Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / b578ab33591cdb5f987a70368ce6884bfc3c407e / . / src / security / sec-tpm-osx.cpp
blob: a5a715914c5338e702b121120c36cbcb6598a8bb [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]22 */
23
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]24#include "common.hpp"
25
Alexander Afanasyev19508852014-01-29 01:01:51 -0800[diff] [blame]26#include "sec-tpm-osx.hpp"
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]27#include "public-key.hpp"
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]28#include "../encoding/oid.hpp"
29#include "../encoding/buffer-stream.hpp"
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]30#include "cryptopp.hpp"
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]31
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]32#include <pwd.h>
33#include <unistd.h>
34#include <stdlib.h>
35#include <string.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]36
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]37#include <CoreFoundation/CoreFoundation.h>
38#include <Security/Security.h>
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]39#include <Security/SecRandom.h>
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]40#include <CoreServices/CoreServices.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]41
Alexander Afanasyev59d67a52014-04-03 16:09:31 -0700[diff] [blame]42#include <Security/SecDigestTransform.h>
43
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]44using namespace std;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]45
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]46namespace ndn {
47
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]48/**
49 * @brief Helper class to wrap CoreFoundation object pointers
50 *
51 * The class is similar in spirit to shared_ptr, but uses CoreFoundation
52 * mechanisms to retain/release object.
53 *
54 * Original implementation by Christopher Hunt and it was borrowed from
55 * http://www.cocoabuilder.com/archive/cocoa/130776-auto-cfrelease-and.html
56 */
57template<class T>
58class CFReleaser
59{
60public:
61 //////////////////////////////
62 // Construction/destruction //
63
64 CFReleaser()
65 : m_typeRef(0)
66 {
67 }
68
69 CFReleaser(const T& typeRef)
70 : m_typeRef(typeRef)
71 {
72 }
73
74 CFReleaser(const CFReleaser& inReleaser)
75 : m_typeRef(0)
76 {
77 retain(inReleaser.m_typeRef);
78 }
79
80 CFReleaser&
81 operator=(const T& typeRef)
82 {
83 if (typeRef != m_typeRef) {
84 release();
85 m_typeRef = typeRef;
86 }
87 return *this;
88 }
89
90 CFReleaser&
91 operator=(const CFReleaser& inReleaser)
92 {
93 retain(inReleaser.m_typeRef);
94 return *this;
95 }
96
97 ~CFReleaser()
98 {
99 release();
100 }
101
102 ////////////
103 // Access //
104
105 // operator const T&() const
106 // {
107 // return m_typeRef;
108 // }
109
110 // operator T&()
111 // {
112 // return m_typeRef;
113 // }
114
115 const T&
116 get() const
117 {
118 return m_typeRef;
119 }
120
121 T&
122 get()
123 {
124 return m_typeRef;
125 }
126
127 ///////////////////
128 // Miscellaneous //
129
130 void
131 retain(const T& typeRef)
132 {
133 if (typeRef != 0) {
134 CFRetain(typeRef);
135 }
136 release();
137 m_typeRef = typeRef;
138 }
139
140 void release()
141 {
142 if (m_typeRef != 0) {
143 CFRelease(m_typeRef);
144 m_typeRef = 0;
145 }
146 };
147
148private:
149 T m_typeRef;
150};
151
152
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]153class SecTpmOsx::Impl
154{
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]155public:
156 Impl()
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]157 : m_passwordSet(false)
158 , m_inTerminal(false)
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]159 {
160 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]161
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]162 /**
163 * @brief Convert NDN name of a key to internal name of the key.
164 *
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]165 * @param keyName
166 * @param keyClass
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]167 * @return the internal key name
168 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]169 std::string
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]170 toInternalKeyName(const Name& keyName, KeyClass keyClass);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]171
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]172 /**
173 * @brief Get key.
