5
我使用keychain來存儲敏感數據。iOS keychain - 使用iOS 9.2 beta 3的errSecItemNotFound
從iOS 9.2 beta 3開始,我無法檢索從以前版本的iOS(例如iOS 9.1)創建的敏感數據。 當使用SecItemCopyMatching時,我有一個錯誤errSecItemNotFound。 iOS 9.1(iOS 9.2 beta 2或iOS 7.x/8.x/9.0)沒有問題。很奇怪:如果我的源代碼不存在,我的源代碼會創建一個新的敏感數據,所以對於iOS 9.2 beta 3,我有一個新的敏感數據,但是如果我切換回iOS 9.1,我將檢索舊的敏感數據等回去的iOS 9.2測試版3 ...當 由於我使用的是完全相同的查詢,似乎鑰匙串是重複......
這裏是我的代碼添加敏感數據:
NSMutableDictionary *symmetricKeyAttr = [NSMutableDictionary dictionary];
[symmetricKeyAttr setObject:(__bridge id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(__bridge id)kSecAttrAccessible];
[symmetricKeyAttr setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[symmetricKeyAttr setObject:[NSNumber numberWithUnsignedInt:CSSM_ALGID_AES] forKey:(__bridge id)kSecAttrKeyType];
[symmetricKeyAttr setObject:[NSNumber numberWithUnsignedInt:(unsigned int)(kChosenCipherKeySize << 3)] forKey:(__bridge id)kSecAttrKeySizeInBits];
[symmetricKeyAttr setObject:[NSNumber numberWithUnsignedInt:(unsigned int)(kChosenCipherKeySize << 3)]
forKey:(__bridge id)kSecAttrEffectiveKeySize];
[symmetricKeyAttr setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecAttrCanEncrypt];
[symmetricKeyAttr setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecAttrCanDecrypt];
[symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanDerive];
[symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanSign];
[symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanVerify];
[symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanWrap];
[symmetricKeyAttr setObject:(id)kCFBooleanFalse forKey:(__bridge id)kSecAttrCanUnwrap];
[symmetricKeyAttr setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup];
[symmetricKeyAttr setObject:applicationTag forKey:(__bridge id)kSecAttrApplicationTag];
[symmetricKeyAttr setObject:sensitiveData forKey:(__bridge id)kSecValueData];
OSStatus sanityCheck = SecItemAdd((__bridge CFDictionaryRef) symmetricKeyAttr, NULL);
這裏是我的代碼來獲取敏感數據:
NSMutableDictionary * querySymmetricKey = [NSMutableDictionary dictionary];
[querySymmetricKey setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[querySymmetricKey setObject:[NSNumber numberWithUnsignedInt:CSSM_ALGID_AES] forKey:(__bridge id)kSecAttrKeyType];
[querySymmetricKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnData];
[querySymmetricKey setObject:applicationTag forKey:(__bridge id)kSecAttrApplicationTag];
[querySymmetricKey setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup];
CFDataRef symmetricKeyDataRef = NULL;
OSStatus sanityCheck = SecItemCopyMatching((__bridge CFDictionaryRef)querySymmetricKey, (CFTypeRef *)&symmetricKeyDataRef);
其中:
- sensitiveData是敏感數據存儲裝置(例如< ac746cc2 80f72948 59d0d8b7 a5de4bad 5d9e9eb1 a400fba3 c85f3f2e 675d58bf>)
- accessGroup是隊標識符和應用程序的級聯
- 標識符(例如XXXXXXXXXX.com.toto.tata)applicationTag是與合理的數據的標記 (例如< 746F746F>)
附加點:
- 只有64位的裝置,就會出現問題,具有32位的設備沒有問題。
- CSSM_ALGID_NONE替代CSSM_ALGID_AES解決了這個問題(即使用iOS 9.2 beta 3可以正確檢索用iOS 9.1創建的數據),但這是不可接受的,因爲我必須能夠讀取使用CSSM_ALGID_AES在iOS 9.1上創建的數據。
- 此問題與kSecAttrAccessGroup無關:我在刪除此屬性時仍遇到問題。
- 我已經用蘋果公司的樣品(https://developer.apple.com/library/ios/samplecode/CryptoExercise)「複製」了這個問題。本示例也使用CSSM_ALGID_AES,而不是kSecAttrAccessGroup。使用64位設備:在iOS 9.2 beta 3中發現使用iOS 9.1創建的密鑰(< bdd17fe1 f515e2b1 14de7c43 c4cb6a70>),但它具有不同的值(< 73b205e2 46230f69 fa0f347c 2958e6b1>)!使用32位設備:關鍵是的iOS 9.1和iOS 9.2測試版3
Notes之間是相同的:
- 我已經張貼了這個問題,在蘋果論壇,但沒有從蘋果迴應... https://forums.developer.apple.com/message/87080
- 我通過使用IPSW文件在不進行備份還原的情況下在iOS 9.1和9.2 beta 3之間切換,但通過執行備份還原,我遇到了同樣的問題。
任何想法?