external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-08-31 01:20:57 +00:00
Code Issues Projects Releases Wiki Activity

Clean out MLDSA refs for now

Browse Source
This commit is contained in:
Max Goedjen 2025-08-24 15:19:23 -07:00
parent e08d6661e5
commit 7714281a1b
No known key found for this signature in database
8 changed files with 1 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Sources/Packages/Localizable.xcstrings
View File

@ -6311,9 +6311,6 @@
} }
} }
} }
},
"Warning: ML-DSA keys are very new, and not supported by many servers yet. Please verify the server you'll be using this key for accepts ML-DSA keys." : {
} }
}, },
"version" : "1.0" "version" : "1.0"

6
Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHPublicKeyWriter.swift
View File

@ -17,10 +17,6 @@ public struct OpenSSHPublicKeyWriter: Sendable {
openSSHIdentifier(for: secret.keyType).lengthAndData + openSSHIdentifier(for: secret.keyType).lengthAndData +
("nistp" + String(describing: secret.keyType.size)).lengthAndData + ("nistp" + String(describing: secret.keyType.size)).lengthAndData +
secret.publicKey.lengthAndData secret.publicKey.lengthAndData
case .mldsa:
// https://www.ietf.org/archive/id/draft-sfluhrer-ssh-mldsa-04.txt
openSSHIdentifier(for: secret.keyType).lengthAndData +
secret.publicKey.lengthAndData
case .rsa: case .rsa:
// https://datatracker.ietf.org/doc/html/rfc4253#section-6.6 // https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
openSSHIdentifier(for: secret.keyType).lengthAndData + openSSHIdentifier(for: secret.keyType).lengthAndData +
@ -78,8 +74,6 @@ extension OpenSSHPublicKeyWriter {
switch (keyType.algorithm, keyType.size) { switch (keyType.algorithm, keyType.size) {
case (.ecdsa, 256), (.ecdsa, 384): case (.ecdsa, 256), (.ecdsa, 384):
"ecdsa-sha2-nistp" + String(describing: keyType.size) "ecdsa-sha2-nistp" + String(describing: keyType.size)
case (.mldsa, 65), (.mldsa, 87):
"ssh-mldsa-" + String(describing: keyType.size)
case (.rsa, _): case (.rsa, _):
"ssh-rsa" "ssh-rsa"
default: default:

4
Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHReader.swift
View File

@ -17,9 +17,7 @@ public final class OpenSSHReader {
let lengthRange = 0..<(UInt32.bitWidth/8) let lengthRange = 0..<(UInt32.bitWidth/8)
let lengthChunk = remaining[lengthRange] let lengthChunk = remaining[lengthRange]
remaining.removeSubrange(lengthRange) remaining.removeSubrange(lengthRange)
let littleEndianLength = lengthChunk.withUnsafeBytes { pointer in let littleEndianLength = lengthChunk.bytes.unsafeLoad(as: UInt32.self)
return pointer.load(as: UInt32.self)
}
let length = Int(littleEndianLength.bigEndian) let length = Int(littleEndianLength.bigEndian)
let dataRange = 0..<length let dataRange = 0..<length
let ret = Data(remaining[dataRange]) let ret = Data(remaining[dataRange])

3
Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHSignatureWriter.swift
View File

@ -15,9 +15,6 @@ public struct OpenSSHSignatureWriter: Sendable {
case .ecdsa: case .ecdsa:
// https://datatracker.ietf.org/doc/html/rfc5656#section-3.1 // https://datatracker.ietf.org/doc/html/rfc5656#section-3.1
ecdsaSignature(signature, keyType: secret.keyType) ecdsaSignature(signature, keyType: secret.keyType)
case .mldsa:
// https://www.ietf.org/archive/id/draft-sfluhrer-ssh-mldsa-04.txt
fatalError()
case .rsa: case .rsa:
// https://datatracker.ietf.org/doc/html/rfc4253#section-6.6 // https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
rsaSignature(signature) rsaSignature(signature)

3
Sources/Packages/Sources/SecretKit/Types/Secret.swift
View File

@ -35,7 +35,6 @@ public struct KeyType: Hashable, Sendable, Codable, CustomStringConvertible {
public enum Algorithm: Hashable, Sendable, Codable { public enum Algorithm: Hashable, Sendable, Codable {
case ecdsa case ecdsa
case mldsa
case rsa case rsa
} }
@ -68,8 +67,6 @@ public struct KeyType: Hashable, Sendable, Codable, CustomStringConvertible {
kSecAttrKeyTypeEC kSecAttrKeyTypeEC
case .rsa: case .rsa:
kSecAttrKeyTypeRSA kSecAttrKeyTypeRSA
default:
nil
} }
} }

