Bug 27311 - Calling `SecKeyChain.Update` method fails with status code `SecStatusCode.Param`
Summary: Calling `SecKeyChain.Update` method fails with status code `SecStatusCode.Param`
Alias: None
Product: iOS
Classification: Xamarin
Component: General ()
Version: XI 8.6.0
Hardware: PC Mac OS
: Normal normal
Target Milestone: Untriaged
Assignee: Sebastien Pouliot
Depends on:
Reported: 2015-02-23 11:59 UTC by Prashant Cholachagudda
Modified: 2017-07-26 18:06 UTC (History)
5 users (show)

Is this bug a regression?: ---
Last known good build:

Test Case (10.89 KB, application/zip)
2017-07-26 18:06 UTC, John Miller [MSFT]

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report for Bug 27311 on Developer Community or GitHub if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: Developer Community HTML or GitHub Markdown
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:

Description Prashant Cholachagudda 2015-02-23 11:59:46 UTC
Calling `SecKeyChain.Update` method to update the Keychain value returns SecStatusCode.Param instead of SecStatusCode.Success

Testcase: https://gist.github.com/prashantvc/c5545eee55392aff8b69#file-setkeychainstorage-cs-L16
Comment 1 Sebastien Pouliot 2015-02-23 21:03:23 UTC
The keychain API is pretty horrible. Our own API tries to hide part of this - but they still have holes.

Now I'm not sure I understand the code intent. It seems like it's looking for a `GenericPassword` and, if found, it tries to _update_ it to `InternetPassword`. IIRC you can't update the kind of a record. In fact you can only update _some_ of its properties. 

E.g. `kSecValueData` (which in XI is `ValueData`) is _not_ allowed in updates, see Apple doc [1] and SO post [2]

So the query is incorrect. What was done, in `QueryAs*` method was to hide those requirements from the developer. However that was not done for the `Update` method. Worse the constants required to create a correct query are not exposed publicly.

@Prashant I can likely provide a workaround for the specific case required for the customer. However the code in the gist does not seems correct (GenericPassword vs InternetPassword). Can you confirm what's the intended goal ?

[1] https://developer.apple.com/library/ios/documentation/Security/Reference/keychainservices/index.html#//apple_ref/doc/constant_group/Attribute_Item_Keys

[2] http://stackoverflow.com/q/23692252
Comment 2 ajonno68 2015-02-25 19:22:16 UTC
hi all, can u please revert on this one soon as possible. Its a security requirement (from our Chief Security Officer) and its holding up testing here. Appreciate your help.
Comment 4 John Miller [MSFT] 2017-07-26 18:06:03 UTC
Created attachment 23824 [details]
Test Case

I can confirm using the latest Xamarin.iOS that I am able to reproduce this issue. 

Use this attachment and run on a simulator. Notice the `err` value / output to console.
Comment 5 John Miller [MSFT] 2017-07-26 18:06:29 UTC
Updating to CONFIRMED per comment 4.