def _doCreateKey(self, identityName, params): """ Create a key for identityName according to params. The created key is named as: /<identityName>/[keyId]/KEY . The key name is set in the returned TpmKeyHandle. :param Name identityName: The name if the identity. :param KeyParams params: The KeyParams for creating the key. :return: The handle of the created key. :rtype: TpmKeyHandle :raises TpmBackEnd.Error: If the key cannot be created. """ try: key = TpmPrivateKey.generatePrivateKey(params) except Exception as ex: raise TpmBackEndFile.Error( "Error in TpmPrivateKey.generatePrivateKey: " + str(ex)) keyHandle = TpmKeyHandleMemory(key) TpmBackEnd.setKeyName(keyHandle, identityName, params) self._saveKey(keyHandle.getKeyName(), key) return keyHandle
def _doCreateKey(self, identityName, params): """ A protected method to create a key for identityName according to params. The created key is named as: /<identityName>/[keyId]/KEY . The key name is set in the returned TpmKeyHandle. :param Name identityName: The name if the identity. :param KeyParams params: The KeyParams for creating the key. :return: The handle of the created key. :rtype: TpmKeyHandle :raises TpmBackEnd.Error: If the key cannot be created. """ osx = Osx.get() keyLabel = None attrDict = None cfKeySize = None publicKey = None try: keyType = params.getKeyType() if keyType == KeyType.RSA: keySize = params.getKeySize() elif keyType == KeyType.EC: keySize = params.getKeySize() else: raise TpmBackEndOsx.Error( "Failed to create a key pair: Unsupported key type") cfKeySize = c_void_p( cf.CFNumberCreate(None, kCFNumberIntType, byref(c_int(keySize)))) attrDict = c_void_p( cf.CFDictionaryCreateMutable(None, 2, cf.kCFTypeDictionaryKeyCallBacks, None)) cf.CFDictionaryAddValue( attrDict, osx._kSecAttrKeyType, TpmBackEndOsx._getAsymmetricKeyType(keyType)) cf.CFDictionaryAddValue(attrDict, osx._kSecAttrKeySizeInBits, cfKeySize) publicKey = c_void_p() privateKey = c_void_p() res = osx._security.SecKeyGeneratePair(attrDict, pointer(publicKey), pointer(privateKey)) if res != 0: # TODO: check for errSecAuthFailed raise TpmBackEndOsx.Error("Failed to create a key pair") keyHandle = TpmKeyHandleOsx(privateKey) TpmBackEnd.setKeyName(keyHandle, identityName, params) keyUri = keyHandle.getKeyName().toUri() # There is only one attr, so we don't need to make a C array. attr = SecKeychainAttribute(osx._kSecKeyPrintName, len(keyUri), keyUri.encode('utf-8')) attrList = SecKeychainAttributeList(1, pointer(attr)) osx._security.SecKeychainItemModifyAttributesAndData( privateKey, byref(attrList), 0, None) osx._security.SecKeychainItemModifyAttributesAndData( publicKey, byref(attrList), 0, None) return keyHandle finally: if keyLabel != None: cf.CFRelease(keyLabel) if attrDict != None: cf.CFRelease(attrDict) if cfKeySize != None: cf.CFRelease(cfKeySize) if publicKey != None: cf.CFRelease(publicKey)
def _doCreateKey(self, identityName, params): """ A protected method to create a key for identityName according to params. The created key is named as: /<identityName>/[keyId]/KEY . The key name is set in the returned TpmKeyHandle. :param Name identityName: The name if the identity. :param KeyParams params: The KeyParams for creating the key. :return: The handle of the created key. :rtype: TpmKeyHandle :raises TpmBackEnd.Error: If the key cannot be created. """ osx = Osx.get() keyLabel = None attrDict = None cfKeySize = None publicKey = None try: keyType = params.getKeyType() if keyType == KeyType.RSA: keySize = params.getKeySize() elif keyType == KeyType.EC: keySize = params.getKeySize() else: raise TpmBackEndOsx.Error( "Failed to create a key pair: Unsupported key type") cfKeySize = c_void_p(cf.CFNumberCreate( None, kCFNumberIntType, byref(c_int(keySize)))) attrDict = c_void_p(cf.CFDictionaryCreateMutable( None, 2, cf.kCFTypeDictionaryKeyCallBacks, None)) cf.CFDictionaryAddValue( attrDict, osx._kSecAttrKeyType, TpmBackEndOsx._getAsymmetricKeyType(keyType)) cf.CFDictionaryAddValue( attrDict, osx._kSecAttrKeySizeInBits, cfKeySize) publicKey = c_void_p() privateKey = c_void_p() res = osx._security.SecKeyGeneratePair( attrDict, pointer(publicKey), pointer(privateKey)) if res != 0: # TODO: check for errSecAuthFailed raise TpmBackEndOsx.Error("Failed to create a key pair") keyHandle = TpmKeyHandleOsx(privateKey) TpmBackEnd.setKeyName(keyHandle, identityName, params) keyUri = keyHandle.getKeyName().toUri() # There is only one attr, so we don't need to make a C array. attr = SecKeychainAttribute( osx._kSecKeyPrintName, len(keyUri), keyUri.encode('utf-8')) attrList = SecKeychainAttributeList(1, pointer(attr)) osx._security.SecKeychainItemModifyAttributesAndData( privateKey, byref(attrList), 0, None) osx._security.SecKeychainItemModifyAttributesAndData( publicKey, byref(attrList), 0, None) return keyHandle finally: if keyLabel != None: cf.CFRelease(keyLabel) if attrDict != None: cf.CFRelease(attrDict) if cfKeySize != None: cf.CFRelease(cfKeySize) if publicKey != None: cf.CFRelease(publicKey)