Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 3 | * Copyright (c) 2013-2014 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 22 | */ |
| 23 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 24 | #include "common.hpp" |
| 25 | |
Alexander Afanasyev | 1950885 | 2014-01-29 01:01:51 -0800 | [diff] [blame] | 26 | #include "sec-tpm-osx.hpp" |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 27 | #include "public-key.hpp" |
Alexander Afanasyev | 258ec2b | 2014-05-14 16:15:37 -0700 | [diff] [blame] | 28 | #include "../encoding/oid.hpp" |
| 29 | #include "../encoding/buffer-stream.hpp" |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 30 | #include "cryptopp.hpp" |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 31 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 32 | #include <pwd.h> |
| 33 | #include <unistd.h> |
| 34 | #include <stdlib.h> |
| 35 | #include <string.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 36 | |
Alexander Afanasyev | 1c6976d | 2014-07-13 11:40:50 -0700 | [diff] [blame] | 37 | #include <boost/lexical_cast.hpp> |
| 38 | |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 39 | #include <CoreFoundation/CoreFoundation.h> |
| 40 | #include <Security/Security.h> |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 41 | #include <Security/SecRandom.h> |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 42 | #include <CoreServices/CoreServices.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 43 | |
Alexander Afanasyev | 59d67a5 | 2014-04-03 16:09:31 -0700 | [diff] [blame] | 44 | #include <Security/SecDigestTransform.h> |
| 45 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 46 | namespace ndn { |
| 47 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 48 | using std::string; |
| 49 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 50 | /** |
| 51 | * @brief Helper class to wrap CoreFoundation object pointers |
| 52 | * |
| 53 | * The class is similar in spirit to shared_ptr, but uses CoreFoundation |
| 54 | * mechanisms to retain/release object. |
| 55 | * |
| 56 | * Original implementation by Christopher Hunt and it was borrowed from |
| 57 | * http://www.cocoabuilder.com/archive/cocoa/130776-auto-cfrelease-and.html |
| 58 | */ |
| 59 | template<class T> |
| 60 | class CFReleaser |
| 61 | { |
| 62 | public: |
| 63 | ////////////////////////////// |
| 64 | // Construction/destruction // |
| 65 | |
| 66 | CFReleaser() |
| 67 | : m_typeRef(0) |
| 68 | { |
| 69 | } |
| 70 | |
| 71 | CFReleaser(const T& typeRef) |
| 72 | : m_typeRef(typeRef) |
| 73 | { |
| 74 | } |
| 75 | |
| 76 | CFReleaser(const CFReleaser& inReleaser) |
| 77 | : m_typeRef(0) |
| 78 | { |
| 79 | retain(inReleaser.m_typeRef); |
| 80 | } |
| 81 | |
| 82 | CFReleaser& |
| 83 | operator=(const T& typeRef) |
| 84 | { |
| 85 | if (typeRef != m_typeRef) { |
| 86 | release(); |
| 87 | m_typeRef = typeRef; |
| 88 | } |
| 89 | return *this; |
| 90 | } |
| 91 | |
| 92 | CFReleaser& |
| 93 | operator=(const CFReleaser& inReleaser) |
| 94 | { |
| 95 | retain(inReleaser.m_typeRef); |
| 96 | return *this; |
| 97 | } |
| 98 | |
| 99 | ~CFReleaser() |
| 100 | { |
| 101 | release(); |
| 102 | } |
| 103 | |
| 104 | //////////// |
| 105 | // Access // |
| 106 | |
| 107 | // operator const T&() const |
| 108 | // { |
| 109 | // return m_typeRef; |
| 110 | // } |
| 111 | |
| 112 | // operator T&() |
| 113 | // { |
| 114 | // return m_typeRef; |
| 115 | // } |
| 116 | |
| 117 | const T& |
| 118 | get() const |
| 119 | { |
| 120 | return m_typeRef; |
| 121 | } |
| 122 | |
| 123 | T& |
| 124 | get() |
| 125 | { |
| 126 | return m_typeRef; |
| 127 | } |
| 128 | |
| 129 | /////////////////// |
| 130 | // Miscellaneous // |
| 131 | |
| 132 | void |
| 133 | retain(const T& typeRef) |
| 134 | { |
| 135 | if (typeRef != 0) { |
| 136 | CFRetain(typeRef); |
| 137 | } |
| 138 | release(); |
| 139 | m_typeRef = typeRef; |
| 140 | } |
| 141 | |
| 142 | void release() |
| 143 | { |
| 144 | if (m_typeRef != 0) { |
| 145 | CFRelease(m_typeRef); |
| 146 | m_typeRef = 0; |
| 147 | } |
| 148 | }; |
| 149 | |
| 150 | private: |
| 151 | T m_typeRef; |
| 152 | }; |
| 153 | |
| 154 | |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 155 | class SecTpmOsx::Impl |
| 156 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 157 | public: |
| 158 | Impl() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 159 | : m_passwordSet(false) |
| 160 | , m_inTerminal(false) |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 161 | { |
| 162 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 163 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 164 | /** |
| 165 | * @brief Convert NDN name of a key to internal name of the key. |
| 166 | * |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 167 | * @param keyName |
| 168 | * @param keyClass |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 169 | * @return the internal key name |
| 170 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 171 | std::string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 172 | toInternalKeyName(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 173 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 174 | /** |
| 175 | * @brief Get key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 176 | * |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 177 | * @param keyName |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 178 | * @param keyClass |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 179 | * @returns pointer to the key |
| 180 | */ |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 181 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 182 | getKey(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 183 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 184 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 185 | * @brief Convert keyType to MAC OS symmetric key key type |
| 186 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 187 | * @param keyType |
| 188 | * @returns MAC OS key type |
| 189 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 190 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 191 | getSymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 192 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 193 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 194 | * @brief Convert keyType to MAC OS asymmetirc key type |
| 195 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 196 | * @param keyType |
| 197 | * @returns MAC OS key type |
| 198 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 199 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 200 | getAsymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 201 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 202 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 203 | * @brief Convert keyClass to MAC OS key class |
| 204 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 205 | * @param keyClass |
| 206 | * @returns MAC OS key class |
