external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-04-04 06:37:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge a530a83e87 into ad56019901

Browse Source
This commit is contained in:
Taradai Dmitrii 2024-09-09 09:16:29 +00:00 committed by GitHub
commit da451c6a06
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 60 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
View File

@ -2,7 +2,7 @@ import Foundation
import Combine import Combine
/// Type eraser for SecretStore. /// Type eraser for SecretStore.
public class AnySecretStore: SecretStore { public class AnySecretStore: SecretStore, ObservableObject {
let base: Any let base: Any
private let _isAvailable: () -> Bool private let _isAvailable: () -> Bool
@ -28,9 +28,11 @@ public class AnySecretStore: SecretStore {
_existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) } _existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) }
_persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) } _persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) }
_reloadSecrets = { secretStore.reloadSecrets() } _reloadSecrets = { secretStore.reloadSecrets() }
sink = secretStore.objectWillChange.sink { _ in sink = secretStore.objectWillChange
self.objectWillChange.send() .receive(on: DispatchQueue.main) // Ensure updates are received on the main thread
} .sink { [weak self] _ in
self?.objectWillChange.send()
}
} }
public var isAvailable: Bool { public var isAvailable: Bool {

6
Sources/Packages/Sources/SecretKit/KeychainTypes.swift
View File

@ -2,12 +2,6 @@ import Foundation
public typealias SecurityError = Unmanaged<CFError> public typealias SecurityError = Unmanaged<CFError>
/// Wraps a Swift dictionary in a CFDictionary.
/// - Parameter dictionary: The Swift dictionary to wrap.
/// - Returns: A CFDictionary containing the keys and values.
public func KeychainDictionary(_ dictionary: [CFString: Any]) -> CFDictionary {
dictionary as CFDictionary
}
public extension CFError { public extension CFError {

