2 // Copyright 2016 Apple. All rights reserved.
6 * This is to fool os services to not provide the Keychain manager
7 * interface tht doens't work since we don't have unified headers
8 * between iOS and OS X. rdar://23405418/
10 #define __KEYCHAINCORE__ 1
12 #include <Foundation/Foundation.h>
13 #include <Security/Security.h>
14 #include <Security/SecItemPriv.h>
15 #include <Security/SecBasePriv.h>
16 #include <Security/SecIdentityPriv.h>
17 #include <mach/mach_time.h>
21 #if SEC_OS_OSX_INCLUDES
22 #include <Security/SecKeychain.h>
26 fail(const char *fmt, ...) __printflike(1, 2) __attribute__((noreturn));
30 fail(const char *fmt, ...)
43 * Create item w/o data, try to make sure we end up in the OS X keychain
47 CheckItemAddDeleteMaybeLegacyKeychainNoData(void)
51 printf("[BEGIN] %s\n", __FUNCTION__);
53 NSDictionary *query = @{
54 (id)kSecClass : (id)kSecClassGenericPassword,
55 (id)kSecAttrAccount : @"item-delete-me",
56 (id)kSecAttrAccessible : (id)kSecAttrAccessibleAfterFirstUnlock,
58 status = SecItemDelete((__bridge CFDictionaryRef)query);
59 if (status != errSecSuccess && status != errSecItemNotFound)
60 fail("cleanup item: %d", (int)status);
63 * now check add notification
66 status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
67 if (status != errSecSuccess)
68 fail("add item: %d: %s", (int)status, [[query description] UTF8String]);
74 status = SecItemDelete((__bridge CFDictionaryRef)query);
75 if (status != errSecSuccess)
76 fail("cleanup2 item: %d", (int)status);
79 printf("[PASS] %s\n", __FUNCTION__);
85 CheckItemAddDeleteNoData(void)
89 printf("[BEGIN] %s\n", __FUNCTION__);
91 NSDictionary *query = @{
92 (id)kSecClass : (id)kSecClassGenericPassword,
93 (id)kSecAttrAccessGroup : @"keychain-test1",
94 (id)kSecAttrAccount : @"item-delete-me",
95 (id)kSecAttrAccessible : (id)kSecAttrAccessibleAfterFirstUnlock,
96 (id)kSecUseDataProtectionKeychain: @YES,
98 status = SecItemDelete((__bridge CFDictionaryRef)query);
99 if (status != errSecSuccess && status != errSecItemNotFound)
100 fail("cleanup item: %d", (int)status);
106 status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
107 if (status != errSecSuccess)
108 fail("add item: %d: %s", (int)status, [[query description] UTF8String]);
114 status = SecItemDelete((__bridge CFDictionaryRef)query);
115 if (status != errSecSuccess)
116 fail("cleanup2 item: %d", (int)status);
118 printf("[PASS] %s\n", __FUNCTION__);
122 CheckItemUpdateAccessGroupGENP(void)
126 printf("[BEGIN] %s\n", __FUNCTION__);
128 NSDictionary *clean1 = @{
129 (id)kSecClass : (id)kSecClassGenericPassword,
130 (id)kSecAttrAccessGroup : @"keychain-test1",
131 (id)kSecUseDataProtectionKeychain: @YES,
133 NSDictionary *clean2 = @{
134 (id)kSecClass : (id)kSecClassGenericPassword,
135 (id)kSecAttrAccessGroup : @"keychain-test2",
136 (id)kSecUseDataProtectionKeychain: @YES,
139 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
140 (void)SecItemDelete((__bridge CFDictionaryRef)clean2);
146 NSDictionary *add = @{
147 (id)kSecClass : (id)kSecClassGenericPassword,
148 (id)kSecAttrAccessGroup : @"keychain-test1",