| 207 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 208 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 209 | getKeyClass(KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 210 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 211 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 212 | * @brief Convert digestAlgo to MAC OS algorithm id |
| 213 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 214 | * @param digestAlgo |
| 215 | * @returns MAC OS algorithm id |
| 216 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 217 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 218 | getDigestAlgorithm(DigestAlgorithm digestAlgo); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 219 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 220 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 221 | * @brief Get the digest size of the corresponding algorithm |
| 222 | * |
| 223 | * @param digestAlgo |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 224 | * @return digest size |
| 225 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 226 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 227 | getDigestSize(DigestAlgorithm digestAlgo); |
| 228 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 229 | /////////////////////////////////////////////// |
| 230 | // everything here is public, including data // |
| 231 | /////////////////////////////////////////////// |
| 232 | public: |
| 233 | SecKeychainRef m_keyChainRef; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 234 | bool m_passwordSet; |
| 235 | string m_password; |
| 236 | bool m_inTerminal; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 237 | }; |
| 238 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 239 | SecTpmOsx::SecTpmOsx() |
| 240 | : m_impl(new Impl) |
| 241 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 242 | if (m_impl->m_inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 243 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 244 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 245 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 246 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 247 | OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 248 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 249 | if (res == errSecNoDefaultKeychain) //If no default key chain, create one. |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 250 | throw Error("No default keychain, create one first!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 251 | } |
| 252 | |
| 253 | SecTpmOsx::~SecTpmOsx(){ |
| 254 | //TODO: implement |
| 255 | } |
| 256 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 257 | void |
| 258 | SecTpmOsx::setTpmPassword(const uint8_t* password, size_t passwordLength) |
| 259 | { |
| 260 | m_impl->m_passwordSet = true; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 261 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 262 | m_impl->m_password.clear(); |
| 263 | m_impl->m_password.append(reinterpret_cast<const char*>(password), passwordLength); |
| 264 | } |
| 265 | |
| 266 | void |
| 267 | SecTpmOsx::resetTpmPassword() |
| 268 | { |
| 269 | m_impl->m_passwordSet = false; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 270 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 271 | m_impl->m_password.clear(); |
| 272 | } |
| 273 | |
| 274 | void |
| 275 | SecTpmOsx::setInTerminal(bool inTerminal) |
| 276 | { |
| 277 | m_impl->m_inTerminal = inTerminal; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 278 | if (inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 279 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 280 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 281 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 282 | } |
| 283 | |
| 284 | bool |
Alexander Afanasyev | 770827c | 2014-05-13 17:42:55 -0700 | [diff] [blame] | 285 | SecTpmOsx::getInTerminal() const |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 286 | { |
| 287 | return m_impl->m_inTerminal; |
| 288 | } |
| 289 | |
| 290 | bool |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 291 | SecTpmOsx::isLocked() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 292 | { |
| 293 | SecKeychainStatus keychainStatus; |
| 294 | |
| 295 | OSStatus res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 296 | if (res != errSecSuccess) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 297 | return true; |
| 298 | else |
| 299 | return ((kSecUnlockStateStatus & keychainStatus) == 0); |
| 300 | } |
| 301 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 302 | bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 303 | SecTpmOsx::unlockTpm(const char* password, size_t passwordLength, bool usePassword) |
| 304 | { |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 305 | OSStatus res; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 306 | |
| 307 | // If the default key chain is already unlocked, return immediately. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 308 | if (!isLocked()) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 309 | return true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 310 | |
| 311 | // If the default key chain is locked, unlock the key chain. |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 312 | if (usePassword) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 313 | { |
| 314 | // Use the supplied password. |
| 315 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 316 | passwordLength, |
| 317 | password, |
| 318 | true); |
| 319 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 320 | else if (m_impl->m_passwordSet) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 321 | { |
| 322 | // If no password supplied, then use the configured password if exists. |
| 323 | SecKeychainUnlock(m_impl->m_keyChainRef, |
| 324 | m_impl->m_password.size(), |
| 325 | m_impl->m_password.c_str(), |
| 326 | true); |
| 327 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 328 | else if (m_impl->m_inTerminal) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 329 | { |
| 330 | // If no configured password, get password from terminal if inTerminal set. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 331 | bool isLocked = true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 332 | const char* fmt = "Password to unlock the default keychain: "; |
| 333 | int count = 0; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 334 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 335 | while (isLocked) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 336 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 337 | if (count > 2) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 338 | break; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 339 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 340 | char* getPassword = 0; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 341 | getPassword = getpass(fmt); |
| 342 | count++; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 343 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 344 | if (!getPassword) |
