoding/buffer-stream.hpp" |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 30 | #include "cryptopp.hpp" |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 31 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 32 | #include <pwd.h> |
| 33 | #include <unistd.h> |
| 34 | #include <stdlib.h> |
| 35 | #include <string.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 36 | |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 37 | #include <CoreFoundation/CoreFoundation.h> |
| 38 | #include <Security/Security.h> |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 39 | #include <Security/SecRandom.h> |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 40 | #include <CoreServices/CoreServices.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 41 | |
Alexander Afanasyev | 59d67a5 | 2014-04-03 16:09:31 -0700 | [diff] [blame] | 42 | #include <Security/SecDigestTransform.h> |
| 43 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 44 | namespace ndn { |
| 45 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 46 | using std::string; |
| 47 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 48 | /** |
| 49 | * @brief Helper class to wrap CoreFoundation object pointers |
| 50 | * |
| 51 | * The class is similar in spirit to shared_ptr, but uses CoreFoundation |
| 52 | * mechanisms to retain/release object. |
| 53 | * |
| 54 | * Original implementation by Christopher Hunt and it was borrowed from |
| 55 | * http://www.cocoabuilder.com/archive/cocoa/130776-auto-cfrelease-and.html |
| 56 | */ |
| 57 | template<class T> |
| 58 | class CFReleaser |
| 59 | { |
| 60 | public: |
| 61 | ////////////////////////////// |
| 62 | // Construction/destruction // |
| 63 | |
| 64 | CFReleaser() |
| 65 | : m_typeRef(0) |
| 66 | { |
| 67 | } |
| 68 | |
| 69 | CFReleaser(const T& typeRef) |
| 70 | : m_typeRef(typeRef) |
| 71 | { |
| 72 | } |
| 73 | |
| 74 | CFReleaser(const CFReleaser& inReleaser) |
| 75 | : m_typeRef(0) |
| 76 | { |
| 77 | retain(inReleaser.m_typeRef); |
| 78 | } |
| 79 | |
| 80 | CFReleaser& |
| 81 | operator=(const T& typeRef) |
| 82 | { |
| 83 | if (typeRef != m_typeRef) { |
| 84 | release(); |
| 85 | m_typeRef = typeRef; |
| 86 | } |
| 87 | return *this; |
| 88 | } |
| 89 | |
| 90 | CFReleaser& |
| 91 | operator=(const CFReleaser& inReleaser) |
| 92 | { |
| 93 | retain(inReleaser.m_typeRef); |
| 94 | return *this; |
| 95 | } |
| 96 | |
| 97 | ~CFReleaser() |
| 98 | { |
| 99 | release(); |
| 100 | } |
| 101 | |
| 102 | //////////// |
| 103 | // Access // |
| 104 | |
| 105 | // operator const T&() const |
| 106 | // { |
| 107 | // return m_typeRef; |
| 108 | // } |
| 109 | |
| 110 | // operator T&() |
| 111 | // { |
| 112 | // return m_typeRef; |
| 113 | // } |
| 114 | |
| 115 | const T& |
| 116 | get() const |
| 117 | { |
| 118 | return m_typeRef; |
| 119 | } |
| 120 | |
| 121 | T& |
| 122 | get() |
| 123 | { |
| 124 | return m_typeRef; |
| 125 | } |
| 126 | |
| 127 | /////////////////// |
| 128 | // Miscellaneous // |
| 129 | |
| 130 | void |
| 131 | retain(const T& typeRef) |
| 132 | { |
| 133 | if (typeRef != 0) { |
| 134 | CFRetain(typeRef); |
| 135 | } |
| 136 | release(); |
| 137 | m_typeRef = typeRef; |
| 138 | } |
| 139 | |
| 140 | void release() |
| 141 | { |
| 142 | if (m_typeRef != 0) { |
| 143 | CFRelease(m_typeRef); |
| 144 | m_typeRef = 0; |
| 145 | } |
| 146 | }; |
| 147 | |
| 148 | private: |
| 149 | T m_typeRef; |
| 150 | }; |
| 151 | |
| 152 | |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 153 | class SecTpmOsx::Impl |
| 154 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 155 | public: |
| 156 | Impl() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 157 | : m_passwordSet(false) |
| 158 | , m_inTerminal(false) |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 159 | { |
| 160 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 161 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 162 | /** |
| 163 | * @brief Convert NDN name of a key to internal name of the key. |
| 164 | * |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 165 | * @param keyName |
| 166 | * @param keyClass |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 167 | * @return the internal key name |
| 168 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 169 | std::string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 170 | toInternalKeyName(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 171 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 172 | /** |
| 173 | * @brief Get key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 174 | * |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 175 | * @param keyName |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 176 | * @param keyClass |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 177 | * @returns pointer to the key |
| 178 | */ |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 179 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 180 | getKey(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 181 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 182 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 183 | * @brief Convert keyType to MAC OS symmetric key key type |
| 184 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 185 | * @param keyType |
| 186 | * @returns MAC OS key type |
| 187 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 188 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 189 | getSymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 190 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 191 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 192 | * @brief Convert keyType to MAC OS asymmetirc key type |
| 193 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 194 | * @param keyType |
| 195 | * @returns MAC OS key type |
| 196 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 197 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 198 | getAsymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 199 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 200 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 201 | * @brief Convert keyClass to MAC OS key class |
| 202 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 203 | * @param keyClass |
| 204 | * @returns MAC OS key class |
| 205 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 206 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 207 | getKeyClass(KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 208 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 209 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 210 | * @brief Convert digestAlgo to MAC OS algorithm id |
| 211 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 212 | * @param digestAlgo |
| 213 | * @returns MAC OS algorithm id |
