Bug 36571 - Can't add Security.SecAccessControl to an NSDictionary. "Do not know how to marshal object of type 'Security.SecAccessControl' to an NSObject"
Summary: Can't add Security.SecAccessControl to an NSDictionary. "Do not know how to m...
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll ()
Version: XI 9.2
Hardware: Macintosh Mac OS
: Normal normal
Target Milestone: (C7)
Assignee: Sebastien Pouliot
Depends on:
Reported: 2015-12-03 23:56 UTC by Jon Goldberger [MSFT]
Modified: 2016-06-02 18:23 UTC (History)
5 users (show)

Is this bug a regression?: ---
Last known good build:

Test Project (11.16 KB, application/zip)
2015-12-03 23:56 UTC, Jon Goldberger [MSFT]

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Jon Goldberger [MSFT] 2015-12-03 23:56:52 UTC
Created attachment 14113 [details]
Test Project

## Description

Customer is trying to generate a key pair for use with Secure Enclave. A previous issue trying to do this was reported in bug #36454, which has to do with missing bindings of string constants for use with Secure Enclave, however that could be worked around by getting the constants from the dynamic Security library. 

They hit another snag when trying to create the NSDictionary for the parameters argument of:
> Security.SecKey.GenerateKeyPair(parameters, out pub, out priv);

After creating a Security.SecAccessControl object with:

> SecAccessControl kSecAttrAccesControl = new SecAccessControl(SecAccessible.WhenPasscodeSetThisDeviceOnly, SecAccessControlCreateFlags.TouchIDCurrentSet | SecAccessControlCreateFlags.PrivateKeyUsage);

It seems the object is created but the Handle is IntPtr.Zero. When trying to create an NSDictionary with:

>var parameters = NSDictionary.FromObjectsAndKeys (
>	new object[] {kSecAttrTokenIDSecureEnclaveString, kSecAttrAccesControl }, 
>	new object[] {kSecAttrTokenIDString, kSecAttrAccessControlString}

the following exception is thrown:
>System.ArgumentException: Do not know how to marshal object of type 'Security.SecAccessControl' to an NSObject
>  at Foundation.NSArray.From[T] (Foundation.T[] items, Int64 count) <0xcd330 + 0x00358> in <filename unknown>:0
>  at Foundation.NSArray.FromObjects (System.Object[] items) [0x00000] in /Users/builder/data/lanes/2506/eb4c1ef1/source/maccore/src/Foundation/NSArray.cs:68
>  at Foundation.NSDictionary.FromObjectsAndKeys (System.Object[] objects, System.Object[] keys) [0x00022] in /Users/builder/data/lanes/2506/eb4c1ef1/source/maccore/src/Foundation/NSDictionary.cs:106
>  at SecureEnclave.ViewController.ViewDidLoad () [0x00086] in /Users/apple/Downloads/SecureEnclave/SecureEnclave/ViewController.cs:39
>  at at (wrapper managed-to-native) UIKit.UIApplication:UIApplicationMain (int,string[],intptr,intptr)
>  at UIKit.UIApplication.Main (System.String[] args, IntPtr principal, IntPtr delegate) [0x00005] in /Users/builder/data/lanes/2506/eb4c1ef1/source/maccore/src/UIKit/UIApplication.cs:77
>  at UIKit.UIApplication.Main (System.String[] args, System.String principalClassName, System.String delegateClassName) [0x0001c] in /Users/builder/data/lanes/2506/eb4c1ef1/source/maccore/src/UIKit/UIApplication.cs:60
>  at SecureEnclave.Application.Main (System.String[] args) [0x00008] in /Users/apple/Downloads/SecureEnclave/SecureEnclave/Main.cs:12

## Steps to reproduce

1. Open the attached test Project and deploy to device or simulator. 

Expected result: No exception

Actual Result: Noted exception is thrown. 

## Environment

=== Xamarin Studio ===

Version 5.10.1 (build 3)
Installation UUID: 964c531b-d928-456b-a9ae-e1f82266b360
	Mono 4.2.1 (explicit/6dd2d0d)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 402010102

=== Xamarin.Profiler ===

Location: /Applications/Xamarin Profiler.app/Contents/MacOS/Xamarin Profiler

=== Xamarin.Android ===

Version: (Business Edition)
Android SDK: /Users/apple/Library/Developer/Xamarin/android-sdk-mac_x86
	Supported Android versions:
		4.0.3 (API level 15)
		4.1   (API level 16)
		4.2   (API level 17)
		4.3   (API level 18)
		4.4   (API level 19)
		5.0   (API level 21)
		5.1   (API level 22)
		6.0   (API level 23)

