Secure Enclave wallet support

plugins/wallet_plugin/CMakeLists.txt

@@ -1,9 +1,25 @@
 file(GLOB HEADERS "include/eosio/wallet_plugin/*.hpp")
+
+if(APPLE)
+  set(SE_WALLET_SOURCES se_wallet.cpp macos_user_auth.m)
+  set_source_files_properties(macos_user_presence.m PROPERTIES COMPILE_FLAGS "-x objective-c")
+
+  find_library(security_framework security)
+  find_library(localauthentication_framework localauthentication)
+  find_library(corefoundation_framework corefoundation)
+  find_library(cocoa_framework cocoa)
+
+  if(MAS_KEYCHAIN_GROUP)
+    add_definitions(-DMAS_KEYCHAIN_GROUP=${MAS_KEYCHAIN_GROUP})
+  endif(MAS_KEYCHAIN_GROUP)
+endif(APPLE)
+
 add_library( wallet_plugin
              wallet.cpp
              wallet_plugin.cpp
              wallet_manager.cpp
+             ${SE_WALLET_SOURCES}
              ${HEADERS} )
 
-target_link_libraries( wallet_plugin eosio_chain appbase )
+target_link_libraries( wallet_plugin eosio_chain appbase ${security_framework} ${corefoundation_framework} ${localauthentication_framework} ${cocoa_framework})
 target_include_directories( wallet_plugin PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/include" )

plugins/wallet_plugin/include/eosio/wallet_plugin/macos_user_auth.h

@@ -0,0 +1,7 @@
+#pragma once
+
+#include <CoreFoundation/CoreFoundation.h>
+
+//ask for user authentication and call callback with true/false once compelte. **Note that the callback
+// will be done in a separate thread**
+extern "C" void macos_user_auth(void(*cb)(int, void*), void* cb_userdata, CFStringRef message);

plugins/wallet_plugin/include/eosio/wallet_plugin/se_wallet.hpp

@@ -0,0 +1,41 @@
+#pragma once
+
+#include <eosio/chain/types.hpp>
+#include <eosio/wallet_plugin/wallet_api.hpp>
+
+using namespace std;
+using namespace eosio::chain;
+
+namespace eosio { namespace wallet {
+
+namespace detail {
+struct se_wallet_impl;
+}
+
+class se_wallet final : public wallet_api {
+   public:
+      se_wallet();
+      ~se_wallet();
+
+      private_key_type get_private_key(public_key_type pubkey) const override;
+
+      bool is_locked() const override;
+      void lock() override;
+      void unlock(string password) override;
+      void check_password(string password) override;
+      void set_password(string password) override;
+
+      map<public_key_type, private_key_type> list_keys() override;
+      flat_set<public_key_type> list_public_keys() override;
+
+      bool import_key(string wif_key) override;
+      string create_key(string key_type) override;
+      bool remove_key(string key) override;
+
+      optional<signature_type> try_sign_digest(const digest_type digest, const public_key_type public_key) override;
+
+   private:
+      std::unique_ptr<detail::se_wallet_impl> my;
+};
+
+}}

plugins/wallet_plugin/include/eosio/wallet_plugin/wallet_manager.hpp

@@ -19,7 +19,7 @@ namespace wallet {
 /// No const methods because timeout may cause lock_all() to be called.
 class wallet_manager {
 public:
-   wallet_manager() = default;
+   wallet_manager();
    wallet_manager(const wallet_manager&) = delete;
    wallet_manager(wallet_manager&&) = delete;
    wallet_manager& operator=(const wallet_manager&) = delete;

plugins/wallet_plugin/macos_user_auth.m

@@ -0,0 +1,11 @@
+#import <LocalAuthentication/LocalAuthentication.h>
+
+void macos_user_auth(void(*cb)(int, void*), void* cb_userdata, CFStringRef message) {
+   static LAContext* ctx;
+   if(ctx)
+      [ctx dealloc];
+   ctx = [[LAContext alloc] init];
+   [ctx evaluatePolicy:kLAPolicyDeviceOwnerAuthentication localizedReason:(NSString*)message reply:^(BOOL success, NSError* error) {
+        cb(success, cb_userdata);
+    }];
+}