Add accessibility support to SecKey, SecKeyPair, SecCertificate & SecIdentity

.gitignore

@@ -6,4 +6,3 @@
 /TestResults
 
 /ShieldHost/**/xcuserdata/
-/ShieldHost/**/project.xcworkspace/

ShieldHost/ShieldHost Watch App/ShieldHost Watch App.entitlements

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict/>
+</plist>

ShieldHost/ShieldHost.xcodeproj/project.pbxproj

@@ -8,8 +8,6 @@
 
 /* Begin PBXBuildFile section */
 		AA2151F02975D9CF0072F6CA /* ShieldHostApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2151EF2975D9CF0072F6CA /* ShieldHostApp.swift */; };
-		AA2151F42975D9D00072F6CA /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = AA2151F32975D9D00072F6CA /* Assets.xcassets */; };
-		AA2151F82975D9D00072F6CA /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = AA2151F72975D9D00072F6CA /* Preview Assets.xcassets */; };
 		AA2152422975DF5F0072F6CA /* CertificationRequestBuilderTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2152342975DF5F0072F6CA /* CertificationRequestBuilderTests.swift */; };
 		AA2152442975DF5F0072F6CA /* HmacTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2152362975DF5F0072F6CA /* HmacTests.swift */; };
 		AA2152452975DF5F0072F6CA /* OIDTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2152372975DF5F0072F6CA /* OIDTests.swift */; };
@@ -26,8 +24,6 @@
 		AA2152632975E3600072F6CA /* Shield in Frameworks */ = {isa = PBXBuildFile; productRef = AA2152622975E3600072F6CA /* Shield */; };
 		AA5768A12975E7C300142200 /* ShieldHost Watch App.app in Embed Watch Content */ = {isa = PBXBuildFile; fileRef = AA5768A02975E7C300142200 /* ShieldHost Watch App.app */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
 		AA5768A62975E7C300142200 /* ShieldHostApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA5768A52975E7C300142200 /* ShieldHostApp.swift */; };
-		AA5768AA2975E7C400142200 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = AA5768A92975E7C400142200 /* Assets.xcassets */; };
-		AA5768AD2975E7C400142200 /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = AA5768AC2975E7C400142200 /* Preview Assets.xcassets */; };
 		AA5768E02975E85E00142200 /* Shield in Frameworks */ = {isa = PBXBuildFile; productRef = AA5768DF2975E85E00142200 /* Shield */; };
 		AA5768E12975E87C00142200 /* HmacTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2152362975DF5F0072F6CA /* HmacTests.swift */; };
 		AA5768E22975E87C00142200 /* DistinguishedNameComposerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2152382975DF5F0072F6CA /* DistinguishedNameComposerTests.swift */; };
@@ -42,6 +38,8 @@
 		AA5768EC2975E87C00142200 /* DigestTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA21523D2975DF5F0072F6CA /* DigestTests.swift */; };
 		AA5768ED2975E87C00142200 /* CertificateBuilderECTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA21523A2975DF5F0072F6CA /* CertificateBuilderECTests.swift */; };
 		AA5768EE2975E87C00142200 /* DistinguishedNameParserTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AA2152402975DF5F0072F6CA /* DistinguishedNameParserTests.swift */; };
+		AAC4C7862ADDFFAD00487E0A /* Utils.swift in Sources */ = {isa = PBXBuildFile; fileRef = AAC4C7852ADDFFAD00487E0A /* Utils.swift */; };
+		AAC4C7872ADDFFAD00487E0A /* Utils.swift in Sources */ = {isa = PBXBuildFile; fileRef = AAC4C7852ADDFFAD00487E0A /* Utils.swift */; };
 		AADD77C929A3E278005D0955 /* CertificateDecoderTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AADD77C629A3E278005D0955 /* CertificateDecoderTests.swift */; };
 		AADD77CA29A3E278005D0955 /* CertificateDecoderTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = AADD77C629A3E278005D0955 /* CertificateDecoderTests.swift */; };
 /* End PBXBuildFile section */
@@ -87,10 +85,7 @@
 /* Begin PBXFileReference section */
 		AA2151EC2975D9CF0072F6CA /* ShieldHost.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = ShieldHost.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		AA2151EF2975D9CF0072F6CA /* ShieldHostApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ShieldHostApp.swift; sourceTree = "<group>"; };