| 214 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 215 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 216 | getDigestAlgorithm(DigestAlgorithm digestAlgo); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 217 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 218 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 219 | * @brief Get the digest size of the corresponding algorithm |
| 220 | * |
| 221 | * @param digestAlgo |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 222 | * @return digest size |
| 223 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 224 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 225 | getDigestSize(DigestAlgorithm digestAlgo); |
| 226 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 227 | /////////////////////////////////////////////// |
| 228 | // everything here is public, including data // |
| 229 | /////////////////////////////////////////////// |
| 230 | public: |
| 231 | SecKeychainRef m_keyChainRef; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 232 | bool m_passwordSet; |
| 233 | string m_password; |
| 234 | bool m_inTerminal; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 235 | }; |
| 236 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 237 | SecTpmOsx::SecTpmOsx() |
| 238 | : m_impl(new Impl) |
| 239 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 240 | if (m_impl->m_inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 241 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 242 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 243 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 244 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 245 | OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 246 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 247 | if (res == errSecNoDefaultKeychain) //If no default key chain, create one. |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 248 | throw Error("No default keychain, create one first!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 249 | } |
| 250 | |
| 251 | SecTpmOsx::~SecTpmOsx(){ |
| 252 | //TODO: implement |
| 253 | } |
| 254 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 255 | void |
| 256 | SecTpmOsx::setTpmPassword(const uint8_t* password, size_t passwordLength) |
| 257 | { |
| 258 | m_impl->m_passwordSet = true; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 259 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 260 | m_impl->m_password.clear(); |
| 261 | m_impl->m_password.append(reinterpret_cast<const char*>(password), passwordLength); |
| 262 | } |
| 263 | |
| 264 | void |
| 265 | SecTpmOsx::resetTpmPassword() |
| 266 | { |
| 267 | m_impl->m_passwordSet = false; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 268 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 269 | m_impl->m_password.clear(); |
| 270 | } |
| 271 | |
| 272 | void |
| 273 | SecTpmOsx::setInTerminal(bool inTerminal) |
| 274 | { |
| 275 | m_impl->m_inTerminal = inTerminal; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 276 | if (inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 277 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 278 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 279 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 280 | } |
| 281 | |
| 282 | bool |
Alexander Afanasyev | 770827c | 2014-05-13 17:42:55 -0700 | [diff] [blame] | 283 | SecTpmOsx::getInTerminal() const |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 284 | { |
| 285 | return m_impl->m_inTerminal; |
| 286 | } |
| 287 | |
| 288 | bool |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 289 | SecTpmOsx::isLocked() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 290 | { |
| 291 | SecKeychainStatus keychainStatus; |
| 292 | |
| 293 | OSStatus res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 294 | if (res != errSecSuccess) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 295 | return true; |
| 296 | else |
| 297 | return ((kSecUnlockStateStatus & keychainStatus) == 0); |
| 298 | } |
| 299 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 300 | bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 301 | SecTpmOsx::unlockTpm(const char* password, size_t passwordLength, bool usePassword) |
| 302 | { |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 303 | OSStatus res; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 304 | |
| 305 | // If the default key chain is already unlocked, return immediately. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 306 | if (!isLocked()) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 307 | return true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 308 | |
| 309 | // If the default key chain is locked, unlock the key chain. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 310 | if (usePassword) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 311 | { |
| 312 | // Use the supplied password. |
| 313 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 314 | passwordLength, |
| 315 | password, |
| 316 | true); |
| 317 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 318 | else if (m_impl->m_passwordSet) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 319 | { |
| 320 | // If no password supplied, then use the configured password if exists. |
| 321 | SecKeychainUnlock(m_impl->m_keyChainRef, |
| 322 | m_impl->m_password.size(), |
| 323 | m_impl->m_password.c_str(), |
| 324 | true); |
| 325 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 326 | else if (m_impl->m_inTerminal) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 327 | { |
| 328 | // If no configured password, get password from terminal if inTerminal set. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 329 | bool isLocked = true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 330 | const char* fmt = "Password to unlock the default keychain: "; |
| 331 | int count = 0; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 332 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 333 | while (isLocked) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 334 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 335 | if (count > 2) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 336 | break; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 337 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 338 | char* getPassword = 0; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 339 | getPassword = getpass(fmt); |
| 340 | count++; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 341 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 342 | if (!getPassword) |
