mirror of
https://github.com/maxgoedjen/secretive.git
synced 2024-12-22 04:07:09 +00:00
Restrict to EC only
This commit is contained in:
parent
945907cfd4
commit
668f46c803
@ -102,10 +102,6 @@ extension Agent {
|
||||
rawRepresentation = try CryptoKit.P256.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
|
||||
case (.ellipticCurve, 384):
|
||||
rawRepresentation = try CryptoKit.P384.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
|
||||
case (.rsa, 1024):
|
||||
fatalError()
|
||||
case (.rsa, 2048):
|
||||
fatalError()
|
||||
default:
|
||||
fatalError()
|
||||
}
|
||||
|
@ -37,8 +37,6 @@ extension OpenSSHKeyWriter {
|
||||
switch algorithm {
|
||||
case .ellipticCurve:
|
||||
return "nistp" + String(describing: length)
|
||||
case .rsa:
|
||||
return "ssh-rsa"
|
||||
}
|
||||
}
|
||||
|
||||
@ -46,8 +44,6 @@ extension OpenSSHKeyWriter {
|
||||
switch algorithm {
|
||||
case .ellipticCurve:
|
||||
return "ecdsa-sha2-nistp" + String(describing: length)
|
||||
case .rsa:
|
||||
return "ssh-rsa"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -8,14 +8,12 @@ public protocol Secret: Identifiable, Hashable {
|
||||
}
|
||||
|
||||
public enum Algorithm {
|
||||
case ellipticCurve, rsa
|
||||
case ellipticCurve
|
||||
public init(secAttr: NSNumber) {
|
||||
let secAttrString = secAttr.stringValue as CFString
|
||||
switch secAttrString {
|
||||
case kSecAttrKeyTypeEC:
|
||||
self = .ellipticCurve
|
||||
case kSecAttrKeyTypeRSA:
|
||||
self = .rsa
|
||||
default:
|
||||
fatalError()
|
||||
}
|
||||
|
@ -67,8 +67,6 @@ extension SmartCard {
|
||||
signatureAlgorithm = .ecdsaSignatureMessageX962SHA256
|
||||
case (.ellipticCurve, 384):
|
||||
signatureAlgorithm = .ecdsaSignatureMessageX962SHA384
|
||||
case (.rsa, _):
|
||||
signatureAlgorithm = .rsaSignatureRaw
|
||||
default:
|
||||
fatalError()
|
||||
}
|
||||
@ -102,6 +100,7 @@ extension SmartCard.Store {
|
||||
let attributes = [
|
||||
kSecClass: kSecClassKey,
|
||||
kSecAttrTokenID: tokenID,
|
||||
kSecAttrKeyType: kSecAttrKeyTypeEC, // Restrict to EC
|
||||
kSecReturnRef: true,
|
||||
kSecMatchLimit: kSecMatchLimitAll,
|
||||
kSecReturnAttributes: true
|
||||
|
Loading…
Reference in New Issue
Block a user