Mark all public value types as 'Sendable'

YubiKit/YubiKit/Connection.swift

@@ -67,7 +67,7 @@ public protocol Connection: Sendable {
 }
 
 /// Connection Errors.
-public enum ConnectionError: Error {
+public enum ConnectionError: Error, Sendable {
     /// No current connection.
     case noConnection
     /// Unexpected result returned from YubiKey.
@@ -81,7 +81,7 @@ public enum ConnectionError: Error {
 }
 
 /// A ResponseError containing the status code.
-public struct ResponseError: Error {
+public struct ResponseError: Error, Sendable {
     /// Status code of the response.
     public let responseStatus: ResponseStatus
 }

YubiKit/YubiKit/Keys/ECKeys.swift

@@ -17,7 +17,7 @@
 
 import Foundation
 
-public enum EC {
+public enum EC: Sendable {
     /// Supported elliptic curve types (currently P-256 and P-384) using uncompressed point representation.
     public enum Curve: Sendable, Equatable {
         case p384

YubiKit/YubiKit/Keys/Keys.swift

@@ -15,7 +15,7 @@
 /// # Keys
 /// Protocols and enums for generic cryptographic key handling (RSA and EC).
 
-public enum CryptoKeyKind: Equatable {
+public enum CryptoKeyKind: Equatable, Sendable {
     /// Kind of cryptographic key (RSA or EC), with associated parameters.
     case rsa(RSA.KeySize)
     case ec(EC.Curve)
@@ -28,7 +28,7 @@ public protocol CryptoKey: Sendable, Equatable {
 }
 
 /// Generic public key (RSA or EC).
-public enum PublicKey: CryptoKey {
+public enum PublicKey: CryptoKey, Sendable {
     case ec(EC.PublicKey)
     case rsa(RSA.PublicKey)
 
@@ -44,7 +44,7 @@ public enum PublicKey: CryptoKey {
 }
 
 /// Generic private key (RSA or EC).
-public enum PrivateKey: CryptoKey {
+public enum PrivateKey: CryptoKey, Sendable {
     case ec(EC.PrivateKey)
     case rsa(RSA.PrivateKey)
 

YubiKit/YubiKit/Keys/RSAKeys.swift

@@ -18,7 +18,7 @@
 import CryptoTokenKit
 import Foundation
 
-public enum RSA {
+public enum RSA: Sendable {
 
     /// Supported RSA key sizes (in bits).
     public enum KeySize: Int, Sendable, CaseIterable {

YubiKit/YubiKit/Management/Capability.swift

@@ -8,7 +8,7 @@
 import Foundation
 
 /// Identifies a feature (typically an application) on a YubiKey which may or may not be supported, and which can be enabled or disabled.
-public enum Capability: UInt {
+public enum Capability: UInt, Sendable {
     /// Identifies the YubiOTP application.
     case OTP = 0x0001
     /// Identifies the U2F (CTAP1) portion of the FIDO application.

YubiKit/YubiKit/Management/DeviceConfig.swift

@@ -16,7 +16,7 @@ import CryptoTokenKit
 import Foundation
 
 /// Describes the configuration of a YubiKey which can be altered via the Management application.
-public struct DeviceConfig {
+public struct DeviceConfig: Sendable {
 
     /// The timeout used when in CCID-only mode with flag eject enabled.
     public let autoEjectTimeout: TimeInterval?

