2 * Copyright (c) 2019 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 import SecurityFoundation
27 let OT_RECOVERY_SIGNING_HKDF_SIZE = 56
28 let OT_RECOVERY_ENCRYPTION_HKDF_SIZE = 56
30 enum recoveryKeyType: Int {
31 case kOTRecoveryKeySigning = 1
32 case kOTRecoveryKeyEncryption = 2
35 class RecoveryKeySet: NSObject {
36 public var encryptionKey: _SFECKeyPair
37 public var signingKey: _SFECKeyPair
39 public var secret: Data
40 public var recoverySalt: String
42 public init (secret: Data, recoverySalt: String) throws {
44 self.recoverySalt = recoverySalt
46 let encryptionKeyData = try RecoveryKeySet.generateRecoveryKey(keyType: recoveryKeyType.kOTRecoveryKeyEncryption, masterSecret: secret, recoverySalt: recoverySalt)
47 self.encryptionKey = _SFECKeyPair.init(secKey: try RecoveryKeySet.createSecKey(keyData: encryptionKeyData))
49 let signingKeyData = try RecoveryKeySet.generateRecoveryKey(keyType: recoveryKeyType.kOTRecoveryKeySigning, masterSecret: secret, recoverySalt: recoverySalt)
50 self.signingKey = _SFECKeyPair.init(secKey: try RecoveryKeySet.createSecKey(keyData: signingKeyData))
52 let RecoverySigningPubKeyHash = try RecoveryKeySet.hashRecoveryedSigningPublicKey(keyData: self.signingKey.publicKey().spki())
53 _ = try RecoveryKeySet.storeRecoveryedSigningKeyPair(keyData: self.signingKey.keyData, label: RecoverySigningPubKeyHash)
54 _ = try RecoveryKeySet.storeRecoveryedEncryptionKeyPair(keyData: self.encryptionKey.keyData, label: RecoverySigningPubKeyHash)
57 class func generateMasterKeyString() -> (String?) {
58 return SecRKCreateRecoveryKeyString(nil) as String
61 class func generateRecoveryKey(keyType: recoveryKeyType, masterSecret: Data, recoverySalt: String) throws -> (Data) {
68 case recoveryKeyType.kOTRecoveryKeyEncryption:
69 keyLength = OT_RECOVERY_ENCRYPTION_HKDF_SIZE
71 let infoString = Array("Recovery Encryption Private Key".utf8)
72 info = Data(bytes: infoString, count: infoString.count)
75 case recoveryKeyType.kOTRecoveryKeySigning:
76 keyLength = OT_RECOVERY_SIGNING_HKDF_SIZE
78 let infoString = Array("Recovery Signing Private Key".utf8)
79 info = Data(bytes: infoString, count: infoString.count)
84 guard let cp = ccec_cp_384() else {
85 throw RecoveryKeySetError.keyGeneration
89 let fullKey = TPHObjectiveC.ccec384Context()
90 defer { TPHObjectiveC.contextFree(fullKey) }
92 derivedKey = Data(count: keyLength)
94 var masterSecretMutable = masterSecret
96 let bottleSaltData = Data(bytes: Array(recoverySalt.utf8), count: recoverySalt.utf8.count)
98 try derivedKey.withUnsafeMutableBytes { (derivedKeyBytes: UnsafeMutableRawBufferPointer) throws ->Void in
99 try masterSecretMutable.withUnsafeMutableBytes { (masterSecretBytes: UnsafeMutableRawBufferPointer) throws ->Void in
100 try bottleSaltData.withUnsafeBytes { (bottleSaltBytes: UnsafeRawBufferPointer) throws -> Void in
101 try info.withUnsafeBytes { (infoBytes: UnsafeRawBufferPointer) throws -> Void in
102 status = cchkdf(ccsha384_di(),
103 masterSecretBytes.count, masterSecretBytes.baseAddress!,
104 bottleSaltBytes.count, bottleSaltBytes.baseAddress!,
105 infoBytes.count, infoBytes.baseAddress!,
106 derivedKeyBytes.count, derivedKeyBytes.baseAddress!)
