use known facets in prompts

github · Aug 18, 2017 · 5bc1c31 · 5bc1c31
1 parent 4085c78
commit 5bc1c31
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 11 deletions.
diff --git a/SoftU2FTool/KeyPair.swift b/SoftU2FTool/KeyPair.swift
@@ -82,12 +82,12 @@ class KeyPair {
     }
 
     // Find a key pair with the given label and application label.
-    init?(label l: String, appLabel al: Data) {
+    init?(label l: String, appLabel al: Data, signPrompt sp: String) {
         label = l
         applicationLabel = al
 
         // Lookup private key.
-        guard let priv = Keychain.getPrivateSecKey(attrAppLabel: applicationLabel as CFData) else { return nil }
+        guard let priv = Keychain.getPrivateSecKey(attrAppLabel: applicationLabel as CFData, signPrompt: sp as CFString) else { return nil }
         privateKey = priv
 
         // Generate public key from private key

diff --git a/SoftU2FTool/Keychain.swift b/SoftU2FTool/Keychain.swift
@@ -170,13 +170,14 @@ class Keychain {
         return result
     }
 
-    static func getPrivateSecKey(attrAppLabel: CFData) -> SecKey? {
+    static func getPrivateSecKey(attrAppLabel: CFData, signPrompt: CFString) -> SecKey? {
         let query = makeCFDictionary(
-                                     (kSecClass, kSecClassKey),
-                                     (kSecAttrKeyType, kSecAttrKeyTypeEC),
-                                     (kSecAttrKeyClass, kSecAttrKeyClassPrivate),
-                                     (kSecAttrApplicationLabel, attrAppLabel),
-                                     (kSecReturnRef, kCFBooleanTrue)
+            (kSecClass, kSecClassKey),
+            (kSecAttrKeyType, kSecAttrKeyTypeEC),
+            (kSecAttrKeyClass, kSecAttrKeyClassPrivate),
+            (kSecAttrApplicationLabel, attrAppLabel),
+            (kSecReturnRef, kCFBooleanTrue),
+            (kSecUseOperationPrompt, signPrompt as CFString)
         )
 
         var optionalOpaqueResult: CFTypeRef? = nil
@@ -332,7 +333,7 @@ class Keychain {
                 return
             }
 
-            guard let _ = getPrivateSecKey(attrAppLabel: attrAppLabel as CFData) else {
+            guard let _ = getPrivateSecKey(attrAppLabel: attrAppLabel as CFData, signPrompt: "" as CFString) else {
                 print("error getting private key for public key")
                 return
             }

diff --git a/SoftU2FTool/U2FRegistration.swift b/SoftU2FTool/U2FRegistration.swift
@@ -68,7 +68,11 @@ class U2FRegistration {
     // Find a registration with the given key handle.
     init?(keyHandle kh: Data, applicationParameter ap: Data) {
         let appLabel = unpadKeyHandle(kh)
-        guard let kp = KeyPair(label: U2FRegistration.namespace, appLabel: appLabel) else { return nil }
+
+        let kf = KnownFacets[ap] ?? "site"
+        let prompt = "authenticate with \(kf)"
+
+        guard let kp = KeyPair(label: U2FRegistration.namespace, appLabel: appLabel, signPrompt: prompt) else { return nil }
         keyPair = kp
 
         // Read our application parameter from the keychain and make sure it matches.

diff --git a/SoftU2FTool/UserPresence.swift b/SoftU2FTool/UserPresence.swift
@@ -6,7 +6,6 @@
 //
 
 import Foundation
-import LocalAuthentication
 
 class UserPresence: NSObject {
     enum Notification {