external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-04-18 05:22:11 +00:00
Code Issues Projects Releases Wiki Activity

Rough POC

Browse Source
This commit is contained in:
Max Goedjen 2020-03-16 00:49:43 -07:00
parent bd683b16f2
commit e70774f6aa
No known key found for this signature in database
GPG Key ID: E58C21DD77B9B8E8
3 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
SecretAgent/Agent.swift
View File

@ -3,6 +3,7 @@ import CryptoKit
import OSLog import OSLog
import SecretKit import SecretKit
import SecretAgentKit import SecretAgentKit
import AppKit
class Agent { class Agent {
@ -40,7 +41,7 @@ extension Agent {
os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentIdentitiesAnswer.debugDescription) os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentIdentitiesAnswer.debugDescription)
case .signRequest: case .signRequest:
response.append(SSHAgent.ResponseType.agentSignResponse.data) response.append(SSHAgent.ResponseType.agentSignResponse.data)
response.append(try sign(data: data)) response.append(try sign(data: data, from: fileHandle.fileDescriptor))
os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentSignResponse.debugDescription) os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentSignResponse.debugDescription)
} }
} catch { } catch {
@ -74,7 +75,7 @@ extension Agent {
return countData + keyData return countData + keyData
} }
func sign(data: Data) throws -> Data { func sign(data: Data, from pid: Int32) throws -> Data {
let reader = OpenSSHReader(data: data) let reader = OpenSSHReader(data: data)
let writer = OpenSSHKeyWriter() let writer = OpenSSHKeyWriter()
let hash = try reader.readNextChunk() let hash = try reader.readNextChunk()
@ -92,8 +93,10 @@ extension Agent {
} }
let dataToSign = try reader.readNextChunk() let dataToSign = try reader.readNextChunk()
let derSignature = try store.sign(data: dataToSign, with: secret) let derSignature = try store.sign(data: dataToSign, with: secret)
let callerApp = caller(from: pid)
// TODO: Move this // TODO: Move this
notifier.notify(accessTo: secret) notifier.notify(accessTo: secret, from: callerApp)
let curveData = writer.curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)! let curveData = writer.curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!
// Convert from DER formatted rep to raw (r||s) // Convert from DER formatted rep to raw (r||s)
@ -128,6 +131,29 @@ extension Agent {
return signedData return signedData
} }
func caller(from pid: Int32) -> NSRunningApplication {
let pidPointer = UnsafeMutableRawPointer.allocate(byteCount: 4, alignment: 1)
var len = socklen_t(MemoryLayout<Int32>.size)
getsockopt(pid, SOCK_STREAM, LOCAL_PEERPID, pidPointer, &len)
let pid = pidPointer.load(as: Int32.self)
var current = pid
while NSRunningApplication(processIdentifier: current) == nil {
current = originalProcess(of: current)
}
return NSRunningApplication(processIdentifier: current)!
}
func originalProcess(of pid: Int32) -> Int32 {
var len = MemoryLayout<kinfo_proc>.size
let infoPointer = UnsafeMutableRawPointer.allocate(byteCount: len, alignment: 1)
var name: [Int32] = [CTL_KERN, KERN_PROC, KERN_PROC_PID, pid]
sysctl(&name, UInt32(name.count), infoPointer, &len, nil, 0)
let info = infoPointer.load(as: kinfo_proc.self)
let parent = info.kp_eproc.e_ppid
return parent
}
} }

5
SecretAgent/Notifier.swift
View File

@ -1,6 +1,7 @@
import Foundation import Foundation
import SecretKit import SecretKit
import UserNotifications import UserNotifications
import AppKit
class Notifier { class Notifier {
@ -10,11 +11,11 @@ class Notifier {
} }
} }
func notify<SecretType: Secret>(accessTo secret: SecretType) { func notify<SecretType: Secret>(accessTo secret: SecretType, from caller: NSRunningApplication) {
let notificationCenter = UNUserNotificationCenter.current() let notificationCenter = UNUserNotificationCenter.current()
let notificationContent = UNMutableNotificationContent() let notificationContent = UNMutableNotificationContent()
notificationContent.title = "Signed Request" notificationContent.title = "Signed Request"
notificationContent.body = "\(secret.name) was used to sign a request." notificationContent.body = "\(secret.name) was used to sign a request from \(caller.localizedName!)."
let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil) let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil)
notificationCenter.add(request, withCompletionHandler: nil) notificationCenter.add(request, withCompletionHandler: nil)
} }

3
Secretive.xcodeproj/project.pbxproj
View File

@ -1355,6 +1355,7 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
LIBRARY_SEARCH_PATHS = /usr/include;
MACOSX_DEPLOYMENT_TARGET = 10.15; MACOSX_DEPLOYMENT_TARGET = 10.15;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
@ -1574,6 +1575,7 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
LIBRARY_SEARCH_PATHS = /usr/include;
MACOSX_DEPLOYMENT_TARGET = 10.15; MACOSX_DEPLOYMENT_TARGET = 10.15;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
@ -1599,6 +1601,7 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
LIBRARY_SEARCH_PATHS = /usr/include;
MACOSX_DEPLOYMENT_TARGET = 10.15; MACOSX_DEPLOYMENT_TARGET = 10.15;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;