* keys.
*/
-#include "SecImportExport.h"
+#include <Security/SecImportExport.h>
#include "SecImportExportCrypto.h"
#include "SecImportExportUtils.h"
#include "Keychains.h"
#include "Access.h"
#include "Item.h"
-#include "SecKeyPriv.h"
+#include <Security/SecKeyPriv.h>
#include "KCEventNotifier.h"
#include <security_cdsa_utilities/cssmacl.h>
#include <security_cdsa_utilities/KeySchema.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <security_cdsa_utils/cuCdsaUtils.h>
-#include <security_utilities/devrandom.h>
#include <security_cdsa_client/securestorage.h>
#include <security_cdsa_client/dlclient.h>
#include <Security/cssmapi.h>
+#include <security_keychain/KeyItem.h>
/*
* Key attrribute names and values.
char *randAscii = (char *)randLabel;
uint8 randBinary[SEC_RANDOM_LABEL_LEN / 2];
unsigned randBinaryLen = SEC_RANDOM_LABEL_LEN / 2;
- DevRandomGenerator rng;
-
- rng.random(randBinary, randBinaryLen);
+ MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, randBinaryLen, randBinary));
+
for(unsigned i=0; i<randBinaryLen; i++) {
sprintf(randAscii, "%02X", randBinary[i]);
randAscii += 2;
KeychainCore::Access::required(accessRef) :
new KeychainCore::Access("Imported Private Key"));
try {
- CssmClient::KeyAclBearer bearer(cspHand, unwrappedKey, Allocator::standard());
- theAccess->setAccess(bearer, maker);
+ if(secKeyRef != NULL) {
+ // setAccess using the new secKeyRef, not the old unwrappedKey.
+ // At this point, we might have duplicate keys registered with securityd. Use the newest one.
+ theAccess->setAccess(*KeyItem::required(secKeyRef)->key(), maker);
+ } else {
+ CssmClient::KeyAclBearer bearer(cspHand, unwrappedKey, Allocator::standard());
+ theAccess->setAccess(bearer, maker);
+ }
}
catch (const CssmError &e) {
/* not implemented means we're talking to the raw CSP which does