149 (id)kSecAttrAccount : @"item-delete-me",
150 (id)kSecUseDataProtectionKeychain : (id)kCFBooleanTrue,
151 (id)kSecAttrAccessible : (id)kSecAttrAccessibleAfterFirstUnlock,
152 (id)kSecUseDataProtectionKeychain: @YES,
154 status = SecItemAdd((__bridge CFDictionaryRef)add, NULL);
155 if (status != errSecSuccess)
156 fail("add item: %d: %s", (int)status, [[add description] UTF8String]);
159 * Update access group
161 NSDictionary *query = @{
162 (id)kSecClass : (id)kSecClassGenericPassword,
163 (id)kSecAttrAccessGroup : @"keychain-test1",
164 (id)kSecAttrAccount : @"item-delete-me",
165 (id)kSecUseDataProtectionKeychain: @YES,
167 NSDictionary *modified = @{
168 (id)kSecAttrAccessGroup : @"keychain-test2",
171 status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)modified);
172 if (status != errSecSuccess)
173 fail("cleanup2 item: %d", (int)status);
178 NSDictionary *check1 = @{
179 (id)kSecClass : (id)kSecClassGenericPassword,
180 (id)kSecAttrAccessGroup : @"keychain-test1",
181 (id)kSecAttrAccount : @"item-delete-me",
182 (id)kSecUseDataProtectionKeychain: @YES,
184 status = SecItemCopyMatching((__bridge CFDictionaryRef)check1, NULL);
185 if (status != errSecItemNotFound)
186 fail("check1 item: %d", (int)status);
189 NSDictionary *check2 = @{
190 (id)kSecClass : (id)kSecClassGenericPassword,
191 (id)kSecAttrAccessGroup : @"keychain-test2",
192 (id)kSecAttrAccount : @"item-delete-me",
193 (id)kSecUseDataProtectionKeychain: @YES,
195 status = SecItemCopyMatching((__bridge CFDictionaryRef)check2, NULL);
196 if (status != errSecSuccess)
197 fail("check2 item: %d", (int)status);
202 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
203 (void)SecItemDelete((__bridge CFDictionaryRef)clean2);
205 printf("[PASS] %s\n", __FUNCTION__);
208 static NSString *certDataBase64 = @"\
209 MIIEQjCCAyqgAwIBAgIJAJdFadWqNIfiMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNVBAYTAkNaMQ8wDQYD\
210 VQQHEwZQcmFndWUxFTATBgNVBAoTDENvc21vcywgSW5jLjEXMBUGA1UEAxMOc3VuLmNvc21vcy5nb2Qx\
211 IzAhBgkqhkiG9w0BCQEWFHRoaW5nQHN1bi5jb3Ntb3MuZ29kMB4XDTE2MDIyNjE0NTQ0OVoXDTE4MTEy\
212 MjE0NTQ0OVowczELMAkGA1UEBhMCQ1oxDzANBgNVBAcTBlByYWd1ZTEVMBMGA1UEChMMQ29zbW9zLCBJ\
213 bmMuMRcwFQYDVQQDEw5zdW4uY29zbW9zLmdvZDEjMCEGCSqGSIb3DQEJARYUdGhpbmdAc3VuLmNvc21v\
214 cy5nb2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5u9gnYEDzQIVu7yC40VcXTZ01D9CJ\
215 oD/mH62tebEHEdfVPLWKeq+uAHnJ6fTIJQvksaISOxwiOosFjtI30mbe6LZ/oK22wYX+OUwKhAYjZQPy\
216 RYfuaJe/52F0zmfUSJ+KTbUZrXbVVFma4xPfpg4bptvtGkFJWnufvEEHimOGmO5O69lXA0Hit1yLU0/A\
217 MQrIMmZT8gb8LMZGPZearT90KhCbTHAxjcBfswZYeL8q3xuEVHXC7EMs6mq8IgZL7mzSBmrCfmBAIO0V\
218 jW2kvmy0NFxkjIeHUShtYb11oYYyfHuz+1vr1y6FIoLmDejKVnwfcuNb545m26o+z/m9Lv9bAgMBAAGj\
219 gdgwgdUwHQYDVR0OBBYEFGDdpPELS92xT+Hkh/7lcc+4G56VMIGlBgNVHSMEgZ0wgZqAFGDdpPELS92x\
220 T+Hkh/7lcc+4G56VoXekdTBzMQswCQYDVQQGEwJDWjEPMA0GA1UEBxMGUHJhZ3VlMRUwEwYDVQQKEwxD\
221 b3Ntb3MsIEluYy4xFzAVBgNVBAMTDnN1bi5jb3Ntb3MuZ29kMSMwIQYJKoZIhvcNAQkBFhR0aGluZ0Bz\
222 dW4uY29zbW9zLmdvZIIJAJdFadWqNIfiMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFYi\