| 345 | continue; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 346 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 347 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 348 | strlen(getPassword), |
| 349 | getPassword, |
| 350 | true); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 351 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 352 | memset(getPassword, 0, strlen(getPassword)); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 353 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 354 | if (res == errSecSuccess) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 355 | break; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 356 | } |
| 357 | } |
| 358 | else |
| 359 | { |
| 360 | // If inTerminal is not set, get the password from GUI. |
| 361 | SecKeychainUnlock(m_impl->m_keyChainRef, 0, 0, false); |
| 362 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 363 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 364 | return !isLocked(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 365 | } |
| 366 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 367 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 368 | SecTpmOsx::generateKeyPairInTpmInternal(const Name& keyName, |
| 369 | const KeyParams& params, |
| 370 | bool needRetry) |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 371 | { |
| 372 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 373 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
| 374 | { |
| 375 | throw Error("keyName has existed"); |
| 376 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 377 | |
| 378 | string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_PUBLIC); |
| 379 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 380 | CFReleaser<CFStringRef> keyLabel = |
| 381 | CFStringCreateWithCString(0, |
| 382 | keyNameUri.c_str(), |
| 383 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 384 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 385 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 386 | CFDictionaryCreateMutable(0, |
| 387 | 3, |
| 388 | &kCFTypeDictionaryKeyCallBacks, |
| 389 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 390 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 391 | KeyType keyType = params.getKeyType(); |
| 392 | uint32_t keySize; |
| 393 | switch (keyType) |
| 394 | { |
| 395 | case KEY_TYPE_RSA: |
| 396 | { |
| 397 | const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); |
| 398 | keySize = rsaParams.getKeySize(); |
| 399 | break; |
| 400 | } |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 401 | case KEY_TYPE_ECDSA: |
| 402 | { |
| 403 | const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); |
| 404 | keySize = ecdsaParams.getKeySize(); |
| 405 | break; |
| 406 | } |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 407 | default: |
| 408 | throw Error("Fail to create a key pair: Unsupported key type"); |
| 409 | } |
| 410 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 411 | CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 412 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 413 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getAsymKeyType(keyType)); |
| 414 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 415 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 416 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 417 | CFReleaser<SecKeyRef> publicKey, privateKey; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 418 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 419 | OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict.get(), |
| 420 | &publicKey.get(), &privateKey.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 421 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 422 | if (res == errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 423 | { |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 424 | return; |
| 425 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 426 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 427 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 428 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 429 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 430 | generateKeyPairInTpmInternal(keyName, params, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 431 | else |
| 432 | throw Error("Fail to unlock the keychain"); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 433 | } |
| 434 | else |
| 435 | { |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 436 | throw Error("Fail to create a key pair"); |
| 437 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 438 | } |
| 439 | |
| 440 | void |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 441 | SecTpmOsx::deleteKeyPairInTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 442 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 443 | CFReleaser<CFStringRef> keyLabel = |
| 444 | CFStringCreateWithCString(0, |
| 445 | keyName.toUri().c_str(), |
| 446 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 447 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 448 | CFReleaser<CFMutableDictionaryRef> searchDict = |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 449 | CFDictionaryCreateMutable(0, 5, |
| 450 | &kCFTypeDictionaryKeyCallBacks, |
| 451 | &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 452 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 453 | CFDictionaryAddValue(searchDict.get(), kSecClass, kSecClassKey); |
| 454 | CFDictionaryAddValue(searchDict.get(), kSecAttrLabel, keyLabel.get()); |
| 455 | CFDictionaryAddValue(searchDict.get(), kSecMatchLimit, kSecMatchLimitAll); |
| 456 | OSStatus res = SecItemDelete(searchDict.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 457 | |
| 458 | if (res == errSecSuccess) |
| 459 | return; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 460 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 461 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 462 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 463 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 464 | deleteKeyPairInTpmInternal(keyName, true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 465 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 466 | } |
| 467 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 468 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 469 | SecTpmOsx::generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 470 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 471 | throw Error("SecTpmOsx::generateSymmetricKeyInTpm is not supported"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 472 | // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 473 | // throw Error("keyName has existed!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 474 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 475 | // string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 476 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 477 | // CFReleaser<CFMutableDictionaryRef> attrDict = |
| 478 | // CFDictionaryCreateMutable(kCFAllocatorDefault, |
| 479 | // 0, |
| 480 | // &kCFTypeDictionaryKeyCallBacks, |
