Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / b4500d95682b29eccef6d7d0e5473c39023e3753 / . / src / security / sec-tpm-osx.cpp
blob: cd1b17f0a8faaf6b476b16645302d001437e18bf [file] [log] [blame]
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * See COPYING for copyright and distribution information.
6 */
7
Jeff Thompson6e229042013-10-10 11:09:49 -0700[diff] [blame]8#include <ndn-cpp/ndn-cpp-config.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]9
10#include <fstream>
11#include <sstream>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]12
Yingdi Yu4f324632014-01-15 18:10:03 -0800[diff] [blame]13#include "../util/logging.hpp"
Alexander Afanasyev6be1a6a2014-01-06 00:08:14 -0800[diff] [blame]14
Yingdi Yu4f324632014-01-15 18:10:03 -0800[diff] [blame]15#include <ndn-cpp/security/sec-tpm-osx.hpp>
16#include <ndn-cpp/security/public-key.hpp>
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]17
18#include <CoreFoundation/CoreFoundation.h>
19#include <Security/Security.h>
20#include <CoreServices/CoreServices.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]21
22using namespace std;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]23
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]24INIT_LOGGER("SecTpmOsx");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]25
26namespace ndn
27{
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]28 class SecTpmOsx::Impl {
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]29 public:
30 Impl(const std::string &keychainName)
Yingdi Yubdfa6242013-12-24 11:49:13 +0800[diff] [blame]31 : keyChainName_ ("" == keychainName ? "login.keychain" : keychainName)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]32 {
33 }
34
35 /**
36 * convert NDN name of a key to internal name of the key
37 * @param keyName the NDN name of the key
38 * @param keyClass the class of the key
39 * @return the internal key name
40 */
41 std::string
42 toInternalKeyName(const Name & keyName, KeyClass keyClass);
43
44 /**
45 * Get key
46 * @param keyName the name of the key
47 * @param keyClass the class of the key
48 * @returns pointer to the key
49 */
50 SecKeychainItemRef
51 getKey(const Name & keyName, KeyClass keyClass);
52
53 /**
54 * convert keyType to MAC OS symmetric key key type
55 * @param keyType
56 * @returns MAC OS key type
57 */
58 const CFTypeRef
59 getSymKeyType(KeyType keyType);
60
61 /**
62 * convert keyType to MAC OS asymmetirc key type
63 * @param keyType
64 * @returns MAC OS key type
65 */
66 const CFTypeRef
67 getAsymKeyType(KeyType keyType);
68
69 /**
70 * convert keyClass to MAC OS key class
71 * @param keyClass
72 * @returns MAC OS key class
73 */
74 const CFTypeRef
75 getKeyClass(KeyClass keyClass);
76
77 /**
78 * convert digestAlgo to MAC OS algorithm id
79 * @param digestAlgo
80 * @returns MAC OS algorithm id
81 */
82 const CFStringRef
83 getDigestAlgorithm(DigestAlgorithm digestAlgo);
84
85 /**
86 * get the digest size of the corresponding algorithm
87 * @param digestAlgo the digest algorithm
88 * @return digest size
89 */
90 long
91 getDigestSize(DigestAlgorithm digestAlgo);
92
93 ///////////////////////////////////////////////
94 // everything here is public, including data //
95 ///////////////////////////////////////////////
96 public:
97 const std::string keyChainName_;
98 SecKeychainRef keyChainRef_;
99 SecKeychainRef originalDefaultKeyChain_;
100 };
101
102
103
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]104 SecTpmOsx::SecTpmOsx(const string & keychainName)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]105 : impl_(new Impl(keychainName))
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]106 {
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]107 OSStatus res = SecKeychainCreate(impl_->keyChainName_.c_str(), //Keychain path
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]108 0, //Keychain password length
109 NULL, //Keychain password
110 true, //User prompt
111 NULL, //Initial access of Keychain
112 &impl_->keyChainRef_); //Keychain reference
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]113
114 if (res == errSecDuplicateKeychain)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]115 res = SecKeychainOpen(impl_->keyChainName_.c_str(),
116 &impl_->keyChainRef_);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]117
118 if (res != errSecSuccess){
119 _LOG_DEBUG("Fail to initialize keychain ref: " << res);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]120 throw Error("Fail to initialize keychain ref");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]121 }
122
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]123 res = SecKeychainCopyDefault(&impl_->originalDefaultKeyChain_);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]124
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]125 res = SecKeychainSetDefault(impl_->keyChainRef_);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]126 if (res != errSecSuccess){
127 _LOG_DEBUG("Fail to set default keychain: " << res);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]128 throw Error("Fail to set default keychain");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]129 }
130 }
131
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]132 SecTpmOsx::~SecTpmOsx(){
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]133 //TODO: implement
134 }