223 Zu/dfAMOrD51bYxP88Wu6iDGBe9nMG/0lkKgnX5JQKCxfxFMk875rfa+pljdUMOaPxegOXq1DrYmQB9O\
224 /pHI+t7ozuWHRj2zKkVgMWAygNWDPcoqBEus53BdAgA644aPN2JvnE4NEPCllOMKftPoIWbd/5ZjCx3a\
225 bCuxBdXq5YSmiEnOdGfKeXjeeEiIDgARb4tLgH5rkOpB1uH/ZCWn1hkiajBhrGhhPhpA0zbkZg2Ug+8g\
226 XPlx1yQB1VOJkj2Z8dUEXCaRRijInCJ2eU+pgJvwLV7mxmSED7DEJ+b+opxJKYrsdKBU6RmYpPrDa+KC\
227 /Yfu88P9hKKj0LmBiREA\
230 static NSString *keyDataBase64 = @"\
231 MIIEogIBAAKCAQEAubvYJ2BA80CFbu8guNFXF02dNQ/QiaA/5h+trXmxBxHX1Ty1inqvrgB5yen0yCUL\
232 5LGiEjscIjqLBY7SN9Jm3ui2f6CttsGF/jlMCoQGI2UD8kWH7miXv+dhdM5n1Eifik21Ga121VRZmuMT\
233 36YOG6bb7RpBSVp7n7xBB4pjhpjuTuvZVwNB4rdci1NPwDEKyDJmU/IG/CzGRj2Xmq0/dCoQm0xwMY3A\
234 X7MGWHi/Kt8bhFR1wuxDLOpqvCIGS+5s0gZqwn5gQCDtFY1tpL5stDRcZIyHh1EobWG9daGGMnx7s/tb\
235 69cuhSKC5g3oylZ8H3LjW+eOZtuqPs/5vS7/WwIDAQABAoIBAGcwmQAPdyZus3OVwa1NCUD2KyB+39KG\
236 yNmWwgx+br9Jx4s+RnJghVh8BS4MIKZOBtSRaEUOuCvAMNrupZbD+8leq34vDDRcQpCizr+M6Egj6FRj\
237 Ewl+7Mh+yeN2hbMoghL552MTv9D4Iyxteu4nuPDd/JQ3oQwbDFIL6mlBFtiBDUr9ndemmcJ0WKuzor6a\
238 3rgsygLs8SPyMefwIKjh5rJZls+iv3AyVEoBdCbHBz0HKgLVE9ZNmY/gWqda2dzAcJxxMdafeNVwHovv\
239 BtyyRGnA7Yikx2XT4WLgKfuUsYLnDWs4GdAa738uxPBfiddQNeRjN7jRT1GZIWCk0P29rMECgYEA8jWi\
240 g1Dph+4VlESPOffTEt1aCYQQWtHs13Qex95HrXX/L49fs6cOE7pvBh7nVzaKwBnPRh5+3bCPsPmRVb7h\
241 k/GreOriCjTZtyt2XGp8eIfstfirofB7c1lNBjT61BhgjJ8Moii5c2ksNIOOZnKtD53n47mf7hiarYkw\
242 xFEgU6ECgYEAxE8Js3gIPOBjsSw47XHuvsjP880nZZx/oiQ4IeJb/0rkoDMVJjU69WQu1HTNNAnMg4/u\
243 RXo31h+gDZOlE9t9vSXHdrn3at67KAVmoTbRknGxZ+8tYpRJpPj1hyufynBGcKwevv3eHJHnE5eDqbHx\
244 ynZFkXemzT9aMy3R4CCFMXsCgYAYyZpnG/m6WohE0zthMFaeoJ6dSLGvyboWVqDrzXjCbMf/4wllRlxv\
245 cm34T2NXjpJmlH2c7HQJVg9uiivwfYdyb5If3tHhP4VkdIM5dABnCWoVOWy/NvA7XtE+KF/fItuGqKRP\
246 WCGaiRHoEeqZ23SQm5VmvdF7OXNi/R5LiQ3o4QKBgAGX8qg2TTrRR33ksgGbbyi1UJrWC3/TqWWTjbEY\
247 uU51OS3jvEQ3ImdjjM3EtPW7LqHSxUhjGZjvYMk7bZefrIGgkOHx2IRRkotcn9ynKURbD+mcE249beuc\
248 6cFTJVTrXGcFvqomPWtV895A2JzECQZvt1ja88uuu/i2YoHDQdGJAoGAL2TEgiMXiunb6PzYMMKKa+mx\
249 mFnagF0Ek3UJ9ByXKoLz3HFEl7cADIkqyenXFsAER/ifMyCoZp/PDBd6ZkpqLTdH0jQ2Yo4SllLykoiZ\
250 fBWMfjRu4iw9E0MbPB3blmtzfv53BtWKy0LUOlN4juvpqryA7TgaUlZkfMT+T1TC7xU=\
254 static SecIdentityRef
255 CreateTestIdentity(void)
257 NSData *certData = [[NSData alloc] initWithBase64EncodedString:certDataBase64 options:0];
258 SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certData);
260 fail("create certificate from data");
262 NSData *keyData = [[NSData alloc] initWithBase64EncodedString:keyDataBase64 options:0];
263 NSDictionary *keyAttrs = @{
264 (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA,
265 (id)kSecAttrKeySizeInBits: @2048,
266 (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate
268 SecKeyRef privateKey = SecKeyCreateWithData((CFDataRef)keyData, (CFDictionaryRef)keyAttrs, NULL);
269 if (privateKey == NULL)
270 fail("create private key from data");
272 // Create identity from certificate and private key.
273 SecIdentityRef identity = SecIdentityCreate(kCFAllocatorDefault, cert, privateKey);
274 CFRelease(privateKey);
281 CheckIdentityItem(NSString *accessGroup, OSStatus expectedStatus)
285 NSDictionary *check = @{