108 throw RecoveryKeySetError.corecryptoKeyGeneration(corecryptoError: status)
111 if(keyType == recoveryKeyType.kOTRecoveryKeyEncryption || keyType == recoveryKeyType.kOTRecoveryKeySigning) {
112 status = ccec_generate_key_deterministic(cp,
113 derivedKeyBytes.count, derivedKeyBytes.bindMemory(to: UInt8.self).baseAddress!,
115 UInt32(CCEC_GENKEY_DETERMINISTIC_FIPS),
118 guard status == 0 else {
119 throw RecoveryKeySetError.corecryptoKeyGeneration(corecryptoError: status)
122 let space = ccec_x963_export_size(1, ccec_ctx_pub(fullKey))
123 var key = Data(count: space)
124 key.withUnsafeMutableBytes { (bytes: UnsafeMutableRawBufferPointer) -> Void in
125 ccec_x963_export(1, bytes.baseAddress!, fullKey)
136 class func createSecKey(keyData: Data) throws -> (SecKey) {
137 let keyAttributes = [kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyType: kSecAttrKeyTypeEC]
139 guard let key = SecKeyCreateWithData(keyData as CFData, keyAttributes as CFDictionary, nil) else {
140 throw RecoveryKeySetError.keyGeneration
146 class func setKeyMaterialInKeychain(query: Dictionary<CFString, Any>) throws -> (Bool) {
149 var results: CFTypeRef?
150 var status = SecItemAdd(query as CFDictionary, &results)
152 if status == errSecSuccess {
154 } else if status == errSecDuplicateItem {
155 var updateQuery: Dictionary<CFString, Any> = query
156 updateQuery[kSecClass] = nil
158 status = SecItemUpdate(query as CFDictionary, updateQuery as CFDictionary)
160 if status != errSecSuccess {
161 throw RecoveryKeySetError.failedToSaveToKeychain(errorCode: status)
166 throw RecoveryKeySetError.failedToSaveToKeychain(errorCode: status)
172 class func hashRecoveryedSigningPublicKey(keyData: Data) throws -> (String) {
173 let di = ccsha384_di()
174 var result = Data(count: TPHObjectiveC.ccsha384_diSize())
176 var keyDataMutable = keyData
177 result.withUnsafeMutableBytes {(resultBytes: UnsafeMutableRawBufferPointer) -> Void in
178 keyDataMutable.withUnsafeMutableBytes {(keyDataBytes: UnsafeMutableRawBufferPointer) -> Void in
179 ccdigest(di, keyDataBytes.count, keyDataBytes.baseAddress!, resultBytes.baseAddress!)
182 let hash = result.base64EncodedString(options: [])
187 class func storeRecoveryedEncryptionKeyPair(keyData: Data, label: String) throws -> (Bool) {
189 let query: [CFString: Any] = [
190 kSecClass: kSecClassKey,
191 kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
192 kSecUseDataProtectionKeychain: true,
193 kSecAttrAccessGroup: "com.apple.security.octagon",
194 kSecAttrSynchronizable: false,
195 kSecAttrLabel: label,
196 kSecAttrApplicationLabel: String(format: "Recoveryed Encryption Key-%@", NSUUID().uuidString),
197 kSecValueData: keyData,
199 return try RecoveryKeySet.setKeyMaterialInKeychain(query: query)
202 class func storeRecoveryedSigningKeyPair(keyData: Data, label: String) throws -> (Bool) {
203 let query: [CFString: Any] = [
204 kSecClass: kSecClassKey,
205 kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
206 kSecUseDataProtectionKeychain: true,
207 kSecAttrAccessGroup: "com.apple.security.octagon",
208 kSecAttrSynchronizable: false,
209 kSecAttrApplicationLabel: String(format: "Recoveryed Signing Key-%@", NSUUID().uuidString),
210 kSecAttrLabel: label,
211 kSecValueData: keyData,
213 return try RecoveryKeySet.setKeyMaterialInKeychain(query: query)
216 class func retrieveRecoveryKeysFromKeychain(label: String) throws -> [Dictionary <CFString, Any>]? {
217 var keySet: [Dictionary<CFString, Any>]?
