Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 3 | * Copyright (c) 2013-2014 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 22 | */ |
| 23 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 24 | #include "common.hpp" |
| 25 | |
Alexander Afanasyev | 1950885 | 2014-01-29 01:01:51 -0800 | [diff] [blame] | 26 | #include "sec-tpm-osx.hpp" |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 27 | #include "public-key.hpp" |
Alexander Afanasyev | 258ec2b | 2014-05-14 16:15:37 -0700 | [diff] [blame] | 28 | #include "../encoding/oid.hpp" |
| 29 | #include "../encoding/buffer-stream.hpp" |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 30 | #include "cryptopp.hpp" |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 31 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 32 | #include <pwd.h> |
| 33 | #include <unistd.h> |
| 34 | #include <stdlib.h> |
| 35 | #include <string.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 36 | |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 37 | #include <CoreFoundation/CoreFoundation.h> |
| 38 | #include <Security/Security.h> |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 39 | #include <Security/SecRandom.h> |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 40 | #include <CoreServices/CoreServices.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 41 | |
Alexander Afanasyev | 59d67a5 | 2014-04-03 16:09:31 -0700 | [diff] [blame] | 42 | #include <Security/SecDigestTransform.h> |
| 43 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 44 | namespace ndn { |
| 45 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 46 | using std::string; |
| 47 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 48 | /** |
| 49 | * @brief Helper class to wrap CoreFoundation object pointers |
| 50 | * |
| 51 | * The class is similar in spirit to shared_ptr, but uses CoreFoundation |
| 52 | * mechanisms to retain/release object. |
| 53 | * |
| 54 | * Original implementation by Christopher Hunt and it was borrowed from |
| 55 | * http://www.cocoabuilder.com/archive/cocoa/130776-auto-cfrelease-and.html |
| 56 | */ |
| 57 | template<class T> |
| 58 | class CFReleaser |
| 59 | { |
| 60 | public: |
| 61 | ////////////////////////////// |
| 62 | // Construction/destruction // |
| 63 | |
| 64 | CFReleaser() |
| 65 | : m_typeRef(0) |
| 66 | { |
| 67 | } |
| 68 | |
| 69 | CFReleaser(const T& typeRef) |
| 70 | : m_typeRef(typeRef) |
| 71 | { |
| 72 | } |
| 73 | |
| 74 | CFReleaser(const CFReleaser& inReleaser) |
| 75 | : m_typeRef(0) |
| 76 | { |
| 77 | retain(inReleaser.m_typeRef); |
| 78 | } |
| 79 | |
| 80 | CFReleaser& |
| 81 | operator=(const T& typeRef) |
| 82 | { |
| 83 | if (typeRef != m_typeRef) { |
| 84 | release(); |
| 85 | m_typeRef = typeRef; |
| 86 | } |
| 87 | return *this; |
| 88 | } |
| 89 | |
| 90 | CFReleaser& |
| 91 | operator=(const CFReleaser& inReleaser) |
| 92 | { |
| 93 | retain(inReleaser.m_typeRef); |
| 94 | return *this; |
| 95 | } |
| 96 | |
| 97 | ~CFReleaser() |
| 98 | { |
| 99 | release(); |
| 100 | } |
| 101 | |
| 102 | //////////// |
| 103 | // Access // |
| 104 | |
| 105 | // operator const T&() const |
| 106 | // { |
| 107 | // return m_typeRef; |
| 108 | // } |
| 109 | |
| 110 | // operator T&() |
| 111 | // { |
| 112 | // return m_typeRef; |
| 113 | // } |
| 114 | |
| 115 | const T& |
| 116 | get() const |
| 117 | { |
| 118 | return m_typeRef; |
| 119 | } |
| 120 | |
| 121 | T& |
| 122 | get() |
| 123 | { |
| 124 | return m_typeRef; |
| 125 | } |
| 126 | |
| 127 | /////////////////// |
| 128 | // Miscellaneous // |
| 129 | |
| 130 | void |
| 131 | retain(const T& typeRef) |
| 132 | { |
| 133 | if (typeRef != 0) { |
| 134 | CFRetain(typeRef); |
| 135 | } |
| 136 | release(); |
| 137 | m_typeRef = typeRef; |
| 138 | } |
| 139 | |
| 140 | void release() |
| 141 | { |
| 142 | if (m_typeRef != 0) { |
| 143 | CFRelease(m_typeRef); |
| 144 | m_typeRef = 0; |
| 145 | } |
| 146 | }; |
| 147 | |
| 148 | private: |
| 149 | T m_typeRef; |
| 150 | }; |
| 151 | |
| 152 | |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 153 | class SecTpmOsx::Impl |
| 154 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 155 | public: |
| 156 | Impl() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 157 | : m_passwordSet(false) |
| 158 | , m_inTerminal(false) |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 159 | { |
| 160 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 161 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 162 | /** |
| 163 | * @brief Convert NDN name of a key to internal name of the key. |
| 164 | * |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 165 | * @param keyName |
| 166 | * @param keyClass |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 167 | * @return the internal key name |
| 168 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 169 | std::string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 170 | toInternalKeyName(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 171 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 172 | /** |
| 173 | * @brief Get key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 174 | * |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 175 | * @param keyName |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 176 | * @param keyClass |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 177 | * @returns pointer to the key |
| 178 | */ |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 179 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 180 | getKey(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 181 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 182 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 183 | * @brief Convert keyType to MAC OS symmetric key key type |
| 184 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 185 | * @param keyType |
| 186 | * @returns MAC OS key type |
| 187 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 188 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 189 | getSymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 190 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 191 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 192 | * @brief Convert keyType to MAC OS asymmetirc key type |
| 193 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 194 | * @param keyType |
| 195 | * @returns MAC OS key type |
| 196 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 197 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 198 | getAsymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 199 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 200 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 201 | * @brief Convert keyClass to MAC OS key class |
