this repo has no description
General improvements for Security
Mostly CryptoTokenKit related
+73
-2
+1
src/CMakeLists.txt
+1
src/CMakeLists.txt
+11
-2
src/CryptoTokenKit/include/ACMDefs.h
+11
-2
src/CryptoTokenKit/include/ACMDefs.h
···
10
10
#define kACMKeyAclConstraintPolicy "ACMKeyAclConstraintPolicy"
11
11
12
12
#define kAKSKeyOpSync CFSTR("AKSKeyOpSync")
13
-
#define kAKSKeyOpSign CFSTR("AKSKeyOpSign")
13
+
//#define kAKSKeyOpSign CFSTR("AKSKeyOpSign")
14
14
#define kAKSKeyOpDelete CFSTR("AKSKeyOpDelete")
15
-
#define kAKSKeyOpDecrypt CFSTR("AKSKeyOpDecrypt")
15
+
//#define kAKSKeyOpDecrypt CFSTR("AKSKeyOpDecrypt")
16
16
#define kAKSKeyOpEncrypt CFSTR("AKSKeyOpEncrypt")
17
17
#define kAKSKeyOpDelete CFSTR("AKSKeyOpDelete")
18
+
19
+
const static int kAKSKeyOpSign;
20
+
21
+
const static CFStringRef kAKSKeyOpDecrypt;
22
+
23
+
const static int kAKSKeyOpComputeKey;
24
+
25
+
const static CFStringRef kAKSKeyOpAttest;
26
+
18
27
19
28
#endif
+11
src/CryptoTokenKit/include/ctkclient.h
+11
src/CryptoTokenKit/include/ctkclient.h
···
23
23
#define kTKErrorObjectNotFound TKErrorCodeObjectNotFound
24
24
#define kTKErrorTokenNotFound TKErrorCodeTokenNotFound
25
25
26
+
#define kTKTokenControlAttribAttestingKey "TKTokenControlAttribAttesting"
27
+
#define kTKTokenControlAttribKeyToAttest "TKTokenControlAttribKeyToAttest"
28
+
#define kTKTokenControlAttribAttestationData "TKTokenControlAttribAttestationData"
29
+
#define kTKTokenCreateAttributeAuxParams "TKTokenCreateAttributeAuxParams"
30
+
26
31
typedef const struct CF_BRIDGED_TYPE(TKToken) __TKToken * TKTokenRef;
27
32
28
33
CF_EXPORT
···
48
53
49
54
CF_EXPORT
50
55
CFDataRef TKTokenCopyObjectCreationAccessControl(TKTokenRef token, CFTypeRef object_or_attrs, CFErrorRef *error);
56
+
57
+
CF_EXPORT
58
+
CFDataRef TKTokenCopyOperationResult(TKTokenRef token, CFDataRef objectID, int operation, CFArrayRef algorithms, int other, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error);
59
+
60
+
CF_EXPORT
61
+
CFDictionaryRef TKTokenControl(TKTokenRef token, CFDictionaryRef attributes, CFErrorRef *error);
51
62
52
63
CF_EXTERN_C_END
53
64
CF_IMPLICIT_BRIDGING_DISABLED
+1
src/LocalAuthentication/include/LocalAuthentication/LAPrivateDefines.h
+1
src/LocalAuthentication/include/LocalAuthentication/LAPrivateDefines.h
+4
src/LocalAuthentication/include/coreauthd_spi.h
+4
src/LocalAuthentication/include/coreauthd_spi.h
+39
src/libaks/include/libaks.h
+39
src/libaks/include/libaks.h
···
1
+
#ifndef _LIB_AKS_H_
2
+
#define _LIB_AKS_H_
3
+
4
+
#include <IOKit/IOReturn.h>
5
+
6
+
// FIXME: I have no idea what these are for, so they are 0 for now
7
+
#define session_keybag_handle 0
8
+
#define device_keybag_handle 0
9
+
10
+
typedef uint32_t keybag_state_t;
11
+
typedef int32_t keybag_handle_t;
12
+
13
+
#if TARGET_OS_MAC && !TARGET_OS_EMBEDDED
14
+
static keybag_handle_t g_keychain_keybag = session_keybag_handle;
15
+
#else
16
+
static keybag_handle_t g_keychain_keybag = device_keybag_handle;
17
+
#endif
18
+
19
+
enum keybag_state {
20
+
keybag_state_unlocked = 0,
21
+
keybag_state_locked = 1 << 0,
22
+
keybag_state_no_pin = 1 << 1,
23
+
keybag_state_been_unlocked = 1 << 2,
24
+
};
25
+
26
+
#define kAKSAssertTypeProfile 1
27
+
#define kAKSAssertTypeOther 2
28
+
typedef int32_t AKSAssertionType_t;
29
+
30
+
static kern_return_t aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state) {
31
+
if (state) *state = keybag_state_no_pin & keybag_state_been_unlocked;
32
+
return kIOReturnSuccess;
33
+
}
34
+
35
+
extern kern_return_t aks_assert_hold(keybag_handle_t keybagHandle, AKSAssertionType_t lockAssertType, uint64_t timeout);
36
+
37
+
extern kern_return_t aks_assert_drop(keybag_handle_t keybagHandle, AKSAssertionType_t lockAssertType);
38
+
39
+
#endif