219 let query: [CFString: Any] = [
220 kSecClass: kSecClassKey,
221 kSecAttrAccessGroup: "com.apple.security.octagon",
222 kSecAttrLabel: label,
223 kSecReturnAttributes: true,
224 kSecReturnData: true,
225 kSecAttrSynchronizable: false,
226 kSecMatchLimit: kSecMatchLimitAll,
229 var result: CFTypeRef?
230 let status = SecItemCopyMatching(query as CFDictionary, &result)
232 if status != errSecSuccess || result == nil {
233 throw RecoveryKeySetError.itemDoesNotExist
237 if let dictionaryArray = result as? [Dictionary<CFString, Any>] {
238 keySet = dictionaryArray
240 if let dictionary = result as? Dictionary<CFString, Any> {
241 keySet = [dictionary]
250 class func findRecoveryKeysForLabel(label: String) throws -> (_SFECKeyPair?, _SFECKeyPair?) {
251 var signingKey: _SFECKeyPair?
252 var encryptionKey: _SFECKeyPair?
254 let keySet = try retrieveRecoveryKeysFromKeychain(label: label)
256 throw RecoveryKeySetError.itemDoesNotExist
258 for item in keySet! {
259 let keyTypeData = item[kSecAttrApplicationLabel as CFString] as! Data
260 let keyType = String(data: keyTypeData, encoding: .utf8)!
262 if keyType.range(of: "Encryption") != nil {
263 let keyData = item[kSecValueData as CFString] as! Data
264 let encryptionSecKey = try RecoveryKeySet.createSecKey(keyData: keyData)
265 encryptionKey = _SFECKeyPair.init(secKey: encryptionSecKey)
266 } else if keyType.range(of: "Signing") != nil {
267 let keyData = item[kSecValueData as CFString] as! Data
268 let signingSecKey = try RecoveryKeySet.createSecKey(keyData: keyData)
269 signingKey = _SFECKeyPair.init(secKey: signingSecKey)
271 throw RecoveryKeySetError.unsupportedKeyType(keyType: keyType)
275 return (signingKey, encryptionKey)
279 enum RecoveryKeySetError: Error {
281 case itemDoesNotExist
282 case failedToSaveToKeychain(errorCode: OSStatus)
283 case unsupportedKeyType(keyType: String)
284 case corecryptoKeyGeneration(corecryptoError: Int32)
287 extension RecoveryKeySetError: LocalizedError {
288 public var errorDescription: String? {
291 return "Key generation failed"
292 case .itemDoesNotExist:
293 return "Item does not exist"
294 case .failedToSaveToKeychain(errorCode: let osError):
295 return "Failed to save item to keychain: \(osError)"
296 case .unsupportedKeyType(keyType: let keyType):
297 return "Unsupported Key Type \(keyType)"
298 case .corecryptoKeyGeneration(corecryptoError: let corecryptoError):
299 return "Key generation crypto failed \(corecryptoError)"
304 extension RecoveryKeySetError: CustomNSError {
306 public static var errorDomain: String {
307 return "com.apple.security.trustedpeers.RecoveryKeySetError"
310 public var errorCode: Int {
314 case .itemDoesNotExist:
316 case .failedToSaveToKeychain:
318 case .unsupportedKeyType:
320 case .corecryptoKeyGeneration:
325 public var errorUserInfo: [String: Any] {
326 var userInfo: [String: Any] = [:]
327 if let desc = self.errorDescription {
328 userInfo[NSLocalizedDescriptionKey] = desc
331 case .failedToSaveToKeychain(errorCode: let osError):
332 userInfo[NSUnderlyingErrorKey] = NSError(domain: NSOSStatusErrorDomain, code: Int(osError), userInfo: nil)
333 case .corecryptoKeyGeneration(corecryptoError: let corecryptoError):
334 userInfo[NSUnderlyingErrorKey] = NSError(domain: "corecrypto", code: Int(corecryptoError), userInfo: nil)