Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / f82d13a4741796b46371efdf938f5dfc1266e99a / . / src / security / sec-tpm-osx.cpp
blob: a7e1cd9edc6fc91f0f9cafcba9d3114cd7c3946d [file] [log] [blame]
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]13 */
14
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]15#include "common.hpp"
16
Alexander Afanasyev19508852014-01-29 01:01:51 -0800[diff] [blame]17#include "sec-tpm-osx.hpp"
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]18#include "public-key.hpp"
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]19#include "cryptopp.hpp"
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]20
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]21#include <pwd.h>
22#include <unistd.h>
23#include <stdlib.h>
24#include <string.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]25
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]26#include <CoreFoundation/CoreFoundation.h>
27#include <Security/Security.h>
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]28#include <Security/SecRandom.h>
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]29#include <CoreServices/CoreServices.h>
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]30
Alexander Afanasyev59d67a52014-04-03 16:09:31 -0700[diff] [blame]31#include <Security/SecDigestTransform.h>
32
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]33using namespace std;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]34
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]35namespace ndn {
36
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]37/**
38 * @brief Helper class to wrap CoreFoundation object pointers
39 *
40 * The class is similar in spirit to shared_ptr, but uses CoreFoundation
41 * mechanisms to retain/release object.
42 *
43 * Original implementation by Christopher Hunt and it was borrowed from
44 * http://www.cocoabuilder.com/archive/cocoa/130776-auto-cfrelease-and.html
45 */
46template<class T>
47class CFReleaser
48{
49public:
50 //////////////////////////////
51 // Construction/destruction //
52
53 CFReleaser()
54 : m_typeRef(0)
55 {
56 }
57
58 CFReleaser(const T& typeRef)
59 : m_typeRef(typeRef)
60 {
61 }
62
63 CFReleaser(const CFReleaser& inReleaser)
64 : m_typeRef(0)
65 {
66 retain(inReleaser.m_typeRef);
67 }
68
69 CFReleaser&
70 operator=(const T& typeRef)
71 {
72 if (typeRef != m_typeRef) {
73 release();
74 m_typeRef = typeRef;
75 }
76 return *this;
77 }
78
79 CFReleaser&
80 operator=(const CFReleaser& inReleaser)
81 {
82 retain(inReleaser.m_typeRef);
83 return *this;
84 }
85
86 ~CFReleaser()
87 {
88 release();
89 }
90
91 ////////////
92 // Access //
93
94 // operator const T&() const
95 // {
96 // return m_typeRef;
97 // }
98
99 // operator T&()
100 // {
101 // return m_typeRef;
102 // }
103
104 const T&
105 get() const
106 {
107 return m_typeRef;
108 }
109
110 T&
111 get()
112 {
113 return m_typeRef;
114 }
115
116 ///////////////////
117 // Miscellaneous //
118
119 void
120 retain(const T& typeRef)
121 {
122 if (typeRef != 0) {
123 CFRetain(typeRef);
124 }
125 release();
126 m_typeRef = typeRef;
127 }
128
129 void release()
130 {
131 if (m_typeRef != 0) {
132 CFRelease(m_typeRef);
133 m_typeRef = 0;
134 }
135 };
136
137private:
138 T m_typeRef;
139};
140
141
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]142class SecTpmOsx::Impl
143{
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]144public:
145 Impl()
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]146 : m_passwordSet(false)
147 , m_inTerminal(false)
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]148 {
149 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]150
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]151 /**
152 * @brief Convert NDN name of a key to internal name of the key.
153 *
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]154 * @param keyName
155 * @param keyClass
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]156 * @return the internal key name
157 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]158 std::string
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]159 toInternalKeyName(const Name& keyName, KeyClass keyClass);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]160
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]161 /**
162 * @brief Get key.
