external
/
secretive
mirror of https://github.com/maxgoedjen/secretive.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Restrict to EC only

This commit is contained in:
Max Goedjen 2020-03-09 22:06:51 -07:00
parent 945907cfd4
commit 668f46c803
No known key found for this signature in database
GPG Key ID: E58C21DD77B9B8E8
4 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SecretAgent/Agent.swift
View File

@ -102,10 +102,6 @@ extension Agent {
rawRepresentation = try CryptoKit.P256.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
case (.ellipticCurve, 384):
rawRepresentation = try CryptoKit.P384.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
case (.rsa, 1024):
fatalError()
case (.rsa, 2048):
fatalError()
default:
fatalError()
}

4
SecretKit/Common/OpenSSH/OpenSSHKeyWriter.swift
View File

@ -37,8 +37,6 @@ extension OpenSSHKeyWriter {
switch algorithm {
case .ellipticCurve:
return "nistp" + String(describing: length)
case .rsa:
return "ssh-rsa"
}
}
@ -46,8 +44,6 @@ extension OpenSSHKeyWriter {
switch algorithm {
case .ellipticCurve:
return "ecdsa-sha2-nistp" + String(describing: length)
case .rsa:
return "ssh-rsa"
}
}
}

4
SecretKit/Secret.swift
View File

@ -8,14 +8,12 @@ public protocol Secret: Identifiable, Hashable {
}
public enum Algorithm {
case ellipticCurve, rsa
case ellipticCurve
public init(secAttr: NSNumber) {
let secAttrString = secAttr.stringValue as CFString
switch secAttrString {
case kSecAttrKeyTypeEC:
self = .ellipticCurve
case kSecAttrKeyTypeRSA:
self = .rsa
default:
fatalError()
}

3
SecretKit/SmartCard/SmartCardStore.swift
View File

@ -67,8 +67,6 @@ extension SmartCard {
signatureAlgorithm = .ecdsaSignatureMessageX962SHA256
case (.ellipticCurve, 384):
signatureAlgorithm = .ecdsaSignatureMessageX962SHA384
case (.rsa, _):
signatureAlgorithm = .rsaSignatureRaw
default:
fatalError()
}
@ -102,6 +100,7 @@ extension SmartCard.Store {
let attributes = [
kSecClass: kSecClassKey,
kSecAttrTokenID: tokenID,
kSecAttrKeyType: kSecAttrKeyTypeEC, // Restrict to EC
kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true