| 202 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 203 | * @param keyClass |
| 204 | * @returns MAC OS key class |
| 205 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 206 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 207 | getKeyClass(KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 208 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 209 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 210 | * @brief Convert digestAlgo to MAC OS algorithm id |
| 211 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 212 | * @param digestAlgo |
| 213 | * @returns MAC OS algorithm id |
| 214 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 215 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 216 | getDigestAlgorithm(DigestAlgorithm digestAlgo); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 217 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 218 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 219 | * @brief Get the digest size of the corresponding algorithm |
| 220 | * |
| 221 | * @param digestAlgo |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 222 | * @return digest size |
| 223 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 224 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 225 | getDigestSize(DigestAlgorithm digestAlgo); |
| 226 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 227 | /////////////////////////////////////////////// |
| 228 | // everything here is public, including data // |
| 229 | /////////////////////////////////////////////// |
| 230 | public: |
| 231 | SecKeychainRef m_keyChainRef; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 232 | bool m_passwordSet; |
| 233 | string m_password; |
| 234 | bool m_inTerminal; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 235 | }; |
| 236 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 237 | SecTpmOsx::SecTpmOsx() |
| 238 | : m_impl(new Impl) |
| 239 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 240 | if (m_impl->m_inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 241 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 242 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 243 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 244 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 245 | OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 246 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 247 | if (res == errSecNoDefaultKeychain) //If no default key chain, create one. |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 248 | throw Error("No default keychain, create one first!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 249 | } |
| 250 | |
| 251 | SecTpmOsx::~SecTpmOsx(){ |
| 252 | //TODO: implement |
| 253 | } |
| 254 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 255 | void |
| 256 | SecTpmOsx::setTpmPassword(const uint8_t* password, size_t passwordLength) |
| 257 | { |
| 258 | m_impl->m_passwordSet = true; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 259 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 260 | m_impl->m_password.clear(); |
| 261 | m_impl->m_password.append(reinterpret_cast<const char*>(password), passwordLength); |
| 262 | } |
| 263 | |
| 264 | void |
| 265 | SecTpmOsx::resetTpmPassword() |
| 266 | { |
| 267 | m_impl->m_passwordSet = false; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 268 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 269 | m_impl->m_password.clear(); |
| 270 | } |
| 271 | |
| 272 | void |
| 273 | SecTpmOsx::setInTerminal(bool inTerminal) |
| 274 | { |
| 275 | m_impl->m_inTerminal = inTerminal; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 276 | if (inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 277 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 278 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 279 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 280 | } |
| 281 | |
| 282 | bool |
Alexander Afanasyev | 770827c | 2014-05-13 17:42:55 -0700 | [diff] [blame] | 283 | SecTpmOsx::getInTerminal() const |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 284 | { |
| 285 | return m_impl->m_inTerminal; |
| 286 | } |
| 287 | |
| 288 | bool |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 289 | SecTpmOsx::isLocked() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 290 | { |
| 291 | SecKeychainStatus keychainStatus; |
| 292 | |
| 293 | OSStatus res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 294 | if (res != errSecSuccess) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 295 | return true; |
| 296 | else |
| 297 | return ((kSecUnlockStateStatus & keychainStatus) == 0); |
| 298 | } |
| 299 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 300 | bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 301 | SecTpmOsx::unlockTpm(const char* password, size_t passwordLength, bool usePassword) |
| 302 | { |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 303 | OSStatus res; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 304 | |
| 305 | // If the default key chain is already unlocked, return immediately. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 306 | if (!isLocked()) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 307 | return true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 308 | |
| 309 | // If the default key chain is locked, unlock the key chain. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 310 | if (usePassword) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 311 | { |
| 312 | // Use the supplied password. |
| 313 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 314 | passwordLength, |
| 315 | password, |
| 316 | true); |
| 317 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 318 | else if (m_impl->m_passwordSet) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 319 | { |
| 320 | // If no password supplied, then use the configured password if exists. |
| 321 | SecKeychainUnlock(m_impl->m_keyChainRef, |
| 322 | m_impl->m_password.size(), |
| 323 | m_impl->m_password.c_str(), |
| 324 | true); |
| 325 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 326 | else if (m_impl->m_inTerminal) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 327 | { |
| 328 | // If no configured password, get password from terminal if inTerminal set. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 329 | bool isLocked = true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 330 | const char* fmt = "Password to unlock the default keychain: "; |
| 331 | int count = 0; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 332 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 333 | while (isLocked) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 334 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 335 | if (count > 2) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 336 | break; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 337 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 338 | char* getPassword = 0; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 339 | getPassword = getpass(fmt); |