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]174 *
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]175 * @param keyName
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]176 * @param keyClass
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]177 * @returns pointer to the key
178 */
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]179 CFReleaser<SecKeychainItemRef>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]180 getKey(const Name& keyName, KeyClass keyClass);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]181
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]182 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]183 * @brief Convert keyType to MAC OS symmetric key key type
184 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]185 * @param keyType
186 * @returns MAC OS key type
187 */
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]188 CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]189 getSymKeyType(KeyType keyType);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]190
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]191 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]192 * @brief Convert keyType to MAC OS asymmetirc key type
193 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]194 * @param keyType
195 * @returns MAC OS key type
196 */
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]197 CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]198 getAsymKeyType(KeyType keyType);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]199
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]200 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]201 * @brief Convert keyClass to MAC OS key class
202 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]203 * @param keyClass
204 * @returns MAC OS key class
205 */
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]206 CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]207 getKeyClass(KeyClass keyClass);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]208
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]209 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]210 * @brief Convert digestAlgo to MAC OS algorithm id
211 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]212 * @param digestAlgo
213 * @returns MAC OS algorithm id
214 */
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]215 CFStringRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]216 getDigestAlgorithm(DigestAlgorithm digestAlgo);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]217
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]218 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]219 * @brief Get the digest size of the corresponding algorithm
220 *
221 * @param digestAlgo
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]222 * @return digest size
223 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]224 long
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]225 getDigestSize(DigestAlgorithm digestAlgo);
226
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]227 ///////////////////////////////////////////////
228 // everything here is public, including data //
229 ///////////////////////////////////////////////
230public:
231 SecKeychainRef m_keyChainRef;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]232 bool m_passwordSet;
233 string m_password;
234 bool m_inTerminal;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]235};
236
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]237SecTpmOsx::SecTpmOsx()
238 : m_impl(new Impl)
239{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]240 if (m_impl->m_inTerminal)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]241 SecKeychainSetUserInteractionAllowed(false);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]242 else
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]243 SecKeychainSetUserInteractionAllowed(true);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]244
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]245 OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]246
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]247 if (res == errSecNoDefaultKeychain) //If no default key chain, create one.
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]248 throw Error("No default keychain, create one first!");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]249}
250
251SecTpmOsx::~SecTpmOsx(){
252 //TODO: implement
253}
254
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]255void
256SecTpmOsx::setTpmPassword(const uint8_t* password, size_t passwordLength)
257{
258 m_impl->m_passwordSet = true;
259 memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());
260 m_impl->m_password.clear();
261 m_impl->m_password.append(reinterpret_cast<const char*>(password), passwordLength);
262}
263
264void
265SecTpmOsx::resetTpmPassword()
266{
267 m_impl->m_passwordSet = false;
268 memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());
269 m_impl->m_password.clear();
270}
271
272void
273SecTpmOsx::setInTerminal(bool inTerminal)
274{
275 m_impl->m_inTerminal = inTerminal;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]276 if (inTerminal)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]277 SecKeychainSetUserInteractionAllowed(false);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]278 else
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]279 SecKeychainSetUserInteractionAllowed(true);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]280}
281
282bool
Alexander Afanasyev770827c2014-05-13 17:42:55 -0700[diff] [blame]283SecTpmOsx::getInTerminal() const
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]284{
285 return m_impl->m_inTerminal;
286}
287
288bool
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]289SecTpmOsx::isLocked()
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]290{
291 SecKeychainStatus keychainStatus;
292
293 OSStatus res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]294 if (res != errSecSuccess)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]295 return true;
296 else
297 return ((kSecUnlockStateStatus & keychainStatus) == 0);
298}
299
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]300bool
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]301SecTpmOsx::unlockTpm(const char* password, size_t passwordLength, bool usePassword)
302{
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]303 OSStatus res;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]304
305 // If the default key chain is already unlocked, return immediately.
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]306 if (!isLocked())
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]307 return true;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]308
309 // If the default key chain is locked, unlock the key chain.
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]310 if (usePassword)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]311 {
312 // Use the supplied password.