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]163 *
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]164 * @param keyName
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]165 * @param keyClass
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]166 * @returns pointer to the key
167 */
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]168 CFReleaser<SecKeychainItemRef>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]169 getKey(const Name& keyName, KeyClass keyClass);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]170
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]171 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]172 * @brief Convert keyType to MAC OS symmetric key key type
173 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]174 * @param keyType
175 * @returns MAC OS key type
176 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]177 const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]178 getSymKeyType(KeyType keyType);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]179
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]180 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]181 * @brief Convert keyType to MAC OS asymmetirc key type
182 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]183 * @param keyType
184 * @returns MAC OS key type
185 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]186 const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]187 getAsymKeyType(KeyType keyType);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]188
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]189 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]190 * @brief Convert keyClass to MAC OS key class
191 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]192 * @param keyClass
193 * @returns MAC OS key class
194 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]195 const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]196 getKeyClass(KeyClass keyClass);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]197
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]198 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]199 * @brief Convert digestAlgo to MAC OS algorithm id
200 *
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]201 * @param digestAlgo
202 * @returns MAC OS algorithm id
203 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]204 const CFStringRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]205 getDigestAlgorithm(DigestAlgorithm digestAlgo);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]206
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]207 /**
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]208 * @brief Get the digest size of the corresponding algorithm
209 *
210 * @param digestAlgo
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]211 * @return digest size
212 */
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]213 long
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]214 getDigestSize(DigestAlgorithm digestAlgo);
215
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]216 ///////////////////////////////////////////////
217 // everything here is public, including data //
218 ///////////////////////////////////////////////
219public:
220 SecKeychainRef m_keyChainRef;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]221 bool m_passwordSet;
222 string m_password;
223 bool m_inTerminal;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]224};
225
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]226SecTpmOsx::SecTpmOsx()
227 : m_impl(new Impl)
228{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]229 if (m_impl->m_inTerminal)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]230 SecKeychainSetUserInteractionAllowed(false);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]231 else
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]232 SecKeychainSetUserInteractionAllowed(true);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]233
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]234 OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]235
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]236 if (res == errSecNoDefaultKeychain) //If no default key chain, create one.
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]237 throw Error("No default keychain, create one first!");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]238}
239
240SecTpmOsx::~SecTpmOsx(){
241 //TODO: implement
242}
243
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]244void
245SecTpmOsx::setTpmPassword(const uint8_t* password, size_t passwordLength)
246{
247 m_impl->m_passwordSet = true;
248 memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());
249 m_impl->m_password.clear();
250 m_impl->m_password.append(reinterpret_cast<const char*>(password), passwordLength);
251}
252
253void
254SecTpmOsx::resetTpmPassword()
255{
256 m_impl->m_passwordSet = false;
257 memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());
258 m_impl->m_password.clear();
259}
260
261void
262SecTpmOsx::setInTerminal(bool inTerminal)
263{
264 m_impl->m_inTerminal = inTerminal;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]265 if (inTerminal)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]266 SecKeychainSetUserInteractionAllowed(false);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]267 else
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]268 SecKeychainSetUserInteractionAllowed(true);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]269}
270
271bool
272SecTpmOsx::getInTerminal()
273{
274 return m_impl->m_inTerminal;
275}
276
277bool
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]278SecTpmOsx::isLocked()
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]279{
280 SecKeychainStatus keychainStatus;
281
282 OSStatus res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]283 if (res != errSecSuccess)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]284 return true;
285 else
286 return ((kSecUnlockStateStatus & keychainStatus) == 0);
287}
288
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]289bool
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]290SecTpmOsx::unlockTpm(const char* password, size_t passwordLength, bool usePassword)
291{
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]292 OSStatus res;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]293
294 // If the default key chain is already unlocked, return immediately.
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]295 if (!isLocked())
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]296 return true;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]297
298 // If the default key chain is locked, unlock the key chain.
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]299 if (usePassword)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]300 {
301 // Use the supplied password.
302 res = SecKeychainUnlock(m_impl->m_keyChainRef,
303 passwordLength,
304 password,
305 true);
306 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]307 else if (m_impl->m_passwordSet)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]308 {
309 // If no password supplied, then use the configured password if exists.
310 SecKeychainUnlock(m_impl->m_keyChainRef,
311 m_impl->m_password.size(),
312 m_impl->m_password.c_str(),
313 true);
314 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]315 else if (m_impl->m_inTerminal)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]316 {
317 // If no configured password, get password from terminal if inTerminal set.