72
Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
View File

@ -49,34 +49,34 @@ extension SecureEnclave {
throw error.takeRetainedValue() as Error throw error.takeRetainedValue() as Error
} }
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecAttrLabel: name, kSecAttrLabel: name,
kSecAttrKeyType: Constants.keyType, kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag, kSecAttrApplicationTag: Constants.keyTag,
kSecAttrIsPermanent: true,
kSecPrivateKeyAttrs: [ kSecPrivateKeyAttrs: [
kSecAttrIsPermanent: true, kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrAccessControl: access kSecAttrAccessControl: access
],
kSecPublicKeyAttrs: [
kSecAttrKeyClass: kSecAttrKeyClassPublic
] ]
]) ]
var createKeyError: SecurityError? var createKeyError: SecurityError?
let keypair = SecKeyCreateRandomKey(attributes, &createKeyError) SecKeyCreateRandomKey(attributes, &createKeyError)
if let error = createKeyError { if let error = createKeyError {
throw error.takeRetainedValue() as Error throw error.takeRetainedValue() as Error
} }
guard let keypair = keypair, let publicKey = SecKeyCopyPublicKey(keypair) else {
throw KeychainError(statusCode: nil)
}
try savePublicKey(publicKey, name: name)
reloadSecretsInternal() reloadSecretsInternal()
} }
public func delete(secret: Secret) throws { public func delete(secret: Secret) throws {
let deleteAttributes = KeychainDictionary([ let deleteAttributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrApplicationLabel: secret.id as CFData kSecAttrApplicationLabel: secret.id
]) ]
let status = SecItemDelete(deleteAttributes) let status = SecItemDelete(deleteAttributes)
if status != errSecSuccess { if status != errSecSuccess {
throw KeychainError(statusCode: status) throw KeychainError(statusCode: status)
@ -85,14 +85,14 @@ extension SecureEnclave {
} }
public func update(secret: Secret, name: String) throws { public func update(secret: Secret, name: String) throws {
let updateQuery = KeychainDictionary([ let updateQuery : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrApplicationLabel: secret.id as CFData kSecAttrApplicationLabel: secret.id
]) ]
let updatedAttributes = KeychainDictionary([ let updatedAttributes : NSDictionary = [
kSecAttrLabel: name, kSecAttrLabel: name,
]) ]
let status = SecItemUpdate(updateQuery, updatedAttributes) let status = SecItemUpdate(updateQuery, updatedAttributes)
if status != errSecSuccess { if status != errSecSuccess {
@ -111,16 +111,16 @@ extension SecureEnclave {
context = newContext context = newContext
} }
context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)") context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData, kSecAttrApplicationLabel: secret.id,
kSecAttrKeyType: Constants.keyType, kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag, kSecAttrApplicationTag: Constants.keyTag,
kSecUseAuthenticationContext: context, kSecUseAuthenticationContext: context,
kSecReturnRef: true kSecReturnRef: true
]) ]
var untyped: CFTypeRef? var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped) let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess { if status != errSecSuccess {
@ -142,16 +142,16 @@ extension SecureEnclave {
let context = LAContext() let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_verify_description_\(secret.name)") context.localizedReason = String(localized: "auth_context_request_verify_description_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData, kSecAttrApplicationLabel: secret.id,
kSecAttrKeyType: Constants.keyType, kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag, kSecAttrApplicationTag: Constants.keyTag,
kSecUseAuthenticationContext: context, kSecUseAuthenticationContext: context,
kSecReturnRef: true kSecReturnRef: true
]) ]
var verifyError: SecurityError? var verifyError: SecurityError?
var untyped: CFTypeRef? var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped) let status = SecItemCopyMatching(attributes, &untyped)
@ -225,7 +225,7 @@ extension SecureEnclave.Store {
/// Loads all secrets from the store. /// Loads all secrets from the store.
private func loadSecrets() { private func loadSecrets() {
let publicAttributes = KeychainDictionary([ let publicAttributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyType: SecureEnclave.Constants.keyType, kSecAttrKeyType: SecureEnclave.Constants.keyType,
kSecAttrApplicationTag: SecureEnclave.Constants.keyTag, kSecAttrApplicationTag: SecureEnclave.Constants.keyTag,
@ -233,11 +233,11 @@ extension SecureEnclave.Store {
kSecReturnRef: true, kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll, kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true kSecReturnAttributes: true
]) ]
var publicUntyped: CFTypeRef? var publicUntyped: CFTypeRef?
SecItemCopyMatching(publicAttributes, &publicUntyped) SecItemCopyMatching(publicAttributes, &publicUntyped)
guard let publicTyped = publicUntyped as? [[CFString: Any]] else { return } guard let publicTyped = publicUntyped as? [[CFString: Any]] else { return }
let privateAttributes = KeychainDictionary([ let privateAttributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyType: SecureEnclave.Constants.keyType, kSecAttrKeyType: SecureEnclave.Constants.keyType,
kSecAttrApplicationTag: SecureEnclave.Constants.keyTag, kSecAttrApplicationTag: SecureEnclave.Constants.keyTag,
@ -245,7 +245,7 @@ extension SecureEnclave.Store {
kSecReturnRef: true, kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll, kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true kSecReturnAttributes: true
]) ]
var privateUntyped: CFTypeRef? var privateUntyped: CFTypeRef?
SecItemCopyMatching(privateAttributes, &privateUntyped) SecItemCopyMatching(privateAttributes, &privateUntyped)
guard let privateTyped = privateUntyped as? [[CFString: Any]] else { return } guard let privateTyped = privateUntyped as? [[CFString: Any]] else { return }
@ -278,26 +278,6 @@ extension SecureEnclave.Store {
secrets.append(contentsOf: wrapped) secrets.append(contentsOf: wrapped)
} }
/// Saves a public key.
/// - Parameters:
/// - publicKey: The public key to save.
/// - name: A user-facing name for the key.
private func savePublicKey(_ publicKey: SecKey, name: String) throws {
let attributes = KeychainDictionary([
kSecClass: kSecClassKey,
kSecAttrKeyType: SecureEnclave.Constants.keyType,
kSecAttrKeyClass: kSecAttrKeyClassPublic,
kSecAttrApplicationTag: SecureEnclave.Constants.keyTag,
kSecValueRef: publicKey,
kSecAttrIsPermanent: true,
kSecReturnData: true,
kSecAttrLabel: name
])
let status = SecItemAdd(attributes, nil)
if status != errSecSuccess {
throw KeychainError(statusCode: status)
}
}
} }