| 481 | // &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 482 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 483 | // CFReleaser<CFStringRef> keyLabel = |
| 484 | // CFStringCreateWithCString(0, |
| 485 | // keyNameUri.c_str(), |
| 486 | // kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 487 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 488 | // CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
| 489 | |
| 490 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getSymKeyType(keyType)); |
| 491 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 492 | // CFDictionaryAddValue(attrDict.get(), kSecAttrIsPermanent, kCFBooleanTrue); |
| 493 | // CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 494 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 495 | // CFErrorRef error = 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 496 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 497 | // SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 498 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 499 | // if (error) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 500 | // throw Error("Fail to create a symmetric key"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 501 | } |
| 502 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 503 | shared_ptr<PublicKey> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 504 | SecTpmOsx::getPublicKeyFromTpm(const Name& keyName) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 505 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 506 | CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KEY_CLASS_PUBLIC); |
| 507 | if (publicKey.get() == 0) |
| 508 | { |
| 509 | throw Error("Requested public key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 510 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 511 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 512 | CFReleaser<CFDataRef> exportedKey; |
| 513 | OSStatus res = SecItemExport(publicKey.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 514 | kSecFormatOpenSSL, |
| 515 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 516 | 0, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 517 | &exportedKey.get()); |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 518 | if (res != errSecSuccess) |
| 519 | { |
| 520 | throw Error("Cannot export requested public key from OSX Keychain"); |
| 521 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 522 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 523 | shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()), |
| 524 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 525 | return key; |
| 526 | } |
| 527 | |
| 528 | ConstBufferPtr |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 529 | SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 530 | { |
| 531 | using namespace CryptoPP; |
| 532 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 533 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE); |
| 534 | if (privateKey.get() == 0) |
| 535 | { |
| 536 | /// @todo Can this happen because of keychain is locked? |
| 537 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 538 | } |
| 539 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 540 | shared_ptr<PublicKey> publicKey = getPublicKeyFromTpm(keyName); |
| 541 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 542 | CFReleaser<CFDataRef> exportedKey; |
| 543 | OSStatus res = SecItemExport(privateKey.get(), |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 544 | kSecFormatOpenSSL, |
| 545 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 546 | 0, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 547 | &exportedKey.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 548 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 549 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 550 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 551 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 552 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 553 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 554 | return exportPrivateKeyPkcs8FromTpmInternal(keyName, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 555 | else |
| 556 | return shared_ptr<Buffer>(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 557 | } |
| 558 | else |
| 559 | return shared_ptr<Buffer>(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 560 | } |
| 561 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 562 | uint32_t version = 0; |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 563 | OID algorithm; |
| 564 | bool hasParameters = false; |
| 565 | OID algorithmParameter; |
| 566 | switch (publicKey->getKeyType()) { |
| 567 | case KEY_TYPE_RSA: |
| 568 | { |
| 569 | algorithm = oid::RSA; // "RSA encryption" |
| 570 | hasParameters = false; |
| 571 | break; |
| 572 | } |
| 573 | case KEY_TYPE_ECDSA: |
| 574 | { |
| 575 | // "ECDSA encryption" |
| 576 | StringSource src(publicKey->get().buf(), publicKey->get().size(), true); |
| 577 | BERSequenceDecoder subjectPublicKeyInfo(src); |
| 578 | { |
| 579 | BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo); |
| 580 | { |
| 581 | algorithm.decode(algorithmInfo); |
| 582 | algorithmParameter.decode(algorithmInfo); |
| 583 | } |
| 584 | } |
| 585 | hasParameters = true; |
| 586 | break; |
| 587 | } |
| 588 | default: |
| 589 | throw Error("Unsupported key type" + |
| 590 | boost::lexical_cast<std::string>(publicKey->getKeyType())); |
| 591 | } |
| 592 | |
| 593 | OBufferStream pkcs8Os; |
| 594 | FileSink sink(pkcs8Os); |
| 595 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 596 | SecByteBlock rawKeyBits; |
| 597 | // PrivateKeyInfo ::= SEQUENCE { |
| 598 | // version INTEGER, |
| 599 | // privateKeyAlgorithm SEQUENCE, |
| 600 | // privateKey OCTECT STRING} |
| 601 | DERSequenceEncoder privateKeyInfo(sink); |
| 602 | { |
| 603 | DEREncodeUnsigned<uint32_t>(privateKeyInfo, version, INTEGER); |
| 604 | DERSequenceEncoder privateKeyAlgorithm(privateKeyInfo); |
| 605 | { |
| 606 | algorithm.encode(privateKeyAlgorithm); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 607 | if (hasParameters) |
| 608 | algorithmParameter.encode(privateKeyAlgorithm); |
| 609 | else |
| 610 | DEREncodeNull(privateKeyAlgorithm); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 611 | } |
| 612 | privateKeyAlgorithm.MessageEnd(); |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 613 | DEREncodeOctetString(privateKeyInfo, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 614 | CFDataGetBytePtr(exportedKey.get()), |
| 615 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 616 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 617 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 618 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 619 | return pkcs8Os.buf(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 620 | } |
| 621 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 622 | #ifdef __GNUC__ |
| 623 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 624 | #pragma GCC diagnostic push |
