2 * Copyright (c) 2019 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 import SecurityFoundation
27 let OT_RECOVERY_SIGNING_HKDF_SIZE = 56
28 let OT_RECOVERY_ENCRYPTION_HKDF_SIZE = 56
30 enum recoveryKeyType: Int {
31 case kOTRecoveryKeySigning = 1
32 case kOTRecoveryKeyEncryption = 2
35 class RecoveryKeySet: NSObject {
36 public var encryptionKey: _SFECKeyPair
37 public var signingKey: _SFECKeyPair
39 public var secret: Data
40 public var recoverySalt: String
42 public init (secret: Data, recoverySalt: String) throws {
44 self.recoverySalt = recoverySalt
46 let encryptionKeyData = try RecoveryKeySet.generateRecoveryKey(keyType: recoveryKeyType.kOTRecoveryKeyEncryption, masterSecret: secret, recoverySalt: recoverySalt)
47 self.encryptionKey = _SFECKeyPair.init(secKey: try RecoveryKeySet.createSecKey(keyData: encryptionKeyData))
49 let signingKeyData = try RecoveryKeySet.generateRecoveryKey(keyType: recoveryKeyType.kOTRecoveryKeySigning, masterSecret: secret, recoverySalt: recoverySalt)
50 self.signingKey = _SFECKeyPair.init(secKey: try RecoveryKeySet.createSecKey(keyData: signingKeyData))
52 let RecoverySigningPubKeyHash = try RecoveryKeySet.hashRecoveryedSigningPublicKey(keyData: self.signingKey.publicKey().spki())
53 _ = try RecoveryKeySet.storeRecoveryedSigningKeyPair(keyData: self.signingKey.keyData, label: RecoverySigningPubKeyHash)
54 _ = try RecoveryKeySet.storeRecoveryedEncryptionKeyPair(keyData: self.encryptionKey.keyData, label: RecoverySigningPubKeyHash)
57 class func generateMasterKeyString() -> (String?) {
58 return SecRKCreateRecoveryKeyString(nil) as String
61 class func generateRecoveryKey(keyType: recoveryKeyType, masterSecret: Data, recoverySalt: String) throws -> (Data) {
69 case recoveryKeyType.kOTRecoveryKeyEncryption:
70 keyLength = OT_RECOVERY_ENCRYPTION_HKDF_SIZE
72 let infoString = Array("Recovery Encryption Private Key".utf8)
73 info = Data(bytes: infoString, count: infoString.count)
74 infoLength = info.count
77 case recoveryKeyType.kOTRecoveryKeySigning:
78 keyLength = OT_RECOVERY_SIGNING_HKDF_SIZE
80 let infoString = Array("Recovery Signing Private Key".utf8)
81 info = Data(bytes: infoString, count: infoString.count)
82 infoLength = info.count
87 guard let cp = ccec_cp_384() else {
88 throw RecoveryKeySetError.keyGeneration
92 let fullKey = TPHObjectiveC.ccec384Context()
93 defer { TPHObjectiveC.contextFree(fullKey) }
95 derivedKey = Data(count: keyLength)
97 var masterSecretMutable = masterSecret
98 let masterSecretLength = masterSecret.count
99 let derivedKeySize = derivedKey.count
101 let bottleSaltData = Data(bytes: Array(recoverySalt.utf8), count: recoverySalt.utf8.count)
103 try derivedKey.withUnsafeMutableBytes { (derivedKeyBytes: UnsafeMutablePointer<UInt8>) throws ->Void in
104 try masterSecretMutable.withUnsafeMutableBytes { (masterSecretBytes: UnsafeMutablePointer<UInt8>) throws ->Void in
105 try bottleSaltData.withUnsafeBytes { (bottleSaltBytes: UnsafePointer<UInt8>) throws -> Void in
106 try info.withUnsafeBytes { (infoBytes: UnsafePointer<UInt8>) throws -> Void in
107 status = cchkdf(ccsha384_di(),
108 masterSecretLength, masterSecretBytes,
109 bottleSaltData.count, bottleSaltBytes,
110 infoLength, infoBytes,
111 keyLength, derivedKeyBytes)
113 throw RecoveryKeySetError.corecryptoKeyGeneration(corecryptoError: status)