| 340 | count++; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 341 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 342 | if (!getPassword) |
| 343 | continue; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 344 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 345 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 346 | strlen(getPassword), |
| 347 | getPassword, |
| 348 | true); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 349 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 350 | memset(getPassword, 0, strlen(getPassword)); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 351 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 352 | if (res == errSecSuccess) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 353 | break; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 354 | } |
| 355 | } |
| 356 | else |
| 357 | { |
| 358 | // If inTerminal is not set, get the password from GUI. |
| 359 | SecKeychainUnlock(m_impl->m_keyChainRef, 0, 0, false); |
| 360 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 361 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 362 | return !isLocked(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 363 | } |
| 364 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 365 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 366 | SecTpmOsx::generateKeyPairInTpmInternal(const Name& keyName, |
| 367 | const KeyParams& params, |
| 368 | bool needRetry) |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 369 | { |
| 370 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 371 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
| 372 | { |
| 373 | throw Error("keyName has existed"); |
| 374 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 375 | |
| 376 | string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_PUBLIC); |
| 377 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 378 | CFReleaser<CFStringRef> keyLabel = |
| 379 | CFStringCreateWithCString(0, |
| 380 | keyNameUri.c_str(), |
| 381 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 382 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 383 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 384 | CFDictionaryCreateMutable(0, |
| 385 | 3, |
| 386 | &kCFTypeDictionaryKeyCallBacks, |
| 387 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 388 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 389 | KeyType keyType = params.getKeyType(); |
| 390 | uint32_t keySize; |
| 391 | switch (keyType) |
| 392 | { |
| 393 | case KEY_TYPE_RSA: |
| 394 | { |
| 395 | const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); |
| 396 | keySize = rsaParams.getKeySize(); |
| 397 | break; |
| 398 | } |
| 399 | default: |
| 400 | throw Error("Fail to create a key pair: Unsupported key type"); |
| 401 | } |
| 402 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 403 | CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 404 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 405 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getAsymKeyType(keyType)); |
| 406 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 407 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 408 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 409 | CFReleaser<SecKeyRef> publicKey, privateKey; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 410 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 411 | OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict.get(), |
| 412 | &publicKey.get(), &privateKey.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 413 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 414 | if (res == errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 415 | { |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 416 | return; |
| 417 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 418 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 419 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 420 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 421 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 422 | generateKeyPairInTpmInternal(keyName, params, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 423 | else |
| 424 | throw Error("Fail to unlock the keychain"); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 425 | } |
| 426 | else |
| 427 | { |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 428 | throw Error("Fail to create a key pair"); |
| 429 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 430 | } |
| 431 | |
| 432 | void |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 433 | SecTpmOsx::deleteKeyPairInTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 434 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 435 | CFReleaser<CFStringRef> keyLabel = |
| 436 | CFStringCreateWithCString(0, |
| 437 | keyName.toUri().c_str(), |
| 438 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 439 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 440 | CFReleaser<CFMutableDictionaryRef> searchDict = |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 441 | CFDictionaryCreateMutable(0, 5, |
| 442 | &kCFTypeDictionaryKeyCallBacks, |
| 443 | &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 444 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 445 | CFDictionaryAddValue(searchDict.get(), kSecClass, kSecClassKey); |
| 446 | CFDictionaryAddValue(searchDict.get(), kSecAttrLabel, keyLabel.get()); |
| 447 | CFDictionaryAddValue(searchDict.get(), kSecMatchLimit, kSecMatchLimitAll); |
| 448 | OSStatus res = SecItemDelete(searchDict.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 449 | |
| 450 | if (res == errSecSuccess) |
| 451 | return; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 452 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 453 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 454 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 455 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 456 | deleteKeyPairInTpmInternal(keyName, true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 457 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 458 | } |