286 (id)kSecClass : (id)kSecClassIdentity,
287 (id)kSecAttrAccessGroup : accessGroup,
288 (id)kSecAttrLabel : @"item-delete-me",
289 (id)kSecUseDataProtectionKeychain: @YES,
291 status = SecItemCopyMatching((__bridge CFDictionaryRef)check, NULL);
292 if (status != expectedStatus)
293 fail("check %s for %d item: %d", [accessGroup UTF8String], (int)expectedStatus, (int)status);
297 CheckItemUpdateAccessGroupIdentity(void)
300 CFTypeRef ref = NULL;
302 printf("[BEGIN] %s\n", __FUNCTION__);
304 NSDictionary *clean1 = @{
305 (id)kSecClass : (id)kSecClassIdentity,
306 (id)kSecAttrAccessGroup : @"keychain-test1",
308 NSDictionary *clean2 = @{
309 (id)kSecClass : (id)kSecClassIdentity,
310 (id)kSecAttrAccessGroup : @"keychain-test2",
313 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
314 (void)SecItemDelete((__bridge CFDictionaryRef)clean2);
316 CheckIdentityItem(@"keychain-test1", errSecItemNotFound);
317 CheckIdentityItem(@"keychain-test2", errSecItemNotFound);
319 SecIdentityRef identity = CreateTestIdentity();
320 if (identity == NULL)
321 fail("create private key from data");
328 NSDictionary *add = @{
329 (id)kSecValueRef : (__bridge id)identity,
330 (id)kSecAttrAccessGroup : @"keychain-test1",
331 (id)kSecAttrLabel : @"item-delete-me",
332 (id)kSecAttrAccessible : (id)kSecAttrAccessibleAfterFirstUnlock,
333 (id)kSecUseDataProtectionKeychain: @YES,
334 (id)kSecReturnPersistentRef: (id)kCFBooleanTrue,
336 status = SecItemAdd((__bridge CFDictionaryRef)add, &ref);
337 if (status != errSecSuccess)
338 fail("add item: %d: %s", (int)status, [[add description] UTF8String]);
343 CheckIdentityItem(@"keychain-test1", errSecSuccess);
344 CheckIdentityItem(@"keychain-test2", errSecItemNotFound);
348 * Update access group
350 NSDictionary *query = @{
351 (id)kSecClass : (id)kSecClassIdentity,
352 (id)kSecAttrAccessGroup : @"keychain-test1",
353 (id)kSecAttrLabel : @"item-delete-me",
354 (id)kSecUseDataProtectionKeychain : (id)kCFBooleanTrue,
356 NSDictionary *modified = @{
357 (id)kSecAttrAccessGroup : @"keychain-test2",
360 status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)modified);
361 if (status != errSecSuccess)
362 fail("cleanup2 item: %d", (int)status);
368 CheckIdentityItem(@"keychain-test1", errSecItemNotFound);
369 CheckIdentityItem(@"keychain-test2", errSecSuccess);
374 CFDataRef data = NULL;
376 NSDictionary *prefQuery = @{
377 (id)kSecClass : (id)kSecClassIdentity,
378 (id)kSecAttrAccessGroup : @"keychain-test2",
379 (id)kSecAttrLabel : @"item-delete-me",
380 (id)kSecUseDataProtectionKeychain: @YES,
381 (id)kSecReturnPersistentRef : (id)kCFBooleanTrue,
383 status = SecItemCopyMatching((__bridge CFDictionaryRef)prefQuery, (CFTypeRef *)&data);
384 if (status != errSecSuccess)
385 fail("prefQuery item: %d", (int)status);
388 * Update access group for identity
390 NSDictionary *query2 = @{
391 (id)kSecValuePersistentRef : (__bridge id)data,
392 (id)kSecUseDataProtectionKeychain : (id)kCFBooleanTrue,
394 NSDictionary *modified2 = @{
395 (id)kSecAttrAccessGroup : @"keychain-test1",
398 status = SecItemUpdate((__bridge CFDictionaryRef)query2, (__bridge CFDictionaryRef)modified2);
