This commit is contained in:
Max Goedjen 2024-01-20 19:07:00 -08:00
parent 85a7a64bc9
commit 18ba03bf03
No known key found for this signature in database
4 changed files with 16 additions and 4 deletions

View File

@ -44,7 +44,7 @@ let package = Package(
.target(
name: "SecureEnclaveSecretKit",
dependencies: ["SecretKit"],
swiftSettings: [.enableExperimentalFeature("StrictConcurrency"), .unsafeFlags(["-warnings-as-errors"])]
swiftSettings: [.unsafeFlags(["-warnings-as-errors"])]
),
.target(
name: "SmartCardSecretKit",

View File

@ -17,7 +17,7 @@ public protocol Secret: Identifiable, Hashable {
}
/// The type of algorithm the Secret uses. Currently, only elliptic curve algorithms are supported.
public enum Algorithm: Hashable {
public enum Algorithm: Hashable, Sendable {
case ellipticCurve
case rsa

View File

@ -5,7 +5,7 @@ import SecretKit
extension SecureEnclave {
/// An implementation of Secret backed by the Secure Enclave.
public struct Secret: SecretKit.Secret {
public struct Secret: SecretKit.Secret, Sendable {
public let id: Data
public let name: String

View File

@ -180,7 +180,7 @@ extension SecureEnclave {
public func persistAuthentication(secret: Secret, forDuration duration: TimeInterval) throws {
let newContext = LAContext()
newContext.touchIDAuthenticationAllowableReuseDuration = duration
newContext.touchIDAuthenticationAllowableReuseDuration = max(duration, LATouchIDAuthenticationMaximumAllowableReuseDuration)
newContext.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let formatter = DateComponentsFormatter()
@ -196,6 +196,18 @@ extension SecureEnclave {
guard success else { return }
let context = PersistentAuthenticationContext(secret: secret, context: newContext, duration: duration)
self?.persistedAuthenticationContexts[secret] = context
// Contexts will expire within LATouchIDAuthenticationMaximumAllowableReuseDuration unless we periodically refresh them
if duration > LATouchIDAuthenticationMaximumAllowableReuseDuration {
Timer.scheduledTimer(withTimeInterval: LATouchIDAuthenticationMaximumAllowableReuseDuration - 10, repeats: true) { [weak self] timer in
guard let refreshContext = self?.persistedAuthenticationContexts[secret] else { return }
guard refreshContext.valid else {
timer.invalidate()
return
}
refreshContext.context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Refresh") { success, _ in
}
}
}
}
}