Chris' Blog.

The iOS keychain is a great place for storing sensitive information that you don't feel safe storing in UserDefaults or in a file on disk. Things like login details, passwords, auth tokens are perfectly suited for storing in the Keychain.

In this article, I'm going to show how to use the Keychain directly from Swift without dropping down to Objective-C or using a cocoapod/carthage library. Keep in mind that Apple recommends having less than 10 framework libraries with your app, or you'll suffer performance issues. With my example, simply create a KeychainWrapper.swift file in your project, paste in my sample code, modify as you see fit, and you're off to the races.

To be honest, iOS devices have a high level of security nowadays (as of writing) and I'm hard-pressed to give great reasons why information in the Keychain is any more secure than a file saved in your app's Library folder. Nevertheless, it seems to be best practice to use the Keychain. Perhaps people who know why the keychain is better can let me know and I'll update this article. Update: I'm told that there are exploits that can dump the filesystem, but not the keychain, but I've also heard that the filesystem has been fully encrypted for years now too, so I'm really on the fence about this one.

Things to know

• The keychain stores data, not strings, so you're responsible for calling myString.data(using: .utf8) and String(data: keychainData, encoding: .utf8) when calling it with string data.
• When an item is added, you have the chance to specify when you want to be able to read the item. If your app ever runs in the background, eg to handle push notifications, you'll need to set kSecAttrAccessibleAfterFirstUnlock.
• In a WWDC video, Apple confirmed once that your app will never be run in the background before the first unlock, so the above option is recommended.
• If you want your item to not sync via iCloud to the user's other devices, you can specify kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly instead.
• I only use the 'kSecClassGenericPassword' class of keychain item for simplicity. This 'class' has, as its primary key, a composite of the two 'service' and 'account' fields. Thus, in my code below, wherever you see 'account' think 'key', because I'm using a constant value for service.
• Other classes have primary keys made up of (multiple) different fields.
• iOS keeps your keychain items even when you delete and reinstall your app, in my testing.

The code

import Foundation
import Security

// You might want to update this to be something descriptive for your app.
private let service: String = "MyService"

enum Keychain {

    /// Does a certain item exist?
    static func exists(account: String) throws -> Bool {
        let status = SecItemCopyMatching([
            kSecClass: kSecClassGenericPassword,
            kSecAttrAccount: account,
            kSecAttrService: service,
            kSecReturnData: false,
            ] as NSDictionary, nil)
        if status == errSecSuccess {
            return true
        } else if status == errSecItemNotFound {
            return false
        } else {
            throw Errors.keychainError
        }
    }

    /// Adds an item to the keychain.
    private static func add(value: Data, account: String) throws {
        let status = SecItemAdd([
            kSecClass: kSecClassGenericPassword,
            kSecAttrAccount: account,
            kSecAttrService: service,
            // Allow background access:
            kSecAttrAccessible: kSecAttrAccessibleAfterFirstUnlock,
            kSecValueData: value,
            ] as NSDictionary, nil)
        guard status == errSecSuccess else { throw Errors.keychainError }
    }

    /// Updates a keychain item.
    private static func update(value: Data, account: String) throws {
        let status = SecItemUpdate([
            kSecClass: kSecClassGenericPassword,
            kSecAttrAccount: account,
            kSecAttrService: service,
            ] as NSDictionary, [
            kSecValueData: value,
            ] as NSDictionary)
        guard status == errSecSuccess else { throw Errors.keychainError }
    }

    /// Stores a keychain item.
    static func set(value: Data, account: String) throws {
        if try exists(account: account) {
            try update(value: value, account: account)
        } else {
            try add(value: value, account: account)
        }
    }

    // If not present, returns nil. Only throws on error.
    static func get(account: String) throws -> Data? {
        var result: AnyObject?
        let status = SecItemCopyMatching([
            kSecClass: kSecClassGenericPassword,
            kSecAttrAccount: account,
            kSecAttrService: service,
            kSecReturnData: true,
            ] as NSDictionary, &result)
        if status == errSecSuccess {
            return result as? Data
        } else if status == errSecItemNotFound {
            return nil
        } else {
            throw Errors.keychainError
        }
    }

    /// Delete a single item.
    static func delete(account: String) throws {
        let status = SecItemDelete([
            kSecClass: kSecClassGenericPassword,
            kSecAttrAccount: account,
            kSecAttrService: service,
            ] as NSDictionary)
        guard status == errSecSuccess else { throw Errors.keychainError }
    }