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]318 bool isLocked = true;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]319 const char* fmt = "Password to unlock the default keychain: ";
320 int count = 0;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]321
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]322 while (isLocked)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]323 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]324 if (count > 2)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]325 break;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]326
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]327 char* getPassword = 0;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]328 getPassword = getpass(fmt);
329 count++;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]330
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]331 if (!getPassword)
332 continue;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]333
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]334 res = SecKeychainUnlock(m_impl->m_keyChainRef,
335 strlen(getPassword),
336 getPassword,
337 true);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]338
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]339 memset(getPassword, 0, strlen(getPassword));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]340
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]341 if (res == errSecSuccess)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]342 break;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]343 }
344 }
345 else
346 {
347 // If inTerminal is not set, get the password from GUI.
348 SecKeychainUnlock(m_impl->m_keyChainRef, 0, 0, false);
349 }
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]350
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]351 return !isLocked();
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]352}
353
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]354void
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]355SecTpmOsx::generateKeyPairInTpmInternal(const Name& keyName, KeyType keyType,
356 int keySize, bool needRetry)
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]357{
358
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]359 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
360 {
361 throw Error("keyName has existed");
362 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]363
364 string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_PUBLIC);
365
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]366 CFReleaser<CFStringRef> keyLabel =
367 CFStringCreateWithCString(0,
368 keyNameUri.c_str(),
369 kCFStringEncodingUTF8);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]370
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]371 CFReleaser<CFMutableDictionaryRef> attrDict =
372 CFDictionaryCreateMutable(0,
373 3,
374 &kCFTypeDictionaryKeyCallBacks,
375 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]376
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]377 CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]378
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]379 CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getAsymKeyType(keyType));
380 CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get());
381 CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]382
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]383 CFReleaser<SecKeyRef> publicKey, privateKey;
384 OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict.get(),
385 &publicKey.get(), &privateKey.get());
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]386
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]387 if (res == errSecSuccess)
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]388 {
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]389 return;
390 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]391
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]392 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]393 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]394 if (unlockTpm(0, 0, false))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]395 generateKeyPairInTpmInternal(keyName, keyType, keySize, true);
396 else
397 throw Error("Fail to unlock the keychain");
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]398 }
399 else
400 {
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]401 throw Error("Fail to create a key pair");
402 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]403}
404
405void
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]406SecTpmOsx::deleteKeyPairInTpmInternal(const Name& keyName, bool needRetry)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]407{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]408 CFReleaser<CFStringRef> keyLabel =
409 CFStringCreateWithCString(0,
410 keyName.toUri().c_str(),
411 kCFStringEncodingUTF8);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]412
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]413 CFReleaser<CFMutableDictionaryRef> searchDict =
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]414 CFDictionaryCreateMutable(0, 5,
415 &kCFTypeDictionaryKeyCallBacks,
416 &kCFTypeDictionaryValueCallBacks);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]417
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]418 CFDictionaryAddValue(searchDict.get(), kSecClass, kSecClassKey);
419 CFDictionaryAddValue(searchDict.get(), kSecAttrLabel, keyLabel.get());
420 CFDictionaryAddValue(searchDict.get(), kSecMatchLimit, kSecMatchLimitAll);
421 OSStatus res = SecItemDelete(searchDict.get());
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]422
423 if (res == errSecSuccess)
424 return;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]425
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]426 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]427 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]428 if (unlockTpm(0, 0, false))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]429 deleteKeyPairInTpmInternal(keyName, true);
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]430 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]431}
432