116 if(keyType == recoveryKeyType.kOTRecoveryKeyEncryption || keyType == recoveryKeyType.kOTRecoveryKeySigning) {
117 status = ccec_generate_key_deterministic(cp,
118 derivedKeySize, derivedKeyBytes,
120 UInt32(CCEC_GENKEY_DETERMINISTIC_FIPS),
123 guard status == 0 else {
124 throw RecoveryKeySetError.corecryptoKeyGeneration(corecryptoError: status)
127 let space = ccec_x963_export_size(1, ccec_ctx_pub(fullKey))
128 var key = Data(count: space)
129 key.withUnsafeMutableBytes { (bytes: UnsafeMutablePointer<UInt8>) -> Void in
130 ccec_x963_export(1, bytes, fullKey)
141 class func createSecKey(keyData: Data) throws -> (SecKey) {
142 let keyAttributes = [kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyType: kSecAttrKeyTypeEC]
144 guard let key = SecKeyCreateWithData(keyData as CFData, keyAttributes as CFDictionary, nil) else {
145 throw RecoveryKeySetError.keyGeneration
151 class func setKeyMaterialInKeychain(query: Dictionary<CFString, Any>) throws -> (Bool) {
154 var results: CFTypeRef?
155 var status = SecItemAdd(query as CFDictionary, &results)
157 if status == errSecSuccess {
159 } else if status == errSecDuplicateItem {
160 var updateQuery: Dictionary<CFString, Any> = query
161 updateQuery[kSecClass] = nil
163 status = SecItemUpdate(query as CFDictionary, updateQuery as CFDictionary)
165 if status != errSecSuccess {
166 throw RecoveryKeySetError.failedToSaveToKeychain(errorCode: status)
171 throw RecoveryKeySetError.failedToSaveToKeychain(errorCode: status)
177 class func hashRecoveryedSigningPublicKey(keyData: Data) throws -> (String) {
178 let di = ccsha384_di()
179 var result = Data(count: TPHObjectiveC.ccsha384_diSize())
181 let derivedKeySize = keyData.count
182 var keyDataMutable = keyData
183 result.withUnsafeMutableBytes {(resultBytes: UnsafeMutablePointer<UInt8>) -> Void in
184 keyDataMutable.withUnsafeMutableBytes {(keyDataBytes: UnsafeMutablePointer<UInt8>) -> Void in
185 ccdigest(di, derivedKeySize, keyDataBytes, resultBytes)
188 let hash = result.base64EncodedString(options: [])
193 class func storeRecoveryedEncryptionKeyPair(keyData: Data, label: String) throws -> (Bool) {
195 let query: [CFString: Any] = [
196 kSecClass: kSecClassKey,
197 kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
198 kSecUseDataProtectionKeychain: true,
199 kSecAttrAccessGroup: "com.apple.security.octagon",
200 kSecAttrSynchronizable: kCFBooleanFalse,
201 kSecAttrLabel: label,
202 kSecAttrApplicationLabel: String(format: "Recoveryed Encryption Key-%@", NSUUID().uuidString),
203 kSecValueData: keyData,
205 return try RecoveryKeySet.setKeyMaterialInKeychain(query: query)
208 class func storeRecoveryedSigningKeyPair(keyData: Data, label: String) throws -> (Bool) {
209 let query: [CFString: Any] = [
210 kSecClass: kSecClassKey,
211 kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
212 kSecUseDataProtectionKeychain: true,
213 kSecAttrAccessGroup: "com.apple.security.octagon",
214 kSecAttrSynchronizable: kCFBooleanFalse,
215 kSecAttrApplicationLabel: String(format: "Recoveryed Signing Key-%@", NSUUID().uuidString),
216 kSecAttrLabel: label,
217 kSecValueData: keyData,
219 return try RecoveryKeySet.setKeyMaterialInKeychain(query: query)
222 class func retrieveRecoveryKeysFromKeychain(label: String) throws -> [Dictionary <CFString, Any>]? {
223 var keySet: [Dictionary<CFString, Any>]?