399 if (status != errSecInternal)
400 fail("update identity with pref fails differntly: %d", (int)status);
403 CheckIdentityItem(@"keychain-test1", errSecSuccess);
404 CheckIdentityItem(@"keychain-test2", errSecItemNotFound);
411 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
412 (void)SecItemDelete((__bridge CFDictionaryRef)clean2);
416 CheckIdentityItem(@"keychain-test1", errSecItemNotFound);
417 CheckIdentityItem(@"keychain-test2", errSecItemNotFound);
420 printf("[PASS] %s\n", __FUNCTION__);
424 CheckFindIdentityByReference(void)
427 CFDataRef pref = NULL, pref2 = NULL;
429 printf("[BEGIN] %s\n", __FUNCTION__);
434 NSDictionary *clean1 = @{
435 (id)kSecClass : (id)kSecClassIdentity,
436 (id)kSecAttrAccessGroup : @"keychain-test1",
438 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
443 SecIdentityRef identity = CreateTestIdentity();
444 if (identity == NULL)
445 fail("create private key from data");
448 NSDictionary *add = @{
449 (id)kSecValueRef : (__bridge id)identity,
450 (id)kSecAttrAccessGroup : @"keychain-test1",
451 (id)kSecAttrLabel : @"CheckItemReference",
452 (id)kSecAttrAccessible : (id)kSecAttrAccessibleAfterFirstUnlock,
453 (id)kSecUseDataProtectionKeychain: @YES,
454 (id)kSecReturnPersistentRef: (id)kCFBooleanTrue,
456 status = SecItemAdd((__bridge CFDictionaryRef)add, (CFTypeRef *)&pref);
457 if (status != errSecSuccess)
458 fail("add item: %d: %s", (int)status, [[add description] UTF8String]);
460 if (pref == NULL || CFGetTypeID(pref) != CFDataGetTypeID())
461 fail("no pref returned");
467 NSDictionary *query = @{
468 (id)kSecValueRef : (__bridge id)identity,
469 (id)kSecReturnPersistentRef: (id)kCFBooleanTrue,
471 status = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&pref2);
473 fail("SecItemCopyMatching: %d", (int)status);
475 if (pref2 == NULL || CFGetTypeID(pref2) != CFDataGetTypeID())
476 fail("no pref2 returned");
479 if (!CFEqual(pref, pref2))
480 fail("prefs not same");
488 NSDictionary *query2 = @{
489 (id)kSecClass : (id)kSecClassIdentity,
490 (id)kSecAttrAccessGroup : @"keychain-test1",
491 (id)kSecAttrLabel : @"CheckItemReference",
492 (id)kSecUseDataProtectionKeychain: @YES,
493 (id)kSecReturnPersistentRef: (id)kCFBooleanTrue,
495 status = SecItemCopyMatching((CFDictionaryRef)query2, (CFTypeRef *)&pref2);
497 fail("SecItemCopyMatching: %d", (int)status);
499 if (pref2 == NULL || CFGetTypeID(pref2) != CFDataGetTypeID())
500 fail("no pref2 returned");
503 if (!CFEqual(pref, pref2))
504 fail("prefs not same");
509 * Find by label + reference
512 NSDictionary *query3 = @{
513 (id)kSecAttrAccessGroup : @"keychain-test1",
514 (id)kSecAttrLabel : @"CheckItemReference",
515 (id)kSecValueRef : (__bridge id)identity,
516 (id)kSecUseDataProtectionKeychain: @YES,
517 (id)kSecReturnPersistentRef: (id)kCFBooleanTrue,
519 status = SecItemCopyMatching((CFDictionaryRef)query3, (CFTypeRef *)&pref2);
521 fail("SecItemCopyMatching: %d", (int)status);
523 if (pref2 == NULL || CFGetTypeID(pref2) != CFDataGetTypeID())
524 fail("no pref2 returned");
527 if (!CFEqual(pref, pref2))
