mirror of
https://github.com/maxgoedjen/secretive.git
synced 2024-11-22 13:37:07 +00:00
Restrict to EC only
This commit is contained in:
parent
945907cfd4
commit
668f46c803
@ -102,10 +102,6 @@ extension Agent {
|
|||||||
rawRepresentation = try CryptoKit.P256.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
|
rawRepresentation = try CryptoKit.P256.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
|
||||||
case (.ellipticCurve, 384):
|
case (.ellipticCurve, 384):
|
||||||
rawRepresentation = try CryptoKit.P384.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
|
rawRepresentation = try CryptoKit.P384.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
|
||||||
case (.rsa, 1024):
|
|
||||||
fatalError()
|
|
||||||
case (.rsa, 2048):
|
|
||||||
fatalError()
|
|
||||||
default:
|
default:
|
||||||
fatalError()
|
fatalError()
|
||||||
}
|
}
|
||||||
|
@ -37,8 +37,6 @@ extension OpenSSHKeyWriter {
|
|||||||
switch algorithm {
|
switch algorithm {
|
||||||
case .ellipticCurve:
|
case .ellipticCurve:
|
||||||
return "nistp" + String(describing: length)
|
return "nistp" + String(describing: length)
|
||||||
case .rsa:
|
|
||||||
return "ssh-rsa"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,8 +44,6 @@ extension OpenSSHKeyWriter {
|
|||||||
switch algorithm {
|
switch algorithm {
|
||||||
case .ellipticCurve:
|
case .ellipticCurve:
|
||||||
return "ecdsa-sha2-nistp" + String(describing: length)
|
return "ecdsa-sha2-nistp" + String(describing: length)
|
||||||
case .rsa:
|
|
||||||
return "ssh-rsa"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -8,14 +8,12 @@ public protocol Secret: Identifiable, Hashable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public enum Algorithm {
|
public enum Algorithm {
|
||||||
case ellipticCurve, rsa
|
case ellipticCurve
|
||||||
public init(secAttr: NSNumber) {
|
public init(secAttr: NSNumber) {
|
||||||
let secAttrString = secAttr.stringValue as CFString
|
let secAttrString = secAttr.stringValue as CFString
|
||||||
switch secAttrString {
|
switch secAttrString {
|
||||||
case kSecAttrKeyTypeEC:
|
case kSecAttrKeyTypeEC:
|
||||||
self = .ellipticCurve
|
self = .ellipticCurve
|
||||||
case kSecAttrKeyTypeRSA:
|
|
||||||
self = .rsa
|
|
||||||
default:
|
default:
|
||||||
fatalError()
|
fatalError()
|
||||||
}
|
}
|
||||||
|
@ -67,8 +67,6 @@ extension SmartCard {
|
|||||||
signatureAlgorithm = .ecdsaSignatureMessageX962SHA256
|
signatureAlgorithm = .ecdsaSignatureMessageX962SHA256
|
||||||
case (.ellipticCurve, 384):
|
case (.ellipticCurve, 384):
|
||||||
signatureAlgorithm = .ecdsaSignatureMessageX962SHA384
|
signatureAlgorithm = .ecdsaSignatureMessageX962SHA384
|
||||||
case (.rsa, _):
|
|
||||||
signatureAlgorithm = .rsaSignatureRaw
|
|
||||||
default:
|
default:
|
||||||
fatalError()
|
fatalError()
|
||||||
}
|
}
|
||||||
@ -102,6 +100,7 @@ extension SmartCard.Store {
|
|||||||
let attributes = [
|
let attributes = [
|
||||||
kSecClass: kSecClassKey,
|
kSecClass: kSecClassKey,
|
||||||
kSecAttrTokenID: tokenID,
|
kSecAttrTokenID: tokenID,
|
||||||
|
kSecAttrKeyType: kSecAttrKeyTypeEC, // Restrict to EC
|
||||||
kSecReturnRef: true,
|
kSecReturnRef: true,
|
||||||
kSecMatchLimit: kSecMatchLimitAll,
|
kSecMatchLimit: kSecMatchLimitAll,
|
||||||
kSecReturnAttributes: true
|
kSecReturnAttributes: true
|
||||||
|
Loading…
Reference in New Issue
Block a user