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]433void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]434SecTpmOsx::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]435{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]436 throw Error("SecTpmOsx::generateSymmetricKeyInTpm is not supported");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]437 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]438 // throw Error("keyName has existed!");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]439
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]440 // string keyNameUri = m_impl->toInternalKeyName(keyName, KEY_CLASS_SYMMETRIC);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]441
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]442 // CFReleaser<CFMutableDictionaryRef> attrDict =
443 // CFDictionaryCreateMutable(kCFAllocatorDefault,
444 // 0,
445 // &kCFTypeDictionaryKeyCallBacks,
446 // &kCFTypeDictionaryValueCallBacks);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]447
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]448 // CFReleaser<CFStringRef> keyLabel =
449 // CFStringCreateWithCString(0,
450 // keyNameUri.c_str(),
451 // kCFStringEncodingUTF8);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]452
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]453 // CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize);
454
455 // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getSymKeyType(keyType));
456 // CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get());
457 // CFDictionaryAddValue(attrDict.get(), kSecAttrIsPermanent, kCFBooleanTrue);
458 // CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]459
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]460 // CFErrorRef error = 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]461
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]462 // SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]463
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]464 // if (error)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]465 // throw Error("Fail to create a symmetric key");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]466}
467
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]468shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]469SecTpmOsx::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]470{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]471 CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KEY_CLASS_PUBLIC);
472 if (publicKey.get() == 0)
473 {
474 throw Error("Requested public key [" + keyName.toUri() + "] does not exist in OSX Keychain");
475 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]476
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]477 CFReleaser<CFDataRef> exportedKey;
478 OSStatus res = SecItemExport(publicKey.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]479 kSecFormatOpenSSL,
480 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]481 0,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]482 &exportedKey.get());
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]483 if (res != errSecSuccess)
484 {
485 throw Error("Cannot export requested public key from OSX Keychain");
486 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]487
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]488 shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()),
489 CFDataGetLength(exportedKey.get()));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]490 return key;
491}
492
493ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]494SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]495{
496 using namespace CryptoPP;
497
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]498 CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE);
499 if (privateKey.get() == 0)
500 {
501 /// @todo Can this happen because of keychain is locked?
502 throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain");
503 }
504
505 CFReleaser<CFDataRef> exportedKey;
506 OSStatus res = SecItemExport(privateKey.get(),
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]507 kSecFormatOpenSSL,
508 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]509 0,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]510 &exportedKey.get());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]511
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]512 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]513 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]514 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]515 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]516 if (unlockTpm(0, 0, false))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]517 return exportPrivateKeyPkcs8FromTpmInternal(keyName, true);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]518 else
519 return shared_ptr<Buffer>();
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]520 }
521 else
522 return shared_ptr<Buffer>();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]523 }
524
525 OBufferStream pkcs1Os;
526 FileSink sink(pkcs1Os);
527
528 uint32_t version = 0;
529 OID algorithm("1.2.840.113549.1.1.1");
530 SecByteBlock rawKeyBits;
531 // PrivateKeyInfo ::= SEQUENCE {
532 // version INTEGER,
533 // privateKeyAlgorithm SEQUENCE,
534 // privateKey OCTECT STRING}
535 DERSequenceEncoder privateKeyInfo(sink);
536 {
537 DEREncodeUnsigned<uint32_t>(privateKeyInfo, version, INTEGER);
538 DERSequenceEncoder privateKeyAlgorithm(privateKeyInfo);
539 {
540 algorithm.encode(privateKeyAlgorithm);
541 DEREncodeNull(privateKeyAlgorithm);
542 }
543 privateKeyAlgorithm.MessageEnd();
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]544 DEREncodeOctetString(privateKeyInfo,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]545 CFDataGetBytePtr(exportedKey.get()),
546 CFDataGetLength(exportedKey.get()));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]547 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]548 privateKeyInfo.MessageEnd();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]549
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]550 return pkcs1Os.buf();
551}
552
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]553#ifdef __GNUC__
554#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
555#pragma GCC diagnostic push
556#endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
557#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
558#endif // __GNUC__
559