-		AA2151F12975D9CF0072F6CA /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
-		AA2151F32975D9D00072F6CA /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
 		AA2151F52975D9D00072F6CA /* ShieldHost.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = ShieldHost.entitlements; sourceTree = "<group>"; };
-		AA2151F72975D9D00072F6CA /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
 		AA2151FD2975D9D00072F6CA /* ShieldHostTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = ShieldHostTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
 		AA21521F2975DCA40072F6CA /* Shield */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = Shield; path = ..; sourceTree = "<group>"; };
 		AA2152342975DF5F0072F6CA /* CertificationRequestBuilderTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CertificationRequestBuilderTests.swift; sourceTree = "<group>"; };
@@ -109,10 +104,9 @@
 		AA57689B2975E7C300142200 /* ShieldHost Watch Container.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "ShieldHost Watch Container.app"; sourceTree = BUILT_PRODUCTS_DIR; };
 		AA5768A02975E7C300142200 /* ShieldHost Watch App.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "ShieldHost Watch App.app"; sourceTree = BUILT_PRODUCTS_DIR; };
 		AA5768A52975E7C300142200 /* ShieldHostApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ShieldHostApp.swift; sourceTree = "<group>"; };
-		AA5768A72975E7C300142200 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
-		AA5768A92975E7C400142200 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
-		AA5768AC2975E7C400142200 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = "<group>"; };
 		AA5768B22975E7C400142200 /* ShieldHost Watch AppTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "ShieldHost Watch AppTests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; };
+		AAC4C7812ADDCBE600487E0A /* ShieldHost Watch App.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "ShieldHost Watch App.entitlements"; sourceTree = "<group>"; };
+		AAC4C7852ADDFFAD00487E0A /* Utils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Utils.swift; sourceTree = "<group>"; };
 		AADD77C629A3E278005D0955 /* CertificateDecoderTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CertificateDecoderTests.swift; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
@@ -178,22 +172,11 @@
 			isa = PBXGroup;
 			children = (
 				AA2151EF2975D9CF0072F6CA /* ShieldHostApp.swift */,
-				AA2151F12975D9CF0072F6CA /* ContentView.swift */,
-				AA2151F32975D9D00072F6CA /* Assets.xcassets */,
 				AA2151F52975D9D00072F6CA /* ShieldHost.entitlements */,
-				AA2151F62975D9D00072F6CA /* Preview Content */,
 			);
 			path = ShieldHost;
 			sourceTree = "<group>";
 		};
-		AA2151F62975D9D00072F6CA /* Preview Content */ = {
-			isa = PBXGroup;
-			children = (
-				AA2151F72975D9D00072F6CA /* Preview Assets.xcassets */,
-			);
-			path = "Preview Content";
-			sourceTree = "<group>";
-		};
 		AA21521E2975DCA40072F6CA /* Packages */ = {
 			isa = PBXGroup;
 			children = (
@@ -219,6 +202,7 @@
 				AA21523F2975DF5F0072F6CA /* SecIdentityTests.swift */,
 				AA2152402975DF5F0072F6CA /* DistinguishedNameParserTests.swift */,
 				AA2152412975DF5F0072F6CA /* SecKeyPairTests.swift */,
+				AAC4C7852ADDFFAD00487E0A /* Utils.swift */,
 			);
 			name = Tests;
 			path = ../Tests;
@@ -234,22 +218,12 @@
 		AA5768A42975E7C300142200 /* ShieldHost Watch App */ = {
 			isa = PBXGroup;
 			children = (
+				AAC4C7812ADDCBE600487E0A /* ShieldHost Watch App.entitlements */,
 				AA5768A52975E7C300142200 /* ShieldHostApp.swift */,
-				AA5768A72975E7C300142200 /* ContentView.swift */,
-				AA5768A92975E7C400142200 /* Assets.xcassets */,
-				AA5768AB2975E7C400142200 /* Preview Content */,
 			);
 			path = "ShieldHost Watch App";
 			sourceTree = "<group>";
 		};
-		AA5768AB2975E7C400142200 /* Preview Content */ = {
-			isa = PBXGroup;
-			children = (
-				AA5768AC2975E7C400142200 /* Preview Assets.xcassets */,
-			);
-			path = "Preview Content";
-			sourceTree = "<group>";
-		};
 /* End PBXGroup section */
 
