[英]Detect if Secure Enclave is available on current device
是否有某种方法可以检测当前设备上是否可以存储在 Secure Enclave 中?
Here is another solution:这是另一个解决方案:
Device.h设备文件
#import <Foundation/Foundation.h>
@interface Device : NSObject
+(BOOL) hasSecureEnclave;
+(BOOL) isSimulator;
+(BOOL) hasBiometrics;
@end
Device.m设备.m
#import "Device.h"
#import <LocalAuthentication/LocalAuthentication.h>
@implementation Device
//To check that device has secure enclave or not
+(BOOL) hasSecureEnclave {
NSLog(@"IS Simulator : %d", [Device isSimulator]);
return [Device hasBiometrics] && ![Device isSimulator] ;
}
//To Check that this is this simulator
+(BOOL) isSimulator {
return TARGET_OS_SIMULATOR == 1;
}
//Check that this device has Biometrics features available
+(BOOL) hasBiometrics {
//Local Authentication Context
LAContext *localAuthContext = [[LAContext alloc] init];
NSError *error = nil;
/// Policies can have certain requirements which, when not satisfied, would always cause
/// the policy evaluation to fail - e.g. a passcode set, a fingerprint
/// enrolled with Touch ID or a face set up with Face ID. This method allows easy checking
/// for such conditions.
BOOL isValidPolicy = [localAuthContext canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error];
if (isValidPolicy) {
if (@available(ios 11.0, *)){
if (error.code != kLAErrorBiometryNotAvailable){
isValidPolicy = true;
} else{
isValidPolicy = false;
}
}else{
if (error.code != kLAErrorTouchIDNotAvailable){
isValidPolicy = true;
}else{
isValidPolicy = false;
}
}
return isValidPolicy;
}
return isValidPolicy;
}
@end
If you want solution in Swift 4, then refer this link.如果您想要 Swift 4 中的解决方案,请参考此链接。
For a developer, there is exactly one thing the Secure Enclave can do: Create and hold private keys for elliptic curve cryptography, and encrypt or decrypt data using these keys.对于开发人员来说,Secure Enclave 只能做一件事:为椭圆曲线加密创建和保存私钥,并使用这些密钥加密或解密数据。 On iOS 9, the attributes describing elliptic curve algorithms are not there - therefore, if you are running iOS 9, then you can assume the Secure Enclave is not there, because you cannot use it.
在 iOS 9 上,描述椭圆曲线算法的属性不存在 - 因此,如果您运行的是 iOS 9,那么您可以假设 Secure Enclave 不存在,因为您无法使用它。
On iOS 10 and above, there is just one way to decide guaranteed correctly if the Secure Enclave is present: Create an elliptic curve encryption key in the Secure Enclave, as described by Apple's documentation.在 iOS 10 及更高版本上,只有一种方法可以正确确定是否存在 Secure Enclave:如 Apple 文档所述,在 Secure Enclave 中创建椭圆曲线加密密钥。 If this fails, and the error has a code of
-4 = errSecUnimplemented
, then there is no Secure Enclave.如果此操作失败,并且错误代码为
-4 = errSecUnimplemented
,则不存在 Secure Enclave。
If you insist on checking a list of devices, you only need the devices that are documented as having no Secure Enclave but are able to run iOS 10, because on iOS 9 it is never available.如果您坚持检查设备列表,您只需要记录为没有 Secure Enclave 但能够运行 iOS 10 的设备,因为在 iOS 9 上它永远不可用。
I did it myself:我自己做的:
+ (BOOL) isDeviceOkForSecureEnclave
{
double OSVersionNumber = floor(NSFoundationVersionNumber);
UIUserInterfaceIdiom deviceType = [[UIDevice currentDevice] userInterfaceIdiom];
BOOL isOSForSecureEnclave = OSVersionNumber > NSFoundationVersionNumber_iOS_8_4 ? YES:NO;
//iOS 9 and up are ready for SE
BOOL isDeviceModelForSecureEnclave = NO;
switch (deviceType) {
case UIUserInterfaceIdiomPhone:
//iPhone
isDeviceModelForSecureEnclave = [self isPhoneForSE];
break;
case UIUserInterfaceIdiomPad:
//iPad
isDeviceModelForSecureEnclave = [self isPadForSE];
break;
default:
isDeviceModelForSecureEnclave = false;
break;
}
return (isOSForSecureEnclave && isDeviceModelForSecureEnclave) ? YES:NO;
}
/**
The arrays are models that we know not having SE in hardware, so if the current device is on the list it means it dosent have SE
*/
+ (BOOL) isPhoneForSE
{
NSString *thisPlatform = [self platform];
NSArray * oldModels = [NSArray arrayWithObjects:
@"x86_64",
@"iPhone1,1",
@"iPhone1,2",
@"iPhone2,1",
@"iPhone3,1",
@"iPhone3,3",
@"iPhone4,1",
@"iPhone5,1",
@"iPhone5,2",
@"iPhone5,3",
@"iPhone5,4", nil];
BOOL isInList = [oldModels containsObject: thisPlatform];
return !isInList;
}
+ (BOOL) isPadForSE
{
//iPad Mini 2 is the earliest with SE // "iPad4,4"
NSString *thisPlatform = [self platform];
NSArray * oldModels = [NSArray arrayWithObjects:
@"x86_64",
@"@iPad",
@"@iPad1,0",
@"@iPad1,1",
@"iPad2,1",
@"iPad2,2",
@"iPad2,3",
@"iPad2,4",
@"iPad2,5",
@"iPad2,6",
@"iPad2,7",
@"iPad3,1",
@"iPad3,2",
@"iPad3,3",
@"iPad3,4",
@"iPad3,5",
@"iPad3,6",nil];
BOOL isInList = [oldModels containsObject: thisPlatform];
return !isInList;
}
+ (NSString *)platform
{
size_t size;
sysctlbyname("hw.machine", NULL, &size, NULL, 0);
char *machine = malloc(size);
sysctlbyname("hw.machine", machine, &size, NULL, 0);
NSString *platform = [NSString stringWithUTF8String:machine];
free(machine);
return platform;
}
@end
There is a more straightforward way to check if Secure Enclave is available using the CryptoKit framework.有一种更直接的方法可以使用 CryptoKit 框架检查 Secure Enclave 是否可用。 The following approach is iOS 13+ and Swift only.
以下方法仅适用于 iOS 13+ 和 Swift。
import CryptoKit
if TARGET_OS_SIMULATOR == 0 && SecureEnclave.isAvailable {
// use Secure Enclave
}
Additional check for Simulator is needed since SecureEnclave.isAvailable
returns true
running on a Simulator (checked on iOS 14.4).由于
SecureEnclave.isAvailable
在模拟器上运行时返回true
(在 iOS 14.4 上检查),因此需要对 Simulator 进行额外检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.