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]560bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]561SecTpmOsx::importPrivateKeyPkcs8IntoTpmInternal(const Name& keyName,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]562 const uint8_t* buf, size_t size,
563 bool needRetry)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]564{
565 using namespace CryptoPP;
566
567 StringSource privateKeySource(buf, size, true);
568 uint32_t tmpNum;
569 OID tmpOID;
570 SecByteBlock rawKeyBits;
571 // PrivateKeyInfo ::= SEQUENCE {
572 // INTEGER,
573 // SEQUENCE,
574 // OCTECT STRING}
575 BERSequenceDecoder privateKeyInfo(privateKeySource);
576 {
577 BERDecodeUnsigned<uint32_t>(privateKeyInfo, tmpNum, INTEGER);
578 BERSequenceDecoder sequenceDecoder(privateKeyInfo);
579 {
580 tmpOID.decode(sequenceDecoder);
581 BERDecodeNull(sequenceDecoder);
582 }
583 BERDecodeOctetString(privateKeyInfo, rawKeyBits);
584 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]585 privateKeyInfo.MessageEnd();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]586
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]587 CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0,
588 rawKeyBits.BytePtr(),
589 rawKeyBits.size(),
590 kCFAllocatorNull);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]591
592 SecExternalFormat externalFormat = kSecFormatOpenSSL;
593 SecExternalItemType externalType = kSecItemTypePrivateKey;
594 SecKeyImportExportParameters keyParams;
595 memset(&keyParams, 0, sizeof(keyParams));
596 keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
597 keyParams.keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT;
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]598 CFReleaser<SecAccessRef> access;
599 CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0,
600 keyName.toUri().c_str(),
601 kCFStringEncodingUTF8);
602 SecAccessCreate(keyLabel.get(), 0, &access.get());
603 keyParams.accessRef = access.get();
604 CFReleaser<CFArrayRef> outItems;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]605
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]606#ifdef __clang__
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]607#pragma clang diagnostic push
608#pragma clang diagnostic ignored "-Wdeprecated-declarations"
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]609#endif // __clang__
610
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]611 OSStatus res = SecKeychainItemImport(importedKey.get(),
612 0,
613 &externalFormat,
614 &externalType,
615 0,
616 &keyParams,
617 m_impl->m_keyChainRef,
618 &outItems.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]619
620#ifdef __clang__
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]621#pragma clang diagnostic pop
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]622#endif // __clang__
623
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]624 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]625 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]626 if (res == errSecAuthFailed && !needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]627 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]628 if (unlockTpm(0, 0, false))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]629 return importPrivateKeyPkcs8IntoTpmInternal(keyName, buf, size, true);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]630 else
631 return false;
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]632 }
633 else
634 return false;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]635 }
636
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]637 SecKeychainItemRef privateKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]638 SecKeychainAttribute attrs[1]; // maximum number of attributes
639 SecKeychainAttributeList attrList = { 0, attrs };
640 string keyUri = keyName.toUri();
641 {
642 attrs[attrList.count].tag = kSecKeyPrintName;
643 attrs[attrList.count].length = keyUri.size();
644 attrs[attrList.count].data = (void *)keyUri.c_str();
645 attrList.count++;
646 }
647
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]648 res = SecKeychainItemModifyAttributesAndData(privateKey,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]649 &attrList,
650 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]651 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]652
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]653 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]654 {
655 return false;
656 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]657
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]658 return true;
659}
660
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]661#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
662#pragma GCC diagnostic pop
663#endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
664
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]665bool
666SecTpmOsx::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
667{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]668 CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0,
669 buf,
670 size,
671 kCFAllocatorNull);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]672
673 SecExternalFormat externalFormat = kSecFormatOpenSSL;
674 SecExternalItemType externalType = kSecItemTypePublicKey;
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]675 CFReleaser<CFArrayRef> outItems;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]676
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]677 OSStatus res = SecItemImport(importedKey.get(),
678 0,
679 &externalFormat,
680 &externalType,
681 0,
682 0,
683 m_impl->m_keyChainRef,
684 &outItems.get());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]685
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]686 if (res != errSecSuccess)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]687 return false;
688
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]689 SecKeychainItemRef publicKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]690 SecKeychainAttribute attrs[1]; // maximum number of attributes
691 SecKeychainAttributeList attrList = { 0, attrs };
692 string keyUri = keyName.toUri();
693 {
694 attrs[attrList.count].tag = kSecKeyPrintName;
695 attrs[attrList.count].length = keyUri.size();
696 attrs[attrList.count].data = (void *)keyUri.c_str();
697 attrList.count++;
698 }
699
