[overlay] CryptoTokenKit

This is work in progress

Author: Maxim Moiseev

apinotes/CMakeLists.txt

@@ -12,6 +12,7 @@ set(SWIFT_API_NOTES_INPUTS
   CoreLocation
   CoreSpotlight
   CoreText
+  CryptoTokenKit
   Dispatch
   EventKit
   ExternalAccessory

apinotes/CryptoTokenKit.apinotes

@@ -0,0 +1,85 @@
+---
+Name: CryptoTokenKit
+Classes:
+- Name: TKSmartCardSlotManager
+  Methods:
+  - Selector: 'getSlotWithName:reply:'
+    MethodKind: Instance
+    SwiftName: getSlot(withName:reply:)
+- Name: TKSmartCard
+  Properties:
+  - Name: valid
+    SwiftName: isValid
+  - Name: sensitive
+    SwiftName: isSensitive
+  Methods:
+  - Selector: 'transmitRequest:reply:'
+    MethodKind: Instance
+    SwiftName: transmit(_:reply:)
+  - Selector: 'userInteractionForSecurePINVerificationWithPINFormat:APDU:PINByteOffset:'
+    MethodKind: Instance
+    SwiftName: userInteractionForSecurePINVerification(_:apdu:pinByteOffset:)
+  - Selector: 'userInteractionForSecurePINChangeWithPINFormat:APDU:currentPINByteOffset:newPINByteOffset:'
+    MethodKind: Instance
+    SwiftName: userInteractionForSecurePINChange(_:apdu:currentPINByteOffset:newPINByteOffset:)
+  - Selector: 'sendIns:p1:p2:data:le:reply:'
+    MethodKind: Instance
+    SwiftPrivate: true
+  - Selector: 'sendIns:p1:p2:data:le:sw:error:'
+    MethodKind: Instance
+    SwiftPrivate: true
+  - Selector: 'inSessionWithError:executeBlock:'
+    MethodKind: Instance
+    SwiftPrivate: true
+- Name: TKSmartCardATRInterfaceGroup
+  SwiftName: TKSmartCardATR.InterfaceGroup
+- Name: TKTokenKeyAlgorithm
+  SwiftName: TKTokenSessionDelegate.KeyAlgorithm
+- Name: TKTokenKeyExchangeParameters
+  SwiftName: TKTokenSessionDelegate.KeyExchangeParameters
+Protocols:
+- Name: TKTokenSessionDelegate
+  Methods:
+  - Selector: 'tokenSession:supportsOperation:usingKey:algorithm:'
+    MethodKind: Instance
+    SwiftName: tokenSession(_:supports:keyObjectID:algorithm:)
+  - Selector: 'tokenSession:signData:usingKey:algorithm:error:'
+    MethodKind: Instance
+    SwiftName: tokenSession(_:sign:keyObjectID:algorithm:)
+  - Selector: 'tokenSession:decryptData:usingKey:algorithm:error:'
+    MethodKind: Instance
+    SwiftName: tokenSession(_:decrypt:keyObjectID:algorithm:)
+  - Selector: 'tokenSession:performKeyExchangeWithPublicKey:usingKey:algorithm:parameters:error:'
+    MethodKind: Instance
+    SwiftName: tokenSession(_:performKeyExchange:keyObjectID:algorithm:parameters:)
+- Name: TKTokenDelegate
+  Methods:
+  - Selector: 'token:createSessionWithError:'
+    MethodKind: Instance
+    SwiftName: createSession(_:)
+Enumerators:
+- Name: TKSmartCardPINEncodingASCII
+  SwiftName: ascii
+- Name: TKSmartCardPINEncodingBCD
+  SwiftName: bcd
+- Name: TKSmartCardProtocolT0
+  SwiftName: t0
+- Name: TKSmartCardProtocolT1
+  SwiftName: t1
+- Name: TKSmartCardProtocolT15
+  SwiftName: t15
+Tags:
+- Name: TKSmartCardSlotState
+  SwiftName: TKSmartCardSlot.State
+- Name: TKSmartCardPINCharset
+  SwiftName: TKSmartCardPINFormat.Charset
+- Name: TKSmartCardPINEncoding
+  SwiftName: TKSmartCardPINFormat.Encoding
+- Name: TKSmartCardPINJustification
+  SwiftName: TKSmartCardPINFormat.Justification
+- Name: TKSmartCardPINCompletion
+  SwiftName: TKSmartCardUserInteractionForPINOperation.Completion
+- Name: TKSmartCardPINConfirmation
+  SwiftName: TKSmartCardUserInteractionForSecurePINChange.Confirmation
+- Name: TKErrorCode
+  NSErrorDomain: TKErrorDomain