| 343 | continue; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 344 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 345 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 346 | strlen(getPassword), |
| 347 | getPassword, |
| 348 | true); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 349 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 350 | memset(getPassword, 0, strlen(getPassword)); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 351 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 352 | if (res == errSecSuccess) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 353 | break; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 354 | } |
| 355 | } |
| 356 | else |
| 357 | { |
| 358 | // If inTerminal is not set, get the password from GUI. |
| 359 | SecKeychainUnlock(m_impl->m_keyChainRef, 0, 0, false); |
| 360 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 361 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 362 | return !isLocked(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 363 | } |
| 364 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 365 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 366 | SecTpmOsx::generateKeyPairInTpmInternal(const Name& keyName, |
| 367 | const KeyParams& params, |
| 368 | bool needRetry) |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 369 | { |
| 370 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 371 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
| 372 | { |
| 373 | throw Error("keyName has existed"); |
| 374 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 375 | |
| 376 | string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_PUBLIC); |
| 377 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 378 | CFReleaser<CFStringRef> keyLabel = |
| 379 | CFStringCreateWithCString(0, |
| 380 | keyNameUri.c_str(), |
| 381 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 382 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 383 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 384 | CFDictionaryCreateMutable(0, |
| 385 | 3, |
| 386 | &kCFTypeDictionaryKeyCallBacks, |
| 387 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 388 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 389 | KeyType keyType = params.getKeyType(); |
| 390 | uint32_t keySize; |
| 391 | switch (keyType) |
| 392 | { |
| 393 | case KEY_TYPE_RSA: |
| 394 | { |
| 395 | const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); |
| 396 | keySize = rsaParams.getKeySize(); |
| 397 | break; |
| 398 | } |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 399 | case KEY_TYPE_ECDSA: |
| 400 | { |
| 401 | const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); |
| 402 | keySize = ecdsaParams.getKeySize(); |
| 403 | break; |
| 404 | } |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 405 | default: |
| 406 | throw Error("Fail to create a key pair: Unsupported key type"); |
| 407 | } |
| 408 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 409 | CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 410 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 411 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getAsymKeyType(keyType)); |
| 412 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 413 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 414 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 415 | CFReleaser<SecKeyRef> publicKey, privateKey; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 416 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 417 | OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict.get(), |
| 418 | &publicKey.get(), &privateKey.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 419 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 420 | if (res == errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 421 | { |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 422 | return; |
| 423 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 424 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 425 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 426 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 427 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 428 | generateKeyPairInTpmInternal(keyName, params, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 429 | else |
| 430 | throw Error("Fail to unlock the keychain"); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 431 | } |
| 432 | else |
| 433 | { |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 434 | throw Error("Fail to create a key pair"); |
| 435 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 436 | } |
| 437 | |
| 438 | void |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 439 | SecTpmOsx::deleteKeyPairInTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 440 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 441 | CFReleaser<CFStringRef> keyLabel = |
| 442 | CFStringCreateWithCString(0, |
| 443 | keyName.toUri().c_str(), |
| 444 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 445 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 446 | CFReleaser<CFMutableDictionaryRef> searchDict = |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 447 | CFDictionaryCreateMutable(0, 5, |
| 448 | &kCFTypeDictionaryKeyCallBacks, |
| 449 | &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 450 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 451 | CFDictionaryAddValue(searchDict.get(), kSecClass, kSecClassKey); |
| 452 | CFDictionaryAddValue(searchDict.get(), kSecAttrLabel, keyLabel.get()); |
| 453 | CFDictionaryAddValue(searchDict.get(), kSecMatchLimit, kSecMatchLimitAll); |
| 454 | OSStatus res = SecItemDelete(searchDict.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 455 | |
| 456 | if (res == errSecSuccess) |
| 457 | return; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 458 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 459 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 460 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 461 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 462 | deleteKeyPairInTpmInternal(keyName, true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 463 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 464 | } |
| 465 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 466 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 467 | SecTpmOsx::generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 468 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 469 | throw Error("SecTpmOsx::generateSymmetricKeyInTpm is not supported"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 470 | // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 471 | // throw Error("keyName has existed!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 472 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 473 | // string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 474 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 475 | // CFReleaser<CFMutableDictionaryRef> attrDict = |
