Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 3 | * Copyright (c) 2013-2017 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 22 | */ |
| 23 | |
Alexander Afanasyev | 1950885 | 2014-01-29 01:01:51 -0800 | [diff] [blame] | 24 | #include "sec-tpm-osx.hpp" |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 25 | #include "public-key.hpp" |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 26 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 27 | #include "../../encoding/oid.hpp" |
| 28 | #include "../../encoding/buffer-stream.hpp" |
| 29 | #include "cryptopp.hpp" |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 30 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 31 | #include <pwd.h> |
| 32 | #include <unistd.h> |
| 33 | #include <stdlib.h> |
| 34 | #include <string.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 35 | |
Alexander Afanasyev | 1c6976d | 2014-07-13 11:40:50 -0700 | [diff] [blame] | 36 | #include <boost/lexical_cast.hpp> |
| 37 | |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 38 | #include <CoreFoundation/CoreFoundation.h> |
| 39 | #include <Security/Security.h> |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 40 | #include <Security/SecRandom.h> |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 41 | #include <CoreServices/CoreServices.h> |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 42 | |
Alexander Afanasyev | 59d67a5 | 2014-04-03 16:09:31 -0700 | [diff] [blame] | 43 | #include <Security/SecDigestTransform.h> |
| 44 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 45 | namespace ndn { |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 46 | namespace security { |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 47 | namespace v1 { |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 48 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 49 | using std::string; |
| 50 | |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 51 | const std::string SecTpmOsx::SCHEME("tpm-osxkeychain"); |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 52 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 53 | /** |
| 54 | * @brief Helper class to wrap CoreFoundation object pointers |
| 55 | * |
| 56 | * The class is similar in spirit to shared_ptr, but uses CoreFoundation |
| 57 | * mechanisms to retain/release object. |
| 58 | * |
| 59 | * Original implementation by Christopher Hunt and it was borrowed from |
| 60 | * http://www.cocoabuilder.com/archive/cocoa/130776-auto-cfrelease-and.html |
| 61 | */ |
| 62 | template<class T> |
| 63 | class CFReleaser |
| 64 | { |
| 65 | public: |
| 66 | ////////////////////////////// |
| 67 | // Construction/destruction // |
| 68 | |
| 69 | CFReleaser() |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 70 | : m_typeRef(nullptr) |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 71 | { |
| 72 | } |
| 73 | |
| 74 | CFReleaser(const T& typeRef) |
| 75 | : m_typeRef(typeRef) |
| 76 | { |
| 77 | } |
| 78 | |
| 79 | CFReleaser(const CFReleaser& inReleaser) |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 80 | : m_typeRef(nullptr) |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 81 | { |
| 82 | retain(inReleaser.m_typeRef); |
| 83 | } |
| 84 | |
| 85 | CFReleaser& |
| 86 | operator=(const T& typeRef) |
| 87 | { |
| 88 | if (typeRef != m_typeRef) { |
| 89 | release(); |
| 90 | m_typeRef = typeRef; |
| 91 | } |
| 92 | return *this; |
| 93 | } |
| 94 | |
| 95 | CFReleaser& |
| 96 | operator=(const CFReleaser& inReleaser) |
| 97 | { |
| 98 | retain(inReleaser.m_typeRef); |
| 99 | return *this; |
| 100 | } |
| 101 | |
| 102 | ~CFReleaser() |
| 103 | { |
| 104 | release(); |
| 105 | } |
| 106 | |
| 107 | //////////// |
| 108 | // Access // |
| 109 | |
| 110 | // operator const T&() const |
| 111 | // { |
| 112 | // return m_typeRef; |
| 113 | // } |
| 114 | |
| 115 | // operator T&() |
| 116 | // { |
| 117 | // return m_typeRef; |
| 118 | // } |
| 119 | |
| 120 | const T& |
| 121 | get() const |
| 122 | { |
| 123 | return m_typeRef; |
| 124 | } |
| 125 | |
| 126 | T& |
| 127 | get() |
| 128 | { |
| 129 | return m_typeRef; |
| 130 | } |
| 131 | |
| 132 | /////////////////// |
| 133 | // Miscellaneous // |
| 134 | |
| 135 | void |
| 136 | retain(const T& typeRef) |
| 137 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 138 | if (typeRef != nullptr) { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 139 | CFRetain(typeRef); |
| 140 | } |
| 141 | release(); |
| 142 | m_typeRef = typeRef; |
| 143 | } |
| 144 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 145 | void |
| 146 | release() |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 147 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 148 | if (m_typeRef != nullptr) { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 149 | CFRelease(m_typeRef); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 150 | m_typeRef = nullptr; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 151 | } |
| 152 | }; |
| 153 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 154 | bool |
| 155 | operator==(std::nullptr_t) |
| 156 | { |
| 157 | return get() == nullptr; |
| 158 | } |
| 159 | |
| 160 | bool |
| 161 | operator!=(std::nullptr_t) |
| 162 | { |
| 163 | return get() != nullptr; |
| 164 | } |
| 165 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 166 | private: |
| 167 | T m_typeRef; |
| 168 | }; |
| 169 | |
| 170 | |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 171 | class SecTpmOsx::Impl |
| 172 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 173 | public: |
| 174 | Impl() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 175 | : m_passwordSet(false) |
| 176 | , m_inTerminal(false) |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 177 | { |
| 178 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 179 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 180 | /** |
| 181 | * @brief Convert NDN name of a key to internal name of the key. |
| 182 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 183 | * @return the internal key name |
| 184 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 185 | std::string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 186 | toInternalKeyName(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 187 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 188 | /** |
| 189 | * @brief Get key. |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 190 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 191 | * @returns pointer to the key |
| 192 | */ |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 193 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 194 | getKey(const Name& keyName, KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 195 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 196 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 197 | * @brief Convert keyType to MAC OS symmetric key key type |
| 198 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 199 | * @returns MAC OS key type |
| 200 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 201 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 202 | getSymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 203 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 204 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 205 | * @brief Convert keyType to MAC OS asymmetirc key type |
| 206 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 207 | * @returns MAC OS key type |