    /// Delete all items for my app. Useful on eg logout.
    static func deleteAll() throws {
        let status = SecItemDelete([
            kSecClass: kSecClassGenericPassword,
            ] as NSDictionary)
        guard status == errSecSuccess else { throw Errors.keychainError }
    }

    enum Errors: Error {
        case keychainError
    }
}

Example

And here's how you'd use it, although you shouldn't be force-unwrapping things in practice!

try Keychain.set(value: "FooBar".data(using: .utf8)!, account: "username")
try Keychain.set(value: "YadaYada".data(using: .utf8)!, account: "password")
let user = try Keychain.get(account: "username")
let pass = try Keychain.get(account: "password")
try Keychain.delete(account: "username")
try Keychain.deleteAll()

Alternatives

If you want something a bit more thorough and feature-rich, please consider these alternatives which look reasonably good: matthewpalmer/Locksmith and jrendel/SwiftKeychainWrapper

Having said that, I hope this post is still a good example of how to handle C libraries that require UnsafeRawPointers.

MIT license applies. No warranties. You should get a security team to review all code in your project, such as this.

Thanks for reading, I hope this helps someone, and have a great week!

Photo by Chunlea Ju on Unsplash

I tried recently to find a pure-Swift CommonCrypto wrapper, but all I could find were Obj-C wrapper libraries that were overkill. So, here I'd like to demonstrate how to bridge from Swift (version 5) to all those awkward UnsafeRawPointer and UnsafeMutableRawPointer types that face you when using libraries like CommonCrypto.

I'll also share some best-practices when using encryption, to wit:

• Use CBC mode, not ECB.
• Use PKCS7 for padding so that your input size doesn't have to be a multiple of 128 bits.
• Generate a fresh Initialisation Vector each encryption. It doesn't need to be hidden, just random.

CommonCrypto wrapper

Note that operation/algorithm/options are ints, because that's the type of the constants (kCCEncrypt, kCCDecrypt, kCCOptionPKCS7Padding, etc), whereas the param types are Int32. This is intended to make life more convenient for the caller.

CCrypt wants inputs (eg: key, iv, dataIn) like so: iv: UnsafeRawPointer!. To bridge from Swift to C, these steps are use for input data:

• Convert Data to UnsafeRawBufferPointer by calling withUnsafeBytes
• Then convert UnsafeRawBufferPointer to UnsafeRawPointer by calling baseAddress

Output data is a param of type UnsafeMutableRawPointer. To handle these, first allocate a buffer with: UnsafeMutableRawPointer.allocate(byteCount:alignment:). You're responsible to deallocate that, so defer it immediately: defer { dataOut.deallocate() }. Finally, copy its contents back to a Swift Data with Data(bytes:count:).

func crypt(operation: Int, algorithm: Int, options: Int, key: Data,
        initializationVector: Data, dataIn: Data) -> Data? {
    return key.withUnsafeBytes { keyUnsafeRawBufferPointer in
        return dataIn.withUnsafeBytes { dataInUnsafeRawBufferPointer in
            return initializationVector.withUnsafeBytes { ivUnsafeRawBufferPointer in
                // Give the data out some breathing room for PKCS7's padding.
                let dataOutSize: Int = dataIn.count + kCCBlockSizeAES128*2
                let dataOut = UnsafeMutableRawPointer.allocate(byteCount: dataOutSize,
                    alignment: 1)
                defer { dataOut.deallocate() }
                var dataOutMoved: Int = 0
                let status = CCCrypt(CCOperation(operation), CCAlgorithm(algorithm),
                    CCOptions(options),
                    keyUnsafeRawBufferPointer.baseAddress, key.count,
                    ivUnsafeRawBufferPointer.baseAddress,
                    dataInUnsafeRawBufferPointer.baseAddress, dataIn.count,
                    dataOut, dataOutSize, &dataOutMoved)
                guard status == kCCSuccess else { return nil }
                return Data(bytes: dataOut, count: dataOutMoved)
            }
        }
    }
}

Random bytes generation

Here's my pure-Swift wrapper for generating random bytes:

func randomGenerateBytes(count: Int) -> Data? {
    let bytes = UnsafeMutableRawPointer.allocate(byteCount: count, alignment: 1)
    defer { bytes.deallocate() }
    let status = CCRandomGenerateBytes(bytes, count)
    guard status == kCCSuccess else { return nil }
    return Data(bytes: bytes, count: count)
}

