EllipticCurveKeyPair icon indicating copy to clipboard operation
EllipticCurveKeyPair copied to clipboard

Published 20 hours ago verified publisher icon agens-no

Better support for `operationPrompt`

Open hfossli opened this issue 7 years ago • 4 comments

Continuing the discussion from #17.

I think it is a good idea, but I am still conflicted. I don't want to make the API and code more complicated than it is.

I would love to just use the LAContext under the hood, but sadly the localizedReason property was introduced on iOS 11... Thus forcing us to instead send operationPrompt parameter all the way down to the query.

Example of what's needed to change.

Current code

public final class Manager {

    ...1
        
    public func privateKey(context: LAContext? = nil) throws -> PrivateKey {
        ...2
    }

    enum Prompt {
        case context(LAContext)
        case string(String)
    }

    public final class Manager {

        ...1
            
        public func privateKey(context: LAContext? = nil) throws -> PrivateKey {    
            return privateKey(prompt: .context(context))
        }

        public func privateKey(operationPrompt: String) throws -> PrivateKey {    
            return privateKey(prompt: .string(operationPrompt))
        }

        private func privateKey(prompt: Prompt) throws -> PrivateKey {    
            ...2 
            - let key = try helper.getPrivateKey(context: context)
            + let key = try helper.getPrivateKey(prompt: prompt)
        }

hfossli avatar Dec 20 '17 10:12 hfossli

I've had to do the same in my own implementation i.e. use operationPrompt pre iOS 11.x

I don't think you currently have any other choice and although it's not so nice, it is a necessary evil for the moment.

wuf810 avatar Dec 20 '17 15:12 wuf810

Yep. Thanks for chiming in.

One additional constraint is that we don’t want to query the private key excessively for devices that doesnt support the access control flag «privateKeyUsage».

hfossli avatar Dec 20 '17 15:12 hfossli

Looks like a reasonable solution. I'm not sure if you implied this or not but this enum could also be utilized at the API level?

let config = EllipticCurveKeyPair.Config(
...
                operationPrompt: EllipticCurveKeyPair.Prompt.string("Message"),
                // or EllipticCurveKeyPair.Prompt.context(context)
...)

alkalim avatar Dec 20 '17 23:12 alkalim

Yes, it could. Users could also write the shorter version (omitting EllipticCurveKeyPair.Prompt)

let config = EllipticCurveKeyPair.Config(
...
                operationPrompt: .string("Message"),
...)

since the type is known.

I was looking for non-breaking changes, but it seems like a good idea to do a breaking change in order to get this right.

hfossli avatar Dec 21 '17 09:12 hfossli