apple-localauthentication 0.3.5

Safe Rust bindings for Apple's LocalAuthentication framework — contexts, rights, persisted secrets, keys, and credentials on macOS
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

import Foundation
import LocalAuthentication
import Security

@available(macOS 13.0, *)
final class LAPublicKeyHandle: LABridgeHandleBase {
    let value: LAPublicKey

    init(_ value: LAPublicKey) {
        self.value = value
    }
}

@available(macOS 13.0, *)
@inline(__always)
func laPublicKey(_ ptr: UnsafeMutableRawPointer?) throws -> LAPublicKey {
    try laBorrowHandle(ptr, as: LAPublicKeyHandle.self, name: "LAPublicKey").value
}

@_cdecl("la_public_key_release")
public func la_public_key_release(_ ptr: UnsafeMutableRawPointer?) {
    laReleaseHandle(ptr)
}

@_cdecl("la_public_key_export_bytes")
public func la_public_key_export_bytes(
    _ keyPtr: UnsafeMutableRawPointer?,
    _ outBytes: UnsafeMutablePointer<UnsafeMutablePointer<UInt8>?>?,
    _ outLen: UnsafeMutablePointer<UInt>?,
    _ errorOut: UnsafeMutablePointer<UnsafeMutablePointer<CChar>?>?
) -> Int32 {
    do {
        if #available(macOS 13.0, *) {
            let key = try laPublicKey(keyPtr)
            let bytes = try laAwait {
                try await key.bytes
            }
            return laCopyData(bytes, outBytes, outLen, errorOut)
        }
        throw LABridgeError.bridgeFailed("LAPublicKey requires macOS 13.0")
    } catch {
        return laFail(error, errorOut)
    }
}

@_cdecl("la_public_key_can_encrypt_using_algorithm")
public func la_public_key_can_encrypt_using_algorithm(
    _ keyPtr: UnsafeMutableRawPointer?,
    _ algorithmRaw: UnsafePointer<CChar>?,
    _ outValue: UnsafeMutablePointer<UInt8>?,
    _ errorOut: UnsafeMutablePointer<UnsafeMutablePointer<CChar>?>?
) -> Int32 {
    do {
        guard let outValue else {
            throw LABridgeError.invalidArgument("missing output pointer for encryption capability")
        }
        let algorithm = try laSecKeyAlgorithm(algorithmRaw)
        if #available(macOS 13.0, *) {
            let key = try laPublicKey(keyPtr)
            outValue.pointee = key.canEncrypt(using: algorithm) ? 1 : 0
            return LA_OK
        }
        throw LABridgeError.bridgeFailed("LAPublicKey requires macOS 13.0")
    } catch {
        return laFail(error, errorOut)
    }
}

@_cdecl("la_public_key_encrypt_data")
public func la_public_key_encrypt_data(
    _ keyPtr: UnsafeMutableRawPointer?,
    _ data: UnsafePointer<UInt8>?,
    _ dataLen: UInt,
    _ algorithmRaw: UnsafePointer<CChar>?,
    _ outBytes: UnsafeMutablePointer<UnsafeMutablePointer<UInt8>?>?,
    _ outLen: UnsafeMutablePointer<UInt>?,
    _ errorOut: UnsafeMutablePointer<UnsafeMutablePointer<CChar>?>?
) -> Int32 {
    do {
        let algorithm = try laSecKeyAlgorithm(algorithmRaw)
        let input = laData(data, len: Int(dataLen))
        if #available(macOS 13.0, *) {
            let key = try laPublicKey(keyPtr)
            let ciphertext = try laAwait {
                try await key.encrypt(input, algorithm: algorithm)
            }
            return laCopyData(ciphertext, outBytes, outLen, errorOut)
        }
        throw LABridgeError.bridgeFailed("LAPublicKey requires macOS 13.0")
    } catch {
        return laFail(error, errorOut)
    }
}

@_cdecl("la_public_key_can_verify_using_algorithm")
public func la_public_key_can_verify_using_algorithm(
    _ keyPtr: UnsafeMutableRawPointer?,
    _ algorithmRaw: UnsafePointer<CChar>?,
    _ outValue: UnsafeMutablePointer<UInt8>?,
    _ errorOut: UnsafeMutablePointer<UnsafeMutablePointer<CChar>?>?
) -> Int32 {
    do {
        guard let outValue else {
            throw LABridgeError.invalidArgument("missing output pointer for verification capability")
        }
        let algorithm = try laSecKeyAlgorithm(algorithmRaw)
        if #available(macOS 13.0, *) {
            let key = try laPublicKey(keyPtr)
            outValue.pointee = key.canVerify(using: algorithm) ? 1 : 0
            return LA_OK
        }
        throw LABridgeError.bridgeFailed("LAPublicKey requires macOS 13.0")
    } catch {
        return laFail(error, errorOut)
    }
}

@_cdecl("la_public_key_verify_data")
public func la_public_key_verify_data(
    _ keyPtr: UnsafeMutableRawPointer?,
    _ signedData: UnsafePointer<UInt8>?,
    _ signedDataLen: UInt,
    _ signature: UnsafePointer<UInt8>?,
    _ signatureLen: UInt,
    _ algorithmRaw: UnsafePointer<CChar>?,
    _ errorOut: UnsafeMutablePointer<UnsafeMutablePointer<CChar>?>?
) -> Int32 {
    do {
        let algorithm = try laSecKeyAlgorithm(algorithmRaw)
        let signedData = laData(signedData, len: Int(signedDataLen))
        let signature = laData(signature, len: Int(signatureLen))
        if #available(macOS 13.0, *) {
            let key = try laPublicKey(keyPtr)
            try laAwait {
                try await key.verify(signedData, signature: signature, algorithm: algorithm)
            }
            return LA_OK
        }
        throw LABridgeError.bridgeFailed("LAPublicKey requires macOS 13.0")
    } catch {
        return laFail(error, errorOut)
    }
}