| 459 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 460 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 461 | SecTpmOsx::generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 462 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 463 | throw Error("SecTpmOsx::generateSymmetricKeyInTpm is not supported"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 464 | // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 465 | // throw Error("keyName has existed!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 466 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 467 | // string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 468 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 469 | // CFReleaser<CFMutableDictionaryRef> attrDict = |
| 470 | // CFDictionaryCreateMutable(kCFAllocatorDefault, |
| 471 | // 0, |
| 472 | // &kCFTypeDictionaryKeyCallBacks, |
| 473 | // &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 474 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 475 | // CFReleaser<CFStringRef> keyLabel = |
| 476 | // CFStringCreateWithCString(0, |
| 477 | // keyNameUri.c_str(), |
| 478 | // kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 479 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 480 | // CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
| 481 | |
| 482 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getSymKeyType(keyType)); |
| 483 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 484 | // CFDictionaryAddValue(attrDict.get(), kSecAttrIsPermanent, kCFBooleanTrue); |
| 485 | // CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 486 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 487 | // CFErrorRef error = 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 488 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 489 | // SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 490 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 491 | // if (error) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 492 | // throw Error("Fail to create a symmetric key"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 493 | } |
| 494 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 495 | shared_ptr<PublicKey> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 496 | SecTpmOsx::getPublicKeyFromTpm(const Name& keyName) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 497 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 498 | CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KEY_CLASS_PUBLIC); |
| 499 | if (publicKey.get() == 0) |
| 500 | { |
| 501 | throw Error("Requested public key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 502 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 503 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 504 | CFReleaser<CFDataRef> exportedKey; |
| 505 | OSStatus res = SecItemExport(publicKey.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 506 | kSecFormatOpenSSL, |
| 507 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 508 | 0, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 509 | &exportedKey.get()); |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 510 | if (res != errSecSuccess) |
| 511 | { |
| 512 | throw Error("Cannot export requested public key from OSX Keychain"); |
| 513 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 514 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 515 | shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()), |
| 516 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 517 | return key; |
| 518 | } |
| 519 | |
| 520 | ConstBufferPtr |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 521 | SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 522 | { |
| 523 | using namespace CryptoPP; |
| 524 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 525 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE); |
| 526 | if (privateKey.get() == 0) |
| 527 | { |
| 528 | /// @todo Can this happen because of keychain is locked? |
| 529 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 530 | } |
| 531 | |
| 532 | CFReleaser<CFDataRef> exportedKey; |
| 533 | OSStatus res = SecItemExport(privateKey.get(), |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 534 | kSecFormatOpenSSL, |
| 535 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 536 | 0, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 537 | &exportedKey.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 538 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 539 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 540 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 541 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 542 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 543 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 544 | return exportPrivateKeyPkcs8FromTpmInternal(keyName, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 545 | else |
| 546 | return shared_ptr<Buffer>(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 547 | } |
| 548 | else |
| 549 | return shared_ptr<Buffer>(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 550 | } |
| 551 | |
| 552 | OBufferStream pkcs1Os; |
| 553 | FileSink sink(pkcs1Os); |
| 554 | |
| 555 | uint32_t version = 0; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 556 | OID algorithm("1.2.840.113549.1.1.1"); // "RSA encryption" |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 557 | SecByteBlock rawKeyBits; |
| 558 | // PrivateKeyInfo ::= SEQUENCE { |
| 559 | // version INTEGER, |
| 560 | // privateKeyAlgorithm SEQUENCE, |
| 561 | // privateKey OCTECT STRING} |
| 562 | DERSequenceEncoder privateKeyInfo(sink); |
| 563 | { |
| 564 | DEREncodeUnsigned<uint32_t>(privateKeyInfo, version, INTEGER); |
| 565 | DERSequenceEncoder privateKeyAlgorithm(privateKeyInfo); |
| 566 | { |
| 567 | algorithm.encode(privateKeyAlgorithm); |
| 568 | DEREncodeNull(privateKeyAlgorithm); |
| 569 | } |
| 570 | privateKeyAlgorithm.MessageEnd(); |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 571 | DEREncodeOctetString(privateKeyInfo, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 572 | CFDataGetBytePtr(exportedKey.get()), |
| 573 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 574 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 575 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 576 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 577 | return pkcs1Os.buf(); |
| 578 | } |
| 579 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 580 | #ifdef __GNUC__ |
| 581 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 582 | #pragma GCC diagnostic push |
| 583 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 584 | #pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
| 585 | #endif // __GNUC__ |
| 586 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 587 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 588 | SecTpmOsx::importPrivateKeyPkcs8IntoTpmInternal(const Name& keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 589 | const uint8_t* buf, size_t size, |
| 590 | bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 591 | { |
