LAContext's touchIDAuthenticationAllowableReuseDuration value not respected
| Originator: | mkaye | ||
| Number: | rdar://35674867 | Date Originated: | 23/11/17 |
| Status: | Open | Resolved: | |
| Product: | IOS SDK Security | Product Version: | IOS 9 + |
| Classification: | Security | Reproducible: | Yes |
Summary: A LAContext (set with a valid touchIDAuthenticationAllowableReuseDuration), and used with the kSecUseAuthenticationContext flag in a SecItemCopyMatching query, does not respect the value set for the touchIDAuthenticationAllowableReuseDuration. Steps to Reproduce: Create an LAContext and set it's touchIDAuthenticationAllowableReuseDuration to specific duration let context = LAContext() context.touchIDAuthenticationAllowableReuseDuration = 60 Next pass the context into a SecItemCopyMatching query var query = [String : AnyObject]() … … query[kSecUseAuthenticationContext as String] = context Expected Results: The expectation is that if the TouchID has been authenticated, then no authentication dialog will appear for the reuse duration specified Actual Results: Depends on the value set for touchIDAuthenticationAllowableReuseDuration: If set to 0 : then an authentication dialog is displayed (correct behaviour) BUT the authentication reuse duration remains valid for 600 seconds. If set to a value > 0 : the authentication reuse duration remains valid for 600 seconds Version/Build: iOS 9 and above Configuration: No special configuration. Issue happens on devices with or without secureEnclave.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!