| 476 | // CFDictionaryCreateMutable(kCFAllocatorDefault, |
| 477 | // 0, |
| 478 | // &kCFTypeDictionaryKeyCallBacks, |
| 479 | // &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 480 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 481 | // CFReleaser<CFStringRef> keyLabel = |
| 482 | // CFStringCreateWithCString(0, |
| 483 | // keyNameUri.c_str(), |
| 484 | // kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 485 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 486 | // CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
| 487 | |
| 488 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getSymKeyType(keyType)); |
| 489 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 490 | // CFDictionaryAddValue(attrDict.get(), kSecAttrIsPermanent, kCFBooleanTrue); |
| 491 | // CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 492 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 493 | // CFErrorRef error = 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 494 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 495 | // SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 496 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 497 | // if (error) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 498 | // throw Error("Fail to create a symmetric key"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 499 | } |
| 500 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 501 | shared_ptr<PublicKey> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 502 | SecTpmOsx::getPublicKeyFromTpm(const Name& keyName) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 503 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 504 | CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KEY_CLASS_PUBLIC); |
| 505 | if (publicKey.get() == 0) |
| 506 | { |
| 507 | throw Error("Requested public key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 508 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 509 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 510 | CFReleaser<CFDataRef> exportedKey; |
| 511 | OSStatus res = SecItemExport(publicKey.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 512 | kSecFormatOpenSSL, |
| 513 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 514 | 0, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 515 | &exportedKey.get()); |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 516 | if (res != errSecSuccess) |
| 517 | { |
| 518 | throw Error("Cannot export requested public key from OSX Keychain"); |
| 519 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 520 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 521 | shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()), |
| 522 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 523 | return key; |
| 524 | } |
| 525 | |
| 526 | ConstBufferPtr |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 527 | SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 528 | { |
| 529 | using namespace CryptoPP; |
| 530 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 531 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE); |
| 532 | if (privateKey.get() == 0) |
| 533 | { |
| 534 | /// @todo Can this happen because of keychain is locked? |
| 535 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 536 | } |
| 537 | |
| 538 | CFReleaser<CFDataRef> exportedKey; |
| 539 | OSStatus res = SecItemExport(privateKey.get(), |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 540 | kSecFormatOpenSSL, |
| 541 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 542 | 0, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 543 | &exportedKey.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 544 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 545 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 546 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 547 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 548 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 549 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 550 | return exportPrivateKeyPkcs8FromTpmInternal(keyName, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 551 | else |
| 552 | return shared_ptr<Buffer>(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 553 | } |
| 554 | else |
| 555 | return shared_ptr<Buffer>(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 556 | } |
| 557 | |
| 558 | OBufferStream pkcs1Os; |
| 559 | FileSink sink(pkcs1Os); |
| 560 | |
| 561 | uint32_t version = 0; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 562 | OID algorithm("1.2.840.113549.1.1.1"); // "RSA encryption" |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 563 | SecByteBlock rawKeyBits; |
| 564 | // PrivateKeyInfo ::= SEQUENCE { |
| 565 | // version INTEGER, |
| 566 | // privateKeyAlgorithm SEQUENCE, |
| 567 | // privateKey OCTECT STRING} |
| 568 | DERSequenceEncoder privateKeyInfo(sink); |
| 569 | { |
| 570 | DEREncodeUnsigned<uint32_t>(privateKeyInfo, version, INTEGER); |
| 571 | DERSequenceEncoder privateKeyAlgorithm(privateKeyInfo); |
| 572 | { |
| 573 | algorithm.encode(privateKeyAlgorithm); |
| 574 | DEREncodeNull(privateKeyAlgorithm); |
| 575 | } |
| 576 | privateKeyAlgorithm.MessageEnd(); |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 577 | DEREncodeOctetString(privateKeyInfo, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 578 | CFDataGetBytePtr(exportedKey.get()), |
| 579 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 580 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 581 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 582 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 583 | return pkcs1Os.buf(); |
| 584 | } |
| 585 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 586 | #ifdef __GNUC__ |
| 587 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 588 | #pragma GCC diagnostic push |
| 589 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 590 | #pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
| 591 | #endif // __GNUC__ |
| 592 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 593 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 594 | SecTpmOsx::importPrivateKeyPkcs8IntoTpmInternal(const Name& keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 595 | const uint8_t* buf, size_t size, |
| 596 | bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 597 | { |
| 598 | using namespace CryptoPP; |
| 599 | |
| 600 | StringSource privateKeySource(buf, size, true); |
| 601 | uint32_t tmpNum; |
| 602 | OID tmpOID; |
| 603 | SecByteBlock rawKeyBits; |
| 604 | // PrivateKeyInfo ::= SEQUENCE { |