135
136 void
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]137 SecTpmOsx::generateKeyPairInTpm(const Name & keyName, KeyType keyType, int keySize)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]138 {
139
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]140 if(doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)){
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]141 _LOG_DEBUG("keyName has existed");
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]142 throw Error("keyName has existed");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]143 }
144
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]145 string keyNameUri = impl_->toInternalKeyName(keyName, KEY_CLASS_PUBLIC);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]146
147 SecKeyRef publicKey, privateKey;
148
149 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
Jeff Thompson556cc302013-10-22 17:40:07 -0700[diff] [blame]150 keyNameUri.c_str(),
151 kCFStringEncodingUTF8);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]152
153 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
154 3,
155 &kCFTypeDictionaryKeyCallBacks,
156 NULL);
157
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]158 CFDictionaryAddValue(attrDict, kSecAttrKeyType, impl_->getAsymKeyType(keyType));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]159 CFDictionaryAddValue(attrDict, kSecAttrKeySizeInBits, CFNumberCreate(NULL, kCFNumberIntType, &keySize));
160 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
161
162 OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict, &publicKey, &privateKey);
163
164 CFRelease(publicKey);
165 CFRelease(privateKey);
166
167 if (res != errSecSuccess){
168 _LOG_DEBUG("Fail to create a key pair: " << res);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]169 throw Error("Fail to create a key pair");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]170 }
171 }
172
173 void
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]174 SecTpmOsx::generateSymmetricKeyInTpm(const Name & keyName, KeyType keyType, int keySize)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]175 {
176
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]177 if(doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]178 throw Error("keyName has existed!");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]179
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]180 string keyNameUri = impl_->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]181
182 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(kCFAllocatorDefault,
183 0,
184 &kCFTypeDictionaryKeyCallBacks,
185 &kCFTypeDictionaryValueCallBacks);
186
187 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
Jeff Thompson556cc302013-10-22 17:40:07 -0700[diff] [blame]188 keyNameUri.c_str(),
189 kCFStringEncodingUTF8);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]190
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]191 CFDictionaryAddValue(attrDict, kSecAttrKeyType, impl_->getSymKeyType(keyType));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]192 CFDictionaryAddValue(attrDict, kSecAttrKeySizeInBits, CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &keySize));
193 CFDictionaryAddValue(attrDict, kSecAttrIsPermanent, kCFBooleanTrue);
194 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
195
196 CFErrorRef error = NULL;
197
198 SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error);
199
200 if (error)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]201 throw Error("Fail to create a symmetric key");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]202 }
203
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]204 ptr_lib::shared_ptr<PublicKey>
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]205 SecTpmOsx::getPublicKeyFromTpm(const Name & keyName)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]206 {
207 _LOG_TRACE("OSXPrivateKeyStorage::getPublickey");
208
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]209 SecKeychainItemRef publicKey = impl_->getKey(keyName, KEY_CLASS_PUBLIC);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]210
211 CFDataRef exportedKey;
212
213 OSStatus res = SecItemExport(publicKey,
214 kSecFormatOpenSSL,
215 0,
216 NULL,
217 &exportedKey);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]218
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]219 return ptr_lib::make_shared<PublicKey>(CFDataGetBytePtr(exportedKey), CFDataGetLength(exportedKey));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]220 }
221
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]222 Block
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]223 SecTpmOsx::signInTpm(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]224 {
225 _LOG_TRACE("OSXPrivateKeyStorage::Sign");
226
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]227 CFDataRef dataRef = CFDataCreateWithBytesNoCopy(NULL,
228 data,
229 dataLength,
230 kCFAllocatorNull
231 );
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]232
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]233 SecKeyRef privateKey = (SecKeyRef)impl_->getKey(keyName, KEY_CLASS_PRIVATE);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]234
235 CFErrorRef error;
236 SecTransformRef signer = SecSignTransformCreate((SecKeyRef)privateKey, &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]237 if (error) throw Error("Fail to create signer");
