Skip to content

Commit

Permalink
Merge pull request #217 from olvrlrnz/sec-key-support-encrypt-decrypt
Browse files Browse the repository at this point in the history
SecKey: Add support for encryption and decryption
  • Loading branch information
kornelski authored Nov 15, 2024
2 parents f35b6ac + 55fe4fe commit 9f00f41
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 0 deletions.
1 change: 1 addition & 0 deletions security-framework-sys/src/item.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ extern "C" {
pub static kSecAttrLabel: CFStringRef;
pub static kSecAttrIsPermanent: CFStringRef;
pub static kSecAttrPublicKeyHash: CFStringRef;
pub static kSecAttrSerialNumber: CFStringRef;
pub static kSecPrivateKeyAttrs: CFStringRef;
pub static kSecPublicKeyAttrs: CFStringRef;

Expand Down
16 changes: 16 additions & 0 deletions security-framework-sys/src/key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,22 @@ extern "C" {
error: *mut CFErrorRef,
) -> core_foundation_sys::base::Boolean;

#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
pub fn SecKeyCreateEncryptedData(
key: SecKeyRef,
algorithm: SecKeyAlgorithm,
plaintext: CFDataRef,
error: *mut CFErrorRef,
) -> CFDataRef;

#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
pub fn SecKeyCreateDecryptedData(
key: SecKeyRef,
algorithm: SecKeyAlgorithm,
ciphertext: CFDataRef,
error: *mut CFErrorRef,
) -> CFDataRef;

#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
pub fn SecKeyIsAlgorithmSupported(
key: SecKeyRef,
Expand Down
17 changes: 17 additions & 0 deletions security-framework/src/item.rs
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ pub struct ItemSearchOptions {
account: Option<CFString>,
access_group: Option<CFString>,
pub_key_hash: Option<CFData>,
serial_number: Option<CFData>,
app_label: Option<CFData>,
}

Expand Down Expand Up @@ -272,6 +273,15 @@ impl ItemSearchOptions {
self
}

/// Search for a certificate with the given serial number.
///
/// This is only compatible with [`ItemClass::certificate`].
#[inline(always)]
pub fn serial_number(&mut self, serial_number: &[u8]) -> &mut Self {
self.serial_number = Some(CFData::from_buffer(serial_number));
self
}

/// Search for a key with the given public key hash.
///
/// This is only compatible with [`ItemClass::key`], to search for a
Expand Down Expand Up @@ -399,6 +409,13 @@ impl ItemSearchOptions {
);
}

if let Some(ref serial_number) = self.serial_number {
params.add(
&kSecAttrSerialNumber.to_void(),
&serial_number.to_void(),
);
}

if let Some(ref app_label) = self.app_label {
params.add(
&kSecAttrApplicationLabel.to_void(),
Expand Down
35 changes: 35 additions & 0 deletions security-framework/src/key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ use security_framework_sys::key::{
SecKeyCopyAttributes, SecKeyCopyExternalRepresentation,
SecKeyCreateSignature, SecKeyCreateRandomKey,
SecKeyCopyPublicKey,
SecKeyCreateDecryptedData, SecKeyCreateEncryptedData,
};
#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
use security_framework_sys::item::kSecAttrApplicationLabel;
Expand Down Expand Up @@ -195,6 +196,40 @@ impl SecKey {
Some(unsafe { SecKey::wrap_under_create_rule(pub_seckey) })
}

#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
/// Encrypts a block of data using a public key and specified algorithm
pub fn encrypt_data(&self, algorithm: Algorithm, input: &[u8]) -> Result<Vec<u8>, CFError> {
let mut error: CFErrorRef = std::ptr::null_mut();

let output = unsafe {
SecKeyCreateEncryptedData(self.as_concrete_TypeRef(), algorithm.into(), CFData::from_buffer(input).as_concrete_TypeRef(), &mut error)
};

if !error.is_null() {
Err(unsafe { CFError::wrap_under_create_rule(error) })
} else {
let output = unsafe { CFData::wrap_under_create_rule(output) };
Ok(output.to_vec())
}
}

#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
/// Decrypts a block of data using a private key and specified algorithm
pub fn decrypt_data(&self, algorithm: Algorithm, input: &[u8]) -> Result<Vec<u8>, CFError> {
let mut error: CFErrorRef = std::ptr::null_mut();

let output = unsafe {
SecKeyCreateDecryptedData(self.as_concrete_TypeRef(), algorithm.into(), CFData::from_buffer(input).as_concrete_TypeRef(), &mut error)
};

if !error.is_null() {
Err(unsafe { CFError::wrap_under_create_rule(error) })
} else {
let output = unsafe { CFData::wrap_under_create_rule(output) };
Ok(output.to_vec())
}
}

#[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))]
/// Creates the cryptographic signature for a block of data using a private
/// key and specified algorithm.
Expand Down

0 comments on commit 9f00f41

Please sign in to comment.