 /* Begin PBXNativeTarget section */
@@ -402,8 +376,6 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				AA2151F82975D9D00072F6CA /* Preview Assets.xcassets in Resources */,
-				AA2151F42975D9D00072F6CA /* Assets.xcassets in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -425,8 +397,6 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				AA5768AD2975E7C400142200 /* Preview Assets.xcassets in Resources */,
-				AA5768AA2975E7C400142200 /* Assets.xcassets in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -457,6 +427,7 @@
 				AA2152452975DF5F0072F6CA /* OIDTests.swift in Sources */,
 				AA2152462975DF5F0072F6CA /* DistinguishedNameComposerTests.swift in Sources */,
 				AA2152492975DF5F0072F6CA /* SecKeyTests.swift in Sources */,
+				AAC4C7862ADDFFAD00487E0A /* Utils.swift in Sources */,
 				AA21524D2975DF5F0072F6CA /* SecIdentityTests.swift in Sources */,
 				AA21524A2975DF5F0072F6CA /* SecCertificateTests.swift in Sources */,
 				AA21524E2975DF5F0072F6CA /* DistinguishedNameParserTests.swift in Sources */,
@@ -486,6 +457,7 @@
 				AA5768EE2975E87C00142200 /* DistinguishedNameParserTests.swift in Sources */,
 				AA5768E72975E87C00142200 /* SecIdentityTests.swift in Sources */,
 				AA5768EC2975E87C00142200 /* DigestTests.swift in Sources */,
+				AAC4C7872ADDFFAD00487E0A /* Utils.swift in Sources */,
 				AA5768E82975E87C00142200 /* CryptorTests.swift in Sources */,
 				AA5768E22975E87C00142200 /* DistinguishedNameComposerTests.swift in Sources */,
 				AA5768ED2975E87C00142200 /* CertificateBuilderECTests.swift in Sources */,
@@ -765,8 +737,10 @@
 		AA5768C52975E7C500142200 /* Debug */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
+				CODE_SIGN_ENTITLEMENTS = "ShieldHost Watch App/ShieldHost Watch App.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
 				ENABLE_PREVIEWS = YES;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_KEY_CFBundleDisplayName = ShieldHost;
@@ -790,8 +764,10 @@
 		AA5768C62975E7C500142200 /* Release */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
+				CODE_SIGN_ENTITLEMENTS = "ShieldHost Watch App/ShieldHost Watch App.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
 				ENABLE_PREVIEWS = YES;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_KEY_CFBundleDisplayName = ShieldHost;
@@ -819,6 +795,7 @@
 				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
 				INFOPLIST_KEY_CFBundleDisplayName = ShieldHost;
 				MARKETING_VERSION = 1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = io.outfoxx.ShieldHost;
@@ -834,6 +811,7 @@
 				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
 				INFOPLIST_KEY_CFBundleDisplayName = ShieldHost;
 				MARKETING_VERSION = 1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = io.outfoxx.ShieldHost;
@@ -851,6 +829,7 @@
 				BUNDLE_LOADER = "$(TEST_HOST)";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
 				GENERATE_INFOPLIST_FILE = YES;
 				MARKETING_VERSION = 1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = "io.outfoxx.ShieldHost-Watch-AppTests";
@@ -870,6 +849,7 @@
 				BUNDLE_LOADER = "$(TEST_HOST)";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
 				GENERATE_INFOPLIST_FILE = YES;
 				MARKETING_VERSION = 1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = "io.outfoxx.ShieldHost-Watch-AppTests";

