Mooseyard MYCrypto → 0.3

Comments and changes to this ticket

• 

  snej April 14th, 2009 @ 07:06 PM

  • State changed from “new” to “open”
• 

  snej April 16th, 2009 @ 10:18 AM

  I looked at this a bit last night and figured out a few things.

  If I change the test case so the key is generated in a keychain, then the export is able to get to the point of prompting for a passphrase. So it seems that the passphrase functionality is tied to being in a keychain.

  (To get this far I had to change -[MYSymmetricKey _generateSymmetricKeyOfSize:...] to not set the CSSM_KEYATTR_SENSITIVE bit; otherwise the prior calls to -keyData in the test case fail, because sensitive keys don't permit direct access to their data. But that's just an issue for this test case; it's correct behavior in general.)

  Unfortunately the SecKeychainItemExport call still returns an error, now CSSMERR_CSP_INVALID_KEY_CLASS. If I break on C++ exceptions, there's one thrown at:

  0  0x92e70201 in __cxa_throw ()
  1  0x95b682dc in Security::CssmError::throwMe ()
  2  0x95b60c9a in Security::SecurityServer::ClientSession::wrapKey ()
  3  0x95b3ee5c in cssm_WrapKey ()
  4  0x95ac1388 in CSSM_WrapKey ()
  5  0x95aae003 in impExpExportKeyCommon ()
  6  0x95aac637 in impExpPkcs8Export ()
  7  0x95aa9704 in SecExport::Key::exportRep ()
  8  0x95aa8cb1 in SecKeychainItemExport ()
  

• 

  snej April 20th, 2009 @ 07:50 AM

  • Milestone set to “0.3”
  • State changed from “open” to “resolved”

  Fixed in 0.3.

  Turns out SecKeyImport/Export don't work for wrapped symmetric keys, so I had to drop down to CSSM_WrapKey.