| 625 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 626 | #pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
| 627 | #endif // __GNUC__ |
| 628 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 629 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 630 | SecTpmOsx::importPrivateKeyPkcs8IntoTpmInternal(const Name& keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 631 | const uint8_t* buf, size_t size, |
| 632 | bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 633 | { |
| 634 | using namespace CryptoPP; |
| 635 | |
| 636 | StringSource privateKeySource(buf, size, true); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 637 | SecByteBlock rawKeyBits; |
| 638 | // PrivateKeyInfo ::= SEQUENCE { |
| 639 | // INTEGER, |
| 640 | // SEQUENCE, |
| 641 | // OCTECT STRING} |
| 642 | BERSequenceDecoder privateKeyInfo(privateKeySource); |
| 643 | { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 644 | uint32_t versionNum; |
| 645 | BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 646 | BERSequenceDecoder sequenceDecoder(privateKeyInfo); |
| 647 | { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 648 | OID keyTypeOID; |
| 649 | keyTypeOID.decode(sequenceDecoder); |
| 650 | |
| 651 | if (keyTypeOID == oid::RSA) |
| 652 | BERDecodeNull(sequenceDecoder); |
| 653 | else if (keyTypeOID == oid::ECDSA) |
| 654 | { |
| 655 | OID parameterOID; |
| 656 | parameterOID.decode(sequenceDecoder); |
| 657 | } |
| 658 | else |
| 659 | return false; // Unsupported key type; |
| 660 | |
| 661 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 662 | } |
| 663 | BERDecodeOctetString(privateKeyInfo, rawKeyBits); |
| 664 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 665 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 666 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 667 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 668 | rawKeyBits.BytePtr(), |
| 669 | rawKeyBits.size(), |
| 670 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 671 | |
| 672 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 673 | SecExternalItemType externalType = kSecItemTypePrivateKey; |
| 674 | SecKeyImportExportParameters keyParams; |
| 675 | memset(&keyParams, 0, sizeof(keyParams)); |
| 676 | keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; |
| 677 | keyParams.keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 678 | CFReleaser<SecAccessRef> access; |
| 679 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 680 | keyName.toUri().c_str(), |
| 681 | kCFStringEncodingUTF8); |
| 682 | SecAccessCreate(keyLabel.get(), 0, &access.get()); |
| 683 | keyParams.accessRef = access.get(); |
| 684 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 685 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 686 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 687 | #pragma clang diagnostic push |
| 688 | #pragma clang diagnostic ignored "-Wdeprecated-declarations" |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 689 | #endif // __clang__ |
| 690 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 691 | OSStatus res = SecKeychainItemImport(importedKey.get(), |
| 692 | 0, |
| 693 | &externalFormat, |
| 694 | &externalType, |
| 695 | 0, |
| 696 | &keyParams, |
| 697 | m_impl->m_keyChainRef, |
| 698 | &outItems.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 699 | |
| 700 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 701 | #pragma clang diagnostic pop |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 702 | #endif // __clang__ |
| 703 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 704 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 705 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 706 | if (res == errSecAuthFailed && !needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 707 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 708 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 709 | return importPrivateKeyPkcs8IntoTpmInternal(keyName, buf, size, true); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 710 | else |
| 711 | return false; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 712 | } |
| 713 | else |
| 714 | return false; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 715 | } |
| 716 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 717 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 718 | SecKeychainItemRef privateKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 719 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 720 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 721 | string keyUri = keyName.toUri(); |
| 722 | { |
| 723 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 724 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 725 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 726 | attrList.count++; |
| 727 | } |
| 728 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 729 | res = SecKeychainItemModifyAttributesAndData(privateKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 730 | &attrList, |
| 731 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 732 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 733 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 734 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 735 | { |
| 736 | return false; |
| 737 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 738 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 739 | return true; |
| 740 | } |
| 741 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 742 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 743 | #pragma GCC diagnostic pop |
| 744 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 745 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 746 | bool |
| 747 | SecTpmOsx::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 748 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 749 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 750 | buf, |
| 751 | size, |
| 752 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 753 | |
| 754 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 755 | SecExternalItemType externalType = kSecItemTypePublicKey; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 756 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 757 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 758 | OSStatus res = SecItemImport(importedKey.get(), |
| 759 | 0, |
| 760 | &externalFormat, |
| 761 | &externalType, |
| 762 | 0, |
| 763 | 0, |
| 764 | m_impl->m_keyChainRef, |
| 765 | &outItems.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 766 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 767 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 768 | return false; |
| 769 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 770 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 771 | SecKeychainItemRef publicKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 772 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 773 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 774 | string keyUri = keyName.toUri(); |
| 775 | { |