313 res = SecKeychainUnlock(m_impl->m_keyChainRef,
314 passwordLength,
315 password,
316 true);
317 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]318 else if (m_impl->m_passwordSet)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]319 {
320 // If no password supplied, then use the configured password if exists.
321 SecKeychainUnlock(m_impl->m_keyChainRef,
322 m_impl->m_password.size(),
323 m_impl->m_password.c_str(),
324 true);
325 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]326 else if (m_impl->m_inTerminal)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]327 {
328 // If no configured password, get password from terminal if inTerminal set.
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]329 bool isLocked = true;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]330 const char* fmt = "Password to unlock the default keychain: ";
331 int count = 0;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]332
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]333 while (isLocked)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]334 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]335 if (count > 2)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]336 break;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]337
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]338 char* getPassword = 0;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]339 getPassword = getpass(fmt);
340 count++;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]341
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]342 if (!getPassword)
343 continue;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]344
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]345 res = SecKeychainUnlock(m_impl->m_keyChainRef,
346 strlen(getPassword),
347 getPassword,
348 true);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]349
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]350 memset(getPassword, 0, strlen(getPassword));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]351
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]352 if (res == errSecSuccess)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]353 break;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]354 }
355 }
356 else
357 {
358 // If inTerminal is not set, get the password from GUI.
359 SecKeychainUnlock(m_impl->m_keyChainRef, 0, 0, false);
360 }
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]361
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]362 return !isLocked();
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]363}
364
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]365void
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]366SecTpmOsx::generateKeyPairInTpmInternal(const Name& keyName, KeyType keyType,
367 int keySize, bool needRetry)
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]368{
369
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]370 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
371 {
372 throw Error("keyName has existed");
373 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]374
375 string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_PUBLIC);
376
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]377 CFReleaser<CFStringRef> keyLabel =
378 CFStringCreateWithCString(0,
379 keyNameUri.c_str(),
380 kCFStringEncodingUTF8);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]381
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]382 CFReleaser<CFMutableDictionaryRef> attrDict =
383 CFDictionaryCreateMutable(0,
384 3,
385 &kCFTypeDictionaryKeyCallBacks,
386 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]387
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]388 CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]389
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]390 CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getAsymKeyType(keyType));
391 CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get());
392 CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]393
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]394 CFReleaser<SecKeyRef> publicKey, privateKey;
395 OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict.get(),
396 &publicKey.get(), &privateKey.get());
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]397
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]398 if (res == errSecSuccess)
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]399 {
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]400 return;
401 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]402
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]403 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]404 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]405 if (unlockTpm(0, 0, false))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]406 generateKeyPairInTpmInternal(keyName, keyType, keySize, true);
407 else
408 throw Error("Fail to unlock the keychain");
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]409 }
410 else
411 {
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]412 throw Error("Fail to create a key pair");
413 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]414}
415
416void
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]417SecTpmOsx::deleteKeyPairInTpmInternal(const Name& keyName, bool needRetry)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]418{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]419 CFReleaser<CFStringRef> keyLabel =
420 CFStringCreateWithCString(0,
421 keyName.toUri().c_str(),
422 kCFStringEncodingUTF8);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]423
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]424 CFReleaser<CFMutableDictionaryRef> searchDict =
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]425 CFDictionaryCreateMutable(0, 5,
426 &kCFTypeDictionaryKeyCallBacks,
427 &kCFTypeDictionaryValueCallBacks);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]428
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]429 CFDictionaryAddValue(searchDict.get(), kSecClass, kSecClassKey);
430 CFDictionaryAddValue(searchDict.get(), kSecAttrLabel, keyLabel.get());
431 CFDictionaryAddValue(searchDict.get(), kSecMatchLimit, kSecMatchLimitAll);
432 OSStatus res = SecItemDelete(searchDict.get());
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]433
434 if (res == errSecSuccess)
435 return;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]436