Simple encryption and decryption

Here's my using-the-good-options version of encryption/decryption:

extension Data {
    /// Encrypts for you with all the good options turned on: CBC, an IV, PKCS7
    /// padding (so your input data doesn't have to be any particular length).
    /// Key can be 128, 192, or 256 bits.
    /// Generates a fresh IV for you each time, and prefixes it to the
    /// returned ciphertext.
    func encryptAES256_CBC_PKCS7_IV(key: Data) -> Data? {
        guard let iv = randomGenerateBytes(count: kCCBlockSizeAES128) else { return nil }
        // No option is needed for CBC, it is on by default.
        guard let ciphertext = crypt(operation: kCCEncrypt,
                                    algorithm: kCCAlgorithmAES,
                                    options: kCCOptionPKCS7Padding,
                                    key: key,
                                    initializationVector: iv,
                                    dataIn: self) else { return nil }
        return iv + ciphertext
    }

    /// Decrypts self, where self is the IV then the ciphertext.
    /// Key can be 128/192/256 bits.
    func decryptAES256_CBC_PKCS7_IV(key: Data) -> Data? {
        guard count > kCCBlockSizeAES128 else { return nil }
        let iv = prefix(kCCBlockSizeAES128)
        let ciphertext = suffix(from: kCCBlockSizeAES128)
        return crypt(operation: kCCDecrypt, algorithm: kCCAlgorithmAES,
            options: kCCOptionPKCS7Padding, key: key, initializationVector: iv,
            dataIn: ciphertext)
    }
}

Example

And here's how you'd use it, although you shouldn't be force-unwrapping things in practice!

let key = randomGenerateBytes(count: 256/8)!
let superDuperSecret = "The quick brown fox jumps over the lazy dog".data(using: .utf8)!
let encrypted = superDuperSecret.encryptAES256_CBC_PKCS7_IV(key: key)!
let decrypted = encrypted.decryptAES256_CBC_PKCS7_IV(key: key)!
print(String(data: decrypted, encoding: .utf8)!)

CryptoKit

Once you're happy to only support iOS13+, you should consider using CryptoKit over CommonCrypto: https://developer.apple.com/documentation/cryptokit/

Having said that, I hope this post is still a good example of how to handle C libraries that require UnsafeRawPointers.

MIT license applies. No warranties. You should get a security team to review all code in your project, such as this.

Thanks for reading, and have a great week!

Photo by Gabriel Wasylko on Unsplash

Here is some sample code for pairing your iOS app with a Bluetooth LE peripheral. I'd like to think of it as a good starting point for your particular use-case, where you'd likely make a lot of changes. It handles the usual requirements like service discovery, reconnecting automatically when you come in and out of range, and reconnecting on app startup.

Before you simply copy and paste and use it, please read my earlier Bluetooth article for background and other necessary information.

How to use this

• Customise the service id, characteristic id, and the desired manufacturer data.
• In your AppDelegate, prod the singleton to life with _ = MyBluetoothManager.shared
• Call MyBluetoothManager.shared.scan() when you'd like to scan for the peripheral.
• Implement some sort of notification system for whenever the state changes, eg in a didChange handler, and listen to this from other parts of your app to eg progress the UI to the 'paired' screen.
• Call MyBluetoothManager.shared.disconnect(forget: true) when the user wants to unpair.
• Call MyBluetoothManager.shared.write(data: foo) when you'd like to send data to the peripheral.
• Customise didUpdateValueFor characteristic to handle data coming from the peripheral.
• And of course, being Bluetooth, cross your fingers and hope for the best!

MIT license applies.

import CoreBluetooth

private let restoreIdKey = "MyBluetoothManager"
private let peripheralIdDefaultsKey = "MyBluetoothManagerPeripheralId"
private let myDesiredServiceId = CBUUID(string:
    "12345678-0000-0000-0000-000000000000")
private let myDesiredCharacteristicId = CBUUID(string:
    "12345678-0000-0000-0000-000000000000")
private let desiredManufacturerData = Data(base64Encoded: "foobar==")!
private let outOfRangeHeuristics: Set<CBError.Code> = [.unknown,
    .connectionTimeout, .peripheralDisconnected, .connectionFailed]

/// This manages a bluetooth peripheral. This is intended as a starting point
/// for you to customise from.
/// Read http://www.splinter.com.au/2019/05/18/ios-swift-bluetooth-le for a
/// background in how to set this all up.
class MyBluetoothManager {
    static let shared = MyBluetoothManager()

    let central = CBCentralManager(delegate: MyCentralManagerDelegate.shared,
        queue: nil, options: [
        CBCentralManagerOptionRestoreIdentifierKey: restoreIdKey,
        ])