| 208 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 209 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 210 | getAsymKeyType(KeyType keyType); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 211 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 212 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 213 | * @brief Convert keyClass to MAC OS key class |
| 214 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 215 | * @returns MAC OS key class |
| 216 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 217 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 218 | getKeyClass(KeyClass keyClass); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 219 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 220 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 221 | * @brief Convert digestAlgo to MAC OS algorithm id |
| 222 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 223 | * @returns MAC OS algorithm id |
| 224 | */ |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 225 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 226 | getDigestAlgorithm(DigestAlgorithm digestAlgo); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 227 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 228 | /** |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 229 | * @brief Get the digest size of the corresponding algorithm |
| 230 | * |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 231 | * @return digest size |
| 232 | */ |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 233 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 234 | getDigestSize(DigestAlgorithm digestAlgo); |
| 235 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 236 | /////////////////////////////////////////////// |
| 237 | // everything here is public, including data // |
| 238 | /////////////////////////////////////////////// |
| 239 | public: |
| 240 | SecKeychainRef m_keyChainRef; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 241 | bool m_passwordSet; |
| 242 | string m_password; |
| 243 | bool m_inTerminal; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 244 | }; |
| 245 | |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 246 | SecTpmOsx::SecTpmOsx(const std::string& location) |
| 247 | : SecTpm(location) |
| 248 | , m_impl(new Impl) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 249 | { |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 250 | // TODO: add location support |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 251 | if (m_impl->m_inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 252 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 253 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 254 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 255 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 256 | OSStatus res = SecKeychainCopyDefault(&m_impl->m_keyChainRef); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 257 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 258 | if (res == errSecNoDefaultKeychain) //If no default key chain, create one. |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 259 | BOOST_THROW_EXCEPTION(Error("No default keychain, please create one first")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 260 | } |
| 261 | |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 262 | SecTpmOsx::~SecTpmOsx() |
| 263 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 264 | } |
| 265 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 266 | void |
| 267 | SecTpmOsx::setTpmPassword(const uint8_t* password, size_t passwordLength) |
| 268 | { |
| 269 | m_impl->m_passwordSet = true; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 270 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 271 | m_impl->m_password.clear(); |
| 272 | m_impl->m_password.append(reinterpret_cast<const char*>(password), passwordLength); |
| 273 | } |
| 274 | |
| 275 | void |
| 276 | SecTpmOsx::resetTpmPassword() |
| 277 | { |
| 278 | m_impl->m_passwordSet = false; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 279 | std::fill(m_impl->m_password.begin(), m_impl->m_password.end(), 0); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 280 | m_impl->m_password.clear(); |
| 281 | } |
| 282 | |
| 283 | void |
| 284 | SecTpmOsx::setInTerminal(bool inTerminal) |
| 285 | { |
| 286 | m_impl->m_inTerminal = inTerminal; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 287 | if (inTerminal) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 288 | SecKeychainSetUserInteractionAllowed(false); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 289 | else |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 290 | SecKeychainSetUserInteractionAllowed(true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 291 | } |
| 292 | |
| 293 | bool |
Alexander Afanasyev | 770827c | 2014-05-13 17:42:55 -0700 | [diff] [blame] | 294 | SecTpmOsx::getInTerminal() const |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 295 | { |
| 296 | return m_impl->m_inTerminal; |
| 297 | } |
| 298 | |
| 299 | bool |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 300 | SecTpmOsx::isLocked() |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 301 | { |
| 302 | SecKeychainStatus keychainStatus; |
| 303 | |
| 304 | OSStatus res = SecKeychainGetStatus(m_impl->m_keyChainRef, &keychainStatus); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 305 | if (res != errSecSuccess) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 306 | return true; |
| 307 | else |
| 308 | return ((kSecUnlockStateStatus & keychainStatus) == 0); |
| 309 | } |
| 310 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 311 | bool |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 312 | SecTpmOsx::unlockTpm(const char* password, size_t passwordLength, bool usePassword) |
| 313 | { |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 314 | OSStatus res; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 315 | |
| 316 | // If the default key chain is already unlocked, return immediately. |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 317 | if (!isLocked()) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 318 | return true; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 319 | |
| 320 | // If the default key chain is locked, unlock the key chain. |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 321 | if (usePassword) { |
| 322 | // Use the supplied password. |
| 323 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 324 | passwordLength, |
| 325 | password, |
| 326 | true); |
| 327 | } |
| 328 | else if (m_impl->m_passwordSet) { |
| 329 | // If no password supplied, then use the configured password if exists. |
| 330 | SecKeychainUnlock(m_impl->m_keyChainRef, |
| 331 | m_impl->m_password.size(), |
| 332 | m_impl->m_password.c_str(), |
| 333 | true); |
| 334 | } |
Alexander Afanasyev | cf3a667 | 2015-02-01 20:33:22 -0800 | [diff] [blame] | 335 | #ifdef NDN_CXX_HAVE_GETPASS |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 336 | else if (m_impl->m_inTerminal) { |
| 337 | // If no configured password, get password from terminal if inTerminal set. |
| 338 | bool isLocked = true; |
| 339 | const char* fmt = "Password to unlock the default keychain: "; |
| 340 | int count = 0; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 341 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 342 | while (isLocked) { |
| 343 | if (count > 2) |
| 344 | break; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 345 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 346 | char* getPassword = nullptr; |
| 347 | getPassword = getpass(fmt); |
