Show request details in Secure prompts (#146)

2026-03-05 09:24:49 +01:00 · 2020-09-23 21:51:48 -07:00
parent 85e096f8cc
commit 3774352dfd
11 changed files with 27 additions and 16 deletions
--- a/SecretKit/Common/Erasers/AnySecretStore.swift
+++ b/SecretKit/Common/Erasers/AnySecretStore.swift
@@ -8,7 +8,7 @@ public class AnySecretStore: SecretStore {
    private let _id: () -> UUID
    private let _name: () -> String
    private let _secrets: () -> [AnySecret]
-    private let _sign: (Data, AnySecret) throws -> Data
+    private let _sign: (Data, AnySecret, SigningRequestProvenance) throws -> Data
    private var sink: AnyCancellable?

    public init<SecretStoreType>(_ secretStore: SecretStoreType) where SecretStoreType: SecretStore {
@@ -17,7 +17,7 @@ public class AnySecretStore: SecretStore {
        _name = { secretStore.name }
        _id = { secretStore.id }
        _secrets = { secretStore.secrets.map { AnySecret($0) } }
-        _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType) }
+        _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) }
        sink = secretStore.objectWillChange.sink { _ in
            self.objectWillChange.send()
        }
@@ -39,8 +39,8 @@ public class AnySecretStore: SecretStore {
        return _secrets()
    }

-    public func sign(data: Data, with secret: AnySecret) throws -> Data {
-        try _sign(data, secret)
+    public func sign(data: Data, with secret: AnySecret, for provenance: SigningRequestProvenance) throws -> Data {
+        try _sign(data, secret, provenance)
    }

 }
--- a/SecretKit/Common/Types/SecretStore.swift
+++ b/SecretKit/Common/Types/SecretStore.swift
@@ -9,7 +9,7 @@ public protocol SecretStore: ObservableObject, Identifiable {
    var name: String { get }
    var secrets: [SecretType] { get }

-    func sign(data: Data, with secret: SecretType) throws -> Data
+    func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data

 }

--- a/SecretKit/Common/Types/SigningRequestProvenance.swift
+++ b/SecretKit/Common/Types/SigningRequestProvenance.swift
@@ -0,0 +1,45 @@
+import Foundation
+import AppKit
+
+public struct SigningRequestProvenance: Equatable {
+
+    public var chain: [Process]
+    public init(root: Process) {
+        self.chain = [root]
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public var origin: Process {
+        chain.last!
+    }
+
+    public var intact: Bool {
+        chain.allSatisfy { $0.validSignature }
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public struct Process: Equatable {
+
+        public let pid: Int32
+        public let name: String
+        public let path: String
+        public let validSignature: Bool
+        public let parentPID: Int32?
+
+        public init(pid: Int32, name: String, path: String, validSignature: Bool, parentPID: Int32?) {
+            self.pid = pid
+            self.name = name
+            self.path = path
+            self.validSignature = validSignature
+            self.parentPID = parentPID
+        }
+
+    }
+
+}
--- a/SecretKit/SecureEnclave/SecureEnclaveStore.swift
+++ b/SecretKit/SecureEnclave/SecureEnclaveStore.swift
@@ -1,6 +1,7 @@
 import Foundation
 import Security
 import CryptoTokenKit
+import LocalAuthentication

 extension SecureEnclave {

@@ -75,7 +76,10 @@ extension SecureEnclave {
            reloadSecrets()
        }

-        public func sign(data: Data, with secret: SecretType) throws -> Data {
+        public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data {
+            let context = LAContext()
+            context.localizedReason = "sign a request from \"\(provenance.origin.name)\" using secret \"\(secret.name)\""
+            context.localizedCancelTitle = "Deny"
            let attributes = [
                kSecClass: kSecClassKey,
                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@@ -83,6 +87,7 @@ extension SecureEnclave {
                kSecAttrKeyType: Constants.keyType,
                kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
                kSecAttrApplicationTag: Constants.keyTag,
+                kSecUseAuthenticationContext: context,
                kSecReturnRef: true
                ] as CFDictionary
            var untyped: CFTypeRef?
--- a/SecretKit/SmartCard/SmartCardStore.swift
+++ b/SecretKit/SmartCard/SmartCardStore.swift
@@ -1,6 +1,7 @@
 import Foundation
 import Security
 import CryptoTokenKit
+import LocalAuthentication

 // TODO: Might need to split this up into "sub-stores?"
 // ie, each token has its own Store.
@@ -43,13 +44,17 @@ extension SmartCard {
            fatalError("Keys must be deleted on the smart card.")
        }

-        public func sign(data: Data, with secret: SecretType) throws -> Data {
+        public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data {
            guard let tokenID = tokenID else { fatalError() }
+            let context = LAContext()
+            context.localizedReason = "sign a request from \"\(provenance.origin.name)\" using secret \"\(secret.name)\""
+            context.localizedCancelTitle = "Deny"
            let attributes = [
                kSecClass: kSecClassKey,
                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
                kSecAttrApplicationLabel: secret.id as CFData,
                kSecAttrTokenID: tokenID,
+                kSecUseAuthenticationContext: context,
                kSecReturnRef: true
                ] as CFDictionary
            var untyped: CFTypeRef?