YubiKit/YubiKit/Management/DeviceInfo.swift

@@ -16,12 +16,12 @@ import CryptoTokenKit
 import Foundation
 
 /// Identifies the type of data transport a YubiKey is using.
-public enum DeviceTransport {
+public enum DeviceTransport: Sendable {
     case usb, nfc
 }
 
 /// The physical form factor of a YubiKey.
-public enum FormFactor: UInt8 {
+public enum FormFactor: UInt8, Sendable {
     /// Used when information about the YubiKey's form factor isn't available.
     case unknown = 0x00
     /// A keychain-sized YubiKey with a USB-A connector.
@@ -41,7 +41,7 @@ public enum FormFactor: UInt8 {
 }
 
 /// Contains metadata, including Device Configuration, of a YubiKey.
-public struct DeviceInfo: CustomStringConvertible {
+public struct DeviceInfo: CustomStringConvertible, Sendable {
 
     public var description: String {
         """

YubiKit/YubiKit/Management/ManagementFeature.swift

@@ -15,7 +15,7 @@
 import Foundation
 
 /// Management session features.
-public enum ManagementFeature: SessionFeature {
+public enum ManagementFeature: SessionFeature, Sendable {
 
     /// Support for reading the DeviceInfo data from the YubiKey.
     case deviceInfo

YubiKit/YubiKit/Management/ManagementSession.swift

@@ -16,7 +16,7 @@ import CryptoTokenKit
 import Foundation
 import OSLog
 
-public enum ManagementSessionError: Error {
+public enum ManagementSessionError: Error, Sendable {
     /// Application is not supported on this YubiKey.
     case applicationNotSupported
     /// Unexpected configuration state.

YubiKit/YubiKit/NFCConnection.swift

@@ -115,7 +115,7 @@ public struct NFCConnection: Connection, Sendable {
 }
 
 // NFCConnection specific errors
-public enum NFCConnectionError: Error {
+public enum NFCConnectionError: Error, Sendable {
     case failedToPoll
     case unsupported
     case malformedAPDU

YubiKit/YubiKit/OATH/OATHSession+Extensions.swift

@@ -20,7 +20,7 @@ private let totpCode: UInt8 = 0x20
 
 extension OATHSession {
 
-    public enum CredentialTemplateError: Error {
+    public enum CredentialTemplateError: Error, Sendable {
         case missingScheme, missingName, missingSecret, parseType, parseAlgorithm
     }
 
@@ -247,7 +247,7 @@ extension OATHSession {
     }
 
     /// Template object holding all required information to add a new ``Credential`` to a YubiKey.
-    public struct CredentialTemplate {
+    public struct CredentialTemplate: Sendable {
 
         private static let minSecretLenght = 14
         public let type: CredentialType

YubiKit/YubiKit/OATH/OATHSession.swift

@@ -28,7 +28,7 @@ private let tagResponse: TKTLVTag = 0x75
 
 let oathDefaultPeriod = 30.0
 
-public enum OATHSessionError: Error {
+public enum OATHSessionError: Error, Sendable {
     case wrongPassword
     case responseDataNotTLVFormatted
     case missingVersionInfo
@@ -453,7 +453,7 @@ public final actor OATHSession: Session {
     }
 }
 
-public struct DeriveAccessKeyError: Error {
+public struct DeriveAccessKeyError: Error, Sendable {
     let cryptorStatus: CCCryptorStatus
 }
 

YubiKit/YubiKit/OATH/OATHSessionFeature.swift

@@ -14,7 +14,7 @@
 
 import Foundation
 
-public enum OATHSessionFeature: SessionFeature {
+public enum OATHSessionFeature: SessionFeature, Sendable {
 
     case rename, touch, sha512
 

YubiKit/YubiKit/PIV/PIVDataTypes.swift

@@ -15,7 +15,7 @@
 import Foundation
 
 /// The touch policy of a private key defines whether or not a user presence check (physical touch) is required to use the key.
-public enum PIVTouchPolicy: UInt8 {
+public enum PIVTouchPolicy: UInt8, Sendable {
     /// The default behavior for the particular key slot is used, which is always `.never`.
     case defaultPolicy = 0x0
     /// Touch is never required for using the key.
@@ -27,7 +27,7 @@ public enum PIVTouchPolicy: UInt8 {
 }
 