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]700 res = SecKeychainItemModifyAttributesAndData(publicKey,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]701 &attrList,
702 0,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]703 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]704
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]705 if (res != errSecSuccess)
Alexander Afanasyev60c86812014-02-20 15:19:33 -0800[diff] [blame]706 return false;
707
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]708 return true;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]709}
710
711Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]712SecTpmOsx::signInTpmInternal(const uint8_t* data, size_t dataLength,
713 const Name& keyName, DigestAlgorithm digestAlgorithm, bool needRetry)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]714{
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]715 CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(0,
716 data,
717 dataLength,
718 kCFAllocatorNull);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]719
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]720 CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KEY_CLASS_PRIVATE);
721 if (privateKey.get() == 0)
722 {
723 throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain");
724 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]725
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]726 CFReleaser<CFErrorRef> error;
727 CFReleaser<SecTransformRef> signer = SecSignTransformCreate((SecKeyRef)privateKey.get(),
728 &error.get());
729 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]730 throw Error("Fail to create signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]731
732 // Set input
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]733 Boolean set_res = SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]734 kSecTransformInputAttributeName,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]735 dataRef.get(),
736 &error.get());
737 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]738 throw Error("Fail to configure input of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]739
740 // Enable use of padding
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]741 SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]742 kSecPaddingKey,
743 kSecPaddingPKCS1Key,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]744 &error.get());
745 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]746 throw Error("Fail to configure digest algorithm of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]747
748 // Set padding type
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]749 set_res = SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]750 kSecDigestTypeAttribute,
751 m_impl->getDigestAlgorithm(digestAlgorithm),
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]752 &error.get());
753 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]754 throw Error("Fail to configure digest algorithm of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]755
756 // Set padding attribute
757 long digestSize = m_impl->getDigestSize(digestAlgorithm);
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]758 CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(0, kCFNumberLongType, &digestSize);
759 set_res = SecTransformSetAttribute(signer.get(),
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]760 kSecDigestLengthAttribute,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]761 cfDigestSize.get(),
762 &error.get());
763 if (error.get() != 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]764 throw Error("Fail to configure digest size of signer");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]765
766 // Actually sign
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]767 CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get());
768 if (error.get() != 0)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]769 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]770 if (!needRetry)
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]771 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]772 if (unlockTpm(0, 0, false))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]773 return signInTpmInternal(data, dataLength, keyName, digestAlgorithm, true);
774 else
775 throw Error("Fail to unlock the keychain");
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]776 }
777 else
778 {
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]779 CFShow(error.get());
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]780 throw Error("Fail to sign data");
781 }
782 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]783
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]784 if (signature.get() == 0)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]785 throw Error("Signature is NULL!\n");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]786
787 return Block(Tlv::SignatureValue,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]788 make_shared<Buffer>(CFDataGetBytePtr(signature.get()),
789 CFDataGetLength(signature.get())));
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]790}
791
792ConstBufferPtr
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]793SecTpmOsx::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]794{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]795 throw Error("SecTpmOsx::decryptInTpm is not supported");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]796
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]797 // KeyClass keyClass;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]798 // if (sym)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]799 // keyClass = KEY_CLASS_SYMMETRIC;
800 // else
801 // keyClass = KEY_CLASS_PRIVATE;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]802
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]803 // CFDataRef dataRef = CFDataCreate(0,
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]804 // reinterpret_cast<const unsigned char*>(data),
805 // dataLength
806 // );
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]807
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]808 // CFReleaser<SecKeyRef> decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass);
809 // if (decryptKey.get() == 0)
810 // {
811 // /// @todo Can this happen because of keychain is locked?