26
Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
View File

@ -52,14 +52,15 @@ extension SmartCard {
let context = LAContext() let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)") context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData, kSecAttrApplicationLabel: secret.id,
kSecAttrTokenID: tokenID, kSecAttrTokenID: tokenID,
kSecUseAuthenticationContext: context, kSecUseAuthenticationContext: context,
kSecReturnRef: true kSecReturnRef: true
]) ]
var untyped: CFTypeRef? var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped) let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess { if status != errSecSuccess {
@ -77,11 +78,12 @@ extension SmartCard {
} }
public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecAttrKeyType: secret.algorithm.secAttrKeyType, kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize, kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic kSecAttrKeyClass: kSecAttrKeyClassPublic
]) ]
var verifyError: SecurityError? var verifyError: SecurityError?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError) let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
guard let untypedSafe = untyped else { guard let untypedSafe = untyped else {
@ -145,13 +147,13 @@ extension SmartCard.Store {
name = fallbackName name = fallbackName
} }
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrTokenID: tokenID, kSecAttrTokenID: tokenID,
kSecReturnRef: true, kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll, kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true kSecReturnAttributes: true
]) ]
var untyped: CFTypeRef? var untyped: CFTypeRef?
SecItemCopyMatching(attributes, &untyped) SecItemCopyMatching(attributes, &untyped)
guard let typed = untyped as? [[CFString: Any]] else { return } guard let typed = untyped as? [[CFString: Any]] else { return }
@ -185,12 +187,12 @@ extension SmartCard.Store {
let context = LAContext() let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_encrypt_description_\(secret.name)") context.localizedReason = String(localized: "auth_context_request_encrypt_description_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecAttrKeyType: secret.algorithm.secAttrKeyType, kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize, kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic, kSecAttrKeyClass: kSecAttrKeyClassPublic,
kSecUseAuthenticationContext: context kSecUseAuthenticationContext: context
]) ]
var encryptError: SecurityError? var encryptError: SecurityError?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &encryptError) let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &encryptError)
guard let untypedSafe = untyped else { guard let untypedSafe = untyped else {
@ -214,14 +216,14 @@ extension SmartCard.Store {
let context = LAContext() let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_decrypt_description_\(secret.name)") context.localizedReason = String(localized: "auth_context_request_decrypt_description_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData, kSecAttrApplicationLabel: secret.id,
kSecAttrTokenID: tokenID, kSecAttrTokenID: tokenID,
kSecUseAuthenticationContext: context, kSecUseAuthenticationContext: context,
kSecReturnRef: true kSecReturnRef: true
]) ]
var untyped: CFTypeRef? var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped) let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess { if status != errSecSuccess {