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]437 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]438 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]439 if (unlockTpm(0, 0, false))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]440 deleteKeyPairInTpmInternal(keyName, true);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]441 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]442}
443
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]444void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]445SecTpmOsx::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]446{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]447 throw Error("SecTpmOsx::generateSymmetricKeyInTpm is not supported");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]448 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]449 // throw Error("keyName has existed!");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]450
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]451 // string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]452
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]453 // CFReleaser<CFMutableDictionaryRef> attrDict =
454 // CFDictionaryCreateMutable(kCFAllocatorDefault,
455 // 0,
456 // &kCFTypeDictionaryKeyCallBacks,
457 // &kCFTypeDictionaryValueCallBacks);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]458
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]459 // CFReleaser<CFStringRef> keyLabel =
460 // CFStringCreateWithCString(0,
461 // keyNameUri.c_str(),
462 // kCFStringEncodingUTF8);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]463
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]464 // CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize);
465
466 // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getSymKeyType(keyType));
467 // CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get());
468 // CFDictionaryAddValue(attrDict.get(), kSecAttrIsPermanent, kCFBooleanTrue);
469 // CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]470
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]471 // CFErrorRef error = 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]472
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]473 // SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]474
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]475 // if (error)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]476 // throw Error("Fail to create a symmetric key");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]477}
478
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]479shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]480SecTpmOsx::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]481{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]482 CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KEY_CLASS_PUBLIC);
483 if (publicKey.get() == 0)
484 {
485 throw Error("Requested public key [" + keyName.toUri() + "] does not exist in OSX Keychain");
486 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]487
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]488 CFReleaser<CFDataRef> exportedKey;
489 OSStatus res = SecItemExport(publicKey.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]490 kSecFormatOpenSSL,
491 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]492 0,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]493 &exportedKey.get());
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]494 if (res != errSecSuccess)
495 {
496 throw Error("Cannot export requested public key from OSX Keychain");
497 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]498
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]499 shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()),
500 CFDataGetLength(exportedKey.get()));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]501 return key;
502}
503
504ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]505SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]506{
507 using namespace CryptoPP;
508
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]509 CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE);
510 if (privateKey.get() == 0)
511 {
512 /// @todo Can this happen because of keychain is locked?
513 throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain");
514 }
515
516 CFReleaser<CFDataRef> exportedKey;
517 OSStatus res = SecItemExport(privateKey.get(),
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]518 kSecFormatOpenSSL,
519 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]520 0,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]521 &exportedKey.get());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]522
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]523 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]524 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]525 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]526 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]527 if (unlockTpm(0, 0, false))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]528 return exportPrivateKeyPkcs8FromTpmInternal(keyName, true);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]529 else
530 return shared_ptr<Buffer>();
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]531 }
532 else
533 return shared_ptr<Buffer>();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]534 }
535
536 OBufferStream pkcs1Os;
537 FileSink sink(pkcs1Os);
538
539 uint32_t version = 0;
540 OID algorithm("1.2.840.113549.1.1.1");
541 SecByteBlock rawKeyBits;
542 // PrivateKeyInfo ::= SEQUENCE {
543 // version INTEGER,
544 // privateKeyAlgorithm SEQUENCE,
545 // privateKey OCTECT STRING}
546 DERSequenceEncoder privateKeyInfo(sink);
547 {
548 DEREncodeUnsigned<uint32_t>(privateKeyInfo, version, INTEGER);
549 DERSequenceEncoder privateKeyAlgorithm(privateKeyInfo);
550 {
551 algorithm.encode(privateKeyAlgorithm);
552 DEREncodeNull(privateKeyAlgorithm);
553 }
554 privateKeyAlgorithm.MessageEnd();
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]555 DEREncodeOctetString(privateKeyInfo,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]556 CFDataGetBytePtr(exportedKey.get()),
557 CFDataGetLength(exportedKey.get()));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]558 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]559 privateKeyInfo.MessageEnd();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]560
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]561 return pkcs1Os.buf();
