Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-06-30 01:17:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add Apple Watch support to quick unlock

Browse source 
* Allow using a paired Apple Watch to authenticate to the secrets store in addition to TouchID.
* Closes #5337
This commit is contained in:
Benjamin K 2020-10-08 11:37:50 +02:00 committed by Jonathan White
parent 0c6587b5b7
commit 34ed63f495
1 changed files with 34 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

41
src/touchid/TouchID.mm
View file

@ -94,10 +94,20 @@ bool TouchID::storeKey(const QString& databasePath, const QByteArray& passwordKe
// prepare adding secure entry to the macOS KeyChain // prepare adding secure entry to the macOS KeyChain
CFErrorRef error = NULL; CFErrorRef error = NULL;
SecAccessControlRef sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault, SecAccessControlRef sacObject;
kSecAttrAccessibleWhenUnlockedThisDeviceOnly, if (@available(macOS 10.15, *)) {
kSecAccessControlTouchIDCurrentSet, // depr: kSecAccessControlBiometryCurrentSet, // kSecAccessControlWatch is only available for macOS 10.15 and later
&error); sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecAccessControlOr | kSecAccessControlBiometryCurrentSet | kSecAccessControlWatch,
&error);
} else {
sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecAccessControlTouchIDCurrentSet, // depr: kSecAccessControlBiometryCurrentSet,
&error);
}
if (sacObject == NULL || error != NULL) { if (sacObject == NULL || error != NULL) {
NSError* e = (__bridge NSError*) error; NSError* e = (__bridge NSError*) error;
@ -216,12 +226,21 @@ bool TouchID::getKey(const QString& databasePath, QByteArray& passwordKey) const
bool TouchID::isAvailable() bool TouchID::isAvailable()
{ {
// cache result // cache result
if (this->m_available != TOUCHID_UNDEFINED) if (this->m_available != TOUCHID_UNDEFINED) {
return (this->m_available == TOUCHID_AVAILABLE); return (this->m_available == TOUCHID_AVAILABLE);
}
@try { @try {
LAContext* context = [[LAContext alloc] init]; LAContext* context = [[LAContext alloc] init];
bool canAuthenticate = [context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:nil];
LAPolicy policyCode;
if (@available(macOS 10.15, *)) {
policyCode = LAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch;
} else {
policyCode = LAPolicyDeviceOwnerAuthenticationWithBiometrics;
}
bool canAuthenticate = [context canEvaluatePolicy:policyCode error:nil];
[context release]; [context release];
this->m_available = canAuthenticate ? TOUCHID_AVAILABLE : TOUCHID_NOT_AVAILABLE; this->m_available = canAuthenticate ? TOUCHID_AVAILABLE : TOUCHID_NOT_AVAILABLE;
return canAuthenticate; return canAuthenticate;
@ -253,7 +272,15 @@ bool TouchID::authenticate(const QString& message) const
LAContext* context = [[LAContext alloc] init]; LAContext* context = [[LAContext alloc] init];
__block TouchIDResult result = kTouchIDResultNone; __block TouchIDResult result = kTouchIDResultNone;
NSString* authMessage = msg.toNSString(); // autoreleased NSString* authMessage = msg.toNSString(); // autoreleased
[context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics
LAPolicy policyCode;
if (@available(macOS 10.15, *)) {
policyCode = LAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch;
} else {
policyCode = LAPolicyDeviceOwnerAuthenticationWithBiometrics;
}
[context evaluatePolicy:policyCode
localizedReason:authMessage reply:^(BOOL success, NSError* error) { localizedReason:authMessage reply:^(BOOL success, NSError* error) {
Q_UNUSED(error); Q_UNUSED(error);
result = success ? kTouchIDResultAllowed : kTouchIDResultFailed; result = success ? kTouchIDResultAllowed : kTouchIDResultFailed;