12
Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
View File

@ -27,7 +27,7 @@ extension Stub {
flags, flags,
nil) as Any nil) as Any
let attributes = KeychainDictionary([ let attributes : NSDictionary = [
kSecAttrLabel: name, kSecAttrLabel: name,
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: size, kSecAttrKeySizeInBits: size,
@ -35,7 +35,7 @@ extension Stub {
kSecAttrIsPermanent: true, kSecAttrIsPermanent: true,
kSecAttrAccessControl: access kSecAttrAccessControl: access
] ]
]) ]
let privateKey = SecKeyCreateRandomKey(attributes, nil)! let privateKey = SecKeyCreateRandomKey(attributes, nil)!
let publicKey = SecKeyCopyPublicKey(privateKey)! let publicKey = SecKeyCopyPublicKey(privateKey)!
@ -52,21 +52,21 @@ extension Stub {
guard !shouldThrow else { guard !shouldThrow else {
throw NSError(domain: "test", code: 0, userInfo: nil) throw NSError(domain: "test", code: 0, userInfo: nil)
} }
let privateKey = SecKeyCreateWithData(secret.privateKey as CFData, KeychainDictionary([ let privateKey = SecKeyCreateWithData(secret.privateKey as CFData, [
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: secret.keySize, kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPrivate kSecAttrKeyClass: kSecAttrKeyClassPrivate
]) ] as CFDictionary
, nil)! , nil)!
return SecKeyCreateSignature(privateKey, signatureAlgorithm(for: secret), data as CFData, nil)! as Data return SecKeyCreateSignature(privateKey, signatureAlgorithm(for: secret), data as CFData, nil)! as Data
} }
public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool {
let attributes = KeychainDictionary([ let attributes: NSDictionary = [
kSecAttrKeyType: secret.algorithm.secAttrKeyType, kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize, kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic kSecAttrKeyClass: kSecAttrKeyClassPublic
]) ]
var verifyError: Unmanaged<CFError>? var verifyError: Unmanaged<CFError>?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError) let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
guard let untypedSafe = untyped else { guard let untypedSafe = untyped else {

5
Sources/SecretAgent/AppDelegate.swift
View File

@ -32,7 +32,10 @@ class AppDelegate: NSObject, NSApplicationDelegate {
func applicationDidFinishLaunching(_ aNotification: Notification) { func applicationDidFinishLaunching(_ aNotification: Notification) {
logger.debug("SecretAgent finished launching") logger.debug("SecretAgent finished launching")
DispatchQueue.main.async { DispatchQueue.main.async {
self.socketController.handler = self.agent.handle(reader:writer:) self.socketController.handler = { [weak self] reader, writer in
guard let self = self else { return false }
return await self.agent.handle(reader: reader, writer: writer)
}
} }
NotificationCenter.default.addObserver(forName: .secretStoreReloaded, object: nil, queue: .main) { [self] _ in NotificationCenter.default.addObserver(forName: .secretStoreReloaded, object: nil, queue: .main) { [self] _ in
try? publicKeyFileStoreController.generatePublicKeys(for: storeList.allSecrets, clear: true) try? publicKeyFileStoreController.generatePublicKeys(for: storeList.allSecrets, clear: true)

6
Sources/Secretive/Views/CreateSecretView.swift
View File

@ -93,14 +93,14 @@ struct ThumbnailPickerView<ValueType: Hashable>: View {
extension ThumbnailPickerView { extension ThumbnailPickerView {
struct Item<ValueType: Hashable>: Identifiable { struct Item<Value: Hashable>: Identifiable {
let id = UUID() let id = UUID()
let value: ValueType let value: Value
let name: LocalizedStringKey let name: LocalizedStringKey
let description: LocalizedStringKey let description: LocalizedStringKey
let thumbnail: AnyView let thumbnail: AnyView
init<ViewType: View>(value: ValueType, name: LocalizedStringKey, description: LocalizedStringKey, thumbnail: ViewType) { init<ThumbnailView: View>(value: Value, name: LocalizedStringKey, description: LocalizedStringKey, thumbnail: ThumbnailView) {
self.value = value self.value = value
self.name = name self.name = name
self.description = description self.description = description

2
Sources/Secretive/Views/SetupView.swift
View File

@ -55,7 +55,7 @@ struct StepView: View {
.foregroundColor(.green) .foregroundColor(.green)
.frame(width: max(0, ((width - (Constants.padding * 2)) / Double(numberOfSteps - 1)) * Double(currentStep) - (Constants.circleWidth / 2)), height: 5) .frame(width: max(0, ((width - (Constants.padding * 2)) / Double(numberOfSteps - 1)) * Double(currentStep) - (Constants.circleWidth / 2)), height: 5)
HStack { HStack {
ForEach(0..<numberOfSteps) { index in ForEach(0..<numberOfSteps, id: \.self) { index in
ZStack { ZStack {
if currentStep > index { if currentStep > index {
Circle() Circle()