| 592 | using namespace CryptoPP; |
| 593 | |
| 594 | StringSource privateKeySource(buf, size, true); |
| 595 | uint32_t tmpNum; |
| 596 | OID tmpOID; |
| 597 | SecByteBlock rawKeyBits; |
| 598 | // PrivateKeyInfo ::= SEQUENCE { |
| 599 | // INTEGER, |
| 600 | // SEQUENCE, |
| 601 | // OCTECT STRING} |
| 602 | BERSequenceDecoder privateKeyInfo(privateKeySource); |
| 603 | { |
| 604 | BERDecodeUnsigned<uint32_t>(privateKeyInfo, tmpNum, INTEGER); |
| 605 | BERSequenceDecoder sequenceDecoder(privateKeyInfo); |
| 606 | { |
| 607 | tmpOID.decode(sequenceDecoder); |
| 608 | BERDecodeNull(sequenceDecoder); |
| 609 | } |
| 610 | BERDecodeOctetString(privateKeyInfo, rawKeyBits); |
| 611 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 612 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 613 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 614 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 615 | rawKeyBits.BytePtr(), |
| 616 | rawKeyBits.size(), |
| 617 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 618 | |
| 619 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 620 | SecExternalItemType externalType = kSecItemTypePrivateKey; |
| 621 | SecKeyImportExportParameters keyParams; |
| 622 | memset(&keyParams, 0, sizeof(keyParams)); |
| 623 | keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; |
| 624 | keyParams.keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 625 | CFReleaser<SecAccessRef> access; |
| 626 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 627 | keyName.toUri().c_str(), |
| 628 | kCFStringEncodingUTF8); |
| 629 | SecAccessCreate(keyLabel.get(), 0, &access.get()); |
| 630 | keyParams.accessRef = access.get(); |
| 631 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 632 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 633 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 634 | #pragma clang diagnostic push |
| 635 | #pragma clang diagnostic ignored "-Wdeprecated-declarations" |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 636 | #endif // __clang__ |
| 637 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 638 | OSStatus res = SecKeychainItemImport(importedKey.get(), |
| 639 | 0, |
| 640 | &externalFormat, |
| 641 | &externalType, |
| 642 | 0, |
| 643 | &keyParams, |
| 644 | m_impl->m_keyChainRef, |
| 645 | &outItems.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 646 | |
| 647 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 648 | #pragma clang diagnostic pop |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 649 | #endif // __clang__ |
| 650 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 651 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 652 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 653 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 654 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 655 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 656 | return importPrivateKeyPkcs8IntoTpmInternal(keyName, buf, size, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 657 | else |
| 658 | return false; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 659 | } |
| 660 | else |
| 661 | return false; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 662 | } |
| 663 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 664 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 665 | SecKeychainItemRef privateKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 666 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 667 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 668 | string keyUri = keyName.toUri(); |
| 669 | { |
| 670 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 671 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 672 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 673 | attrList.count++; |
| 674 | } |
| 675 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 676 | res = SecKeychainItemModifyAttributesAndData(privateKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 677 | &attrList, |
| 678 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 679 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 680 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 681 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 682 | { |
| 683 | return false; |
| 684 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 685 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 686 | return true; |
| 687 | } |
| 688 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 689 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 690 | #pragma GCC diagnostic pop |
| 691 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 692 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 693 | bool |
| 694 | SecTpmOsx::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 695 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 696 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 697 | buf, |
| 698 | size, |
| 699 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 700 | |
| 701 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 702 | SecExternalItemType externalType = kSecItemTypePublicKey; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 703 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 704 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 705 | OSStatus res = SecItemImport(importedKey.get(), |
| 706 | 0, |
| 707 | &externalFormat, |
| 708 | &externalType, |
| 709 | 0, |
| 710 | 0, |
| 711 | m_impl->m_keyChainRef, |
| 712 | &outItems.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 713 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 714 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 715 | return false; |
| 716 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 717 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 718 | SecKeychainItemRef publicKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 719 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 720 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 721 | string keyUri = keyName.toUri(); |
| 722 | { |
| 723 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 724 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 725 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 726 | attrList.count++; |
| 727 | } |
| 728 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 729 | res = SecKeychainItemModifyAttributesAndData(publicKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 730 | &attrList, |
| 731 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 732 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 733 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 734 | if (res != errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 735 | return false; |