| 605 | // INTEGER, |
| 606 | // SEQUENCE, |
| 607 | // OCTECT STRING} |
| 608 | BERSequenceDecoder privateKeyInfo(privateKeySource); |
| 609 | { |
| 610 | BERDecodeUnsigned<uint32_t>(privateKeyInfo, tmpNum, INTEGER); |
| 611 | BERSequenceDecoder sequenceDecoder(privateKeyInfo); |
| 612 | { |
| 613 | tmpOID.decode(sequenceDecoder); |
| 614 | BERDecodeNull(sequenceDecoder); |
| 615 | } |
| 616 | BERDecodeOctetString(privateKeyInfo, rawKeyBits); |
| 617 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 618 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 619 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 620 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 621 | rawKeyBits.BytePtr(), |
| 622 | rawKeyBits.size(), |
| 623 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 624 | |
| 625 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 626 | SecExternalItemType externalType = kSecItemTypePrivateKey; |
| 627 | SecKeyImportExportParameters keyParams; |
| 628 | memset(&keyParams, 0, sizeof(keyParams)); |
| 629 | keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; |
| 630 | keyParams.keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 631 | CFReleaser<SecAccessRef> access; |
| 632 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 633 | keyName.toUri().c_str(), |
| 634 | kCFStringEncodingUTF8); |
| 635 | SecAccessCreate(keyLabel.get(), 0, &access.get()); |
| 636 | keyParams.accessRef = access.get(); |
| 637 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 638 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 639 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 640 | #pragma clang diagnostic push |
| 641 | #pragma clang diagnostic ignored "-Wdeprecated-declarations" |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 642 | #endif // __clang__ |
| 643 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 644 | OSStatus res = SecKeychainItemImport(importedKey.get(), |
| 645 | 0, |
| 646 | &externalFormat, |
| 647 | &externalType, |
| 648 | 0, |
| 649 | &keyParams, |
| 650 | m_impl->m_keyChainRef, |
| 651 | &outItems.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 652 | |
| 653 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 654 | #pragma clang diagnostic pop |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 655 | #endif // __clang__ |
| 656 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 657 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 658 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 659 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 660 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 661 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 662 | return importPrivateKeyPkcs8IntoTpmInternal(keyName, buf, size, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 663 | else |
| 664 | return false; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 665 | } |
| 666 | else |
| 667 | return false; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 668 | } |
| 669 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 670 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 671 | SecKeychainItemRef privateKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 672 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 673 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 674 | string keyUri = keyName.toUri(); |
| 675 | { |
| 676 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 677 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 678 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 679 | attrList.count++; |
| 680 | } |
| 681 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 682 | res = SecKeychainItemModifyAttributesAndData(privateKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 683 | &attrList, |
| 684 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 685 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 686 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 687 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 688 | { |
| 689 | return false; |
| 690 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 691 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 692 | return true; |
| 693 | } |
| 694 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 695 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 696 | #pragma GCC diagnostic pop |
| 697 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 698 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 699 | bool |
| 700 | SecTpmOsx::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 701 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 702 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 703 | buf, |
| 704 | size, |
| 705 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 706 | |
| 707 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 708 | SecExternalItemType externalType = kSecItemTypePublicKey; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 709 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 710 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 711 | OSStatus res = SecItemImport(importedKey.get(), |
| 712 | 0, |
| 713 | &externalFormat, |
| 714 | &externalType, |
| 715 | 0, |
| 716 | 0, |
| 717 | m_impl->m_keyChainRef, |
| 718 | &outItems.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 719 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 720 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 721 | return false; |
| 722 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 723 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 724 | SecKeychainItemRef publicKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 725 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 726 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 727 | string keyUri = keyName.toUri(); |
| 728 | { |
| 729 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 730 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 731 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 732 | attrList.count++; |
| 733 | } |
| 734 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 735 | res = SecKeychainItemModifyAttributesAndData(publicKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 736 | &attrList, |
| 737 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 738 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 739 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 740 | if (res != errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 741 | return false; |
| 742 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 743 | return true; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 744 | } |
| 745 | |
| 746 | Block |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 747 | SecTpmOsx::signInTpmInternal(const uint8_t* data, size_t dataLength, |