| 348 | count++; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 349 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 350 | if (!getPassword) |
| 351 | continue; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 352 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 353 | res = SecKeychainUnlock(m_impl->m_keyChainRef, |
| 354 | strlen(getPassword), |
| 355 | getPassword, |
| 356 | true); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 357 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 358 | memset(getPassword, 0, strlen(getPassword)); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 359 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 360 | if (res == errSecSuccess) |
| 361 | break; |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 362 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 363 | } |
Alexander Afanasyev | cf3a667 | 2015-02-01 20:33:22 -0800 | [diff] [blame] | 364 | #endif // NDN_CXX_HAVE_GETPASS |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 365 | else { |
| 366 | // If inTerminal is not set, get the password from GUI. |
| 367 | SecKeychainUnlock(m_impl->m_keyChainRef, 0, nullptr, false); |
| 368 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 369 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 370 | return !isLocked(); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 371 | } |
| 372 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 373 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 374 | SecTpmOsx::generateKeyPairInTpmInternal(const Name& keyName, |
| 375 | const KeyParams& params, |
| 376 | bool needRetry) |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 377 | { |
| 378 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 379 | if (doesKeyExistInTpm(keyName, KeyClass::PUBLIC)) { |
| 380 | BOOST_THROW_EXCEPTION(Error("keyName already exists")); |
| 381 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 382 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 383 | string keyNameUri = m_impl->toInternalKeyName(keyName, KeyClass::PUBLIC); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 384 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 385 | CFReleaser<CFStringRef> keyLabel = |
| 386 | CFStringCreateWithCString(0, |
| 387 | keyNameUri.c_str(), |
| 388 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 389 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 390 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 391 | CFDictionaryCreateMutable(0, |
| 392 | 3, |
| 393 | &kCFTypeDictionaryKeyCallBacks, |
| 394 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 395 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 396 | KeyType keyType = params.getKeyType(); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 397 | uint32_t keySize = 0; |
| 398 | switch (keyType) { |
| 399 | case KeyType::RSA: { |
| 400 | const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); |
| 401 | keySize = rsaParams.getKeySize(); |
| 402 | break; |
| 403 | } |
| 404 | |
| 405 | case KeyType::EC: { |
| 406 | const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); |
| 407 | keySize = ecdsaParams.getKeySize(); |
| 408 | break; |
| 409 | } |
| 410 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 411 | default: |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 412 | BOOST_THROW_EXCEPTION(Error("Fail to create a key pair: Unsupported key type")); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 413 | } |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 414 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 415 | CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 416 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 417 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getAsymKeyType(keyType)); |
| 418 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 419 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 420 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 421 | CFReleaser<SecKeyRef> publicKey, privateKey; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 422 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 423 | OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict.get(), |
| 424 | &publicKey.get(), &privateKey.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 425 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 426 | if (res == errSecSuccess) { |
| 427 | return; |
| 428 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 429 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 430 | if (res == errSecAuthFailed && !needRetry) { |
| 431 | if (unlockTpm(nullptr, 0, false)) |
| 432 | generateKeyPairInTpmInternal(keyName, params, true); |
| 433 | else |
| 434 | BOOST_THROW_EXCEPTION(Error("Fail to unlock the keychain")); |
| 435 | } |
| 436 | else { |
| 437 | BOOST_THROW_EXCEPTION(Error("Fail to create a key pair")); |
| 438 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 439 | } |
| 440 | |
| 441 | void |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 442 | SecTpmOsx::deleteKeyPairInTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 443 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 444 | CFReleaser<CFStringRef> keyLabel = |
| 445 | CFStringCreateWithCString(0, |
| 446 | keyName.toUri().c_str(), |
| 447 | kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 448 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 449 | CFReleaser<CFMutableDictionaryRef> searchDict = |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 450 | CFDictionaryCreateMutable(0, 5, |
| 451 | &kCFTypeDictionaryKeyCallBacks, |
| 452 | &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 453 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 454 | CFDictionaryAddValue(searchDict.get(), kSecClass, kSecClassKey); |
| 455 | CFDictionaryAddValue(searchDict.get(), kSecAttrLabel, keyLabel.get()); |
| 456 | CFDictionaryAddValue(searchDict.get(), kSecMatchLimit, kSecMatchLimitAll); |
| 457 | OSStatus res = SecItemDelete(searchDict.get()); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 458 | |
| 459 | if (res == errSecSuccess) |
| 460 | return; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 461 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 462 | if (res == errSecAuthFailed && !needRetry) { |
| 463 | if (unlockTpm(nullptr, 0, false)) |
| 464 | deleteKeyPairInTpmInternal(keyName, true); |
| 465 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 466 | } |
| 467 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 468 | void |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 469 | SecTpmOsx::generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 470 | { |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 471 | BOOST_THROW_EXCEPTION(Error("SecTpmOsx::generateSymmetricKeyInTpm is not supported")); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 472 | // if (doesKeyExistInTpm(keyName, KeyClass::SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 473 | // throw Error("keyName has existed!"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 474 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 475 | // string keyNameUri = m_impl->toInternalKeyName(keyName, KeyClass::SYMMETRIC); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 476 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 477 | // CFReleaser<CFMutableDictionaryRef> attrDict = |
| 478 | // CFDictionaryCreateMutable(kCFAllocatorDefault, |
| 479 | // 0, |
| 480 | // &kCFTypeDictionaryKeyCallBacks, |
| 481 | // &kCFTypeDictionaryValueCallBacks); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 482 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 483 | // CFReleaser<CFStringRef> keyLabel = |