562}
563
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]564#ifdef __GNUC__
565#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
566#pragma GCC diagnostic push
567#endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
568#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
569#endif // __GNUC__
570
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]571bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]572SecTpmOsx::importPrivateKeyPkcs8IntoTpmInternal(const Name& keyName,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]573 const uint8_t* buf, size_t size,
574 bool needRetry)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]575{
576 using namespace CryptoPP;
577
578 StringSource privateKeySource(buf, size, true);
579 uint32_t tmpNum;
580 OID tmpOID;
581 SecByteBlock rawKeyBits;
582 // PrivateKeyInfo ::= SEQUENCE {
583 // INTEGER,
584 // SEQUENCE,
585 // OCTECT STRING}
586 BERSequenceDecoder privateKeyInfo(privateKeySource);
587 {
588 BERDecodeUnsigned<uint32_t>(privateKeyInfo, tmpNum, INTEGER);
589 BERSequenceDecoder sequenceDecoder(privateKeyInfo);
590 {
591 tmpOID.decode(sequenceDecoder);
592 BERDecodeNull(sequenceDecoder);
593 }
594 BERDecodeOctetString(privateKeyInfo, rawKeyBits);
595 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]596 privateKeyInfo.MessageEnd();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]597
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]598 CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0,
599 rawKeyBits.BytePtr(),
600 rawKeyBits.size(),
601 kCFAllocatorNull);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]602
603 SecExternalFormat externalFormat = kSecFormatOpenSSL;
604 SecExternalItemType externalType = kSecItemTypePrivateKey;
605 SecKeyImportExportParameters keyParams;
606 memset(&keyParams, 0, sizeof(keyParams));
607 keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
608 keyParams.keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT;
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]609 CFReleaser<SecAccessRef> access;
610 CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0,
611 keyName.toUri().c_str(),
612 kCFStringEncodingUTF8);
613 SecAccessCreate(keyLabel.get(), 0, &access.get());
614 keyParams.accessRef = access.get();
615 CFReleaser<CFArrayRef> outItems;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]616
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]617#ifdef __clang__
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]618#pragma clang diagnostic push
619#pragma clang diagnostic ignored "-Wdeprecated-declarations"
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]620#endif // __clang__
621
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]622 OSStatus res = SecKeychainItemImport(importedKey.get(),
623 0,
624 &externalFormat,
625 &externalType,
626 0,
627 &keyParams,
628 m_impl->m_keyChainRef,
629 &outItems.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]630
631#ifdef __clang__
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]632#pragma clang diagnostic pop
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]633#endif // __clang__
634
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]635 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]636 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]637 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]638 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]639 if (unlockTpm(0, 0, false))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]640 return importPrivateKeyPkcs8IntoTpmInternal(keyName, buf, size, true);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]641 else
642 return false;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]643 }
644 else
645 return false;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]646 }
647
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]648 SecKeychainItemRef privateKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]649 SecKeychainAttribute attrs[1]; // maximum number of attributes
650 SecKeychainAttributeList attrList = { 0, attrs };
651 string keyUri = keyName.toUri();
652 {
653 attrs[attrList.count].tag = kSecKeyPrintName;
654 attrs[attrList.count].length = keyUri.size();
655 attrs[attrList.count].data = (void *)keyUri.c_str();
656 attrList.count++;
657 }
658
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]659 res = SecKeychainItemModifyAttributesAndData(privateKey,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]660 &attrList,
661 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]662 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]663
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]664 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]665 {
666 return false;
667 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]668
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]669 return true;
670}
671
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]672#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
673#pragma GCC diagnostic pop
674#endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
675
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]676bool
677SecTpmOsx::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
678{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]679 CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0,
680 buf,
681 size,
682 kCFAllocatorNull);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]683
684 SecExternalFormat externalFormat = kSecFormatOpenSSL;
685 SecExternalItemType externalType = kSecItemTypePublicKey;
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]686 CFReleaser<CFArrayRef> outItems;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]687
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]688 OSStatus res = SecItemImport(importedKey.get(),
689 0,
690 &externalFormat,
691 &externalType,
692 0,
693 0,
694 m_impl->m_keyChainRef,
695 &outItems.get());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]696
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]697 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]698 return false;
699
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]700 SecKeychainItemRef publicKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]701 SecKeychainAttribute attrs[1]; // maximum number of attributes
702 SecKeychainAttributeList attrList = { 0, attrs };
703 string keyUri = keyName.toUri();
704 {
