0

I wrote some code to test adding an item to a keychain. I am testing on iPad 4.2.1 (jailbroken). I signed the binary with ldid -S prog on iPad.

Code:

#import <Security/Security.h>
#import <Security/SecItem.h>
#import <Foundation/NSDictionary.h>
#import <Foundation/NSString.h>
#import <Foundation/NSObject.h>
#import <CoreFoundation/CoreFoundation.h>
#import <Foundation/NSAutoreleasePool.h>
#import <Foundation/NSKeyValueCoding.h>

int main(int argc, char *argv[]) 
     {   
       NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
       NSDictionary *attributesToStore = [NSDictionary dictionaryWithObjectsAndKeys:
         [@"testuser01" dataUsingEncoding:NSUTF8StringEncoding],kSecAttrAccount,
         [@"test123" dataUsingEncoding:NSUTF8StringEncoding],kSecValueData,
         kSecClassInternetPassword,kSecClass,
         [@"www.example.com" dataUsingEncoding:NSUTF8StringEncoding],kSecAttrServer,
         kCFBooleanTrue, kSecReturnPersistentRef, 
         [@"Sample password" dataUsingEncoding:NSUTF8StringEncoding], kSecAttrDescription,
         [@"password label" dataUsingEncoding:NSUTF8StringEncoding],kSecAttrLabel, nil];
        NSData *persistentRef = nil;
        OSStatus result = SecItemAdd((CFDictionaryRef)attributesToStore, (CFTypeRef *)&persistentRef);
        if (noErr == result)
                {   
                 NSLog(@"Added item to Keychain");
                }   
        else {
                NSLog(@"Item add failed");
                NSLog(@"Result code: %d",result);
             }    
       [pool release];
       return 0;
     }

The code compiles and links without any noise or warnings. But execution on the iPad throws an error -25308.

How do I troubleshoot this error?

Sicco
  • 6,167
  • 5
  • 45
  • 61
sandflow
  • 1
  • 1
  • 1

2 Answers2

0

I am pretty sure you need to set kSecClass key so the keychain knows what kind of item you are trying to add.

As a side note, I found the GenericKeychain sample code to be useful after I rewrote the init method as outlined in my answer to my question here.

Community
  • 1
  • 1
Simon Goldeen
  • 9,080
  • 3
  • 36
  • 45
  • Thanks for the response, Simon. I am looking at your code but the piece of code above does set "kSecClass" as kSecClassInternetPassword,kSecClass, – sandflow Mar 01 '11 at 07:20
0

The main problem with the example code is that many items are encoded as NSData objects where NSString objects should be used (kSecAttrAccount, kSecAttrLabel, kSecAttrDescription and kSecAttrServer). I'm surprised that this issue wouldn't result in an exception, although behavior on iOS may be different to Lion (where I looked at this).

It may also be that specifying kSecReturnRef instead of kSecReturnPersistentRef may be more appropriate (from the documentation, using kSecReturnPersistentRef vends "a persistent reference may be stored on disk or passed between processes"). It is a way to specify a keychain item for use with SecItemUpdate, SecItemDelete or SecItemCopyMatching using it with kSecMatchItemList that has the advantage of persistence between sessions (say using NSUserDefaults) or passing to another process. If the item is only used within the lifetime of the application, or it is more appropriate to find using other attributes, then the item reference using kSecReturnRef is likely more appropriate.

Tom M
  • 141
  • 2
  • 4