ShieldHost/ShieldHost.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

ShieldHost/ShieldHost.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -0,0 +1,88 @@
+{
+  "object": {
+    "pins": [
+      {
+        "package": "BigInt",
+        "repositoryURL": "https://github.com/attaswift/BigInt.git",
+        "state": {
+          "branch": null,
+          "revision": "0ed110f7555c34ff468e72e1686e59721f2b0da6",
+          "version": "5.3.0"
+        }
+      },
+      {
+        "package": "Float16",
+        "repositoryURL": "https://github.com/SusanDoggie/Float16.git",
+        "state": {
+          "branch": null,
+          "revision": "936ae66adccf1c91bcaeeb9c0cddde78a13695c3",
+          "version": "1.1.1"
+        }
+      },
+      {
+        "package": "PotentCodables",
+        "repositoryURL": "https://github.com/outfoxx/PotentCodables.git",
+        "state": {
+          "branch": null,
+          "revision": "0c423eb5fdbbefffd36926430bf99f9f998c0cad",
+          "version": "3.1.1"
+        }
+      },
+      {
+        "package": "Regex",
+        "repositoryURL": "https://github.com/sharplet/Regex.git",
+        "state": {
+          "branch": null,
+          "revision": "76c2b73d4281d77fc3118391877efd1bf972f515",
+          "version": "2.1.1"
+        }
+      },
+      {
+        "package": "swift-algorithms",
+        "repositoryURL": "https://github.com/apple/swift-algorithms",
+        "state": {
+          "branch": null,
+          "revision": "b14b7f4c528c942f121c8b860b9410b2bf57825e",
+          "version": "1.0.0"
+        }
+      },
+      {
+        "package": "swift-collections",
+        "repositoryURL": "https://github.com/apple/swift-collections.git",
+        "state": {
+          "branch": null,
+          "revision": "937e904258d22af6e447a0b72c0bc67583ef64a2",
+          "version": "1.0.4"
+        }
+      },
+      {
+        "package": "SwiftDocCPlugin",
+        "repositoryURL": "https://github.com/apple/swift-docc-plugin",
+        "state": {
+          "branch": null,
+          "revision": "10bc670db657d11bdd561e07de30a9041311b2b1",
+          "version": "1.1.0"
+        }
+      },
+      {
+        "package": "SymbolKit",
+        "repositoryURL": "https://github.com/apple/swift-docc-symbolkit",
+        "state": {
+          "branch": null,
+          "revision": "b45d1f2ed151d057b54504d653e0da5552844e34",
+          "version": "1.0.0"
+        }
+      },
+      {
+        "package": "swift-numerics",
+        "repositoryURL": "https://github.com/apple/swift-numerics",
+        "state": {
+          "branch": null,
+          "revision": "0a5bc04095a675662cf24757cc0640aa2204253b",
+          "version": "1.0.2"
+        }
+      }
+    ]
+  },
+  "version": 1
+}

Sources/ShieldSecurity/AlgorithmIdentifier.swift

@@ -68,7 +68,7 @@ public extension AlgorithmIdentifier {
 
     case .ec:
       let curve: OID
-      switch try publicKey.attributes()[kSecAttrKeySizeInBits as String] as? Int ?? 0 {
+      switch try publicKey.keyAttributes()[kSecAttrKeySizeInBits as String] as? Int ?? 0 {
       case 192:
         // P-192, secp192r1
         curve = iso.memberBody.us.ansix962.curves.prime.prime192v1.oid

Sources/ShieldSecurity/SecAccessibility.swift

@@ -0,0 +1,55 @@
+//
+//  SecAccessibility.swift
+//  Shield
+//
+//  Copyright © 2021 Outfox, inc.
+//
+//
+//  Distributed under the MIT License, See LICENSE for details.
+//
+
+import Security
+
+
+public enum SecAccessibility: Equatable {
+  case `default`
+  case unlocked(afterFirst: Bool, shared: Bool)
+  case passcodeEnabled
+#if ACCESSIBILITY_ALWAYS_ENABLED
+  case always(shared: Bool)
+#endif
+}
+
+
+extension SecAccessibility {
+
+  var attr: Any {
+
+    switch self {
+
+#if ACCESSIBILITY_ALWAYS_ENABLED
+    case .always(shared: true):
+      return kSecAttrAccessibleAlways as String
+
+    case .always(shared: false):
+      return kSecAttrAccessibleAlwaysThisDeviceOnly as String
+#endif
+
+    case .unlocked(afterFirst: true, shared: true):
+      return kSecAttrAccessibleAfterFirstUnlock as String
+
+    case .unlocked(afterFirst: true, shared: false):
+      return kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly as String
+
+    case .unlocked(afterFirst: false, shared: true), .default:
+      return kSecAttrAccessibleWhenUnlocked as String
+
+    case .unlocked(afterFirst: false, shared: false):
+      return kSecAttrAccessibleWhenUnlockedThisDeviceOnly as String
+
+    case .passcodeEnabled:
+      return kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly as String
+    }
+  }
+
+}