| 484 | // CFStringCreateWithCString(0, |
| 485 | // keyNameUri.c_str(), |
| 486 | // kCFStringEncodingUTF8); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 487 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 488 | // CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(0, kCFNumberIntType, &keySize); |
| 489 | |
| 490 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, m_impl->getSymKeyType(keyType)); |
| 491 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get()); |
| 492 | // CFDictionaryAddValue(attrDict.get(), kSecAttrIsPermanent, kCFBooleanTrue); |
| 493 | // CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 494 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 495 | // CFErrorRef error = 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 496 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 497 | // SecKeyRef symmetricKey = SecKeyGenerateSymmetric(attrDict, &error); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 498 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 499 | // if (error) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 500 | // throw Error("Fail to create a symmetric key"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 501 | } |
| 502 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 503 | shared_ptr<PublicKey> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 504 | SecTpmOsx::getPublicKeyFromTpm(const Name& keyName) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 505 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 506 | CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KeyClass::PUBLIC); |
| 507 | if (publicKey == nullptr) { |
| 508 | BOOST_THROW_EXCEPTION(Error("Requested public key [" + keyName.toUri() + "] does not exist " |
| 509 | "in OSX Keychain")); |
| 510 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 511 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 512 | CFReleaser<CFDataRef> exportedKey; |
| 513 | OSStatus res = SecItemExport(publicKey.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 514 | kSecFormatOpenSSL, |
| 515 | 0, |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 516 | nullptr, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 517 | &exportedKey.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 518 | if (res != errSecSuccess) { |
| 519 | BOOST_THROW_EXCEPTION(Error("Cannot export requested public key from OSX Keychain")); |
| 520 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 521 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 522 | shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()), |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 523 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 524 | return key; |
| 525 | } |
| 526 | |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 527 | std::string |
| 528 | SecTpmOsx::getScheme() |
| 529 | { |
| 530 | return SCHEME; |
| 531 | } |
| 532 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 533 | ConstBufferPtr |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 534 | SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 535 | { |
| 536 | using namespace CryptoPP; |
| 537 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 538 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KeyClass::PRIVATE); |
| 539 | if (privateKey == nullptr) { |
| 540 | /// @todo Can this happen because of keychain is locked? |
| 541 | BOOST_THROW_EXCEPTION(Error("Private key [" + keyName.toUri() + "] does not exist " |
| 542 | "in OSX Keychain")); |
| 543 | } |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 544 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 545 | shared_ptr<PublicKey> publicKey = getPublicKeyFromTpm(keyName); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 546 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 547 | CFReleaser<CFDataRef> exportedKey; |
| 548 | OSStatus res = SecItemExport(privateKey.get(), |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 549 | kSecFormatOpenSSL, |
| 550 | 0, |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 551 | nullptr, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 552 | &exportedKey.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 553 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 554 | if (res != errSecSuccess) { |
| 555 | if (res == errSecAuthFailed && !needRetry) { |
| 556 | if (unlockTpm(nullptr, 0, false)) |
| 557 | return exportPrivateKeyPkcs8FromTpmInternal(keyName, true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 558 | else |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 559 | return nullptr; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 560 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 561 | else |
| 562 | return nullptr; |
| 563 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 564 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 565 | uint32_t version = 0; |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 566 | Oid algorithm; |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 567 | bool hasParameters = false; |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 568 | Oid algorithmParameter; |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 569 | switch (publicKey->getKeyType()) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 570 | case KeyType::RSA: { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 571 | algorithm = oid::RSA; // "RSA encryption" |
| 572 | hasParameters = false; |
| 573 | break; |
| 574 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 575 | |
| 576 | case KeyType::EC: { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 577 | // "ECDSA encryption" |
| 578 | StringSource src(publicKey->get().buf(), publicKey->get().size(), true); |
| 579 | BERSequenceDecoder subjectPublicKeyInfo(src); |
| 580 | { |
| 581 | BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo); |
| 582 | { |
| 583 | algorithm.decode(algorithmInfo); |
| 584 | algorithmParameter.decode(algorithmInfo); |
| 585 | } |
| 586 | } |
| 587 | hasParameters = true; |
| 588 | break; |
| 589 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 590 | |
| 591 | default: |
| 592 | BOOST_THROW_EXCEPTION(Error("Unsupported key type" + |
| 593 | boost::lexical_cast<std::string>(publicKey->getKeyType()))); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 594 | } |
| 595 | |
| 596 | OBufferStream pkcs8Os; |
| 597 | FileSink sink(pkcs8Os); |
| 598 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 599 | SecByteBlock rawKeyBits; |
| 600 | // PrivateKeyInfo ::= SEQUENCE { |
| 601 | // version INTEGER, |
| 602 | // privateKeyAlgorithm SEQUENCE, |
| 603 | // privateKey OCTECT STRING} |
| 604 | DERSequenceEncoder privateKeyInfo(sink); |
| 605 | { |
| 606 | DEREncodeUnsigned<uint32_t>(privateKeyInfo, version, INTEGER); |
| 607 | DERSequenceEncoder privateKeyAlgorithm(privateKeyInfo); |
| 608 | { |
| 609 | algorithm.encode(privateKeyAlgorithm); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 610 | if (hasParameters) |
| 611 | algorithmParameter.encode(privateKeyAlgorithm); |
| 612 | else |
| 613 | DEREncodeNull(privateKeyAlgorithm); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 614 | } |
| 615 | privateKeyAlgorithm.MessageEnd(); |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 616 | DEREncodeOctetString(privateKeyInfo, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 617 | CFDataGetBytePtr(exportedKey.get()), |
