def _doCreateKey(self, identityName, params):
"""
Create a key for identityName according to params. The created key is
named as: /<identityName>/[keyId]/KEY . The key name is set in the
returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
try:
key = TpmPrivateKey.generatePrivateKey(params)
except Exception as ex:
raise TpmBackEndFile.Error(
"Error in TpmPrivateKey.generatePrivateKey: " + str(ex))
keyHandle = TpmKeyHandleMemory(key)
TpmBackEnd.setKeyName(keyHandle, identityName, params)
self._saveKey(keyHandle.getKeyName(), key)
return keyHandle
def _doCreateKey(self, identityName, params):
"""
Create a key for identityName according to params. The created key is
named as: /<identityName>/[keyId]/KEY . The key name is set in the
returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
try:
key = TpmPrivateKey.generatePrivateKey(params)
except Exception as ex:
raise TpmBackEndFile.Error(
"Error in TpmPrivateKey.generatePrivateKey: " + str(ex))
keyHandle = TpmKeyHandleMemory(key)
TpmBackEnd.setKeyName(keyHandle, identityName, params)
self._saveKey(keyHandle.getKeyName(), key)
return keyHandle
def _doCreateKey(self, identityName, params):
"""
A protected method to create a key for identityName according to params.
The created key is named as: /<identityName>/[keyId]/KEY . The key name
is set in the returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
osx = Osx.get()
keyLabel = None
attrDict = None
cfKeySize = None
publicKey = None
try:
keyType = params.getKeyType()
if keyType == KeyType.RSA:
keySize = params.getKeySize()
elif keyType == KeyType.EC:
keySize = params.getKeySize()
else:
raise TpmBackEndOsx.Error(
"Failed to create a key pair: Unsupported key type")
cfKeySize = c_void_p(
cf.CFNumberCreate(None, kCFNumberIntType,
byref(c_int(keySize))))
attrDict = c_void_p(
cf.CFDictionaryCreateMutable(None, 2,
cf.kCFTypeDictionaryKeyCallBacks,
None))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeyType,
TpmBackEndOsx._getAsymmetricKeyType(keyType))
cf.CFDictionaryAddValue(attrDict, osx._kSecAttrKeySizeInBits,
cfKeySize)
publicKey = c_void_p()
privateKey = c_void_p()
res = osx._security.SecKeyGeneratePair(attrDict,
pointer(publicKey),
pointer(privateKey))
if res != 0:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to create a key pair")
keyHandle = TpmKeyHandleOsx(privateKey)
TpmBackEnd.setKeyName(keyHandle, identityName, params)
keyUri = keyHandle.getKeyName().toUri()
# There is only one attr, so we don't need to make a C array.
attr = SecKeychainAttribute(osx._kSecKeyPrintName, len(keyUri),
keyUri.encode('utf-8'))
attrList = SecKeychainAttributeList(1, pointer(attr))
osx._security.SecKeychainItemModifyAttributesAndData(
privateKey, byref(attrList), 0, None)
osx._security.SecKeychainItemModifyAttributesAndData(
publicKey, byref(attrList), 0, None)
return keyHandle
finally:
if keyLabel != None:
cf.CFRelease(keyLabel)
if attrDict != None:
cf.CFRelease(attrDict)
if cfKeySize != None:
cf.CFRelease(cfKeySize)
if publicKey != None:
cf.CFRelease(publicKey)
def _doCreateKey(self, identityName, params):
"""
A protected method to create a key for identityName according to params.
The created key is named as: /<identityName>/[keyId]/KEY . The key name
is set in the returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
osx = Osx.get()
keyLabel = None
attrDict = None
cfKeySize = None
publicKey = None
try:
keyType = params.getKeyType()
if keyType == KeyType.RSA:
keySize = params.getKeySize()
elif keyType == KeyType.EC:
keySize = params.getKeySize()
else:
raise TpmBackEndOsx.Error(
"Failed to create a key pair: Unsupported key type")
cfKeySize = c_void_p(cf.CFNumberCreate(
None, kCFNumberIntType, byref(c_int(keySize))))
attrDict = c_void_p(cf.CFDictionaryCreateMutable(
None, 2, cf.kCFTypeDictionaryKeyCallBacks, None))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeyType,
TpmBackEndOsx._getAsymmetricKeyType(keyType))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeySizeInBits, cfKeySize)
publicKey = c_void_p()
privateKey = c_void_p()
res = osx._security.SecKeyGeneratePair(
attrDict, pointer(publicKey), pointer(privateKey))
if res != 0:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to create a key pair")
keyHandle = TpmKeyHandleOsx(privateKey)
TpmBackEnd.setKeyName(keyHandle, identityName, params)
keyUri = keyHandle.getKeyName().toUri()
# There is only one attr, so we don't need to make a C array.
attr = SecKeychainAttribute(
osx._kSecKeyPrintName, len(keyUri), keyUri.encode('utf-8'))
attrList = SecKeychainAttributeList(1, pointer(attr))
osx._security.SecKeychainItemModifyAttributesAndData(
privateKey, byref(attrList), 0, None)
osx._security.SecKeychainItemModifyAttributesAndData(
publicKey, byref(attrList), 0, None)
return keyHandle
finally:
if keyLabel != None:
cf.CFRelease(keyLabel)
if attrDict != None:
cf.CFRelease(attrDict)
if cfKeySize != None:
cf.CFRelease(cfKeySize)
if publicKey != None:
cf.CFRelease(publicKey)