Bug 27311 - Calling `SecKeyChain.Update` method fails with status code `SecStatusCode.Param`
Summary: Calling `SecKeyChain.Update` method fails with status code `SecStatusCode.Param`
Alias: None
Product: iOS
Classification: Xamarin
Component: General (show other bugs)
Version: XI 8.6.0
Hardware: PC Mac OS
: Normal normal
Target Milestone: Untriaged
Assignee: Sebastien Pouliot
Depends on:
Reported: 2015-02-23 11:59 UTC by Prashant Cholachagudda
Modified: 2017-07-26 18:06 UTC (History)
5 users (show)

See Also:
Is this bug a regression?: ---
Last known good build:

Test Case (10.89 KB, application/zip)
2017-07-26 18:06 UTC, John Miller [MSFT]

Description Prashant Cholachagudda 2015-02-23 11:59:46 UTC
Calling `SecKeyChain.Update` method to update the Keychain value returns SecStatusCode.Param instead of SecStatusCode.Success

Testcase: https://gist.github.com/prashantvc/c5545eee55392aff8b69#file-setkeychainstorage-cs-L16
Comment 1 Sebastien Pouliot 2015-02-23 21:03:23 UTC
The keychain API is pretty horrible. Our own API tries to hide part of this - but they still have holes.

Now I'm not sure I understand the code intent. It seems like it's looking for a `GenericPassword` and, if found, it tries to _update_ it to `InternetPassword`. IIRC you can't update the kind of a record. In fact you can only update _some_ of its properties. 

E.g. `kSecValueData` (which in XI is `ValueData`) is _not_ allowed in updates, see Apple doc [1] and SO post [2]

So the query is incorrect. What was done, in `QueryAs*` method was to hide those requirements from the developer. However that was not done for the `Update` method. Worse the constants required to create a correct query are not exposed publicly.

@Prashant I can likely provide a workaround for the specific case required for the customer. However the code in the gist does not seems correct (GenericPassword vs InternetPassword). Can you confirm what's the intended goal ?

[1] https://developer.apple.com/library/ios/documentation/Security/Reference/keychainservices/index.html#//apple_ref/doc/constant_group/Attribute_Item_Keys

[2] http://stackoverflow.com/q/23692252
Comment 2 ajonno68 2015-02-25 19:22:16 UTC
hi all, can u please revert on this one soon as possible. Its a security requirement (from our Chief Security Officer) and its holding up testing here. Appreciate your help.
Comment 4 John Miller [MSFT] 2017-07-26 18:06:03 UTC
Created attachment 23824 [details]
Test Case

I can confirm using the latest Xamarin.iOS that I am able to reproduce this issue. 

Use this attachment and run on a simulator. Notice the `err` value / output to console.
Comment 5 John Miller [MSFT] 2017-07-26 18:06:29 UTC
Updating to CONFIRMED per comment 4.

Note You need to log in before you can comment on or make changes to this bug.