705 attrs[attrList.count].tag = kSecKeyPrintName;
706 attrs[attrList.count].length = keyUri.size();
707 attrs[attrList.count].data = (void *)keyUri.c_str();
708 attrList.count++;
709 }
710
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]711 res = SecKeychainItemModifyAttributesAndData(publicKey,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]712 &attrList,
713 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]714 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]715
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]716 if (res != errSecSuccess)
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]717 return false;
718
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]719 return true;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]720}
721
722Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]723SecTpmOsx::signInTpmInternal(const uint8_t* data, size_t dataLength,
724 const Name& keyName, DigestAlgorithm digestAlgorithm, bool needRetry)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]725{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]726 CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(0,
727 data,
728 dataLength,
729 kCFAllocatorNull);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]730
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]731 CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE);
732 if (privateKey.get() == 0)
733 {
734 throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain");
735 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]736
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]737 CFReleaser<CFErrorRef> error;
738 CFReleaser<SecTransformRef> signer = SecSignTransformCreate((SecKeyRef)privateKey.get(),
739 &error.get());
740 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]741 throw Error("Fail to create signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]742
743 // Set input
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]744 Boolean set_res = SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]745 kSecTransformInputAttributeName,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]746 dataRef.get(),
747 &error.get());
748 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]749 throw Error("Fail to configure input of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]750
751 // Enable use of padding
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]752 SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]753 kSecPaddingKey,
754 kSecPaddingPKCS1Key,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]755 &error.get());
756 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]757 throw Error("Fail to configure digest algorithm of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]758
759 // Set padding type
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]760 set_res = SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]761 kSecDigestTypeAttribute,
762 m_impl->getDigestAlgorithm(digestAlgorithm),
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]763 &error.get());
764 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]765 throw Error("Fail to configure digest algorithm of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]766
767 // Set padding attribute
768 long digestSize = m_impl->getDigestSize(digestAlgorithm);
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]769 CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(0, kCFNumberLongType, &digestSize);
770 set_res = SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]771 kSecDigestLengthAttribute,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]772 cfDigestSize.get(),
773 &error.get());
774 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]775 throw Error("Fail to configure digest size of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]776
777 // Actually sign
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]778 CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get());
779 if (error.get() != 0)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]780 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]781 if (!needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]782 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]783 if (unlockTpm(0, 0, false))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]784 return signInTpmInternal(data, dataLength, keyName, digestAlgorithm, true);
785 else
786 throw Error("Fail to unlock the keychain");
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]787 }
788 else
789 {
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]790 CFShow(error.get());
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]791 throw Error("Fail to sign data");
792 }
793 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]794
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]795 if (signature.get() == 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]796 throw Error("Signature is NULL!\n");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]797
798 return Block(Tlv::SignatureValue,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]799 make_shared<Buffer>(CFDataGetBytePtr(signature.get()),
800 CFDataGetLength(signature.get())));
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]801}
802
803ConstBufferPtr
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]804SecTpmOsx::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]805{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]806 throw Error("SecTpmOsx::decryptInTpm is not supported");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]807
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]808 // KeyClass keyClass;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]809 // if (sym)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]810 // keyClass = KEY_CLASS_SYMMETRIC;
811 // else
812 // keyClass = KEY_CLASS_PRIVATE;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]813
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]814 // CFDataRef dataRef = CFDataCreate(0,
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]815 // reinterpret_cast<const unsigned char*>(data),
816 // dataLength
817 // );
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]818
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]819 // CFReleaser<SecKeyRef> decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass);
820 // if (decryptKey.get() == 0)
821 // {
822 // /// @todo Can this happen because of keychain is locked?