| 736 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 737 | return true; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 738 | } |
| 739 | |
| 740 | Block |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 741 | SecTpmOsx::signInTpmInternal(const uint8_t* data, size_t dataLength, |
| 742 | const Name& keyName, DigestAlgorithm digestAlgorithm, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 743 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 744 | CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(0, |
| 745 | data, |
| 746 | dataLength, |
| 747 | kCFAllocatorNull); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 748 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 749 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE); |
| 750 | if (privateKey.get() == 0) |
| 751 | { |
| 752 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 753 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 754 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 755 | CFReleaser<CFErrorRef> error; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 756 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 757 | CFReleaser<SecTransformRef> signer = SecSignTransformCreate((SecKeyRef)privateKey.get(), |
| 758 | &error.get()); |
| 759 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 760 | throw Error("Fail to create signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 761 | |
| 762 | // Set input |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 763 | SecTransformSetAttribute(signer.get(), |
| 764 | kSecTransformInputAttributeName, |
| 765 | dataRef.get(), |
| 766 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 767 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 768 | throw Error("Fail to configure input of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 769 | |
| 770 | // Enable use of padding |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 771 | SecTransformSetAttribute(signer.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 772 | kSecPaddingKey, |
| 773 | kSecPaddingPKCS1Key, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 774 | &error.get()); |
| 775 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 776 | throw Error("Fail to configure digest algorithm of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 777 | |
| 778 | // Set padding type |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 779 | SecTransformSetAttribute(signer.get(), |
| 780 | kSecDigestTypeAttribute, |
| 781 | m_impl->getDigestAlgorithm(digestAlgorithm), |
| 782 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 783 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 784 | throw Error("Fail to configure digest algorithm of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 785 | |
| 786 | // Set padding attribute |
| 787 | long digestSize = m_impl->getDigestSize(digestAlgorithm); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 788 | CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(0, kCFNumberLongType, &digestSize); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 789 | SecTransformSetAttribute(signer.get(), |
| 790 | kSecDigestLengthAttribute, |
| 791 | cfDigestSize.get(), |
| 792 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 793 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 794 | throw Error("Fail to configure digest size of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 795 | |
| 796 | // Actually sign |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 797 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 798 | CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get()); |
| 799 | if (error.get() != 0) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 800 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 801 | if (!needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 802 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 803 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 804 | return signInTpmInternal(data, dataLength, keyName, digestAlgorithm, true); |
| 805 | else |
| 806 | throw Error("Fail to unlock the keychain"); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 807 | } |
| 808 | else |
| 809 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 810 | CFShow(error.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 811 | throw Error("Fail to sign data"); |
| 812 | } |
| 813 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 814 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 815 | if (signature.get() == 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 816 | throw Error("Signature is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 817 | |
| 818 | return Block(Tlv::SignatureValue, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 819 | make_shared<Buffer>(CFDataGetBytePtr(signature.get()), |
| 820 | CFDataGetLength(signature.get()))); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 821 | } |
| 822 | |
| 823 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 824 | SecTpmOsx::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 825 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 826 | throw Error("SecTpmOsx::decryptInTpm is not supported"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 827 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 828 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 829 | // if (sym) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 830 | // keyClass = KEY_CLASS_SYMMETRIC; |
| 831 | // else |
| 832 | // keyClass = KEY_CLASS_PRIVATE; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 833 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 834 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 835 | // reinterpret_cast<const unsigned char*>(data), |
| 836 | // dataLength |
| 837 | // ); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 838 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 839 | // CFReleaser<SecKeyRef> decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
| 840 | // if (decryptKey.get() == 0) |
| 841 | // { |
| 842 | // /// @todo Can this happen because of keychain is locked? |
| 843 | // throw Error("Decruption key [" + ??? + "] does not exist in OSX Keychain"); |
| 844 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 845 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 846 | // CFErrorRef error; |
| 847 | // SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error); |
| 848 | // if (error) throw Error("Fail to create decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 849 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 850 | // Boolean set_res = SecTransformSetAttribute(decrypt, |
| 851 | // kSecTransformInputAttributeName, |
| 852 | // dataRef, |
| 853 | // &error); |