    /// The 'state machine' for remembering where we're up to.
    var state = State.poweredOff
    enum State {
        case poweredOff
        case restoringConnectingPeripheral(CBPeripheral)
        case restoringConnectedPeripheral(CBPeripheral)
        case disconnected
        case scanning(Countdown)
        case connecting(CBPeripheral, Countdown)
        case discoveringServices(CBPeripheral, Countdown)
        case discoveringCharacteristics(CBPeripheral, Countdown)
        case connected(CBPeripheral)
        case outOfRange(CBPeripheral)

        var peripheral: CBPeripheral? {
            switch self {
            case .poweredOff: return nil
            case .restoringConnectingPeripheral(let p): return p
            case .restoringConnectedPeripheral(let p): return p
            case .disconnected: return nil
            case .scanning: return nil
            case .connecting(let p, _): return p
            case .discoveringServices(let p, _): return p
            case .discoveringCharacteristics(let p, _): return p
            case .connected(let p): return p
            case .outOfRange(let p): return p
            }
        }
    }

    // Begin scanning here!
    func scan() {
        guard central.state == .poweredOn else {
            print("Cannot scan, BT is not powered on")
            return
        }

        // Scan!
        central.scanForPeripherals(withServices: [myDesiredServiceId], options: nil)
        state = .scanning(Countdown(seconds: 10, closure: {
            self.central.stopScan()
            self.state = .disconnected
            print("Scan timed out")
        }))
    }

    /// Call this with forget: true to do a proper unpairing such that it won't
    /// try reconnect next startup.
    func disconnect(forget: Bool = false) {
        if let peripheral = state.peripheral {
            central.cancelPeripheralConnection(peripheral)
        }
        if forget {
            UserDefaults.standard.removeObject(forKey: peripheralIdDefaultsKey)
            UserDefaults.standard.synchronize()
        }
        state = .disconnected
    }

    func connect(peripheral: CBPeripheral) {
        // Connect!
        // Note: We're retaining the peripheral in the state enum because Apple
        // says: "Pending attempts are cancelled automatically upon
        // deallocation of peripheral"
        central.connect(peripheral, options: nil)
        state = .connecting(peripheral, Countdown(seconds: 10, closure: {
            self.central.cancelPeripheralConnection(peripheral)
            self.state = .disconnected
            print("Connect timed out")
        }))
    }

    func discoverServices(peripheral: CBPeripheral) {
        peripheral.delegate = MyPeripheralDelegate.shared
        peripheral.discoverServices([myDesiredServiceId])
        state = .discoveringServices(peripheral, Countdown(seconds: 10, closure: {
            self.disconnect()
            print("Could not discover services")
        }))
    }

    func discoverCharacteristics(peripheral: CBPeripheral) {
        guard let myDesiredService = peripheral.myDesiredService else {
            self.disconnect()
            return
        }
        peripheral.delegate = MyPeripheralDelegate.shared
        peripheral.discoverCharacteristics([myDesiredCharacteristicId],
            for: myDesiredService)
        state = .discoveringCharacteristics(peripheral, Countdown(seconds: 10,
            closure: {
            self.disconnect()
            print("Could not discover characteristics")
        }))
    }

    func setConnected(peripheral: CBPeripheral) {
        guard let myDesiredCharacteristic = peripheral.myDesiredCharacteristic
            else {
            print("Missing characteristic")
            disconnect()
            return
        }

        // Remember the ID for startup reconnecting.
        UserDefaults.standard.set(peripheral.identifier.uuidString,
            forKey: peripheralIdDefaultsKey)
        UserDefaults.standard.synchronize()

        // Ask for notifications when the peripheral sends us data.
        // TODO another state waiting for this?
        peripheral.delegate = MyPeripheralDelegate.shared
        peripheral.setNotifyValue(true, for: myDesiredCharacteristic)

        state = .connected(peripheral)
    }

    /// Write data to the peripheral.
    func write(data: Data) throws {
        guard case .connected(let peripheral) = state else {
            throw Errors.notConnected
        }
        guard let characteristic = peripheral.myDesiredCharacteristic else {
            throw Errors.missingCharacteristic
        }
        peripheral.writeValue(data, for: characteristic, type: .withoutResponse)
        // .withResponse is more expensive but gives you confirmation.
        // It's an exercise for the reader to ask for a response and handle
        // timeouts waiting for said response.
        // I found it simpler to deal with that at a higher level in a
        // messaging framework.
    }

    enum Errors: Error {
        case notConnected
        case missingCharacteristic
    }