26
Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
View File

@ -70,14 +70,6 @@ extension SecureEnclave {
case (.ecdsa, 256): case (.ecdsa, 256):
let key = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: keyData) let key = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: keyData)
return try key.signature(for: data).rawRepresentation return try key.signature(for: data).rawRepresentation
case (.mldsa, 65):
guard #available(macOS 26.0, *) else { throw UnsupportedAlgorithmError() }
let key = try CryptoKit.SecureEnclave.MLDSA65.PrivateKey(dataRepresentation: keyData)
return try key.signature(for: data)
case (.mldsa, 87):
guard #available(macOS 26.0, *) else { throw UnsupportedAlgorithmError() }
let key = try CryptoKit.SecureEnclave.MLDSA87.PrivateKey(dataRepresentation: keyData)
return try key.signature(for: data)
default: default:
throw UnsupportedAlgorithmError() throw UnsupportedAlgorithmError()
} }
@ -123,14 +115,6 @@ extension SecureEnclave {
case (.ecdsa, 256): case (.ecdsa, 256):
let created = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(accessControl: access!) let created = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(accessControl: access!)
dataRep = created.dataRepresentation dataRep = created.dataRepresentation
case (.mldsa, 65):
guard #available(macOS 26.0, *) else { throw Attributes.UnsupportedOptionError() }
let created = try CryptoKit.SecureEnclave.MLDSA65.PrivateKey(accessControl: access!)
dataRep = created.dataRepresentation
case (.mldsa, 87):
guard #available(macOS 26.0, *) else { throw Attributes.UnsupportedOptionError() }
let created = try CryptoKit.SecureEnclave.MLDSA87.PrivateKey(accessControl: access!)
dataRep = created.dataRepresentation
default: default:
throw Attributes.UnsupportedOptionError() throw Attributes.UnsupportedOptionError()
} }
@ -172,8 +156,6 @@ extension SecureEnclave {
public var supportedKeyTypes: [KeyType] { public var supportedKeyTypes: [KeyType] {
[ [
.init(algorithm: .ecdsa, size: 256), .init(algorithm: .ecdsa, size: 256),
.init(algorithm: .mldsa, size: 65),
.init(algorithm: .mldsa, size: 87),
] ]
} }
@ -223,14 +205,6 @@ extension SecureEnclave.Store {
case (.ecdsa, 256): case (.ecdsa, 256):
let key = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: keyData) let key = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: keyData)
publicKey = key.publicKey.x963Representation publicKey = key.publicKey.x963Representation
case (.mldsa, 65):
guard #available(macOS 26.0, *) else { throw UnsupportedAlgorithmError() }
let key = try CryptoKit.SecureEnclave.MLDSA65.PrivateKey(dataRepresentation: keyData)
publicKey = key.publicKey.rawRepresentation
case (.mldsa, 87):
guard #available(macOS 26.0, *) else { throw UnsupportedAlgorithmError() }
let key = try CryptoKit.SecureEnclave.MLDSA87.PrivateKey(dataRepresentation: keyData)
publicKey = key.publicKey.rawRepresentation
default: default:
throw UnsupportedAlgorithmError() throw UnsupportedAlgorithmError()
} }

2
Sources/Secretive/Preview Content/PreviewStore.swift
View File

@ -63,8 +63,6 @@ extension Preview {
var supportedKeyTypes: [KeyType] { var supportedKeyTypes: [KeyType] {
[ [
.init(algorithm: .ecdsa, size: 256), .init(algorithm: .ecdsa, size: 256),
.init(algorithm: .mldsa, size: 65),
.init(algorithm: .mldsa, size: 87),
] ]
} }

6
Sources/Secretive/Views/CreateSecretView.swift
View File

@ -79,12 +79,6 @@ struct CreateSecretView<StoreType: SecretStoreModifiable>: View {
.font(.caption) .font(.caption)
} }
} }
if keyType?.algorithm == .mldsa {
Text("Warning: ML-DSA keys are very new, and not supported by many servers yet. Please verify the server you'll be using this key for accepts ML-DSA keys.")
.padding(.horizontal, 10)
.padding(.vertical, 3)
.background(.red.opacity(0.5), in: RoundedRectangle(cornerRadius: 5))
}
} }
VStack(alignment: .leading) { VStack(alignment: .leading) {
TextField("Key Attribution", text: $keyAttribution, prompt: Text("test@example.com")) TextField("Key Attribution", text: $keyAttribution, prompt: Text("test@example.com"))