528 fail("prefs not same");
542 printf("[PASS] %s\n", __FUNCTION__);
546 timeDiff(uint64_t start, uint64_t stop)
548 static uint64_t time_overhead_measured = 0;
549 static double timebase_factor = 0;
551 if (time_overhead_measured == 0) {
552 uint64_t t0 = mach_absolute_time();
553 time_overhead_measured = mach_absolute_time() - t0;
555 struct mach_timebase_info timebase_info = {};
556 mach_timebase_info(&timebase_info);
557 timebase_factor = ((double)timebase_info.numer)/((double)timebase_info.denom);
560 return ((stop - start - time_overhead_measured) * timebase_factor) / NSEC_PER_USEC;
564 RunCopyPerfTest(NSString *name, NSDictionary *query)
566 uint64_t start = mach_absolute_time();
568 CFTypeRef result = NULL;
570 status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &result);
571 uint64_t stop = mach_absolute_time();
574 printf("SecItemCopyMatching failed with: %d\n", (int)status);
582 uint64_t us = timeDiff(start, stop);
584 puts([[NSString stringWithFormat:@"[RESULT_KEY] SecItemCopyMatching-%@\n[RESULT_VALUE] %lu\n",
585 name, (unsigned long)us] UTF8String]);
589 RunDigestPerfTest(NSString *name, NSString *itemClass, NSString *accessGroup, NSUInteger expectedCount)
591 uint64_t start = mach_absolute_time();
592 dispatch_semaphore_t sema = dispatch_semaphore_create(0);
593 __block uint64_t stop;
595 _SecItemFetchDigests(itemClass, accessGroup, ^(NSArray *items, NSError *error) {
596 stop = mach_absolute_time();
598 printf("%s: _SecItemFetchDigests failed with: %ld\n", [name UTF8String], (long)error.code);
602 dispatch_semaphore_signal(sema);
604 if (expectedCount != [items count]) {
605 printf("%s: _SecItemFetchDigests didn't return expected items: %ld\n", [name UTF8String], (long)[items count]);
610 dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
613 uint64_t us = timeDiff(start, stop);
615 puts([[NSString stringWithFormat:@"[RESULT_KEY] SecItemCopyDigest-%@\n[RESULT_VALUE] %lu\n",
616 name, (unsigned long)us] UTF8String]);
621 CheckItemPerformance(void)
625 printf("[BEGIN] %s\n", __FUNCTION__);
630 NSDictionary *clean1 = @{
631 (id)kSecClass : (id)kSecClassGenericPassword,
632 (id)kSecAttrService : @"service",
633 (id)kSecAttrAccessGroup : @"keychain-test1",
634 (id)kSecUseDataProtectionKeychain : (id)kCFBooleanTrue,
636 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
638 NSData *data = [NSData dataWithBytes:"password" length:8];
640 for (n = 0; n < 1000; n++) {
641 NSDictionary *item = @{
642 (id)kSecClass : (id)kSecClassGenericPassword,
643 (id)kSecAttrAccount : [NSString stringWithFormat:@"account-%d", n],
644 (id)kSecAttrService : @"service",
645 (id)kSecUseDataProtectionKeychain : (id)kCFBooleanTrue,
646 (id)kSecAttrAccessGroup : @"keychain-test1",
647 (id)kSecUseDataProtectionKeychain: @YES,
648 (id)kSecValueData : data,
650 SecItemAdd((__bridge CFDictionaryRef)item, NULL);
654 RunCopyPerfTest(@"FindOneItemLimit", @{
655 (id)kSecClass : (id)kSecClassGenericPassword,
656 (id)kSecAttrService : @"service",
657 (id)kSecMatchLimit : (id)kSecMatchLimitOne,
658 (id)kSecUseDataProtectionKeychain: @YES,