| 618 | CFDataGetLength(exportedKey.get())); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 619 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 620 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 621 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 622 | return pkcs8Os.buf(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 623 | } |
| 624 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 625 | #ifdef __GNUC__ |
| 626 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 627 | #pragma GCC diagnostic push |
| 628 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 629 | #pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
| 630 | #endif // __GNUC__ |
| 631 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 632 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 633 | SecTpmOsx::importPrivateKeyPkcs8IntoTpmInternal(const Name& keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 634 | const uint8_t* buf, size_t size, |
| 635 | bool needRetry) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 636 | { |
| 637 | using namespace CryptoPP; |
| 638 | |
| 639 | StringSource privateKeySource(buf, size, true); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 640 | SecByteBlock rawKeyBits; |
| 641 | // PrivateKeyInfo ::= SEQUENCE { |
| 642 | // INTEGER, |
| 643 | // SEQUENCE, |
| 644 | // OCTECT STRING} |
| 645 | BERSequenceDecoder privateKeyInfo(privateKeySource); |
| 646 | { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 647 | uint32_t versionNum; |
| 648 | BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 649 | BERSequenceDecoder sequenceDecoder(privateKeyInfo); |
| 650 | { |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 651 | Oid keyTypeOid; |
| 652 | keyTypeOid.decode(sequenceDecoder); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 653 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 654 | if (keyTypeOid == oid::RSA) |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 655 | BERDecodeNull(sequenceDecoder); |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 656 | else if (keyTypeOid == oid::ECDSA) { |
| 657 | Oid parameterOid; |
| 658 | parameterOid.decode(sequenceDecoder); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 659 | } |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 660 | else |
| 661 | return false; // Unsupported key type; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 662 | } |
| 663 | BERDecodeOctetString(privateKeyInfo, rawKeyBits); |
| 664 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 665 | privateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 666 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 667 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 668 | rawKeyBits.BytePtr(), |
| 669 | rawKeyBits.size(), |
| 670 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 671 | |
| 672 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 673 | SecExternalItemType externalType = kSecItemTypePrivateKey; |
| 674 | SecKeyImportExportParameters keyParams; |
| 675 | memset(&keyParams, 0, sizeof(keyParams)); |
| 676 | keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; |
| 677 | keyParams.keyAttributes = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 678 | CFReleaser<SecAccessRef> access; |
| 679 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 680 | keyName.toUri().c_str(), |
| 681 | kCFStringEncodingUTF8); |
| 682 | SecAccessCreate(keyLabel.get(), 0, &access.get()); |
| 683 | keyParams.accessRef = access.get(); |
| 684 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 685 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 686 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 687 | #pragma clang diagnostic push |
| 688 | #pragma clang diagnostic ignored "-Wdeprecated-declarations" |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 689 | #endif // __clang__ |
| 690 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 691 | OSStatus res = SecKeychainItemImport(importedKey.get(), |
| 692 | 0, |
| 693 | &externalFormat, |
| 694 | &externalType, |
| 695 | 0, |
| 696 | &keyParams, |
| 697 | m_impl->m_keyChainRef, |
| 698 | &outItems.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 699 | |
| 700 | #ifdef __clang__ |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 701 | #pragma clang diagnostic pop |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 702 | #endif // __clang__ |
| 703 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 704 | if (res != errSecSuccess) { |
| 705 | if (res == errSecAuthFailed && !needRetry) { |
| 706 | if (unlockTpm(nullptr, 0, false)) |
| 707 | return importPrivateKeyPkcs8IntoTpmInternal(keyName, buf, size, true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 708 | else |
| 709 | return false; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 710 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 711 | else |
| 712 | return false; |
| 713 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 714 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 715 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 716 | SecKeychainItemRef privateKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 717 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 718 | SecKeychainAttributeList attrList = {0, attrs}; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 719 | string keyUri = keyName.toUri(); |
| 720 | { |
| 721 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 722 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 723 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 724 | attrList.count++; |
| 725 | } |
| 726 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 727 | res = SecKeychainItemModifyAttributesAndData(privateKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 728 | &attrList, |
| 729 | 0, |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 730 | nullptr); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 731 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 732 | if (res != errSecSuccess) { |
| 733 | return false; |
| 734 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 735 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 736 | return true; |
| 737 | } |
| 738 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 739 | #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 740 | #pragma GCC diagnostic pop |
| 741 | #endif // __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) |
| 742 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 743 | bool |
| 744 | SecTpmOsx::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 745 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 746 | CFReleaser<CFDataRef> importedKey = CFDataCreateWithBytesNoCopy(0, |
| 747 | buf, |
| 748 | size, |
| 749 | kCFAllocatorNull); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 750 | |
| 751 | SecExternalFormat externalFormat = kSecFormatOpenSSL; |
| 752 | SecExternalItemType externalType = kSecItemTypePublicKey; |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 753 | CFReleaser<CFArrayRef> outItems; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 754 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 755 | OSStatus res = SecItemImport(importedKey.get(), |
| 756 | 0, |
| 757 | &externalFormat, |
| 758 | &externalType, |
| 759 | 0, |
| 760 | 0, |
| 761 | m_impl->m_keyChainRef, |
| 762 | &outItems.get()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 763 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 764 | if (res != errSecSuccess) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 765 | return false; |
| 766 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 767 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 768 | SecKeychainItemRef publicKey = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 769 | SecKeychainAttribute attrs[1]; // maximum number of attributes |