| 776 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 777 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 778 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 779 | attrList.count++; |
| 780 | } |
| 781 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 782 | res = SecKeychainItemModifyAttributesAndData(publicKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 783 | &attrList, |
| 784 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 785 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 786 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 787 | if (res != errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 788 | return false; |
| 789 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 790 | return true; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 791 | } |
| 792 | |
| 793 | Block |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 794 | SecTpmOsx::signInTpmInternal(const uint8_t* data, size_t dataLength, |
| 795 | const Name& keyName, DigestAlgorithm digestAlgorithm, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 796 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 797 | CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(0, |
| 798 | data, |
| 799 | dataLength, |
| 800 | kCFAllocatorNull); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 801 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 802 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE); |
| 803 | if (privateKey.get() == 0) |
| 804 | { |
| 805 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 806 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 807 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 808 | CFReleaser<CFErrorRef> error; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 809 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 810 | CFReleaser<SecTransformRef> signer = SecSignTransformCreate((SecKeyRef)privateKey.get(), |
| 811 | &error.get()); |
| 812 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 813 | throw Error("Fail to create signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 814 | |
| 815 | // Set input |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 816 | SecTransformSetAttribute(signer.get(), |
| 817 | kSecTransformInputAttributeName, |
| 818 | dataRef.get(), |
| 819 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 820 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 821 | throw Error("Fail to configure input of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 822 | |
| 823 | // Enable use of padding |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 824 | SecTransformSetAttribute(signer.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 825 | kSecPaddingKey, |
| 826 | kSecPaddingPKCS1Key, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 827 | &error.get()); |
| 828 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 829 | throw Error("Fail to configure digest algorithm of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 830 | |
| 831 | // Set padding type |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 832 | SecTransformSetAttribute(signer.get(), |
| 833 | kSecDigestTypeAttribute, |
| 834 | m_impl->getDigestAlgorithm(digestAlgorithm), |
| 835 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 836 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 837 | throw Error("Fail to configure digest algorithm of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 838 | |
| 839 | // Set padding attribute |
| 840 | long digestSize = m_impl->getDigestSize(digestAlgorithm); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 841 | CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(0, kCFNumberLongType, &digestSize); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 842 | SecTransformSetAttribute(signer.get(), |
| 843 | kSecDigestLengthAttribute, |
| 844 | cfDigestSize.get(), |
| 845 | &error.get()); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 846 | if (error.get() != 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 847 | throw Error("Fail to configure digest size of signer"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 848 | |
| 849 | // Actually sign |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 850 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 851 | CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get()); |
| 852 | if (error.get() != 0) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 853 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 854 | if (!needRetry) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 855 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 856 | if (unlockTpm(0, 0, false)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 857 | return signInTpmInternal(data, dataLength, keyName, digestAlgorithm, true); |
| 858 | else |
| 859 | throw Error("Fail to unlock the keychain"); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 860 | } |
| 861 | else |
| 862 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 863 | CFShow(error.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 864 | throw Error("Fail to sign data"); |
| 865 | } |
| 866 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 867 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 868 | if (signature.get() == 0) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 869 | throw Error("Signature is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 870 | |
| 871 | return Block(Tlv::SignatureValue, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 872 | make_shared<Buffer>(CFDataGetBytePtr(signature.get()), |
| 873 | CFDataGetLength(signature.get()))); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 874 | } |
| 875 | |
| 876 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 877 | SecTpmOsx::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 878 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 879 | throw Error("SecTpmOsx::decryptInTpm is not supported"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 880 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 881 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 882 | // if (sym) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 883 | // keyClass = KEY_CLASS_SYMMETRIC; |
| 884 | // else |
| 885 | // keyClass = KEY_CLASS_PRIVATE; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 886 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 887 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 888 | // reinterpret_cast<const unsigned char*>(data), |
| 889 | // dataLength |
| 890 | // ); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 891 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 892 | // CFReleaser<SecKeyRef> decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
| 893 | // if (decryptKey.get() == 0) |
| 894 | // { |
| 895 | // /// @todo Can this happen because of keychain is locked? |
| 896 | // throw Error("Decruption key [" + ??? + "] does not exist in OSX Keychain"); |
| 897 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 898 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 899 | // CFErrorRef error; |