stdlib/public/SDK/CMakeLists.txt

@@ -21,6 +21,7 @@ add_subdirectory(CoreGraphics)
 add_subdirectory(CoreImage)
 add_subdirectory(CoreLocation)
 add_subdirectory(CoreMedia)
+add_subdirectory(CryptoTokenKit)
 add_subdirectory(Dispatch)
 add_subdirectory(Foundation)
 add_subdirectory(GameplayKit)

stdlib/public/SDK/CryptoTokenKit/CMakeLists.txt

@@ -0,0 +1,6 @@
+add_swift_library(swiftCryptoTokenKit ${SWIFT_SDK_OVERLAY_LIBRARY_BUILD_TYPES} IS_SDK_OVERLAY
+  CryptoTokenKit.swift
+
+  TARGET_SDKS OSX
+  SWIFT_MODULE_DEPENDS Foundation
+  FRAMEWORK_DEPENDS CryptoTokenKit)

stdlib/public/SDK/CryptoTokenKit/CryptoTokenKit.swift

@@ -0,0 +1,54 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the Swift.org open source project
+//
+// Copyright (c) 2014 - 2016 Apple Inc. and the Swift project authors
+// Licensed under Apache License v2.0 with Runtime Library Exception
+//
+// See http://swift.org/LICENSE.txt for license information
+// See http://swift.org/CONTRIBUTORS.txt for the list of Swift project authors
+//
+//===----------------------------------------------------------------------===//
+
+@_exported import CryptoTokenKit
+
+import Foundation
+
+@available(OSX 10.10, *)
+extension TKSmartCard {
+  public func send(ins: UInt8, p1: UInt8, p2: UInt8, data: Data? = nil,
+    le: Int? = nil, reply: (Data?, UInt16, Error?) -> Void) {
+
+    self.__sendIns(ins, p1: p1, p2: p2, data: data,
+      le: le.map { NSNumber(value: $0) }, reply: reply)
+  }
+
+  @available(OSX 10.12, *)
+  public func send(ins: UInt8, p1: UInt8, p2: UInt8, data: Data? = nil,
+    le: Int? = nil) throws -> (sw: UInt16, response: Data) {
+
+    var sw: UInt16 = 0
+    let response = try self.__sendIns(ins, p1: p1, p2: p2, data: data,
+      le: le.map { NSNumber(value: $0) }, sw: &sw)
+    return (sw: sw, response: response)
+  }
+
+  @available(OSX 10.12, *)
+  public func withSession<T>(_ body: () throws -> T) throws -> T {
+    var result: T? = nil
+    try self.__inSession(executeBlock: {
+      (errorPointer: NSErrorPointer) -> Bool in
+      do {
+        result = try body()
+        return true
+      } catch let error as NSError {
+        errorPointer?.pointee = error
+        return false
+      }
+    })
+
+    // it is safe to force unwrap the result here, as the self.__inSession
+    // function rethrows the errors which happened inside the block
+    return result!
+  }
+}

