iOS 15 support

[leocallas]

There's an error when adding a Touch ID / Face ID protected item on iOS 15 simulators and devices:

OSStatus error:[-25293] The user name or passphrase you entered is not correct.

It's working on below iOS 15.

[khose]

Same situation here, and pretty blocking by the way. I'll add more information as soon as I have it.

[leocallas]

https://github.com/kishikawakatsumi/KeychainAccess/blob/e7f7e5af7d4f6eb8b755421b4419dc0aa8cb1bf5/Lib/KeychainAccess/Keychain.swift#L741

This line causing the error as I've looked

[leocallas]

@khose Anything? it's blocker for us too

[kishikawakatsumi]

@leocallas @khose I can hardly reproduce the problem. Please share the actual code you wrote. If possible, please share a small project that reproduces the problem. Thanks for reporting.

[leocallas]

@kishikawakatsumi Actually, I've reproduced this on KeychainAccess example project as well. Also, further testing shows that It's not happening on every device. For example, error occurs on iPhone 12 (iOS 15.1), but not on iPhone 11 (iOS 15.1), but also occurs on iPhone 12 (iOS 15.0.2). Couldn't catch a pattern yet. :(

[khose]

@khose Anything? it's blocker for us too

No news from our side. I've debugged it and indeed it doesn't happen on every device. And in our case, it happens on the simulator 100% of times (XCode Version 13.1 (13A1030d), simulators running iOS 15). We have a pretty tight deadline so we can't dedicate much time to this.

Our workaround so far is to remove biometric accessibility in simulators and hope our tiny user base doesn't experience the issue on their devices. We have just added so lines to avoid using biometry on simulators:

    private func keychain(biometry: Bool) -> Keychain {
        #if targetEnvironment(simulator)
            Keychain(service: serviceId)
        #else
            biometry ?
                Keychain(service: serviceId).accessibility(.whenUnlocked, authenticationPolicy: .userPresence) :
                Keychain(service: serviceId)
        #endif
    }

I'm sorry I can't add a lot more information right now.

[aterreault]

Is there an update on this? This is affecting our production apps.

[RobotK]

This is how I can reproduce it, using Xcode 13.1.

In the Example-iOS project, modify inputViewController.saveAction as follows:

    @IBAction func saveAction(sender: UIBarButtonItem) {
        let keychain: Keychain
        if let service = serviceField.text, !service.isEmpty {
            keychain = Keychain(service: service)
        } else {
            keychain = Keychain()
        }

        let context = LAContext()
        do {
            try keychain.accessibility(.whenPasscodeSetThisDeviceOnly, authenticationPolicy: .userPresence)
                .authenticationContext(context)
                .set(passwordField.text!, key: usernameField.text!)
        } catch {
            print(error)
        }

        dismiss(animated: true, completion: nil)
    }

Run the app in a simulator running iOS 15 and add a new entry.

When you hit save, line 741 of Keychain.swift throws, OSStatus error:[-25293] The user name or passphrase you entered is not correct.

If you use a 14.x simulator (which can be installed from Xcode -> Preferences -> Components), the save action succeeds.

[aterreault]

Is there an ETA for this fix? We are likely going to need to look into another pod but we'd rather continue using this one.

[RobotK]

Are we sure this happens on devices as well as the simulator? https://developer.apple.com/forums/thread/685773

[doc1985]

I have seen it on "some" devices running iOS 15. It seems kind of random and without any patterns.

[apps4everyone]

the problem could be related to this: if the item already exists it has to be deleted first

//removing item if it exists SecItemDelete(query as CFDictionary)

https://coderedirect.com/questions/209955/adding-private-key-into-ios-keychain

[apps4everyone]

if you add to the apple example app: https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id

to line 104 in ViewController //removing item if it exists SecItemDelete(query as CFDictionary)

the example work's...