| 854 | // if (error) throw Error("Fail to configure decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 855 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 856 | // CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error); |
| 857 | // if (error) |
| 858 | // { |
| 859 | // CFShow(error); |
| 860 | // throw Error("Fail to decrypt data"); |
| 861 | // } |
| 862 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 863 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 864 | // return make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 865 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 866 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 867 | void |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 868 | SecTpmOsx::addAppToAcl(const Name& keyName, KeyClass keyClass, const string& appPath, AclType acl) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 869 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 870 | if (keyClass == KEY_CLASS_PRIVATE && acl == ACL_TYPE_PRIVATE) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 871 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 872 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, keyClass); |
| 873 | if (privateKey.get() == 0) |
| 874 | { |
| 875 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 876 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 877 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 878 | CFReleaser<SecAccessRef> accRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 879 | SecKeychainItemCopyAccess(privateKey.get(), &accRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 880 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 881 | CFReleaser<CFArrayRef> signACL = SecAccessCopyMatchingACLList(accRef.get(), |
| 882 | kSecACLAuthorizationSign); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 883 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 884 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 885 | SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(signACL.get(), 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 886 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 887 | CFReleaser<CFArrayRef> appList; |
| 888 | CFReleaser<CFStringRef> description; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 889 | SecKeychainPromptSelector promptSelector; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 890 | SecACLCopyContents(aclRef, |
| 891 | &appList.get(), |
| 892 | &description.get(), |
| 893 | &promptSelector); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 894 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 895 | CFReleaser<CFMutableArrayRef> newAppList = CFArrayCreateMutableCopy(0, |
| 896 | 0, |
| 897 | appList.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 898 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 899 | CFReleaser<SecTrustedApplicationRef> trustedApp; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 900 | SecTrustedApplicationCreateFromPath(appPath.c_str(), |
| 901 | &trustedApp.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 902 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 903 | CFArrayAppendValue(newAppList.get(), trustedApp.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 904 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 905 | SecACLSetContents(aclRef, |
| 906 | newAppList.get(), |
| 907 | description.get(), |
| 908 | promptSelector); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 909 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 910 | SecKeychainItemSetAccess(privateKey.get(), accRef.get()); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 911 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 912 | } |
| 913 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 914 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 915 | SecTpmOsx::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 916 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 917 | throw Error("SecTpmOsx::encryptInTpm is not supported"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 918 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 919 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 920 | // if (sym) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 921 | // keyClass = KEY_CLASS_SYMMETRIC; |
| 922 | // else |
| 923 | // keyClass = KEY_CLASS_PUBLIC; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 924 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 925 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 926 | // reinterpret_cast<const unsigned char*>(data), |
| 927 | // dataLength |
| 928 | // ); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 929 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 930 | // CFReleaser<SecKeyRef> encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
| 931 | // if (encryptKey.get() == 0) |
| 932 | // { |
| 933 | // throw Error("Encryption key [" + ???? + "] does not exist in OSX Keychain"); |
| 934 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 935 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 936 | // CFErrorRef error; |
| 937 | // SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error); |
| 938 | // if (error) throw Error("Fail to create encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 939 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 940 | // Boolean set_res = SecTransformSetAttribute(encrypt, |
| 941 | // kSecTransformInputAttributeName, |
| 942 | // dataRef, |
| 943 | // &error); |
| 944 | // if (error) throw Error("Fail to configure encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 945 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 946 | // CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error); |
| 947 | // if (error) throw Error("Fail to encrypt data"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 948 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 949 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 950 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 951 | // return make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 952 | } |
| 953 | |
| 954 | bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 955 | SecTpmOsx::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 956 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 957 | string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass); |
| 958 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 959 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 960 | keyNameUri.c_str(), |
| 961 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 962 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 963 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 964 | CFDictionaryCreateMutable(0, |
| 965 | 4, |
| 966 | &kCFTypeDictionaryKeyCallBacks, |
