0

We have integrated YubiKey 5Ci (PIV) support into our iOS mobile app.

USB Type-C integration is done using Apple CryptoTokenKit (TKSmartCard classes). This works fine.

For attached/detached notification, we are using TKTokenWatcher as below:

if (@available(iOS 11.0, *)) {
        [watcher setInsertionHandler:^(NSString *tokenID)
         {
            // Hack to read name if there's only one smart card
            LOGARG(BAI_LOG_DEBUG, "Token %s inserted.", [tokenID UTF8String]);
            //Call deviceAdded() only when tokenID is not APPLE_DEFAULT_TOKENID i.e. com.apple.*
            if ([tokenID rangeOfString:APPLE_DEFAULT_TOKENID].location == NSNotFound)
                [self typeCDeviceAdded];
            
            [watcher addRemovalHandler:^(NSString *tokenID) {
              LOGARG(BAI_LOG_DEBUG, "Token %s removed.", [tokenID UTF8String]);
                //Call deviceRemoved() only when tokenID is not APPLE_DEFAULT_TOKENID i.e. com.apple.*
                if ([tokenID rangeOfString:APPLE_DEFAULT_TOKENID].location != NSNotFound)
                    [self typeCDeviceRemoved];
            } forTokenID:tokenID];
        }];
    }

This works well on an iPad Pro, 5th generation and OS 16.3.1 however it does not work with another iPad Pro, 4th generation and OS 16.1.

Log trace statements on iPad#1:

[ReaderInterface init]_block_invoke Token com.yubico.Authenticator.TokenExtension:D737C5B76432A24620B1287F54A943FC1A418CA5F70C9F26E31ECD2BAED7EBD2 inserted.
[ReaderInterface init]_block_invoke Token com.apple.secelemtoken inserted.
[ReaderInterface init]_block_invoke Token com.apple.pivtoken:E658E6D40E7508CE2A666D35B3048C70 inserted.
[ReaderInterface init]_block_invoke Token com.apple.setoken inserted.
[ReaderInterface init]_block_invoke Token com.apple.setoken:aks inserted.

Log trace statements on iPad#2:

[ReaderInterface init]_block_invoke Token com.apple.pivtoken:39BDF66093B0B304408E2805E35BFE84 inserted.
[ReaderInterface init]_block_invoke Token com.apple.secelemtoken inserted.
[ReaderInterface init]_block_invoke Token com.apple.setoken inserted.
[ReaderInterface init]_block_invoke Token com.apple.setoken:aks inserted.

You can see, we are getting attachment notifications from com.yubico.Authenticator.TokenExtension on iPad#1 but not with iPad#2.

Any idea what could be the problem?

Any suggestions for troubleshooting?

Madhu Bajpai
  • 33
  • 6

0 Answers0