823 // throw Error("Decruption key [" + ??? + "] does not exist in OSX Keychain");
824 // }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]825
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]826 // CFErrorRef error;
827 // SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error);
828 // if (error) throw Error("Fail to create decrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]829
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]830 // Boolean set_res = SecTransformSetAttribute(decrypt,
831 // kSecTransformInputAttributeName,
832 // dataRef,
833 // &error);
834 // if (error) throw Error("Fail to configure decrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]835
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]836 // CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error);
837 // if (error)
838 // {
839 // CFShow(error);
840 // throw Error("Fail to decrypt data");
841 // }
842 // if (!output) throw Error("Output is NULL!\n");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]843
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]844 // return make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output));
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]845}
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]846
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]847void
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]848SecTpmOsx::addAppToAcl(const Name& keyName, KeyClass keyClass, const string& appPath, AclType acl)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]849{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]850 if (keyClass == KEY_CLASS_PRIVATE && acl == ACL_TYPE_PRIVATE)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]851 {
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]852 CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, keyClass);
853 if (privateKey.get() == 0)
854 {
855 throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain");
856 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]857
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]858 CFReleaser<SecAccessRef> accRef;
859 OSStatus acc_res = SecKeychainItemCopyAccess(privateKey.get(), &accRef.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]860
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]861 CFReleaser<CFArrayRef> signACL = SecAccessCopyMatchingACLList(accRef.get(),
862 kSecACLAuthorizationSign);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]863
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]864 SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(signACL.get(), 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]865
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]866 CFReleaser<CFArrayRef> appList;
867 CFReleaser<CFStringRef> description;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]868 SecKeychainPromptSelector promptSelector;
869 OSStatus acl_res = SecACLCopyContents(aclRef,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]870 &appList.get(),
871 &description.get(),
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]872 &promptSelector);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]873
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]874 CFReleaser<CFMutableArrayRef> newAppList = CFArrayCreateMutableCopy(0,
875 0,
876 appList.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]877
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]878 CFReleaser<SecTrustedApplicationRef> trustedApp;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]879 acl_res = SecTrustedApplicationCreateFromPath(appPath.c_str(),
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]880 &trustedApp.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]881
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]882 CFArrayAppendValue(newAppList.get(), trustedApp.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]883
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]884 acl_res = SecACLSetContents(aclRef,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]885 newAppList.get(),
886 description.get(),
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]887 promptSelector);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]888
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]889 acc_res = SecKeychainItemSetAccess(privateKey.get(), accRef.get());
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]890 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]891}
892
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]893ConstBufferPtr
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]894SecTpmOsx::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]895{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]896 throw Error("SecTpmOsx::encryptInTpm is not supported");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]897
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]898 // KeyClass keyClass;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]899 // if (sym)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]900 // keyClass = KEY_CLASS_SYMMETRIC;
901 // else
902 // keyClass = KEY_CLASS_PUBLIC;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]903
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]904 // CFDataRef dataRef = CFDataCreate(0,
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]905 // reinterpret_cast<const unsigned char*>(data),
906 // dataLength
907 // );
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]908
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]909 // CFReleaser<SecKeyRef> encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass);
910 // if (encryptKey.get() == 0)
911 // {
912 // throw Error("Encryption key [" + ???? + "] does not exist in OSX Keychain");
913 // }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]914
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]915 // CFErrorRef error;
916 // SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error);
917 // if (error) throw Error("Fail to create encrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]918
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]919 // Boolean set_res = SecTransformSetAttribute(encrypt,
920 // kSecTransformInputAttributeName,
921 // dataRef,
922 // &error);
923 // if (error) throw Error("Fail to configure encrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]924
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]925 // CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error);
926 // if (error) throw Error("Fail to encrypt data");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]927
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]928 // if (!output) throw Error("Output is NULL!\n");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]929
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]930 // return make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output));
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]931}
932
933bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]934SecTpmOsx::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]935{