 /// The PIN policy of a private key defines whether or not a PIN is required to use the key.
-public enum PIVPinPolicy: UInt8 {
+public enum PIVPinPolicy: UInt8, Sendable {
     /// The default behavior for the particular key slot is used.
     case defaultPolicy = 0x0
     /// The PIN is never required for using the key.
@@ -43,7 +43,7 @@ public enum PIVPinPolicy: UInt8 {
 }
 
 /// The slot to use in the PIV application.
-public enum PIVSlot: UInt8 {
+public enum PIVSlot: UInt8, Sendable {
     case authentication = 0x9a
     case signature = 0x9c
     case keyManagement = 0x9d
@@ -67,7 +67,7 @@ public enum PIVSlot: UInt8 {
 }
 
 // PIV key type.
-public enum PIVKeyType: RawRepresentable, Equatable {
+public enum PIVKeyType: RawRepresentable, Equatable, Sendable {
 
     case rsa(RSA.KeySize)
     case ecc(EC.Curve)
@@ -131,7 +131,7 @@ public enum PIVKeyType: RawRepresentable, Equatable {
 }
 
 /// Result of a pin verification.
-public enum PIVVerifyPinResult: Equatable {
+public enum PIVVerifyPinResult: Equatable, Sendable {
     /// Verification was successful. The associated value holds the number of pin retries left.
     case success(Int)
     /// Verification failed. The associated value holds the number of pin retries left.
@@ -141,7 +141,7 @@ public enum PIVVerifyPinResult: Equatable {
 }
 
 /// PIV session specific errors.
-public enum PIVSessionError: Error {
+public enum PIVSessionError: Error, Sendable {
     case invalidCipherTextLength
     case unsupportedOperation
     case dataParseError
@@ -157,7 +157,7 @@ public enum PIVSessionError: Error {
 }
 
 /// Metadata about the card management key.
-public struct PIVManagementKeyMetadata {
+public struct PIVManagementKeyMetadata: Sendable {
     /// Whether or not the default card management key is set.
     public let isDefault: Bool
     /// The algorithm of key used for the Management Key.
@@ -167,7 +167,7 @@ public struct PIVManagementKeyMetadata {
 }
 
 /// Metadata about a key in a slot.
-public struct PIVSlotMetadata {
+public struct PIVSlotMetadata: Sendable {
     /// The algorithm and size of the key.
     public let keyType: PIVKeyType
     /// The PIN policy of a private key defines whether or not a PIN is required to use the key.
@@ -181,7 +181,7 @@ public struct PIVSlotMetadata {
 }
 
 /// Metadata about the PIN or PUK.
-public struct PIVPinPukMetadata {
+public struct PIVPinPukMetadata: Sendable {
     /// Whether or not the default PIN/PUK is set.
     public let isDefault: Bool
     /// The number of PIN/PUK attempts available after successful verification.
@@ -191,7 +191,7 @@ public struct PIVPinPukMetadata {
 }
 
 /// PIV management key type.
-public enum PIVManagementKeyType: UInt8 {
+public enum PIVManagementKeyType: UInt8, Sendable {
     /// 3-des (default)
     case tripleDES = 0x03
     /// AES-128
@@ -225,7 +225,7 @@ public enum PIVManagementKeyType: UInt8 {
 }
 
 /// Metadata about a Bio multi-protocol YubiKey.
-public struct PIVBioMetadata {
+public struct PIVBioMetadata: Sendable {
     /// Indicates whether biometrics are configured or not (fingerprints enrolled or not).
     ///
     /// A false return value indicates a YubiKey Bio without biometrics configured and hence the

YubiKit/YubiKit/PIV/PIVPadding.swift

@@ -16,7 +16,7 @@ import CommonCrypto
 import CryptoKit
 import Foundation
 
-public enum PIVPaddingError: Error {
+public enum PIVPaddingError: Error, Sendable {
     case unsupportedAlgorithm, unknownKeyType, unknownPaddingError, wrongInputBufferSize
 }
 