| 770 | SecKeychainAttributeList attrList = { 0, attrs }; |
| 771 | string keyUri = keyName.toUri(); |
| 772 | { |
| 773 | attrs[attrList.count].tag = kSecKeyPrintName; |
| 774 | attrs[attrList.count].length = keyUri.size(); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 775 | attrs[attrList.count].data = const_cast<char*>(keyUri.c_str()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 776 | attrList.count++; |
| 777 | } |
| 778 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 779 | res = SecKeychainItemModifyAttributesAndData(publicKey, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 780 | &attrList, |
| 781 | 0, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 782 | 0); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 783 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 784 | if (res != errSecSuccess) |
Alexander Afanasyev | 60c8681 | 2014-02-20 15:19:33 -0800 | [diff] [blame] | 785 | return false; |
| 786 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 787 | return true; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 788 | } |
| 789 | |
| 790 | Block |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 791 | SecTpmOsx::signInTpmInternal(const uint8_t* data, size_t dataLength, |
| 792 | const Name& keyName, DigestAlgorithm digestAlgorithm, bool needRetry) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 793 | { |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 794 | CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(0, |
| 795 | data, |
| 796 | dataLength, |
| 797 | kCFAllocatorNull); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 798 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 799 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, KeyClass::PRIVATE); |
| 800 | if (privateKey == nullptr) { |
| 801 | BOOST_THROW_EXCEPTION(Error("Private key [" + keyName.toUri() + "] does not exist " |
| 802 | "in OSX Keychain")); |
| 803 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 804 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 805 | CFReleaser<CFErrorRef> error; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 806 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 807 | CFReleaser<SecTransformRef> signer = SecSignTransformCreate((SecKeyRef)privateKey.get(), |
| 808 | &error.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 809 | if (error != nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 810 | BOOST_THROW_EXCEPTION(Error("Fail to create signer")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 811 | |
| 812 | // Set input |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 813 | SecTransformSetAttribute(signer.get(), |
| 814 | kSecTransformInputAttributeName, |
| 815 | dataRef.get(), |
| 816 | &error.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 817 | if (error != nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 818 | BOOST_THROW_EXCEPTION(Error("Fail to configure input of signer")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 819 | |
| 820 | // Enable use of padding |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 821 | SecTransformSetAttribute(signer.get(), |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 822 | kSecPaddingKey, |
| 823 | kSecPaddingPKCS1Key, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 824 | &error.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 825 | if (error != nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 826 | BOOST_THROW_EXCEPTION(Error("Fail to configure digest algorithm of signer")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 827 | |
| 828 | // Set padding type |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 829 | SecTransformSetAttribute(signer.get(), |
| 830 | kSecDigestTypeAttribute, |
| 831 | m_impl->getDigestAlgorithm(digestAlgorithm), |
| 832 | &error.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 833 | if (error != nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 834 | BOOST_THROW_EXCEPTION(Error("Fail to configure digest algorithm of signer")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 835 | |
| 836 | // Set padding attribute |
| 837 | long digestSize = m_impl->getDigestSize(digestAlgorithm); |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 838 | CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(0, kCFNumberLongType, &digestSize); |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 839 | SecTransformSetAttribute(signer.get(), |
| 840 | kSecDigestLengthAttribute, |
| 841 | cfDigestSize.get(), |
| 842 | &error.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 843 | if (error != nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 844 | BOOST_THROW_EXCEPTION(Error("Fail to configure digest size of signer")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 845 | |
| 846 | // Actually sign |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 847 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 848 | CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 849 | if (error != nullptr) { |
| 850 | if (!needRetry) { |
| 851 | if (unlockTpm(nullptr, 0, false)) |
| 852 | return signInTpmInternal(data, dataLength, keyName, digestAlgorithm, true); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 853 | else |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 854 | BOOST_THROW_EXCEPTION(Error("Fail to unlock the keychain")); |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 855 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 856 | else { |
| 857 | CFShow(error.get()); |
| 858 | BOOST_THROW_EXCEPTION(Error("Fail to sign data")); |
| 859 | } |
| 860 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 861 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 862 | if (signature == nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 863 | BOOST_THROW_EXCEPTION(Error("Signature is NULL!\n")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 864 | |
Steve DiBenedetto | 54ce668 | 2014-07-22 13:22:57 -0600 | [diff] [blame] | 865 | return Block(tlv::SignatureValue, |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 866 | make_shared<Buffer>(CFDataGetBytePtr(signature.get()), |
| 867 | CFDataGetLength(signature.get()))); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 868 | } |
| 869 | |
| 870 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 871 | SecTpmOsx::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 872 | { |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 873 | BOOST_THROW_EXCEPTION(Error("SecTpmOsx::decryptInTpm is not supported")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 874 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 875 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 876 | // if (sym) |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 877 | // keyClass = KeyClass::SYMMETRIC; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 878 | // else |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 879 | // keyClass = KeyClass::PRIVATE; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 880 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 881 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 882 | // reinterpret_cast<const unsigned char*>(data), |
| 883 | // dataLength |
| 884 | // ); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 885 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 886 | // CFReleaser<SecKeyRef> decryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 887 | // if (decryptKey == nullptr) |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 888 | // { |