| 967 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 968 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 969 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 970 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, m_impl->getKeyClass(keyClass)); |
| 971 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 972 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 973 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 974 | CFReleaser<SecKeychainItemRef> itemRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 975 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 976 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 977 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 978 | if (res == errSecSuccess) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 979 | return true; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 980 | else |
| 981 | return false; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 982 | |
| 983 | } |
| 984 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 985 | bool |
| 986 | SecTpmOsx::generateRandomBlock(uint8_t* res, size_t size) |
| 987 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 988 | return SecRandomCopyBytes(kSecRandomDefault, size, res) == 0; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 989 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 990 | |
| 991 | //////////////////////////////// |
| 992 | // OSXPrivateKeyStorage::Impl // |
| 993 | //////////////////////////////// |
| 994 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 995 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 996 | SecTpmOsx::Impl::getKey(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 997 | { |
| 998 | string keyNameUri = toInternalKeyName(keyName, keyClass); |
| 999 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1000 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 1001 | keyNameUri.c_str(), |
| 1002 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1003 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1004 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 1005 | CFDictionaryCreateMutable(0, |
| 1006 | 5, |
| 1007 | &kCFTypeDictionaryKeyCallBacks, |
| 1008 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1009 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1010 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 1011 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 1012 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, getKeyClass(keyClass)); |
| 1013 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1014 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1015 | CFReleaser<SecKeychainItemRef> keyItem; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 1016 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1017 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&keyItem.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1018 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1019 | if (res != errSecSuccess) |
| 1020 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1021 | else |
| 1022 | return keyItem; |
| 1023 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1024 | |
| 1025 | string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1026 | SecTpmOsx::Impl::toInternalKeyName(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1027 | { |
| 1028 | string keyUri = keyName.toUri(); |
| 1029 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1030 | if (KEY_CLASS_SYMMETRIC == keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1031 | return keyUri + "/symmetric"; |
| 1032 | else |
| 1033 | return keyUri; |
| 1034 | } |
| 1035 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1036 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1037 | SecTpmOsx::Impl::getAsymKeyType(KeyType keyType) |
| 1038 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 1039 | switch (keyType) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1040 | case KEY_TYPE_RSA: |
| 1041 | return kSecAttrKeyTypeRSA; |
| 1042 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1043 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1044 | } |
| 1045 | } |
| 1046 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1047 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1048 | SecTpmOsx::Impl::getSymKeyType(KeyType keyType) |
| 1049 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 1050 | switch (keyType) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1051 | case KEY_TYPE_AES: |
| 1052 | return kSecAttrKeyTypeAES; |
| 1053 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1054 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1055 | } |
| 1056 | } |
| 1057 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1058 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1059 | SecTpmOsx::Impl::getKeyClass(KeyClass keyClass) |
| 1060 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 1061 | switch (keyClass) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1062 | case KEY_CLASS_PRIVATE: |
| 1063 | return kSecAttrKeyClassPrivate; |
| 1064 | case KEY_CLASS_PUBLIC: |
| 1065 | return kSecAttrKeyClassPublic; |
| 1066 | case KEY_CLASS_SYMMETRIC: |
| 1067 | return kSecAttrKeyClassSymmetric; |
| 1068 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1069 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1070 | } |
| 1071 | } |
| 1072 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1073 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1074 | SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo) |
| 1075 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 1076 | switch (digestAlgo) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1077 | case DIGEST_ALGORITHM_SHA256: |
| 1078 | return kSecDigestSHA2; |
| 1079 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1080 | return 0; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1081 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1082 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1083 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1084 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1085 | SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo) |
| 1086 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame^] | 1087 | switch (digestAlgo) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1088 | case DIGEST_ALGORITHM_SHA256: |
| 1089 | return 256; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1090 | default: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1091 | return -1; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1092 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1093 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1094 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 1095 | } // namespace ndn |