| 900 | // SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error); |
| 901 | // if (error) throw Error("Fail to create decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 902 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 903 | // Boolean set_res = SecTransformSetAttribute(decrypt, |
| 904 | // kSecTransformInputAttributeName, |
| 905 | // dataRef, |
| 906 | // &error); |
| 907 | // if (error) throw Error("Fail to configure decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 908 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 909 | // CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error); |
| 910 | // if (error) |
| 911 | // { |
| 912 | // CFShow(error); |
| 913 | // throw Error("Fail to decrypt data"); |
| 914 | // } |
| 915 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 916 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 917 | // return make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 918 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 919 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 920 | void |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 921 | SecTpmOsx::addAppToAcl(const Name& keyName, KeyClass keyClass, const string& appPath, AclType acl) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 922 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 923 | if (keyClass == KEY_CLASS_PRIVATE && acl == ACL_TYPE_PRIVATE) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 924 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 925 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, keyClass); |
| 926 | if (privateKey.get() == 0) |
| 927 | { |
| 928 | throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain"); |
| 929 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 930 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 931 | CFReleaser<SecAccessRef> accRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 932 | SecKeychainItemCopyAccess(privateKey.get(), &accRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 933 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 934 | CFReleaser<CFArrayRef> signACL = SecAccessCopyMatchingACLList(accRef.get(), |
| 935 | kSecACLAuthorizationSign); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 936 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 937 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 938 | SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(signACL.get(), 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 939 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 940 | CFReleaser<CFArrayRef> appList; |
| 941 | CFReleaser<CFStringRef> description; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 942 | SecKeychainPromptSelector promptSelector; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 943 | SecACLCopyContents(aclRef, |
| 944 | &appList.get(), |
| 945 | &description.get(), |
| 946 | &promptSelector); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 947 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 948 | CFReleaser<CFMutableArrayRef> newAppList = CFArrayCreateMutableCopy(0, |
| 949 | 0, |
| 950 | appList.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 951 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 952 | CFReleaser<SecTrustedApplicationRef> trustedApp; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 953 | SecTrustedApplicationCreateFromPath(appPath.c_str(), |
| 954 | &trustedApp.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 955 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 956 | CFArrayAppendValue(newAppList.get(), trustedApp.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 957 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 958 | SecACLSetContents(aclRef, |
| 959 | newAppList.get(), |
| 960 | description.get(), |
| 961 | promptSelector); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 962 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 963 | SecKeychainItemSetAccess(privateKey.get(), accRef.get()); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 964 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 965 | } |
| 966 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 967 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 968 | SecTpmOsx::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 969 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 970 | throw Error("SecTpmOsx::encryptInTpm is not supported"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 971 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 972 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 973 | // if (sym) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 974 | // keyClass = KEY_CLASS_SYMMETRIC; |
| 975 | // else |
| 976 | // keyClass = KEY_CLASS_PUBLIC; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 977 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 978 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 979 | // reinterpret_cast<const unsigned char*>(data), |
| 980 | // dataLength |
| 981 | // ); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 982 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 983 | // CFReleaser<SecKeyRef> encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
| 984 | // if (encryptKey.get() == 0) |
| 985 | // { |
| 986 | // throw Error("Encryption key [" + ???? + "] does not exist in OSX Keychain"); |
| 987 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 988 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 989 | // CFErrorRef error; |
| 990 | // SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error); |
| 991 | // if (error) throw Error("Fail to create encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 992 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 993 | // Boolean set_res = SecTransformSetAttribute(encrypt, |
| 994 | // kSecTransformInputAttributeName, |
| 995 | // dataRef, |
| 996 | // &error); |
| 997 | // if (error) throw Error("Fail to configure encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 998 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 999 | // CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error); |
| 1000 | // if (error) throw Error("Fail to encrypt data"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1001 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 1002 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1003 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 1004 | // return make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1005 | } |
| 1006 | |
| 1007 | bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1008 | SecTpmOsx::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1009 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1010 | string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass); |
| 1011 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1012 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 1013 | keyNameUri.c_str(), |
| 1014 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1015 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1016 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 1017 | CFDictionaryCreateMutable(0, |