| 748 | const Name& keyName, DigestAlgorithm digestAlgorithm, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 749 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 750 | CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(0, |
| 751 | data, |
| 752 | dataLength, |
| 753 | kCFAllocatorNull); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 754 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 755 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE); |
| 756 | if (privateKey.get() == 0) |
| 757 | { |
| 758 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 759 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 760 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 761 | CFReleaser<CFErrorRef> error; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 762 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 763 | CFReleaser<SecTransformRef> signer = SecSignTransformCreate((SecKeyRef)privateKey.get(), |
| 764 | &error.get()); |
| 765 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 766 | throw Error("Fail to create signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 767 | |
| 768 | // Set input |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 769 | SecTransformSetAttribute(signer.get(), |
| 770 | kSecTransformInputAttributeName, |
| 771 | dataRef.get(), |
| 772 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 773 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 774 | throw Error("Fail to configure input of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 775 | |
| 776 | // Enable use of padding |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 777 | SecTransformSetAttribute(signer.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 778 | kSecPaddingKey, |
| 779 | kSecPaddingPKCS1Key, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 780 | &error.get()); |
| 781 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 782 | throw Error("Fail to configure digest algorithm of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 783 | |
| 784 | // Set padding type |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 785 | SecTransformSetAttribute(signer.get(), |
| 786 | kSecDigestTypeAttribute, |
| 787 | m_impl->getDigestAlgorithm(digestAlgorithm), |
| 788 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 789 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 790 | throw Error("Fail to configure digest algorithm of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 791 | |
| 792 | // Set padding attribute |
| 793 | long digestSize = m_impl->getDigestSize(digestAlgorithm); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 794 | CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(0, kCFNumberLongType, &digestSize); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 795 | SecTransformSetAttribute(signer.get(), |
| 796 | kSecDigestLengthAttribute, |
| 797 | cfDigestSize.get(), |
| 798 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 799 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 800 | throw Error("Fail to configure digest size of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 801 | |
| 802 | // Actually sign |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 803 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 804 | CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get()); |
| 805 | if (error.get() != 0) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 806 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 807 | if (!needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 808 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 809 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 810 | return signInTpmInternal(data, dataLength, keyName, digestAlgorithm, true); |
| 811 | else |
| 812 | throw Error("Fail to unlock the keychain"); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 813 | } |
| 814 | else |
| 815 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 816 | CFShow(error.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 817 | throw Error("Fail to sign data"); |
| 818 | } |
| 819 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 820 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 821 | if (signature.get() == 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 822 | throw Error("Signature is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 823 | |
| 824 | return Block(Tlv::SignatureValue, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 825 | make_shared<Buffer>(CFDataGetBytePtr(signature.get()), |
| 826 | CFDataGetLength(signature.get()))); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 827 | } |
| 828 | |
| 829 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 830 | SecTpmOsx::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 831 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 832 | throw Error("SecTpmOsx::decryptInTpm is not supported"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 833 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 834 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 835 | // if (sym) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 836 | // keyClass = KEY_CLASS_SYMMETRIC; |
| 837 | // else |
| 838 | // keyClass = KEY_CLASS_PRIVATE; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 839 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 840 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 841 | // reinterpret_cast<const unsigned char*>(data), |
| 842 | // dataLength |
| 843 | // ); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 844 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 845 | // CFReleaser<SecKeyRef> decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
| 846 | // if (decryptKey.get() == 0) |
| 847 | // { |
| 848 | // /// @todo Can this happen because of keychain is locked? |
| 849 | // throw Error("Decruption key [" + ??? + "] does not exist in OSX Keychain"); |
| 850 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 851 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 852 | // CFErrorRef error; |
| 853 | // SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error); |
| 854 | // if (error) throw Error("Fail to create decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 855 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 856 | // Boolean set_res = SecTransformSetAttribute(decrypt, |
| 857 | // kSecTransformInputAttributeName, |
| 858 | // dataRef, |
| 859 | // &error); |
| 860 | // if (error) throw Error("Fail to configure decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 861 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 862 | // CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error); |