validation-test/stdlib/CryptoTokenKitTests.swift

@@ -0,0 +1,91 @@
+// RUN: %target-parse-verify-swift
+
+// REQUIRES: objc_interop
+// UNSUPPORTED: OS=watchos
+// UNSUPPORTED: OS=tvos
+// UNSUPPORTED: OS=ios
+
+import CryptoTokenKit
+import Security
+
+if #available(OSX 10.12, *) {
+  struct TKSmartCardTest {
+    func t1(manager: TKSmartCardSlotManager, name: String) {
+      manager.getSlot(withName: name) { (slot: TKSmartCardSlot?) in
+        let _: TKSmartCardSlot.State = slot!.state
+      }
+    }
+
+    let p1 = TKSmartCardPINFormat.Charset.numeric
+    let p2 = TKSmartCardPINFormat.Encoding.ascii
+    let p3 = TKSmartCardPINFormat.Encoding.bcd
+    let p4 = TKSmartCardPINFormat.Justification.left
+    let p5 = TKSmartCardUserInteractionForPINOperation.Completion.key
+    let p6 = TKSmartCardUserInteractionForSecurePINChange.Confirmation.current
+    let p7 = TKSmartCardProtocol.t0
+    let p8 = TKSmartCardProtocol.t1
+    let p9 = TKSmartCardProtocol.t15
+    let p10 = TKSmartCardATR.InterfaceGroup()
+
+    func t2(card: TKSmartCard) throws {
+      card.isSensitive = card.isValid
+      card.transmit(Data()) { (response: Data?, error: Error?) in
+      }
+
+      card.userInteractionForSecurePINVerification(TKSmartCardPINFormat(),
+          apdu: Data(), pinByteOffset: 0)
+      card.userInteractionForSecurePINChange(TKSmartCardPINFormat(),
+          apdu: Data(), currentPINByteOffset: 0, newPINByteOffset: 0)
+
+      card.send(ins: 0xa4, p1: 0x04, p2: 0x00, data:Data(), le: 0) {
+        (response: Data?, sw: UInt16, error: Error?) in
+      }
+
+      card.send(ins: 0xa4, p1: 0x04, p2: 0x00, le: 0) {
+        (response: Data?, sw: UInt16, error: Error?) in
+      }
+
+      card.send(ins: 0xa4, p1: 0x04, p2: 0x00, data:Data()) {
+        (response: Data?, sw: UInt16, error: Error?) in
+      }
+
+      card.send(ins: 0xa4, p1: 0x04, p2: 0x00) {
+        (response: Data?, sw: UInt16, error: Error?) in
+      }
+
+      let _: Int = try card.withSession() {
+        let (_, _): (UInt16, Data) = try card.send(ins: 0xa4, p1: 0x04,
+            p2: 0x00, data: Data(), le: 0)
+        let (_, _): (UInt16, Data) = try card.send(ins: 0xa4, p1: 0x04,
+            p2: 0x00, le: 0)
+        let (_, _): (UInt16, Data) = try card.send(ins: 0xa4, p1: 0x04,
+            p2: 0x00, data: Data())
+        let (_, _): (UInt16, Data) = try card.send(ins: 0xa4, p1: 0x04,
+            p2: 0x00)
+        return 1
+      }
+    }
+  }
+
+  struct TKTokenTest {
+    func f1(session: TKTokenSession, sessionDelegate: TKTokenSessionDelegate,
+            algorithm: TKTokenSessionDelegate.KeyAlgorithm,
+            parameters: TKTokenSessionDelegate.KeyExchangeParameters) throws {
+      let _: Bool = sessionDelegate.tokenSession!(session, supports: .none,
+           keyObjectID: "", algorithm: algorithm)
+      let _: Data = try sessionDelegate.tokenSession!(session, sign: Data(),
+           keyObjectID: "", algorithm: algorithm)
+      let _: Data = try sessionDelegate.tokenSession!(session, decrypt: Data(),
+           keyObjectID: "", algorithm: algorithm)
+      let _: Data = try sessionDelegate.tokenSession!(session,
+           performKeyExchange: Data(), keyObjectID: "", algorithm: algorithm,
+           parameters: parameters)
+      let _: Bool = algorithm.isAlgorithm(.rsaSignatureDigestPKCS1v15SHA1)
+      let _: Bool = algorithm.supportsAlgorithm(.rsaSignatureDigestPKCS1v15SHA1)
+    }
+
+    func f2(token: TKToken, delegate: TKTokenDelegate) throws {
+      let _: TKTokenSession = try delegate.createSession(token)
+    }
+  }
+}