external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-04-10 17:47:19 +00:00
Code Issues Projects Releases Wiki Activity

Verification

Browse Source
This commit is contained in:
Max Goedjen 2023-03-11 15:54:39 -08:00
parent 49306b9457
commit 74136da0c5
No known key found for this signature in database
3 changed files with 39 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
View File

@ -162,11 +162,11 @@ extension SecureEnclave {
throw KeychainError(statusCode: errSecSuccess) throw KeychainError(statusCode: errSecSuccess)
} }
let key = untypedSafe as! SecKey let key = untypedSafe as! SecKey
let signature = SecKeyVerifySignature(key, .ecdsaSignatureMessageX962SHA256, data as CFData, signature as CFData, &verifyError) let verified = SecKeyVerifySignature(key, .ecdsaSignatureMessageX962SHA256, data as CFData, signature as CFData, &verifyError)
if !signature { if !verified, let verifyError {
throw SigningError(error: verifyError) throw SigningError(error: verifyError)
} }
return signature return verified
} }
public func existingPersistedAuthenticationContext(secret: Secret) -> PersistedAuthenticationContext? { public func existingPersistedAuthenticationContext(secret: Secret) -> PersistedAuthenticationContext? {

6
Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
View File

@ -111,11 +111,11 @@ extension SmartCard {
default: default:
fatalError() fatalError()
} }
let signature = SecKeyVerifySignature(key, signatureAlgorithm, data as CFData, signature as CFData, &verifyError) let verified = SecKeyVerifySignature(key, signatureAlgorithm, data as CFData, signature as CFData, &verifyError)
if !signature { if !verified, let verifyError {
throw SigningError(error: verifyError) throw SigningError(error: verifyError)
} }
return signature return verified
} }
public func existingPersistedAuthenticationContext(secret: SmartCard.Secret) -> PersistedAuthenticationContext? { public func existingPersistedAuthenticationContext(secret: SmartCard.Secret) -> PersistedAuthenticationContext? {

33
Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
View File

@ -70,6 +70,39 @@ extension Stub {
return SecKeyCreateSignature(privateKey, signatureAlgorithm, data as CFData, nil)! as Data return SecKeyCreateSignature(privateKey, signatureAlgorithm, data as CFData, nil)! as Data
} }
public func verify(data: Data, signature: Data, with secret: Stub.Secret) throws -> Bool {
let attributes = KeychainDictionary([
kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic
])
var verifyError: Unmanaged<CFError>?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
guard let untypedSafe = untyped else {
throw NSError(domain: "test", code: 0, userInfo: nil)
}
let key = untypedSafe as! SecKey
let signatureAlgorithm: SecKeyAlgorithm
switch (secret.algorithm, secret.keySize) {
case (.ellipticCurve, 256):
signatureAlgorithm = .ecdsaSignatureMessageX962SHA256
case (.ellipticCurve, 384):
signatureAlgorithm = .ecdsaSignatureMessageX962SHA384
case (.rsa, 1024):
signatureAlgorithm = .rsaSignatureMessagePKCS1v15SHA512
case (.rsa, 2048):
signatureAlgorithm = .rsaSignatureMessagePKCS1v15SHA512
default:
fatalError()
}
let verified = SecKeyVerifySignature(key, signatureAlgorithm, data as CFData, signature as CFData, &verifyError)
if verifyError != nil {
print(verifyError!.takeUnretainedValue())
throw NSError(domain: "test", code: 0, userInfo: nil)
}
return verified
}
public func existingPersistedAuthenticationContext(secret: Stub.Secret) -> PersistedAuthenticationContext? { public func existingPersistedAuthenticationContext(secret: Stub.Secret) -> PersistedAuthenticationContext? {
nil nil
} }