| 889 | // /// @todo Can this happen because of keychain is locked? |
| 890 | // throw Error("Decruption key [" + ??? + "] does not exist in OSX Keychain"); |
| 891 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 892 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 893 | // CFErrorRef error; |
| 894 | // SecTransformRef decrypt = SecDecryptTransformCreate(decryptKey, &error); |
| 895 | // if (error) throw Error("Fail to create decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 896 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 897 | // Boolean set_res = SecTransformSetAttribute(decrypt, |
| 898 | // kSecTransformInputAttributeName, |
| 899 | // dataRef, |
| 900 | // &error); |
| 901 | // if (error) throw Error("Fail to configure decrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 902 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 903 | // CFDataRef output = (CFDataRef) SecTransformExecute(decrypt, &error); |
| 904 | // if (error) |
| 905 | // { |
| 906 | // CFShow(error); |
| 907 | // throw Error("Fail to decrypt data"); |
| 908 | // } |
| 909 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 910 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 911 | // return make_shared<Buffer>(CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 912 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 913 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 914 | void |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 915 | SecTpmOsx::addAppToAcl(const Name& keyName, KeyClass keyClass, const string& appPath, AclType acl) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 916 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 917 | if (keyClass == KeyClass::PRIVATE && acl == AclType::PRIVATE) { |
| 918 | CFReleaser<SecKeychainItemRef> privateKey = m_impl->getKey(keyName, keyClass); |
| 919 | if (privateKey == nullptr) { |
| 920 | BOOST_THROW_EXCEPTION(Error("Private key [" + keyName.toUri() + "] does not exist " |
| 921 | "in OSX Keychain")); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 922 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 923 | |
| 924 | CFReleaser<SecAccessRef> accRef; |
| 925 | SecKeychainItemCopyAccess(privateKey.get(), &accRef.get()); |
| 926 | |
| 927 | CFReleaser<CFArrayRef> signACL = SecAccessCopyMatchingACLList(accRef.get(), |
| 928 | kSecACLAuthorizationSign); |
| 929 | |
| 930 | // C-style cast is used as per Apple convention |
| 931 | SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(signACL.get(), 0); |
| 932 | |
| 933 | CFReleaser<CFArrayRef> appList; |
| 934 | CFReleaser<CFStringRef> description; |
| 935 | SecKeychainPromptSelector promptSelector; |
| 936 | SecACLCopyContents(aclRef, |
| 937 | &appList.get(), |
| 938 | &description.get(), |
| 939 | &promptSelector); |
| 940 | |
| 941 | CFReleaser<CFMutableArrayRef> newAppList = CFArrayCreateMutableCopy(0, |
| 942 | 0, |
| 943 | appList.get()); |
| 944 | |
| 945 | CFReleaser<SecTrustedApplicationRef> trustedApp; |
| 946 | SecTrustedApplicationCreateFromPath(appPath.c_str(), |
| 947 | &trustedApp.get()); |
| 948 | |
| 949 | CFArrayAppendValue(newAppList.get(), trustedApp.get()); |
| 950 | |
| 951 | SecACLSetContents(aclRef, |
| 952 | newAppList.get(), |
| 953 | description.get(), |
| 954 | promptSelector); |
| 955 | |
| 956 | SecKeychainItemSetAccess(privateKey.get(), accRef.get()); |
| 957 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 958 | } |
| 959 | |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 960 | ConstBufferPtr |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 961 | SecTpmOsx::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool sym) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 962 | { |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 963 | BOOST_THROW_EXCEPTION(Error("SecTpmOsx::encryptInTpm is not supported")); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 964 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 965 | // KeyClass keyClass; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 966 | // if (sym) |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 967 | // keyClass = KeyClass::SYMMETRIC; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 968 | // else |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 969 | // keyClass = KeyClass::PUBLIC; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 970 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 971 | // CFDataRef dataRef = CFDataCreate(0, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 972 | // reinterpret_cast<const unsigned char*>(data), |
| 973 | // dataLength |
| 974 | // ); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 975 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 976 | // CFReleaser<SecKeyRef> encryptKey = (SecKeyRef)m_impl->getKey(keyName, keyClass); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 977 | // if (encryptKey == nullptr) |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 978 | // { |
| 979 | // throw Error("Encryption key [" + ???? + "] does not exist in OSX Keychain"); |
| 980 | // } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 981 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 982 | // CFErrorRef error; |
| 983 | // SecTransformRef encrypt = SecEncryptTransformCreate(encryptKey, &error); |
| 984 | // if (error) throw Error("Fail to create encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 985 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 986 | // Boolean set_res = SecTransformSetAttribute(encrypt, |
| 987 | // kSecTransformInputAttributeName, |
| 988 | // dataRef, |
| 989 | // &error); |
| 990 | // if (error) throw Error("Fail to configure encrypt"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 991 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 992 | // CFDataRef output = (CFDataRef) SecTransformExecute(encrypt, &error); |
| 993 | // if (error) throw Error("Fail to encrypt data"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 994 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 995 | // if (!output) throw Error("Output is NULL!\n"); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 996 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 997 | // return make_shared<Buffer> (CFDataGetBytePtr(output), CFDataGetLength(output)); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 998 | } |
| 999 | |
| 1000 | bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1001 | SecTpmOsx::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1002 | { |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1003 | string keyNameUri = m_impl->toInternalKeyName(keyName, keyClass); |
| 1004 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1005 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 1006 | keyNameUri.c_str(), |
| 1007 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1008 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1009 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 1010 | CFDictionaryCreateMutable(0, |
| 1011 | 4, |
| 1012 | &kCFTypeDictionaryKeyCallBacks, |
| 1013 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1014 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1015 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 1016 | // CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, m_impl->getKeyClass(keyClass)); |
