external
/
secretive
mirror of https://github.com/maxgoedjen/secretive.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rough POC

This commit is contained in:
Max Goedjen 2020-03-16 00:49:43 -07:00
parent bd683b16f2
commit e70774f6aa
No known key found for this signature in database
GPG Key ID: E58C21DD77B9B8E8
3 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
SecretAgent/Agent.swift
View File

@ -3,6 +3,7 @@ import CryptoKit
import OSLog
import SecretKit
import SecretAgentKit
import AppKit
class Agent {
@ -40,7 +41,7 @@ extension Agent {
os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentIdentitiesAnswer.debugDescription)
case .signRequest:
response.append(SSHAgent.ResponseType.agentSignResponse.data)
response.append(try sign(data: data))
response.append(try sign(data: data, from: fileHandle.fileDescriptor))
os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentSignResponse.debugDescription)
}
} catch {
@ -74,7 +75,7 @@ extension Agent {
return countData + keyData
}
func sign(data: Data) throws -> Data {
func sign(data: Data, from pid: Int32) throws -> Data {
let reader = OpenSSHReader(data: data)
let writer = OpenSSHKeyWriter()
let hash = try reader.readNextChunk()
@ -92,8 +93,10 @@ extension Agent {
}
let dataToSign = try reader.readNextChunk()
let derSignature = try store.sign(data: dataToSign, with: secret)
let callerApp = caller(from: pid)
// TODO: Move this
notifier.notify(accessTo: secret)
notifier.notify(accessTo: secret, from: callerApp)
let curveData = writer.curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!
// Convert from DER formatted rep to raw (r||s)
@ -128,6 +131,29 @@ extension Agent {
return signedData
}
func caller(from pid: Int32) -> NSRunningApplication {
let pidPointer = UnsafeMutableRawPointer.allocate(byteCount: 4, alignment: 1)
var len = socklen_t(MemoryLayout<Int32>.size)
getsockopt(pid, SOCK_STREAM, LOCAL_PEERPID, pidPointer, &len)
let pid = pidPointer.load(as: Int32.self)
var current = pid
while NSRunningApplication(processIdentifier: current) == nil {
current = originalProcess(of: current)
}
return NSRunningApplication(processIdentifier: current)!
}
func originalProcess(of pid: Int32) -> Int32 {
var len = MemoryLayout<kinfo_proc>.size
let infoPointer = UnsafeMutableRawPointer.allocate(byteCount: len, alignment: 1)
var name: [Int32] = [CTL_KERN, KERN_PROC, KERN_PROC_PID, pid]
sysctl(&name, UInt32(name.count), infoPointer, &len, nil, 0)
let info = infoPointer.load(as: kinfo_proc.self)
let parent = info.kp_eproc.e_ppid
return parent
}
}

5
SecretAgent/Notifier.swift
View File

@ -1,6 +1,7 @@
import Foundation
import SecretKit
import UserNotifications
import AppKit
class Notifier {
@ -10,11 +11,11 @@ class Notifier {
}
}
func notify<SecretType: Secret>(accessTo secret: SecretType) {
func notify<SecretType: Secret>(accessTo secret: SecretType, from caller: NSRunningApplication) {
let notificationCenter = UNUserNotificationCenter.current()
let notificationContent = UNMutableNotificationContent()
notificationContent.title = "Signed Request"
notificationContent.body = "\(secret.name) was used to sign a request."
notificationContent.body = "\(secret.name) was used to sign a request from \(caller.localizedName!)."
let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil)
notificationCenter.add(request, withCompletionHandler: nil)
}

3
Secretive.xcodeproj/project.pbxproj
View File

@ -1355,6 +1355,7 @@
"$(inherited)",
"@executable_path/../Frameworks",
);
LIBRARY_SEARCH_PATHS = /usr/include;
MACOSX_DEPLOYMENT_TARGET = 10.15;
MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
@ -1574,6 +1575,7 @@
"$(inherited)",
"@executable_path/../Frameworks",
);
LIBRARY_SEARCH_PATHS = /usr/include;
MACOSX_DEPLOYMENT_TARGET = 10.15;
MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
@ -1599,6 +1601,7 @@
"$(inherited)",
"@executable_path/../Frameworks",
);
LIBRARY_SEARCH_PATHS = /usr/include;
MACOSX_DEPLOYMENT_TARGET = 10.15;
MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;