812 // throw Error("Decruption key [" + ??? + "] does not exist in OSX Keychain");
813 // }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]814
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]815 // CFErrorRef error;
816 // SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error);
817 // if (error) throw Error("Fail to create decrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]818
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]819 // Boolean set_res = SecTransformSetAttribute(decrypt,
820 // kSecTransformInputAttributeName,
821 // dataRef,
822 // &error);
823 // if (error) throw Error("Fail to configure decrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]824
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]825 // CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error);
826 // if (error)
827 // {
828 // CFShow(error);
829 // throw Error("Fail to decrypt data");
830 // }
831 // if (!output) throw Error("Output is NULL!\n");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]832
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]833 // return make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output));
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]834}
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]835
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]836void
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]837SecTpmOsx::addAppToAcl(const Name& keyName, KeyClass keyClass, const string& appPath, AclType acl)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]838{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]839 if (keyClass == KEY_CLASS_PRIVATE && acl == ACL_TYPE_PRIVATE)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]840 {
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]841 CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, keyClass);
842 if (privateKey.get() == 0)
843 {
844 throw Error("Private key [" + keyName.toUri() + "] does not exist in OSX Keychain");
845 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]846
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]847 CFReleaser<SecAccessRef> accRef;
848 OSStatus acc_res = SecKeychainItemCopyAccess(privateKey.get(), &accRef.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]849
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]850 CFReleaser<CFArrayRef> signACL = SecAccessCopyMatchingACLList(accRef.get(),
851 kSecACLAuthorizationSign);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]852
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]853 SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(signACL.get(), 0);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]854
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]855 CFReleaser<CFArrayRef> appList;
856 CFReleaser<CFStringRef> description;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]857 SecKeychainPromptSelector promptSelector;
858 OSStatus acl_res = SecACLCopyContents(aclRef,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]859 &appList.get(),
860 &description.get(),
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]861 &promptSelector);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]862
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]863 CFReleaser<CFMutableArrayRef> newAppList = CFArrayCreateMutableCopy(0,
864 0,
865 appList.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]866
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]867 CFReleaser<SecTrustedApplicationRef> trustedApp;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]868 acl_res = SecTrustedApplicationCreateFromPath(appPath.c_str(),
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]869 &trustedApp.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]870
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]871 CFArrayAppendValue(newAppList.get(), trustedApp.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]872
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]873 acl_res = SecACLSetContents(aclRef,
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]874 newAppList.get(),
875 description.get(),
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]876 promptSelector);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]877
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]878 acc_res = SecKeychainItemSetAccess(privateKey.get(), accRef.get());
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]879 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]880}
881
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]882ConstBufferPtr
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]883SecTpmOsx::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]884{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]885 throw Error("SecTpmOsx::encryptInTpm is not supported");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]886
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]887 // KeyClass keyClass;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]888 // if (sym)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]889 // keyClass = KEY_CLASS_SYMMETRIC;
890 // else
891 // keyClass = KEY_CLASS_PUBLIC;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]892
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]893 // CFDataRef dataRef = CFDataCreate(0,
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]894 // reinterpret_cast<const unsigned char*>(data),
895 // dataLength
896 // );
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]897
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]898 // CFReleaser<SecKeyRef> encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass);
899 // if (encryptKey.get() == 0)
900 // {
901 // throw Error("Encryption key [" + ???? + "] does not exist in OSX Keychain");
902 // }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]903
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]904 // CFErrorRef error;
905 // SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error);
906 // if (error) throw Error("Fail to create encrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]907
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]908 // Boolean set_res = SecTransformSetAttribute(encrypt,
909 // kSecTransformInputAttributeName,
910 // dataRef,
911 // &error);
912 // if (error) throw Error("Fail to configure encrypt");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]913
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]914 // CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error);
915 // if (error) throw Error("Fail to encrypt data");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]916
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]917 // if (!output) throw Error("Output is NULL!\n");
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]918
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]919 // return make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output));
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]920}
921
922bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]923SecTpmOsx::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]924{