| 1017 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 1018 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1019 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1020 | CFReleaser<SecKeychainItemRef> itemRef; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1021 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1022 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1023 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1024 | if (res == errSecSuccess) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1025 | return true; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 1026 | else |
| 1027 | return false; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1028 | |
| 1029 | } |
| 1030 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 1031 | bool |
| 1032 | SecTpmOsx::generateRandomBlock(uint8_t* res, size_t size) |
| 1033 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1034 | return SecRandomCopyBytes(kSecRandomDefault, size, res) == 0; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 1035 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1036 | |
| 1037 | //////////////////////////////// |
| 1038 | // OSXPrivateKeyStorage::Impl // |
| 1039 | //////////////////////////////// |
| 1040 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1041 | CFReleaser<SecKeychainItemRef> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1042 | SecTpmOsx::Impl::getKey(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1043 | { |
| 1044 | string keyNameUri = toInternalKeyName(keyName, keyClass); |
| 1045 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1046 | CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(0, |
| 1047 | keyNameUri.c_str(), |
| 1048 | kCFStringEncodingUTF8); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1049 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1050 | CFReleaser<CFMutableDictionaryRef> attrDict = |
| 1051 | CFDictionaryCreateMutable(0, |
| 1052 | 5, |
| 1053 | &kCFTypeDictionaryKeyCallBacks, |
| 1054 | 0); |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1055 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1056 | CFDictionaryAddValue(attrDict.get(), kSecClass, kSecClassKey); |
| 1057 | CFDictionaryAddValue(attrDict.get(), kSecAttrLabel, keyLabel.get()); |
| 1058 | CFDictionaryAddValue(attrDict.get(), kSecAttrKeyClass, getKeyClass(keyClass)); |
| 1059 | CFDictionaryAddValue(attrDict.get(), kSecReturnRef, kCFBooleanTrue); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1060 | |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1061 | CFReleaser<SecKeychainItemRef> keyItem; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1062 | // C-style cast is used as per Apple convention |
Alexander Afanasyev | f82d13a | 2014-04-30 14:30:19 -0700 | [diff] [blame] | 1063 | OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&keyItem.get()); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1064 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1065 | if (res != errSecSuccess) |
| 1066 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1067 | else |
| 1068 | return keyItem; |
| 1069 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1070 | |
| 1071 | string |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 1072 | SecTpmOsx::Impl::toInternalKeyName(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1073 | { |
| 1074 | string keyUri = keyName.toUri(); |
| 1075 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1076 | if (KeyClass::SYMMETRIC == keyClass) |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1077 | return keyUri + "/symmetric"; |
| 1078 | else |
| 1079 | return keyUri; |
| 1080 | } |
| 1081 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1082 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1083 | SecTpmOsx::Impl::getAsymKeyType(KeyType keyType) |
| 1084 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1085 | switch (keyType) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1086 | case KeyType::RSA: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1087 | return kSecAttrKeyTypeRSA; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1088 | case KeyType::EC: |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 1089 | return kSecAttrKeyTypeECDSA; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1090 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1091 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1092 | } |
| 1093 | } |
| 1094 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1095 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1096 | SecTpmOsx::Impl::getSymKeyType(KeyType keyType) |
| 1097 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1098 | switch (keyType) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1099 | case KeyType::AES: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1100 | return kSecAttrKeyTypeAES; |
| 1101 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1102 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1103 | } |
| 1104 | } |
| 1105 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1106 | CFTypeRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1107 | SecTpmOsx::Impl::getKeyClass(KeyClass keyClass) |
| 1108 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1109 | switch (keyClass) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1110 | case KeyClass::PRIVATE: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1111 | return kSecAttrKeyClassPrivate; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1112 | case KeyClass::PUBLIC: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1113 | return kSecAttrKeyClassPublic; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1114 | case KeyClass::SYMMETRIC: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1115 | return kSecAttrKeyClassSymmetric; |
| 1116 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1117 | return 0; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1118 | } |
| 1119 | } |
| 1120 | |
Alexander Afanasyev | 24b75c8 | 2014-05-31 15:59:31 +0300 | [diff] [blame] | 1121 | CFStringRef |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1122 | SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo) |
| 1123 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1124 | switch (digestAlgo) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1125 | case DigestAlgorithm::SHA256: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1126 | return kSecDigestSHA2; |
| 1127 | default: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 1128 | return 0; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1129 | } |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1130 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1131 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1132 | long |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1133 | SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo) |
| 1134 | { |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 1135 | switch (digestAlgo) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 1136 | case DigestAlgorithm::SHA256: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1137 | return 256; |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1138 | default: |
Yingdi Yu | 2b2b479 | 2014-02-04 16:27:07 -0800 | [diff] [blame] | 1139 | return -1; |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1140 | } |
Jeff Thompson | 2747dc0 | 2013-10-04 19:11:34 -0700 | [diff] [blame] | 1141 | } |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 1142 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 1143 | } // namespace v1 |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 1144 | } // namespace security |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 1145 | } // namespace ndn |