| 1018 | 4, |
| 1019 | &kCFTypeDictionaryKeyCallBacks, |
| 1020 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1021 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1022 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 1023 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, m_impl->getKeyClass(keyClass)); |
| 1024 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 1025 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1026 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1027 | CFReleaser<SecKeychainItemRef> itemRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1028 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1029 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1030 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1031 | if (res == errSecSuccess) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1032 | return true; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 1033 | else |
| 1034 | return false; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1035 | |
| 1036 | } |
| 1037 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 1038 | bool |
| 1039 | SecTpmOsx::generateRandomBlock(uint8_t* res, size_t size) |
| 1040 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1041 | return SecRandomCopyBytes(kSecRandomDefault, size, res) == 0; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 1042 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1043 | |
| 1044 | //////////////////////////////// |
| 1045 | // OSXPrivateKeyStorage::Impl // |
| 1046 | //////////////////////////////// |
| 1047 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1048 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1049 | SecTpmOsx::Impl::getKey(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1050 | { |
| 1051 | string keyNameUri = toInternalKeyName(keyName, keyClass); |
| 1052 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1053 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 1054 | keyNameUri.c_str(), |
| 1055 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1056 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1057 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 1058 | CFDictionaryCreateMutable(0, |
| 1059 | 5, |
| 1060 | &kCFTypeDictionaryKeyCallBacks, |
| 1061 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1062 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1063 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 1064 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 1065 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, getKeyClass(keyClass)); |
| 1066 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1067 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1068 | CFReleaser<SecKeychainItemRef> keyItem; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1069 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1070 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&keyItem.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1071 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1072 | if (res != errSecSuccess) |
| 1073 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1074 | else |
| 1075 | return keyItem; |
| 1076 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1077 | |
| 1078 | string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1079 | SecTpmOsx::Impl::toInternalKeyName(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1080 | { |
| 1081 | string keyUri = keyName.toUri(); |
| 1082 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1083 | if (KEY_CLASS_SYMMETRIC == keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1084 | return keyUri + "/symmetric"; |
| 1085 | else |
| 1086 | return keyUri; |
| 1087 | } |
| 1088 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1089 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1090 | SecTpmOsx::Impl::getAsymKeyType(KeyType keyType) |
| 1091 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1092 | switch (keyType) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1093 | case KEY_TYPE_RSA: |
| 1094 | return kSecAttrKeyTypeRSA; |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 1095 | case KEY_TYPE_ECDSA: |
| 1096 | return kSecAttrKeyTypeECDSA; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1097 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1098 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1099 | } |
| 1100 | } |
| 1101 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1102 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1103 | SecTpmOsx::Impl::getSymKeyType(KeyType keyType) |
| 1104 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1105 | switch (keyType) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1106 | case KEY_TYPE_AES: |
| 1107 | return kSecAttrKeyTypeAES; |
| 1108 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1109 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1110 | } |
| 1111 | } |
| 1112 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1113 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1114 | SecTpmOsx::Impl::getKeyClass(KeyClass keyClass) |
| 1115 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1116 | switch (keyClass) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1117 | case KEY_CLASS_PRIVATE: |
| 1118 | return kSecAttrKeyClassPrivate; |
| 1119 | case KEY_CLASS_PUBLIC: |
| 1120 | return kSecAttrKeyClassPublic; |
| 1121 | case KEY_CLASS_SYMMETRIC: |
| 1122 | return kSecAttrKeyClassSymmetric; |
| 1123 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1124 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1125 | } |
| 1126 | } |
| 1127 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1128 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1129 | SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo) |
| 1130 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1131 | switch (digestAlgo) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1132 | case DIGEST_ALGORITHM_SHA256: |
| 1133 | return kSecDigestSHA2; |
| 1134 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1135 | return 0; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1136 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1137 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1138 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1139 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1140 | SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo) |
| 1141 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1142 | switch (digestAlgo) { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1143 | case DIGEST_ALGORITHM_SHA256: |
| 1144 | return 256; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1145 | default: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1146 | return -1; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1147 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1148 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1149 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 1150 | } // namespace ndn |