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]925 string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass);
926
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]927 CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0,
928 keyNameUri.c_str(),
929 kCFStringEncodingUTF8);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]930
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]931 CFReleaser<CFMutableDictionaryRef> attrDict =
932 CFDictionaryCreateMutable(0,
933 4,
934 &kCFTypeDictionaryKeyCallBacks,
935 0);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]936
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]937 CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey);
938 // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, m_impl->getKeyClass(keyClass));
939 CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
940 CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]941
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]942 CFReleaser<SecKeychainItemRef> itemRef;
943 OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]944
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]945 if (res == errSecSuccess)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]946 return true;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]947 else
948 return false;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]949
950}
951
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]952bool
953SecTpmOsx::generateRandomBlock(uint8_t* res, size_t size)
954{
955 return (SecRandomCopyBytes(kSecRandomDefault, size, res) == 0);
956}
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]957
958////////////////////////////////
959// OSXPrivateKeyStorage::Impl //
960////////////////////////////////
961
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]962CFReleaser<SecKeychainItemRef>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]963SecTpmOsx::Impl::getKey(const Name& keyName, KeyClass keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]964{
965 string keyNameUri = toInternalKeyName(keyName, keyClass);
966
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]967 CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0,
968 keyNameUri.c_str(),
969 kCFStringEncodingUTF8);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]970
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]971 CFReleaser<CFMutableDictionaryRef> attrDict =
972 CFDictionaryCreateMutable(0,
973 5,
974 &kCFTypeDictionaryKeyCallBacks,
975 0);
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]976
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]977 CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey);
978 CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get());
979 CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, getKeyClass(keyClass));
980 CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]981
Alexander Afanasyevf82d13a2014-04-30 14:30:19 -0700[diff] [blame^]982 CFReleaser<SecKeychainItemRef> keyItem;
983 OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&keyItem.get());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]984
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]985 if (res != errSecSuccess)
986 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]987 else
988 return keyItem;
989}
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]990
991string
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]992SecTpmOsx::Impl::toInternalKeyName(const Name& keyName, KeyClass keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]993{
994 string keyUri = keyName.toUri();
995
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]996 if (KEY_CLASS_SYMMETRIC == keyClass)
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]997 return keyUri + "/symmetric";
998 else
999 return keyUri;
1000}
1001
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1002const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1003SecTpmOsx::Impl::getAsymKeyType(KeyType keyType)
1004{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1005 switch (keyType){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1006 case KEY_TYPE_RSA:
1007 return kSecAttrKeyTypeRSA;
1008 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1009 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1010 }
1011}
1012
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1013const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1014SecTpmOsx::Impl::getSymKeyType(KeyType keyType)
1015{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1016 switch (keyType){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1017 case KEY_TYPE_AES:
1018 return kSecAttrKeyTypeAES;
1019 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1020 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1021 }
1022}
1023
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1024const CFTypeRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1025SecTpmOsx::Impl::getKeyClass(KeyClass keyClass)
1026{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1027 switch (keyClass){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1028 case KEY_CLASS_PRIVATE:
1029 return kSecAttrKeyClassPrivate;
1030 case KEY_CLASS_PUBLIC:
1031 return kSecAttrKeyClassPublic;
1032 case KEY_CLASS_SYMMETRIC:
1033 return kSecAttrKeyClassSymmetric;
1034 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1035 return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1036 }
1037}
1038
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1039const CFStringRef
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1040SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
1041{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1042 switch (digestAlgo){
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1043 // case DIGEST_MD2:
1044 // return kSecDigestMD2;
1045 // case DIGEST_MD5:
1046 // return kSecDigestMD5;
1047 // case DIGEST_SHA1:
1048 // return kSecDigestSHA1;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1049 case DIGEST_ALGORITHM_SHA256:
1050 return kSecDigestSHA2;
1051 default:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]1052 return 0;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1053 }
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1054}
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1055
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1056long
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1057SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo)
1058{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]1059 switch (digestAlgo){
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1060 case DIGEST_ALGORITHM_SHA256:
1061 return 256;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1062 // case DIGEST_SHA1:
1063 // case DIGEST_MD2:
1064 // case DIGEST_MD5:
1065 // return 0;
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1066 default:
Yingdi Yu2b2b4792014-02-04 16:27:07 -0800[diff] [blame]1067 return -1;
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1068 }
Jeff Thompson2747dc02013-10-04 19:11:34 -0700[diff] [blame]1069}
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]1070
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]1071} // namespace ndn