I have a really strange behavior in an iOS App.
I switched from iOS 6 to iOS 7. In iOS 6 everything worked perfectly.
- (NSMutableDictionary *)newSearchDictionary:(NSString *)identifier {
NSMutableDictionary *searchDictionary = [[NSMutableDictionary alloc] init];
[searchDictionary setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass];
NSData *encodedIdentifier = [identifier dataUsingEncoding:NSUTF8StringEncoding];
[searchDictionary setObject:encodedIdentifier forKey:(__bridge id)kSecAttrGeneric];
[searchDictionary setObject:encodedIdentifier forKey:(__bridge id)kSecAttrAccount];
[searchDictionary setObject:serviceName forKey:(__bridge id)kSecAttrService];
return searchDictionary;
}
- (NSData *)searchKeychainCopyMatching:(NSString *)identifier {
NSMutableDictionary *searchDictionary = [self newSearchDictionary:identifier];
[searchDictionary setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
[searchDictionary setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData];
CFDataRef dataRef;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)searchDictionary,
(CFTypeRef *)&dataRef);
if (status != errSecSuccess) {
#ifdef DEBUG
NSLog(@"%s - No OSStatus errSecSuccess. Caused by SecItemCopyMatching", __PRETTY_FUNCTION__);
#endif
return nil;
}
NSData *result = (__bridge_transfer NSData *)dataRef;
return result;
}
When the App starts the - (NSData *)searchKeychainCopyMatching:(NSString *)identifier function loads the values from the keychain. Everything works fine for a while. But after about 15 successful value requests I get an error.
OSStatus Code -34018
The SecItemCopyMatching function returns that error code. The documentation says
@result A result code. See "Security Error Codes" (SecBase.h).
But looking in the SecBase.h there are only these OSStatus codes specified.
enum
{
errSecSuccess = 0, /* No error. */
errSecUnimplemented = -4, /* Function or operation not implemented. */
errSecIO = -36, /*I/O error (bummers)*/
errSecOpWr = -49, /*file already open with with write permission*/
errSecParam = -50, /* One or more parameters passed to a function where not valid. */
errSecAllocate = -108, /* Failed to allocate memory. */
errSecUserCanceled = -128, /* User canceled the operation. */
errSecBadReq = -909, /* Bad parameter or invalid state for operation. */
errSecInternalComponent = -2070,
errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */
errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */
errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */
errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */
errSecDecode = -26275, /* Unable to decode the provided data. */
errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */
};
The values doesn't get overridden, already checked.
And last but not least the search dictionary:
Edit - new info
I was debugging the whole day and I found some news. I'm downloading a Zip-File containing an executable Bundle. This is a In-House App so no worries about point 2.7 and 2.8 in the review guidelines. After successfully loading the bundle the entitlements error appears.
NSBundle *bundle = nil;
NSError *error = nil;
bundle = [[NSBundle alloc] initWithPath:bundlePath];
if (!bundle) {
return nil;
}
// Here i can access the keychain as usually
[bundle loadAndReturnError:&error];
// Well here it suddenly doesn't work anymore
// error is also nil
Well the bundle code inside does not use the keychain. May be this is some kind of security logic? Any clues?
See Question&Answers more detail:
os 