225 let query: [CFString: Any] = [
226 kSecClass: kSecClassKey,
227 kSecAttrAccessGroup: "com.apple.security.octagon",
228 kSecAttrLabel: label,
229 kSecReturnAttributes: true,
230 kSecReturnData: true,
231 kSecAttrSynchronizable: kCFBooleanFalse,
232 kSecMatchLimit: kSecMatchLimitAll,
235 var result: CFTypeRef?
236 let status = SecItemCopyMatching(query as CFDictionary, &result)
238 if status != errSecSuccess || result == nil {
239 throw RecoveryKeySetError.itemDoesNotExist
243 if let dictionaryArray = result as? [Dictionary<CFString, Any>] {
244 keySet = dictionaryArray
246 if let dictionary = result as? Dictionary<CFString, Any> {
247 keySet = [dictionary]
256 class func findRecoveryKeysForLabel(label: String) throws -> (_SFECKeyPair?, _SFECKeyPair?) {
257 var signingKey: _SFECKeyPair?
258 var encryptionKey: _SFECKeyPair?
260 let keySet = try retrieveRecoveryKeysFromKeychain(label: label)
262 throw RecoveryKeySetError.itemDoesNotExist
264 for item in keySet! {
265 let keyTypeData = item[kSecAttrApplicationLabel as CFString] as! Data
266 let keyType = String(data: keyTypeData, encoding: .utf8)!
268 if keyType.range(of: "Encryption") != nil {
269 let keyData = item[kSecValueData as CFString] as! Data
270 let encryptionSecKey = try RecoveryKeySet.createSecKey(keyData: keyData)
271 encryptionKey = _SFECKeyPair.init(secKey: encryptionSecKey)
272 } else if keyType.range(of: "Signing") != nil {
273 let keyData = item[kSecValueData as CFString] as! Data
274 let signingSecKey = try RecoveryKeySet.createSecKey(keyData: keyData)
275 signingKey = _SFECKeyPair.init(secKey: signingSecKey)
277 throw RecoveryKeySetError.unsupportedKeyType(keyType: keyType)
281 return (signingKey, encryptionKey)
285 enum RecoveryKeySetError: Error {
287 case itemDoesNotExist
288 case failedToSaveToKeychain(errorCode: OSStatus)
289 case unsupportedKeyType(keyType: String)
290 case corecryptoKeyGeneration(corecryptoError: Int32)
293 extension RecoveryKeySetError: LocalizedError {
294 public var errorDescription: String? {
297 return "Key generation failed"
298 case .itemDoesNotExist:
299 return "Item does not exist"
300 case .failedToSaveToKeychain(errorCode: let osError):
301 return "Failed to save item to keychain: \(osError)"
302 case .unsupportedKeyType(keyType: let keyType):
303 return "Unsupported Key Type \(keyType)"
304 case .corecryptoKeyGeneration(corecryptoError: let corecryptoError):
305 return "Key generation crypto failed \(corecryptoError)"
310 extension RecoveryKeySetError: CustomNSError {
312 public static var errorDomain: String {
313 return "com.apple.security.trustedpeers.RecoveryKeySetError"
316 public var errorCode: Int {
320 case .itemDoesNotExist:
322 case .failedToSaveToKeychain:
324 case .unsupportedKeyType:
326 case .corecryptoKeyGeneration:
331 public var errorUserInfo: [String: Any] {
332 var userInfo: [String: Any] = [:]
333 if let desc = self.errorDescription {
334 userInfo[NSLocalizedDescriptionKey] = desc
337 case .failedToSaveToKeychain(errorCode: let osError):
338 userInfo[NSUnderlyingErrorKey] = NSError.init(domain: NSOSStatusErrorDomain, code: Int(osError), userInfo: nil)
339 case .corecryptoKeyGeneration(corecryptoError: let corecryptoError):
340 userInfo[NSUnderlyingErrorKey] = NSError.init(domain: "corecrypto", code: Int(corecryptoError), userInfo: nil)