660 RunCopyPerfTest(@"FindOneItemUnique", @{
661 (id)kSecClass : (id)kSecClassGenericPassword,
662 (id)kSecAttrAccount : @"account-0",
663 (id)kSecAttrService : @"service",
664 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
665 (id)kSecUseDataProtectionKeychain: @YES,
667 RunCopyPerfTest(@"Find1000Items", @{
668 (id)kSecClass : (id)kSecClassGenericPassword,
669 (id)kSecAttrService : @"service",
670 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
671 (id)kSecUseDataProtectionKeychain: @YES,
673 RunDigestPerfTest(@"Digest1000Items", (id)kSecClassGenericPassword, @"keychain-test1", 1000);
674 RunCopyPerfTest(@"GetAttrOneItemUnique", @{
675 (id)kSecClass : (id)kSecClassGenericPassword,
676 (id)kSecAttrAccount : @"account-0",
677 (id)kSecAttrService : @"service",
678 (id)kSecReturnAttributes : (id)kCFBooleanTrue,
679 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
680 (id)kSecUseDataProtectionKeychain: @YES,
682 RunCopyPerfTest(@"GetData1000Items", @{
683 (id)kSecClass : (id)kSecClassGenericPassword,
684 (id)kSecAttrService : @"service",
685 (id)kSecReturnData : (id)kCFBooleanTrue,
686 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
687 (id)kSecUseDataProtectionKeychain: @YES,
689 RunCopyPerfTest(@"GetDataOneItemUnique", @{
690 (id)kSecClass : (id)kSecClassGenericPassword,
691 (id)kSecAttrAccount : @"account-0",
692 (id)kSecAttrService : @"service",
693 (id)kSecReturnData : (id)kCFBooleanTrue,
694 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
695 (id)kSecUseDataProtectionKeychain: @YES,
697 RunCopyPerfTest(@"GetDataAttrOneItemUnique", @{
698 (id)kSecClass : (id)kSecClassGenericPassword,
699 (id)kSecAttrAccount : @"account-0",
700 (id)kSecAttrService : @"service",
701 (id)kSecReturnData : (id)kCFBooleanTrue,
702 (id)kSecReturnAttributes : (id)kCFBooleanTrue,
703 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
704 (id)kSecUseDataProtectionKeychain: @YES,
706 #if TARGET_OS_IPHONE /* macOS doesn't support fetching data for more then one item */
707 RunCopyPerfTest(@"GetData1000Items", @{
708 (id)kSecClass : (id)kSecClassGenericPassword,
709 (id)kSecAttrService : @"service",
710 (id)kSecReturnData : (id)kCFBooleanTrue,
711 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
712 (id)kSecUseDataProtectionKeychain: @YES,
714 RunCopyPerfTest(@"GetDataAttr1000Items", @{
715 (id)kSecClass : (id)kSecClassGenericPassword,
716 (id)kSecAttrService : @"service",
717 (id)kSecReturnData : (id)kCFBooleanTrue,
718 (id)kSecReturnAttributes : (id)kCFBooleanTrue,
719 (id)kSecMatchLimit : (id)kSecMatchLimitAll,
720 (id)kSecUseDataProtectionKeychain: @YES,
724 (void)SecItemDelete((__bridge CFDictionaryRef)clean1);
727 printf("[PASS] %s\n", __FUNCTION__);
731 main(int argc, const char ** argv)
733 printf("[TEST] secitemfunctionality\n");
735 CheckItemPerformance();
737 CheckFindIdentityByReference();
739 //CheckItemAddDeleteMaybeLegacyKeychainNoData();
740 CheckItemAddDeleteNoData();
741 CheckItemUpdateAccessGroupGENP();
742 CheckItemUpdateAccessGroupIdentity();
744 printf("[SUMMARY]\n");
745 printf("test completed\n");