238
239 // Set input
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]240 Boolean set_res = SecTransformSetAttribute(signer,
241 kSecTransformInputAttributeName,
242 dataRef,
243 &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]244 if (error) throw Error("Fail to configure input of signer");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]245
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]246 // Enable use of padding
247 SecTransformSetAttribute(
248 signer,
249 kSecPaddingKey,
250 kSecPaddingPKCS1Key,
251 &error);
252 if (error) throw Error("Fail to configure digest algorithm of signer");
253
254 // Set padding type
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]255 set_res = SecTransformSetAttribute(signer,
256 kSecDigestTypeAttribute,
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]257 impl_->getDigestAlgorithm(digestAlgorithm),
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]258 &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]259 if (error) throw Error("Fail to configure digest algorithm of signer");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]260
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]261 // Set padding attribute
262 long digestSize = impl_->getDigestSize(digestAlgorithm);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]263 set_res = SecTransformSetAttribute(signer,
264 kSecDigestLengthAttribute,
265 CFNumberCreate(NULL, kCFNumberLongType, &digestSize),
266 &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]267 if (error) throw Error("Fail to configure digest size of signer");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]268
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]269 // Actually sign
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]270 CFDataRef signature = (CFDataRef) SecTransformExecute(signer, &error);
271 if (error) {
272 CFShow(error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]273 throw Error("Fail to sign data");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]274 }
275
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]276 if (!signature) throw Error("Signature is NULL!\n");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]277
Alexander Afanasyevbd5ba402014-01-05 22:41:09 -0800[diff] [blame]278 return Block(Tlv::SignatureValue,
279 ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]280 }
281
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]282 void
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]283 SecTpmOsx::signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]284 {
Alexander Afanasyevea23f572014-01-15 17:42:01 -0800[diff] [blame]285 data.setSignatureValue
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]286 (signInTpm(data.wireEncode().value(),
Alexander Afanasyevea23f572014-01-15 17:42:01 -0800[diff] [blame]287 data.wireEncode().value_size() - data.getSignature().getValue().size(),
288 keyName, digestAlgorithm));
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]289 }
290
291 ConstBufferPtr
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]292 SecTpmOsx::decryptInTpm(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]293 {
294 _LOG_TRACE("OSXPrivateKeyStorage::Decrypt");
295
296 KeyClass keyClass;
297 if(sym)
298 keyClass = KEY_CLASS_SYMMETRIC;
299 else
300 keyClass = KEY_CLASS_PRIVATE;
301
302 CFDataRef dataRef = CFDataCreate(NULL,
303 reinterpret_cast<const unsigned char*>(data),
304 dataLength
305 );
306
307 // _LOG_DEBUG("CreateData");
308
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]309 SecKeyRef decryptKey = (SecKeyRef)impl_->getKey(keyName, keyClass);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]310
311 // _LOG_DEBUG("GetKey");
312
313 CFErrorRef error;
314 SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]315 if (error) throw Error("Fail to create decrypt");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]316
317 Boolean set_res = SecTransformSetAttribute(decrypt,
318 kSecTransformInputAttributeName,
319 dataRef,
320 &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]321 if (error) throw Error("Fail to configure decrypt");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]322
323 CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error);
324 if (error)
325 {
326 CFShow(error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]327 throw Error("Fail to decrypt data");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]328 }
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]329 if (!output) throw Error("Output is NULL!\n");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]330
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]331 return ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]332 }
333
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]334 bool
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]335 SecTpmOsx::setACL(const Name & keyName, KeyClass keyClass, int acl, const string & appPath)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]336 {
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]337 SecKeychainItemRef privateKey = impl_->getKey(keyName, keyClass);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]338
339 SecAccessRef accRef;
340 OSStatus acc_res = SecKeychainItemCopyAccess(privateKey, &accRef);
