external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-11-04 09:20:56 +00:00
Code Issues Projects Releases Wiki Activity

Device owner auth policy

Browse Source
This commit is contained in:
Max Goedjen 2021-11-07 17:30:26 -08:00
parent e54b55c8bd
commit bb5a1a25d1
No known key found for this signature in database
GPG Key ID: E58C21DD77B9B8E8
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SecretKit/SecureEnclave/SecureEnclaveSecret.swift
View File

@ -10,6 +10,7 @@ extension SecureEnclave {
public let algorithm = Algorithm.ellipticCurve public let algorithm = Algorithm.ellipticCurve
public let keySize = 256 public let keySize = 256
public let publicKey: Data public let publicKey: Data
internal let accessControl: SecAccessControl
} }

8
SecretKit/SecureEnclave/SecureEnclaveStore.swift
View File

@ -103,7 +103,8 @@ extension SecureEnclave {
let newContext = LAContext() let newContext = LAContext()
newContext.localizedCancelTitle = "Deny" newContext.localizedCancelTitle = "Deny"
context = newContext context = newContext
persistedAuthenticationContexts[secret] = nil // TODO: REMOVE
// persistedAuthenticationContexts[secret] = PersistentAuthenticationContext(secret: secret, context: newContext, duration: 60)
} }
context.localizedReason = "sign a request from \"\(provenance.origin.displayName)\" using secret \"\(secret.name)\"" context.localizedReason = "sign a request from \"\(provenance.origin.displayName)\" using secret \"\(secret.name)\""
let attributes = [ let attributes = [
@ -152,7 +153,7 @@ extension SecureEnclave {
} else { } else {
newContext.localizedReason = "unlock secret \"\(secret.name)\"" newContext.localizedReason = "unlock secret \"\(secret.name)\""
} }
newContext.evaluatePolicy(LAPolicy.deviceOwnerAuthenticationWithBiometricsOrWatch, localizedReason: newContext.localizedReason) { [weak self] success, _ in newContext.evaluatePolicy(LAPolicy.deviceOwnerAuthentication, localizedReason: newContext.localizedReason) { [weak self] success, _ in
guard success else { return } guard success else { return }
let context = PersistentAuthenticationContext(secret: secret, context: newContext, duration: duration) let context = PersistentAuthenticationContext(secret: secret, context: newContext, duration: duration)
self?.persistedAuthenticationContexts[secret] = context self?.persistedAuthenticationContexts[secret] = context
@ -189,10 +190,11 @@ extension SecureEnclave.Store {
let wrapped: [SecureEnclave.Secret] = typed.map { let wrapped: [SecureEnclave.Secret] = typed.map {
let name = $0[kSecAttrLabel] as? String ?? "Unnamed" let name = $0[kSecAttrLabel] as? String ?? "Unnamed"
let id = $0[kSecAttrApplicationLabel] as! Data let id = $0[kSecAttrApplicationLabel] as! Data
let accessControl = $0[kSecAttrAccessControl] as! SecAccessControl
let publicKeyRef = $0[kSecValueRef] as! SecKey let publicKeyRef = $0[kSecValueRef] as! SecKey
let publicKeyAttributes = SecKeyCopyAttributes(publicKeyRef) as! [CFString: Any] let publicKeyAttributes = SecKeyCopyAttributes(publicKeyRef) as! [CFString: Any]
let publicKey = publicKeyAttributes[kSecValueData] as! Data let publicKey = publicKeyAttributes[kSecValueData] as! Data
return SecureEnclave.Secret(id: id, name: name, publicKey: publicKey) return SecureEnclave.Secret(id: id, name: name, publicKey: publicKey, accessControl: accessControl)
} }
secrets.append(contentsOf: wrapped) secrets.append(contentsOf: wrapped)
} }