Giters

square / Valet

Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unit tests fail on tvOS 14

NickEntin opened this issue · comments

commented

Running on tvOS 14.5, we're getting a -26276 response to SecItemCopyMatching(_:_:) in many of the SinglePromptSecureEnclaveIntegrationTests tests.

This doesn't match any of the OSStatus codes. The closest is errSecDecode, so maybe it's related to that?

errSecDecode                             = -26275,    /* Unable to decode the provided data. */
commented

Looking at other OSS Keychain code, it looks like -26276 is an internal error, which isn't terribly helpful.

When I ran these tests locally, I saw the following error text in the console:

Valet tvOS Test Host App[70063:28557685] [Client,LAContext] LAContext[70063:0] failed to initialize: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.CoreAuthentication.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.CoreAuthentication.daemon was invalidated.}
Valet tvOS Test Host App[70063:28557685] [Client,LAContext] LAContext[70063:0] failed to initialize: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.CoreAuthentication.daemon.libxpc was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.CoreAuthentication.daemon.libxpc was invalidated.}

It seems like CoreAuthentication isn't working on tvOS 14, or at least it isn't working properly in the tvOS 14 simulators. It seems that prior to #256 we weren't testing tvOS 14 in CI, so it's quite likely this never worked.

I'm curious if physical tvOS devices work with LAContexts or SinglePromptSecureEnclaveValets. I don't have a way to test this, however. Ideas?

commented

Given the contents of our testEnvironmentSupportsWhenPasscodeSet check and how liberally we utilize that check in both SecureEnclaveIntegrationTests and SinglePromptSecureEnclaveIntegrationTests, I'm tempted to say this is an tvOS 14 simulator-only issue.

What's fascinating is that it looks like the tvOS 14 simulator has less impactful bugs than the tvOS 13 simulator. We may want to create a new method similar to testEnvironmentSupportsWhenPasscodeSet called testEnvironmentSupportsLocalAuthenticationContext that returns true unless we're on tvOS 14, and pepper the SinglePromptSecureEnclaveIntegrationTests methods with guard statements that check testEnvironmentSupportsLocalAuthenticationContext.

commented

Same issue occurs with the tvOS 15 simulator. I'd really love someone with a TV app to let us know what actually works on a device.

commented

Fixed in #284