SDK Tools Version: 24.4.1
SDK Platform Tools Version: 23.0.1
SDK Build Tools Version: 23.0.2

Java SDK: /usr
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)

=== Xamarin Android Player ===

Version: 0.6.5
Location: /Applications/Xamarin Android Player.app

=== Apple Developer Tools ===

Xcode 7.1.1 (9081)
Build 7B1005

=== Xamarin.iOS ===

Version: (Business Edition)
Hash: eb4c1ef
Branch: master
Build date: 2015-12-01 02:12:30-0500

=== Xamarin.Mac ===

Version: (Business Edition)

=== Build Information ===

Release ID: 510010003
Git revision: f2021a209d66d49cbc0649a6d968b29040e57807
Build date: 2015-12-01 10:43:40-05
Xamarin addins: dfd4f5103e8951edbc8ac24480b53b53c55e04ff
Build lane: monodevelop-lion-cycle6-baseline

=== Operating System ===

Mac OS X 10.11.1
Darwin Jons-iMac.local 15.0.0 Darwin Kernel Version 15.0.0
    Sat Sep 19 15:53:46 PDT 2015
    root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64
Comment 2 Sebastien Pouliot 2015-12-07 15:57:09 UTC
The error occurs because, at that time, the `SecAccessControl` instance only exists in managed code, not native code (it's Handle is null). It's an optimization that did not take into account this use case.

I'll fix this for the future and update the bug report with a workaround.
Comment 3 Sebastien Pouliot 2015-12-07 18:15:33 UTC
Fixed in maccore/master d041bd11aed540f5baa29fcd7a584d1c82594cee

QA: unit tests added in same revision

Keeping open for workaround.
Comment 4 Sebastien Pouliot 2015-12-07 18:27:06 UTC
The workaround [1] will work with existing XI and also future versions (but it still should be removed).

[1] https://gist.github.com/spouliot/c55e1cc04e3899788107
Comment 5 Jørgen Tellnes 2015-12-08 12:24:15 UTC
I still get the marshaling error, even when using the workaround. The line

var m = t.GetMethod ("Create", System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic);

Returns null, so the workaround essentially does nothing. The handle is still 0x0.

Any ideas for a better workaround?
Comment 6 Sebastien Pouliot 2015-12-08 13:11:19 UTC
@Jørgen are you using the exact same versions as mentioned in the original description ?

and that `t` is an `Type` instance for `SecAccessControl` ?

Just to be sure please provide all version information*

* The easiest way to get exact version information is to use the "Xamarin Studio" menu, "About Xamarin Studio" item, "Show Details" button and copy/paste the version informations (you can use the "Copy Information" button).
Comment 7 Jørgen Tellnes 2015-12-08 13:37:16 UTC
t is a Type instance for "Security.SecAccessControl"

I'm running the latest stable versions, and I'm using Visual Studio:

    Xamarin (cdc0365)
    Visual Studio extension to enable development for Xamarin.iOS and     Xamarin.Android.

    Xamarin.Android (d300845)
    Visual Studio plugin to enable development for Xamarin.Android.

    Xamarin.iOS (edf4e56)
    Visual Studio extension to enable development for Xamarin.iOS.

And here is the version info from Xamarin studio:

=== Xamarin Studio ===

Version 5.10 (build 871)
Installation UUID: 30fd2b8c-e07d-4312-be53-5b7d84239c54
	Microsoft .NET 4.0.30319.42000
	GTK+ 2.24.23 (MS-Windows theme)
	GTK# 2.12.30

=== Xamarin.Profiler ===

Not Installed

=== Xamarin.Android ===

Version: 6.0.0
Android SDK: Not found

=== Xamarin Android Player ===

Not Installed

=== Build Information ===

Release ID: 510000871
Git revision: 4e9c5abb5ffdae12ba02ac49da83f8b2011dbb88
Build date: 2015-11-12 07:16:34-05
Xamarin addins: 55007ed0e56436f385d8e26394a45be563abc7e8
Build lane: monodevelop-windows-cycle6

=== Operating System ===

Windows 6.1.7601.65536 (64-bit)
Comment 8 Sebastien Pouliot 2015-12-08 14:01:51 UTC
Device or simulator builds ?

I just realized that the workaround might not be linker safe, as `Create` is not called by the .ctor (the real issue and you might not have any other code that reach it) and can be removed.

If it only fails on device (and works on sim) then try adding:

> [assembly: Preserve (typeof (MonoTouch.Security.SecAccessControl), AllMembers = true)]
Comment 9 Jørgen Tellnes 2015-12-08 14:52:04 UTC
Adding the preserve attribute helped - the workaround works fine now. Thanks!