def _doGetKeyHandle(self, keyName):
"""
A protected method to get the handle of the key with name keyName.
:param Name keyName: The name of the key.
:return: The handle of the key, or None if the key does not exist.
:rtype: TpmKeyHandle
"""
keyItem = self._getKey(keyName)
if keyItem == None:
return None
return TpmKeyHandleOsx(keyItem)
def _doCreateKey(self, identityName, params):
"""
A protected method to create a key for identityName according to params.
The created key is named as: /<identityName>/[keyId]/KEY . The key name
is set in the returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
osx = Osx.get()
keyLabel = None
attrDict = None
cfKeySize = None
publicKey = None
try:
keyType = params.getKeyType()
if keyType == KeyType.RSA:
keySize = params.getKeySize()
elif keyType == KeyType.EC:
keySize = params.getKeySize()
else:
raise TpmBackEndOsx.Error(
"Failed to create a key pair: Unsupported key type")
cfKeySize = c_void_p(
cf.CFNumberCreate(None, kCFNumberIntType,
byref(c_int(keySize))))
attrDict = c_void_p(
cf.CFDictionaryCreateMutable(None, 2,
cf.kCFTypeDictionaryKeyCallBacks,
None))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeyType,
TpmBackEndOsx._getAsymmetricKeyType(keyType))
cf.CFDictionaryAddValue(attrDict, osx._kSecAttrKeySizeInBits,
cfKeySize)
publicKey = c_void_p()
privateKey = c_void_p()
res = osx._security.SecKeyGeneratePair(attrDict,
pointer(publicKey),
pointer(privateKey))
if res != 0:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to create a key pair")
keyHandle = TpmKeyHandleOsx(privateKey)
TpmBackEnd.setKeyName(keyHandle, identityName, params)
keyUri = keyHandle.getKeyName().toUri()
# There is only one attr, so we don't need to make a C array.
attr = SecKeychainAttribute(osx._kSecKeyPrintName, len(keyUri),
keyUri.encode('utf-8'))
attrList = SecKeychainAttributeList(1, pointer(attr))
osx._security.SecKeychainItemModifyAttributesAndData(
privateKey, byref(attrList), 0, None)
osx._security.SecKeychainItemModifyAttributesAndData(
publicKey, byref(attrList), 0, None)
return keyHandle
finally:
if keyLabel != None:
cf.CFRelease(keyLabel)
if attrDict != None:
cf.CFRelease(attrDict)
if cfKeySize != None:
cf.CFRelease(cfKeySize)
if publicKey != None:
cf.CFRelease(publicKey)
def _doCreateKey(self, identityName, params):
"""
A protected method to create a key for identityName according to params.
The created key is named as: /<identityName>/[keyId]/KEY . The key name
is set in the returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
osx = Osx.get()
keyLabel = None
attrDict = None
cfKeySize = None
publicKey = None
try:
keyType = params.getKeyType()
if keyType == KeyType.RSA:
keySize = params.getKeySize()
elif keyType == KeyType.EC:
keySize = params.getKeySize()
else:
raise TpmBackEndOsx.Error(
"Failed to create a key pair: Unsupported key type")
cfKeySize = c_void_p(
cf.CFNumberCreate(None, kCFNumberIntType,
byref(c_int(keySize))))
attrDict = c_void_p(
cf.CFDictionaryCreateMutable(None, 3,
cf.kCFTypeDictionaryKeyCallBacks,
None))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeyType,
TpmBackEndOsx._getAsymmetricKeyType(keyType))
cf.CFDictionaryAddValue(attrDict, osx._kSecAttrKeySizeInBits,
cfKeySize)
# TODO: Use TpmBackEnd.setKeyName after generating like in ndn-cpp
# because constructKeyName doesn't support KeyIdType.SHA256 .
# This requires calling SecKeychainItemModifyAttributesAndData.
keyName = TpmBackEnd.constructKeyName(identityName, params)
keyLabel = CFSTR(keyName.toUri())
cf.CFDictionaryAddValue(attrDict, osx._kSecAttrLabel, keyLabel)
publicKey = c_void_p()
privateKey = c_void_p()
res = osx._security.SecKeyGeneratePair(attrDict,
pointer(publicKey),
pointer(privateKey))
if res != 0:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to create a key pair")
keyHandle = TpmKeyHandleOsx(privateKey)
keyHandle.setKeyName(keyName)
return keyHandle
finally:
if keyLabel != None:
cf.CFRelease(keyLabel)
if attrDict != None:
cf.CFRelease(attrDict)
if cfKeySize != None:
cf.CFRelease(cfKeySize)
if publicKey != None:
cf.CFRelease(publicKey)
def _doCreateKey(self, identityName, params):
"""
A protected method to create a key for identityName according to params.
The created key is named as: /<identityName>/[keyId]/KEY . The key name
is set in the returned TpmKeyHandle.
:param Name identityName: The name if the identity.
:param KeyParams params: The KeyParams for creating the key.
:return: The handle of the created key.
:rtype: TpmKeyHandle
:raises TpmBackEnd.Error: If the key cannot be created.
"""
osx = Osx.get()
keyLabel = None
attrDict = None
cfKeySize = None
publicKey = None
try:
keyType = params.getKeyType()
if keyType == KeyType.RSA:
keySize = params.getKeySize()
elif keyType == KeyType.EC:
keySize = params.getKeySize()
else:
raise TpmBackEndOsx.Error(
"Failed to create a key pair: Unsupported key type")
cfKeySize = c_void_p(cf.CFNumberCreate(
None, kCFNumberIntType, byref(c_int(keySize))))
attrDict = c_void_p(cf.CFDictionaryCreateMutable(
None, 2, cf.kCFTypeDictionaryKeyCallBacks, None))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeyType,
TpmBackEndOsx._getAsymmetricKeyType(keyType))
cf.CFDictionaryAddValue(
attrDict, osx._kSecAttrKeySizeInBits, cfKeySize)
publicKey = c_void_p()
privateKey = c_void_p()
res = osx._security.SecKeyGeneratePair(
attrDict, pointer(publicKey), pointer(privateKey))
if res != 0:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to create a key pair")
keyHandle = TpmKeyHandleOsx(privateKey)
TpmBackEnd.setKeyName(keyHandle, identityName, params)
keyUri = keyHandle.getKeyName().toUri()
# There is only one attr, so we don't need to make a C array.
attr = SecKeychainAttribute(
osx._kSecKeyPrintName, len(keyUri), keyUri.encode('utf-8'))
attrList = SecKeychainAttributeList(1, pointer(attr))
osx._security.SecKeychainItemModifyAttributesAndData(
privateKey, byref(attrList), 0, None)
osx._security.SecKeychainItemModifyAttributesAndData(
publicKey, byref(attrList), 0, None)
return keyHandle
finally:
if keyLabel != None:
cf.CFRelease(keyLabel)
if attrDict != None:
cf.CFRelease(attrDict)
if cfKeySize != None:
cf.CFRelease(cfKeySize)
if publicKey != None:
cf.CFRelease(publicKey)