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]936 string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass);
937
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]938 CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0,
939 keyNameUri.c_str(),
940 kCFStringEncodingUTF8);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]941
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]942 CFReleaser<CFMutableDictionaryRef> attrDict =
943 CFDictionaryCreateMutable(0,
944 4,
945 &kCFTypeDictionaryKeyCallBacks,
946 0);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]947
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]948 CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey);
949 // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, m_impl->getKeyClass(keyClass));
950 CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
951 CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]952
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]953 CFReleaser<SecKeychainItemRef> itemRef;
954 OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]955
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]956 if (res == errSecSuccess)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]957 return true;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]958 else
959 return false;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]960
961}
962
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]963bool
964SecTpmOsx::generateRandomBlock(uint8_t* res, size_t size)
965{
966 return (SecRandomCopyBytes(kSecRandomDefault, size, res) == 0);
967}
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]968
969////////////////////////////////
970// OSXPrivateKeyStorage::Impl //
971////////////////////////////////
972
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]973CFReleaser<SecKeychainItemRef>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]974SecTpmOsx::Impl::getKey(const Name& keyName, KeyClass keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]975{
976 string keyNameUri = toInternalKeyName(keyName, keyClass);
977
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]978 CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0,
979 keyNameUri.c_str(),
980 kCFStringEncodingUTF8);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]981
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]982 CFReleaser<CFMutableDictionaryRef> attrDict =
983 CFDictionaryCreateMutable(0,
984 5,
985 &kCFTypeDictionaryKeyCallBacks,
986 0);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]987
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]988 CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey);
989 CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
990 CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, getKeyClass(keyClass));
991 CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]992
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame]993 CFReleaser<SecKeychainItemRef> keyItem;
994 OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&keyItem.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]995
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]996 if (res != errSecSuccess)
997 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]998 else
999 return keyItem;
1000}
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1001
1002string
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1003SecTpmOsx::Impl::toInternalKeyName(const Name& keyName, KeyClass keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1004{
1005 string keyUri = keyName.toUri();
1006
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1007 if (KEY_CLASS_SYMMETRIC == keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1008 return keyUri + "/symmetric";
1009 else
1010 return keyUri;
1011}
1012
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]1013CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1014SecTpmOsx::Impl::getAsymKeyType(KeyType keyType)
1015{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1016 switch (keyType){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1017 case KEY_TYPE_RSA:
1018 return kSecAttrKeyTypeRSA;
1019 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1020 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1021 }
1022}
1023
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]1024CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1025SecTpmOsx::Impl::getSymKeyType(KeyType keyType)
1026{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1027 switch (keyType){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1028 case KEY_TYPE_AES:
1029 return kSecAttrKeyTypeAES;
1030 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1031 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1032 }
1033}
1034
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]1035CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1036SecTpmOsx::Impl::getKeyClass(KeyClass keyClass)
1037{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1038 switch (keyClass){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1039 case KEY_CLASS_PRIVATE:
1040 return kSecAttrKeyClassPrivate;
1041 case KEY_CLASS_PUBLIC:
1042 return kSecAttrKeyClassPublic;
1043 case KEY_CLASS_SYMMETRIC:
1044 return kSecAttrKeyClassSymmetric;
1045 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1046 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1047 }
1048}
1049
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]1050CFStringRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1051SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
1052{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1053 switch (digestAlgo){
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1054 // case DIGEST_MD2:
1055 // return kSecDigestMD2;
1056 // case DIGEST_MD5:
1057 // return kSecDigestMD5;
1058 // case DIGEST_SHA1:
1059 // return kSecDigestSHA1;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1060 case DIGEST_ALGORITHM_SHA256:
1061 return kSecDigestSHA2;
1062 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1063 return 0;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1064 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1065}
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1066
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1067long
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1068SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo)
1069{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1070 switch (digestAlgo){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1071 case DIGEST_ALGORITHM_SHA256:
1072 return 256;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1073 // case DIGEST_SHA1:
1074 // case DIGEST_MD2:
1075 // case DIGEST_MD5:
1076 // return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1077 default:
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1078 return -1;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1079 }
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1080}
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1081
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]1082} // namespace ndn