| 863 | // if (error) |
| 864 | // { |
| 865 | // CFShow(error); |
| 866 | // throw Error("Fail to decrypt data"); |
| 867 | // } |
| 868 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 869 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 870 | // return make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 871 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 872 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 873 | void |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 874 | SecTpmOsx::addAppToAcl(const Name& keyName, KeyClass keyClass, const string& appPath, AclType acl) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 875 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 876 | if (keyClass == KEY_CLASS_PRIVATE && acl == ACL_TYPE_PRIVATE) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 877 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 878 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, keyClass); |
| 879 | if (privateKey.get() == 0) |
| 880 | { |
| 881 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 882 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 883 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 884 | CFReleaser<SecAccessRef> accRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 885 | SecKeychainItemCopyAccess(privateKey.get(), &accRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 886 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 887 | CFReleaser<CFArrayRef> signACL = SecAccessCopyMatchingACLList(accRef.get(), |
| 888 | kSecACLAuthorizationSign); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 889 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 890 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 891 | SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(signACL.get(), 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 892 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 893 | CFReleaser<CFArrayRef> appList; |
| 894 | CFReleaser<CFStringRef> description; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 895 | SecKeychainPromptSelector promptSelector; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 896 | SecACLCopyContents(aclRef, |
| 897 | &appList.get(), |
| 898 | &description.get(), |
| 899 | &promptSelector); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 900 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 901 | CFReleaser<CFMutableArrayRef> newAppList = CFArrayCreateMutableCopy(0, |
| 902 | 0, |
| 903 | appList.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 904 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 905 | CFReleaser<SecTrustedApplicationRef> trustedApp; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 906 | SecTrustedApplicationCreateFromPath(appPath.c_str(), |
| 907 | &trustedApp.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 908 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 909 | CFArrayAppendValue(newAppList.get(), trustedApp.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 910 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 911 | SecACLSetContents(aclRef, |
| 912 | newAppList.get(), |
| 913 | description.get(), |
| 914 | promptSelector); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 915 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 916 | SecKeychainItemSetAccess(privateKey.get(), accRef.get()); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 917 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 918 | } |
| 919 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 920 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 921 | SecTpmOsx::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 922 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 923 | throw Error("SecTpmOsx::encryptInTpm is not supported"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 924 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 925 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 926 | // if (sym) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 927 | // keyClass = KEY_CLASS_SYMMETRIC; |
| 928 | // else |
| 929 | // keyClass = KEY_CLASS_PUBLIC; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 930 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 931 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 932 | // reinterpret_cast<const unsigned char*>(data), |
| 933 | // dataLength |
| 934 | // ); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 935 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 936 | // CFReleaser<SecKeyRef> encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
| 937 | // if (encryptKey.get() == 0) |
| 938 | // { |
| 939 | // throw Error("Encryption key [" + ???? + "] does not exist in OSX Keychain"); |
| 940 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 941 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 942 | // CFErrorRef error; |
| 943 | // SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error); |
| 944 | // if (error) throw Error("Fail to create encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 945 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 946 | // Boolean set_res = SecTransformSetAttribute(encrypt, |
| 947 | // kSecTransformInputAttributeName, |
| 948 | // dataRef, |
| 949 | // &error); |
| 950 | // if (error) throw Error("Fail to configure encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 951 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 952 | // CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error); |
| 953 | // if (error) throw Error("Fail to encrypt data"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 954 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 955 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 956 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 957 | // return make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 958 | } |
| 959 | |
| 960 | bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 961 | SecTpmOsx::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 962 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 963 | string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass); |
| 964 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 965 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 966 | keyNameUri.c_str(), |
| 967 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 968 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 969 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 970 | CFDictionaryCreateMutable(0, |
| 971 | 4, |
| 972 | &kCFTypeDictionaryKeyCallBacks, |
| 973 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 974 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 975 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 976 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, m_impl->getKeyClass(keyClass)); |
