Save text (#632)

2026-03-06 01:37:22 +01:00 · 2025-08-24 20:19:29 -07:00
parent 828c61cb2f
commit f0a6f2e43b
6 changed files with 53 additions and 32 deletions
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift
@@ -46,16 +46,16 @@ extension SecureEnclave {
                let auth: AuthenticationRequirement = String(describing: accessControl)
                    .contains("DeviceOwnerAuthentication") ? .presenceRequired : .unknown
                let parsed = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: tokenObjectID)
-                let secret = Secret(id: id, name: name, publicKey: parsed.publicKey.x963Representation, attributes: Attributes(keyType: .init(algorithm: .ecdsa, size: 256), authentication: auth))
+                let secret = Secret(id: UUID().uuidString, name: name, publicKey: parsed.publicKey.x963Representation, attributes: Attributes(keyType: .init(algorithm: .ecdsa, size: 256), authentication: auth))
                guard !migratedPublicKeys.contains(parsed.publicKey.x963Representation) else {
                    logger.log("Skipping \(name), public key already present. Marking as migrated.")
-                    try markMigrated(secret: secret)
+                    try markMigrated(secret: secret, oldID: id)
                    continue
                }
                logger.log("Migrating \(name).")
                try store.saveKey(tokenObjectID, name: name, attributes: secret.attributes)
                logger.log("Migrated \(name).")
-                try markMigrated(secret: secret)
+                try markMigrated(secret: secret, oldID: id)
                migrated = true
            }
            if migrated {
@@ -65,13 +65,13 @@ extension SecureEnclave {



-        public func markMigrated(secret: Secret) throws {
+        public func markMigrated(secret: Secret, oldID: Data) throws {
            let updateQuery = KeychainDictionary([
                kSecClass: kSecClassKey,
-                kSecAttrApplicationLabel: secret.id as CFData
+                kSecAttrApplicationLabel: secret.id
            ])

-            let newID = secret.id + Constants.migrationMagicNumber
+            let newID = oldID + Constants.migrationMagicNumber
            let updatedAttributes = KeychainDictionary([
                kSecAttrApplicationLabel: newID as CFData
            ])
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveSecret.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveSecret.swift
@@ -6,13 +6,13 @@ extension SecureEnclave {
    /// An implementation of Secret backed by the Secure Enclave.
    public struct Secret: SecretKit.Secret {

-        public let id: Data
+        public let id: String
        public let name: String
        public let publicKey: Data
        public let attributes: Attributes

        init(
-            id: Data,
+            id: String,
            name: String,
            publicKey: Data,
            attributes: Attributes
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
@@ -48,9 +48,9 @@ extension SecureEnclave {
                kSecClass: Constants.keyClass,
                kSecAttrService: Constants.keyTag,
                kSecUseDataProtectionKeychain: true,
-                kSecAttrAccount: String(decoding: secret.id, as: UTF8.self),
+                kSecAttrAccount: secret.id,
                kSecReturnAttributes: true,
-                kSecReturnData: true
+                kSecReturnData: true,
            ])
            var untyped: CFTypeRef?
            let status = SecItemCopyMatching(queryAttributes, &untyped)
@@ -143,8 +143,7 @@ extension SecureEnclave {
                kSecClass: Constants.keyClass,
                kSecAttrService: Constants.keyTag,
                kSecUseDataProtectionKeychain: true,
-                kSecAttrAccount: String(decoding: secret.id, as: UTF8.self),
-                kSecAttrCanSign: true,
+                kSecAttrAccount: secret.id,
            ])
            let status = SecItemDelete(deleteAttributes)
            if status != errSecSuccess {
@@ -155,12 +154,14 @@ extension SecureEnclave {

        public func update(secret: Secret, name: String, attributes: Attributes) async throws {
            let updateQuery = KeychainDictionary([
-                kSecClass: kSecClassKey,
-                kSecAttrApplicationLabel: secret.id as CFData
+                kSecClass: Constants.keyClass,
+                kSecAttrAccount: secret.id,
            ])

+            let attributes = try JSONEncoder().encode(attributes)
            let updatedAttributes = KeychainDictionary([
                kSecAttrLabel: name,
+                kSecAttrGeneric: attributes,
            ])

            let status = SecItemUpdate(updateQuery, updatedAttributes)
@@ -213,10 +214,9 @@ extension SecureEnclave.Store {
            do {
                let name = $0[kSecAttrLabel] as? String ?? String(localized: "unnamed_secret")
                guard let attributesData = $0[kSecAttrGeneric] as? Data,
-                let idString = $0[kSecAttrAccount] as? String else {
+                let id = $0[kSecAttrAccount] as? String else {
                    throw MissingAttributesError()
                }
-                let id = Data(idString.utf8)
                let attributes = try JSONDecoder().decode(Attributes.self, from: attributesData)
                let keyData = $0[kSecValueData] as! Data
                let publicKey: Data