}

extension CBPeripheral {
    /// Helper to find the service we're interested in.
    var myDesiredService: CBService? {
        guard let services = services else { return nil }
        return services.first { $0.uuid == myDesiredServiceId }
    }

    /// Helper to find the characteristic we're interested in.
    var myDesiredCharacteristic: CBCharacteristic? {
        guard let characteristics = myDesiredService?.characteristics else {
            return nil
        }
        return characteristics.first { $0.uuid == myDesiredCharacteristicId }
    }
}

class MyPeripheralDelegate: NSObject, CBPeripheralDelegate {
    static let shared = MyPeripheralDelegate()

    func peripheral(_ peripheral: CBPeripheral, didDiscoverServices error: Error?) {
        // Ignore services discovered late.
        guard case .discoveringServices = MyBluetoothManager.shared.state else {
            return
        }

        if let error = error {
            print("Failed to discover services: \(error)")
            MyBluetoothManager.shared.disconnect()
            return
        }
        guard peripheral.myDesiredService != nil else {
            print("Desired service missing")
            MyBluetoothManager.shared.disconnect()
            return
        }

        // Progress to the next step.
        MyBluetoothManager.shared.discoverCharacteristics(peripheral: peripheral)
    }

    func peripheral(_ peripheral: CBPeripheral,
            didDiscoverCharacteristicsFor service: CBService, error: Error?) {
        // Ignore characteristics arriving late.
        guard case .discoveringCharacteristics =
            MyBluetoothManager.shared.state else { return }

        if let error = error {
            print("Failed to discover characteristics: \(error)")
            MyBluetoothManager.shared.disconnect()
            return
        }
        guard peripheral.myDesiredCharacteristic != nil else {
            print("Desired characteristic missing")
            MyBluetoothManager.shared.disconnect()
            return
        }

        // Ready to go!
        MyBluetoothManager.shared.setConnected(peripheral: peripheral)
    }

    func peripheral(_ peripheral: CBPeripheral,
            didUpdateValueFor characteristic: CBCharacteristic, error: Error?) {
        if let error = error {
            print(error)
            return
        }

        // This is where the peripheral sends you data!
        // Exercise for the reader: handle the characteristic.value, eg buffer
        // and scan for JSON between STX and ETX markers.
    }

    /// Called when .withResponse is used.
    func peripheral(_ peripheral: CBPeripheral,
            didWriteValueFor characteristic: CBCharacteristic, error: Error?) {
        if let error = error {
            print("Error writing to characteristic: \(error)")
            return
        }
    }

    func peripheral(_ peripheral: CBPeripheral,
            didUpdateNotificationStateFor characteristic: CBCharacteristic,
            error: Error?) {
        // TODO cancel a setNotifyValue timeout if no error.
    }
}

class MyCentralManagerDelegate: NSObject, CBCentralManagerDelegate {
    static let shared = MyCentralManagerDelegate()

    func centralManagerDidUpdateState(_ central: CBCentralManager) {
        if central.state == .poweredOn {
            // Are we transitioning from BT off to BT ready?
            if case .poweredOff = MyBluetoothManager.shared.state {
                // Firstly, try to reconnect:
                if let peripheralIdStr = UserDefaults.standard
                        .object(forKey: peripheralIdDefaultsKey) as? String,
                    let peripheralId = UUID(uuidString: peripheralIdStr),
                    let previouslyConnected = central
                        .retrievePeripherals(withIdentifiers: [peripheralId])
                        .first {
                    MyBluetoothManager.shared.connect(
                        peripheral: previouslyConnected)

                    // Next, try for ones that are connected to the system:
                } else if let systemConnected = central
                        .retrieveConnectedPeripherals(withServices:
                        [myDesiredServiceId]).first {
                    MyBluetoothManager.shared.connect(peripheral: systemConnected)

                } else {
                    // Not an error, simply the case that they've never paired
                    // before, or they did a manual unpair:
                    MyBluetoothManager.shared.state = .disconnected
                }
            }

            // Did CoreBluetooth wake us up with a peripheral that was connecting?
            if case .restoringConnectingPeripheral(let peripheral) =
                    MyBluetoothManager.shared.state {
                MyBluetoothManager.shared.connect(peripheral: peripheral)
            }