341
342 CFArrayRef signACL = SecAccessCopyMatchingACLList(accRef,
343 kSecACLAuthorizationSign);
344
345 SecACLRef aclRef = (SecACLRef) CFArrayGetValueAtIndex(signACL, 0);
346
347 CFArrayRef appList;
348 CFStringRef description;
349 SecKeychainPromptSelector promptSelector;
350 OSStatus acl_res = SecACLCopyContents(aclRef,
351 &appList,
352 &description,
353 &promptSelector);
354
355 CFMutableArrayRef newAppList = CFArrayCreateMutableCopy(NULL,
356 0,
357 appList);
358
359 SecTrustedApplicationRef trustedApp;
360 acl_res = SecTrustedApplicationCreateFromPath(appPath.c_str(),
361 &trustedApp);
362
363 CFArrayAppendValue(newAppList, trustedApp);
364
365
366 CFArrayRef authList = SecACLCopyAuthorizations(aclRef);
367
368 acl_res = SecACLRemove(aclRef);
369
370 SecACLRef newACL;
371 acl_res = SecACLCreateWithSimpleContents(accRef,
372 newAppList,
373 description,
374 promptSelector,
375 &newACL);
376
377 acl_res = SecACLUpdateAuthorizations(newACL, authList);
378
379 acc_res = SecKeychainItemSetAccess(privateKey, accRef);
380
381 return true;
382 }
383
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]384 // bool
385 // OSXPrivateKeyStorage::verifyData(const Name & keyName, const Blob & pData, const Blob & pSig, DigestAlgorithm digestAlgo)
386 // {
387 // _LOG_TRACE("OSXPrivateKeyStorage::Verify");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]388
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]389 // CFDataRef dataRef = CFDataCreate(NULL,
390 // reinterpret_cast<const unsigned char*>(pData.buf()),
391 // pData.size());
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]392
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]393 // CFDataRef sigRef = CFDataCreate(NULL,
394 // reinterpret_cast<const unsigned char*>(pSig.buf()),
395 // pSig.size());
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]396
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]397 // SecKeyRef publicKey = (SecKeyRef)impl_->getKey(keyName, KEY_CLASS_PUBLIC);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]398
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]399 // CFErrorRef error;
400 // SecTransformRef verifier = SecVerifyTransformCreate(publicKey, sigRef, &error);
401 // if (error) throw Error("Fail to create verifier");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]402
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]403 // Boolean set_res = SecTransformSetAttribute(verifier,
404 // kSecTransformInputAttributeName,
405 // dataRef,
406 // &error);
407 // if (error) throw Error("Fail to configure input of verifier");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]408
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]409 // set_res = SecTransformSetAttribute(verifier,
410 // kSecDigestTypeAttribute,
411 // impl_->getDigestAlgorithm(digestAlgo),
412 // &error);
413 // if (error) throw Error("Fail to configure digest algorithm of verifier");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]414
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]415 // long digestSize = impl_->getDigestSize(digestAlgo);
416 // set_res = SecTransformSetAttribute(verifier,
417 // kSecDigestLengthAttribute,
418 // CFNumberCreate(NULL, kCFNumberLongType, &digestSize),
419 // &error);
420 // if (error) throw Error("Fail to configure digest size of verifier");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]421
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]422 // CFBooleanRef result = (CFBooleanRef) SecTransformExecute(verifier, &error);
423 // if (error) throw Error("Fail to verify data");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]424
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]425 // if (result == kCFBooleanTrue)
426 // return true;
427 // else
428 // return false;
429 // }
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]430
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]431 ConstBufferPtr
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]432 SecTpmOsx::encryptInTpm(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]433 {
434 _LOG_TRACE("OSXPrivateKeyStorage::Encrypt");
435
436 KeyClass keyClass;
437 if(sym)
438 keyClass = KEY_CLASS_SYMMETRIC;
439 else
440 keyClass = KEY_CLASS_PUBLIC;
441
442 CFDataRef dataRef = CFDataCreate(NULL,
443 reinterpret_cast<const unsigned char*>(data),
444 dataLength
445 );
446
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]447 SecKeyRef encryptKey = (SecKeyRef)impl_->getKey(keyName, keyClass);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]448
449 CFErrorRef error;
450 SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]451 if (error) throw Error("Fail to create encrypt");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]452
453 Boolean set_res = SecTransformSetAttribute(encrypt,
454 kSecTransformInputAttributeName,
455 dataRef,
456 &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]457 if (error) throw Error("Fail to configure encrypt");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]458
459 CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]460 if (error) throw Error("Fail to encrypt data");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]461
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]462 if (!output) throw Error("Output is NULL!\n");
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]463
