#include <Security/SecKey.h>
static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate, FVPrivateKeyHeader &outHeader);
-static CFDataRef decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader);
+static CFDataRef CF_RETURNS_RETAINED decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader);
static void throwIfError(CSSM_RETURN rv);
#pragma mark ----- Public SPI -----
catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); }
catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; }
catch (...) { __secapiresult=errSecInternalComponent; }
- secdebug("FDERecovery", "SecFDERecoveryUnwrapCRSKWithPrivKey: %d", (int)__secapiresult);
+ secinfo("FDERecovery", "SecFDERecoveryUnwrapCRSKWithPrivKey: %d", (int)__secapiresult);
return result;
}
passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
CssmData *cssmData = reinterpret_cast<CssmData *>(outData);
- assert(cssmData->Length <= sizeof(outHeader.publicKeyHash));
outHeader.publicKeyHashSize = (uint32_t)cssmData->Length;
- memcpy(outHeader.publicKeyHash, cssmData->Data, cssmData->Length);
+ if (outHeader.publicKeyHashSize > sizeof(outHeader.publicKeyHash)) {
+ secinfo("FDERecovery", "encodePrivateKeyHeader: publicKeyHash too big: %d", outHeader.publicKeyHashSize);
+ outHeader.publicKeyHashSize = 0; /* failed to copy hash value */
+ } else {
+ memcpy(outHeader.publicKeyHash, cssmData->Data, outHeader.publicKeyHashSize);
+ }
fCSP.allocator().free(cssmData->Data);
fCSP.allocator().free(cssmData);
outHeader.encryptedBlobSize = (uint32_t)encrypt.encrypt(inBlob, clearBuf, remData.get());
if (outHeader.encryptedBlobSize > sizeof(outHeader.encryptedBlob))
- secdebug("FDERecovery", "encodePrivateKeyHeader: encrypted blob too big: %d", outHeader.encryptedBlobSize);
+ secinfo("FDERecovery", "encodePrivateKeyHeader: encrypted blob too big: %d", outHeader.encryptedBlobSize);
}
CFDataRef decodePrivateKeyHeader(SecKeychainRef keychain, const FVPrivateKeyHeader &inHeader)
CSSM_CC_HANDLE cc = 0;
SecKeychainSearchRef _searchRef;
- throwIfError(SecKeychainSearchCreateFromAttributes(keychain, CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef));
+ throwIfError(SecKeychainSearchCreateFromAttributes(keychain, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef));
CFRef<SecKeychainSearchRef> searchRef(_searchRef);
SecKeychainItemRef _item;
- if (SecKeychainSearchCopyNext(searchRef, &_item))
- return false;
+ if (SecKeychainSearchCopyNext(searchRef, &_item) != 0) {
+ return NULL; // XXX possibly should throw here?
+ }
CFRef<SecKeyRef> keyItem(reinterpret_cast<SecKeyRef>(_item));
throwIfError(SecKeyGetCSPHandle(keyItem, &cspHandle));
CssmAutoData remData(allocator);
size_t bytesDecrypted;
CSSM_RETURN crx = CSSM_DecryptData(cc, &cipherBuf, 1, &clearBuf.get(), 1, &bytesDecrypted, &remData.get());
- secdebug("FDERecovery", "decodePrivateKeyHeader: CSSM_DecryptData result: %d", crx);
+ secinfo("FDERecovery", "decodePrivateKeyHeader: CSSM_DecryptData result: %d", crx);
throwIfError(crx);
// throwIfError(CSSM_DecryptData(cc, &cipherBuf, 1, &clearBuf.get(), 1, &bytesDecrypted, &remData.get()));
clearBuf.length(bytesDecrypted);
projects / apple / security.git / blobdiff