lysann/passforios
1
0
Fork 0
Code Issues Pull requests Activity

Force weak linking of CryptoTokenKit (#543)

Browse source 
Apple's CryptoTokenKit is only present in iOS 13.0+ however it exports
symbols with availability annotations going back to iOS 10.0.

In the Pass app we have a deployment target of iOS 12.0. Apple's
automatic weak linking system apparently only looks at the
symbol-level availability annotations so it assumes the symbols
we use will always be present (even though they won't pre-iOS-13).

We can work around this issue by forcing weak linking using the
"Optional" framework setting. (Note that this workaround would not
work if CryptoTokenKit was used from a third-party swift package.)

This is necessary to restore iOS 12 support after #533.

For further history see https://github.com/mssun/passforios/issues/539
This commit is contained in:
Bradley Walters 2022-05-22 23:35:53 -06:00 committed by GitHub
parent e5d3b06896
commit 6f5385fe4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

19
pass/Services/PasswordDecryptor.swift
View file

@ -66,15 +66,20 @@ let symmetricKeyIDNameDict: [UInt8: String] = [
]
private func isEncryptKeyAlgoRSA(_ applicationRelatedData: Data) -> Bool {
let tlv = TKBERTLVRecord.sequenceOfRecords(from: applicationRelatedData)!
// 0x73: Discretionary data objects
for record in TKBERTLVRecord.sequenceOfRecords(from: tlv.first!.value)! where record.tag == 0x73 {
// 0xC2: Algorithm attributes decryption, 0x01: RSA
for record2 in TKBERTLVRecord.sequenceOfRecords(from: record.value)! where record2.tag == 0xC2 && record2.value.first! == 0x01 {
return true
if #available(iOS 13.0, *) {
let tlv = TKBERTLVRecord.sequenceOfRecords(from: applicationRelatedData)!
// 0x73: Discretionary data objects
for record in TKBERTLVRecord.sequenceOfRecords(from: tlv.first!.value)! where record.tag == 0x73 {
// 0xC2: Algorithm attributes decryption, 0x01: RSA
for record2 in TKBERTLVRecord.sequenceOfRecords(from: record.value)! where record2.tag == 0xC2 && record2.value.first! == 0x01 {
return true
}
}
return false
} else {
// We need CryptoTokenKit (iOS 13.0+) to check if data is RSA, so fail open here.
return true
}
return false
}
// swiftlint:disable cyclomatic_complexity