| 977 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 978 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 979 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 980 | CFReleaser<SecKeychainItemRef> itemRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 981 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 982 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 983 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 984 | if (res == errSecSuccess) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 985 | return true; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 986 | else |
| 987 | return false; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 988 | |
| 989 | } |
| 990 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 991 | bool |
| 992 | SecTpmOsx::generateRandomBlock(uint8_t* res, size_t size) |
| 993 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 994 | return SecRandomCopyBytes(kSecRandomDefault, size, res) == 0; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 995 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 996 | |
| 997 | //////////////////////////////// |
| 998 | // OSXPrivateKeyStorage::Impl // |
| 999 | //////////////////////////////// |
| 1000 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1001 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1002 | SecTpmOsx::Impl::getKey(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1003 | { |
| 1004 | string keyNameUri = toInternalKeyName(keyName, keyClass); |
| 1005 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1006 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 1007 | keyNameUri.c_str(), |
| 1008 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1009 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1010 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 1011 | CFDictionaryCreateMutable(0, |
| 1012 | 5, |
| 1013 | &kCFTypeDictionaryKeyCallBacks, |
| 1014 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1015 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1016 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 1017 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 1018 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, getKeyClass(keyClass)); |
| 1019 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1020 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1021 | CFReleaser<SecKeychainItemRef> keyItem; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1022 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1023 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&keyItem.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1024 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1025 | if (res != errSecSuccess) |
| 1026 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1027 | else |
| 1028 | return keyItem; |
| 1029 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1030 | |
| 1031 | string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1032 | SecTpmOsx::Impl::toInternalKeyName(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1033 | { |
| 1034 | string keyUri = keyName.toUri(); |
| 1035 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1036 | if (KEY_CLASS_SYMMETRIC == keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1037 | return keyUri + "/symmetric"; |
| 1038 | else |
| 1039 | return keyUri; |
| 1040 | } |
| 1041 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1042 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1043 | SecTpmOsx::Impl::getAsymKeyType(KeyType keyType) |
| 1044 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1045 | switch (keyType) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1046 | case KEY_TYPE_RSA: |
| 1047 | return kSecAttrKeyTypeRSA; |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 1048 | case KEY_TYPE_ECDSA: |
| 1049 | return kSecAttrKeyTypeECDSA; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1050 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1051 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1052 | } |
| 1053 | } |
| 1054 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1055 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1056 | SecTpmOsx::Impl::getSymKeyType(KeyType keyType) |
| 1057 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1058 | switch (keyType) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1059 | case KEY_TYPE_AES: |
| 1060 | return kSecAttrKeyTypeAES; |
| 1061 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1062 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1063 | } |
| 1064 | } |
| 1065 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1066 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1067 | SecTpmOsx::Impl::getKeyClass(KeyClass keyClass) |
| 1068 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1069 | switch (keyClass) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1070 | case KEY_CLASS_PRIVATE: |
| 1071 | return kSecAttrKeyClassPrivate; |
| 1072 | case KEY_CLASS_PUBLIC: |
| 1073 | return kSecAttrKeyClassPublic; |
| 1074 | case KEY_CLASS_SYMMETRIC: |
| 1075 | return kSecAttrKeyClassSymmetric; |
| 1076 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1077 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1078 | } |
| 1079 | } |
| 1080 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1081 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1082 | SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo) |
| 1083 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1084 | switch (digestAlgo) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1085 | case DIGEST_ALGORITHM_SHA256: |
| 1086 | return kSecDigestSHA2; |
| 1087 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1088 | return 0; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1089 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1090 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1091 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1092 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1093 | SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo) |
| 1094 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1095 | switch (digestAlgo) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1096 | case DIGEST_ALGORITHM_SHA256: |
| 1097 | return 256; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1098 | default: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1099 | return -1; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1100 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1101 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1102 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 1103 | } // namespace ndn |