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]464 return ptr_lib::make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]465 }
466
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]467 bool
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]468 SecTpmOsx::doesKeyExistInTpm(const Name & keyName, KeyClass keyClass)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]469 {
470 _LOG_TRACE("OSXPrivateKeyStorage::doesKeyExist");
471
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]472 string keyNameUri = impl_->toInternalKeyName(keyName, keyClass);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]473
474 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
Jeff Thompson556cc302013-10-22 17:40:07 -0700[diff] [blame]475 keyNameUri.c_str(),
476 kCFStringEncodingUTF8);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]477
478 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
479 3,
480 &kCFTypeDictionaryKeyCallBacks,
481 NULL);
482
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]483 CFDictionaryAddValue(attrDict, kSecAttrKeyClass, impl_->getKeyClass(keyClass));
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]484 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
485 CFDictionaryAddValue(attrDict, kSecReturnRef, kCFBooleanTrue);
486
487 SecKeychainItemRef itemRef;
488 OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict, (CFTypeRef*)&itemRef);
489
490 if(res == errSecItemNotFound)
491 return true;
492 else
493 return false;
494
495 }
496
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]497
498 ////////////////////////////////
499 // OSXPrivateKeyStorage::Impl //
500 ////////////////////////////////
501
502 SecKeychainItemRef
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]503 SecTpmOsx::Impl::getKey(const Name & keyName, KeyClass keyClass)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]504 {
505 string keyNameUri = toInternalKeyName(keyName, keyClass);
506
Jeff Thompson556cc302013-10-22 17:40:07 -0700[diff] [blame]507 CFStringRef keyLabel = CFStringCreateWithCString(NULL,
508 keyNameUri.c_str(),
509 kCFStringEncodingUTF8);
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]510
511 CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL,
512 5,
513 &kCFTypeDictionaryKeyCallBacks,
514 NULL);
515
516 CFDictionaryAddValue(attrDict, kSecClass, kSecClassKey);
517 CFDictionaryAddValue(attrDict, kSecAttrLabel, keyLabel);
518 CFDictionaryAddValue(attrDict, kSecAttrKeyClass, getKeyClass(keyClass));
519 CFDictionaryAddValue(attrDict, kSecReturnRef, kCFBooleanTrue);
520
521 SecKeychainItemRef keyItem;
522
523 OSStatus res = SecItemCopyMatching((CFDictionaryRef) attrDict, (CFTypeRef*)&keyItem);
524
525 if(res != errSecSuccess){
526 _LOG_DEBUG("Fail to find the key!");
527 return NULL;
528 }
529 else
530 return keyItem;
531 }
532
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]533 string
534 SecTpmOsx::Impl::toInternalKeyName(const Name & keyName, KeyClass keyClass)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]535 {
536 string keyUri = keyName.toUri();
537
538 if(KEY_CLASS_SYMMETRIC == keyClass)
539 return keyUri + "/symmetric";
540 else
541 return keyUri;
542 }
543
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]544 const CFTypeRef
545 SecTpmOsx::Impl::getAsymKeyType(KeyType keyType)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]546 {
547 switch(keyType){
548 case KEY_TYPE_RSA:
549 return kSecAttrKeyTypeRSA;
550 default:
551 _LOG_DEBUG("Unrecognized key type!")
552 return NULL;
553 }
554 }
555
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]556 const CFTypeRef
557 SecTpmOsx::Impl::getSymKeyType(KeyType keyType)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]558 {
559 switch(keyType){
560 case KEY_TYPE_AES:
561 return kSecAttrKeyTypeAES;
562 default:
563 _LOG_DEBUG("Unrecognized key type!")
564 return NULL;
565 }
566 }
567
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]568 const CFTypeRef
569 SecTpmOsx::Impl::getKeyClass(KeyClass keyClass)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]570 {
571 switch(keyClass){
572 case KEY_CLASS_PRIVATE:
573 return kSecAttrKeyClassPrivate;
574 case KEY_CLASS_PUBLIC:
575 return kSecAttrKeyClassPublic;
576 case KEY_CLASS_SYMMETRIC:
577 return kSecAttrKeyClassSymmetric;
578 default:
579 _LOG_DEBUG("Unrecognized key class!");
580 return NULL;
581 }
582 }
583
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]584 const CFStringRef
585 SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]586 {
587 switch(digestAlgo){
588 // case DIGEST_MD2:
589 // return kSecDigestMD2;
590 // case DIGEST_MD5:
591 // return kSecDigestMD5;
592 // case DIGEST_SHA1:
593 // return kSecDigestSHA1;
594 case DIGEST_ALGORITHM_SHA256:
595 return kSecDigestSHA2;
596 default:
597 _LOG_DEBUG("Unrecognized digest algorithm!");
598 return NULL;
599 }
600 }
601
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]602 long
603 SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo)
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]604 {
605 switch(digestAlgo){
606 case DIGEST_ALGORITHM_SHA256:
607 return 256;
608 // case DIGEST_SHA1:
609 // case DIGEST_MD2:
610 // case DIGEST_MD5:
611 // return 0;
612 default:
613 _LOG_DEBUG("Unrecognized digest algorithm! Unknown digest size");
614 return -1;
615 }
616 }
617
618}