YubiKit/YubiKit/PIV/PIVSessionFeature.swift

@@ -14,7 +14,7 @@
 
 import Foundation
 
-public enum PIVSessionFeature: SessionFeature {
+public enum PIVSessionFeature: SessionFeature, Sendable {
 
     case usagePolicy, aesKey, serialNumber, metadata, attestation, p384, touchCached, rsaGeneration, rsa3072and4096,
         moveDelete

YubiKit/YubiKit/Response.swift

@@ -14,7 +14,7 @@
 
 import Foundation
 
-public struct Response: CustomStringConvertible {
+public struct Response: CustomStringConvertible, Sendable {
 
     public init(rawData: Data) {
         if rawData.count > 2 {

YubiKit/YubiKit/SCP/SCP03KeyParams.swift

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-public struct SCP03KeyParams: SCPKeyParams {
+public struct SCP03KeyParams: SCPKeyParams, Sendable {
     public let keyRef: SCPKeyRef
     public let staticKeys: StaticKeys
 

YubiKit/YubiKit/SCP/SCP11KeyParams.swift

@@ -14,7 +14,7 @@
 
 import CommonCrypto
 
-public struct SCP11KeyParams: SCPKeyParams {
+public struct SCP11KeyParams: SCPKeyParams, Sendable {
     public let keyRef: SCPKeyRef
     public let pkSdEcka: EC.PublicKey
     public let oceKeyRef: SCPKeyRef?

YubiKit/YubiKit/SCP/SecurityDomainSession.swift

@@ -25,7 +25,7 @@ import OSLog
 /// - notSupported: Requested operation isn’t available in the current context.
 /// - encryptionFailed: AES‑CBC encryption failed (CommonCrypto).
 /// - wrapped: Wraps a lower‑level ``Error`` (e.g. CryptoTokenKit).
-public enum SCPError: Error {
+public enum SCPError: Error, Sendable {
     case unexpectedResponse(String?)
     case illegalArgument(String?)
     case notSupported(String?)

YubiKit/YubiKit/Session.swift

@@ -29,11 +29,11 @@ public protocol Session: Sendable {
     func supports(_ feature: SessionFeature) -> Bool
 }
 
-public protocol SessionFeature {
+public protocol SessionFeature: Sendable {
     func isSupported(by version: Version) -> Bool
 }
 
-public enum SessionError: Error {
+public enum SessionError: Error, Sendable {
     case notSupported(_: String?)  // consider renaming to illegalState to match Java sdk
     case activeSession
     case missingApplication

YubiKit/YubiKit/SmartCardConnection.swift

@@ -81,7 +81,7 @@ extension SmartCardConnection: Connection {
 }
 
 // SmartCardConnection specific errors
-public enum SmartCardConnectionError: Error {
+public enum SmartCardConnectionError: Error, Sendable {
     /// CryptoTokenKit failed to return TKSmartCardSlotManager.default
     case unsupported
     /// CryptoTokenKit returned no slots

YubiKit/YubiKit/Utilities/Connections.swift

@@ -18,7 +18,7 @@ import Foundation
 import CoreNFC
 #endif
 
-public enum WiredConnection {
+public enum WiredConnection: Sendable {
     /// Establishes a Lightning or SmartCard connection to a YubiKey.
     ///
     /// Call this method to connect to a YubiKey using a wired interface such as Lightning or SmartCard.
@@ -35,7 +35,7 @@ public enum WiredConnection {
     }
 }
 
-public enum AnyConnection {
+public enum AnyConnection: Sendable {
     /// Establishes a connection to a YubiKey over either wired or NFC.
     ///
     /// Use this method to connect to a YubiKey using any available interface. If no wired YubiKey

YubiKit/YubiKit/Utilities/Data+Extensions.swift

@@ -15,7 +15,7 @@
 import CommonCrypto
 import Foundation
 
-public enum PIVEncryptionError: Error {
+public enum PIVEncryptionError: Error, Sendable {
     case cryptorError(CCCryptorStatus)
     case missingData
     case unsupportedAlgorithm