            // CoreBluetooth woke us with a 'connected' peripheral, but we had
            // to wait until 'poweredOn' state:
            if case .restoringConnectedPeripheral(let peripheral) =
                    MyBluetoothManager.shared.state {
                if peripheral.myDesiredCharacteristic == nil {
                    MyBluetoothManager.shared.discoverServices(
                        peripheral: peripheral)
                } else {
                    MyBluetoothManager.shared.setConnected(peripheral: peripheral)
                }
            }
        } else { // Turned off.
            MyBluetoothManager.shared.state = .poweredOff
        }
    }

    // Apple says: This is the first method invoked when your app is relaunched
    // into the background to complete some Bluetooth-related task.
    func centralManager(_ central: CBCentralManager,
            willRestoreState dict: [String : Any]) {
        let peripherals: [CBPeripheral] = dict[
            CBCentralManagerRestoredStatePeripheralsKey] as? [CBPeripheral] ?? []
        if peripherals.count > 1 {
            print("Warning: willRestoreState called with >1 connection")
        }
        // We have a peripheral supplied, but we can't touch it until
        // `central.state == .poweredOn`, so we store it in the state
        // machine enum for later use.
        if let peripheral = peripherals.first {
            switch peripheral.state {
            case .connecting: // I've only seen this happen when
                // re-launching attached to Xcode.
                MyBluetoothManager.shared.state =
                    .restoringConnectingPeripheral(peripheral)

            case .connected: // Store for connection / requesting
                // notifications when BT starts.
                MyBluetoothManager.shared.state =
                    .restoringConnectedPeripheral(peripheral)
            default: break
            }
        }
    }

    func centralManager(_ central: CBCentralManager,
            didDiscover peripheral: CBPeripheral,
            advertisementData: [String : Any], rssi RSSI: NSNumber) {
        guard case .scanning = MyBluetoothManager.shared.state else { return }

        // You might want to skip this manufacturer data check.
        guard let mfgData =
                advertisementData[CBAdvertisementDataManufacturerDataKey] as? Data,
            mfgData == desiredManufacturerData else {
            print("Missing/wrong manufacturer data")
            return
        }

        central.stopScan()
        MyBluetoothManager.shared.connect(peripheral: peripheral)
    }

    func centralManager(_ central: CBCentralManager,
            didConnect peripheral: CBPeripheral) {
        if peripheral.myDesiredCharacteristic == nil {
            MyBluetoothManager.shared.discoverServices(peripheral: peripheral)
        } else {
            MyBluetoothManager.shared.setConnected(peripheral: peripheral)
        }
    }

    func centralManager(_ central: CBCentralManager,
            didFailToConnect peripheral: CBPeripheral, error: Error?) {
        MyBluetoothManager.shared.state = .disconnected
    }

    func centralManager(_ central: CBCentralManager,
            didDisconnectPeripheral peripheral: CBPeripheral, error: Error?) {
        // Did our currently-connected peripheral just disconnect?
        if MyBluetoothManager.shared.state.peripheral?.identifier ==
                peripheral.identifier {
            // IME the error codes encountered are:
            // 0 = rebooting the peripheral.
            // 6 = out of range.
            if let error = error,
                (error as NSError).domain == CBErrorDomain,
                let code = CBError.Code(rawValue: (error as NSError).code),
                outOfRangeHeuristics.contains(code) {
                // Try reconnect without setting a timeout in the state machine.
                // With CB, it's like saying 'please reconnect me at any point
                // in the future if this peripheral comes back into range'.
                MyBluetoothManager.shared.central.connect(peripheral, options: nil)
                MyBluetoothManager.shared.state = .outOfRange(peripheral)
            } else {
                // Likely a deliberate unpairing.
                MyBluetoothManager.shared.state = .disconnected
            }
        }
    }
}

/// Timer wrapper that automatically invalidates when released.
/// Read more: http://www.splinter.com.au/2019/03/28/timers-without-circular-references-with-pendulum
class Countdown {
    let timer: Timer

    init(seconds: TimeInterval, closure: @escaping () -> ()) {
        timer = Timer.scheduledTimer(withTimeInterval: seconds,
                repeats: false, block: { _ in
            closure()
        })
    }

    deinit {
        timer.invalidate()
    }
}

Thanks for reading, and have a great week!

Photo by Katherine Chase on Unsplash