[ios] Correct keychain usage for Xcode 10.

Undefined keychain types are now defined in the iOS12 SDK, and annotated as unavailable on iOS. Remove the types that aren't used by mac or ios, and redefine the ones used by mac so it can be typedef-ed away on ios. Bug: 843234 Change-Id: If94222cde31a89185ce2f9bd6d77af8ac7c41fd7 Reviewed-on: https://chromium-review.googlesource.com/1087927 Commit-Queue: Justin Cohen <justincohen@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Misha Efimov <mef@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Sylvain Defresne <sdefresne@chromium.org> Cr-Commit-Position: refs/heads/master@{#564926}

[ios] Correct keychain usage for Xcode 10.
Undefined keychain types are now defined in the iOS12 SDK, and annotated as unavailable on iOS. Remove the types that aren't used by mac or ios, and redefine the ones used by mac so it can be typedef-ed away on ios. Bug: 843234 Change-Id: If94222cde31a89185ce2f9bd6d77af8ac7c41fd7 Reviewed-on: https://chromium-review.googlesource.com/1087927 Commit-Queue: Justin Cohen <justincohen@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Misha Efimov <mef@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Sylvain Defresne <sdefresne@chromium.org> Cr-Commit-Position: refs/heads/master@{#564926}
2db15692 · Justin Cohen · Commit Bot · 01dddec5 · 2db15692 · 2db15692
Commit 2db15692 authored Jun 06, 2018 by Justin Cohen Committed by Commit Bot Jun 06, 2018
10 changed files
--- a/base/mac/foundation_util.h
+++ b/base/mac/foundation_util.h
@@ -52,9 +52,6 @@ typedef CR_FORWARD_ENUM(unsigned int, NSSearchPathDirectory);
 typedef unsigned int NSSearchPathDomainMask;
 #endif

-typedef struct OpaqueSecTrustRef* SecACLRef;
-typedef struct OpaqueSecTrustedApplicationRef* SecTrustedApplicationRef;
-
 #if defined(OS_IOS)
 typedef struct CF_BRIDGED_TYPE(id) __SecKey* SecKeyRef;
 typedef struct CF_BRIDGED_TYPE(id) __SecPolicy* SecPolicyRef;
@@ -311,10 +308,8 @@ CF_CAST_DECL(CTFont);
 CF_CAST_DECL(CTFontDescriptor);
 CF_CAST_DECL(CTRun);

-CF_CAST_DECL(SecACL);
 CF_CAST_DECL(SecKey);
 CF_CAST_DECL(SecPolicy);
-CF_CAST_DECL(SecTrustedApplication);

 #undef CF_CAST_DECL


--- a/chrome/browser/mac/keychain_reauthorize.mm
+++ b/chrome/browser/mac/keychain_reauthorize.mm
@@ -59,10 +59,9 @@ bool KeychainReauthorize() {

  crypto::AppleKeychain keychain;
  OSStatus error = keychain.FindGenericPassword(
-      nullptr, strlen(KeychainPassword::service_name),
-      KeychainPassword::service_name, strlen(KeychainPassword::account_name),
-      KeychainPassword::account_name, &pw_length, &password_data,
-      storage_item.InitializeInto());
+      strlen(KeychainPassword::service_name), KeychainPassword::service_name,
+      strlen(KeychainPassword::account_name), KeychainPassword::account_name,
+      &pw_length, &password_data, storage_item.InitializeInto());

  base::ScopedCFTypeRef<SecKeychainItemRef> backup_item;
  std::string backup_service_name =
@@ -70,7 +69,7 @@ bool KeychainReauthorize() {
  if (error != noErr) {
    // If the main entry does not exist, nor does the backup, exit.
    if (keychain.FindGenericPassword(
-            nullptr, backup_service_name.size(), backup_service_name.data(),
+            backup_service_name.size(), backup_service_name.data(),
            strlen(KeychainPassword::account_name),
            KeychainPassword::account_name, &pw_length, &password_data,
            backup_item.InitializeInto()) != noErr) {
@@ -86,12 +85,12 @@ bool KeychainReauthorize() {
      static_cast<uint8_t*>(password_data),
      static_cast<uint8_t*>(password_data) + pw_length));
  memset(password_data, 0x11, pw_length);
-  keychain.ItemFreeContent(nullptr, password_data);
+  keychain.ItemFreeContent(password_data);

  if (backup_item.get() == nullptr) {
    // If writing the backup fails, still attempt the re-auth.
    keychain.AddGenericPassword(
-        nullptr, backup_service_name.size(), backup_service_name.data(),
+        backup_service_name.size(), backup_service_name.data(),
        strlen(KeychainPassword::account_name), KeychainPassword::account_name,
        password.get()->size(), password.get()->data(),
        backup_item.InitializeInto());
@@ -106,10 +105,9 @@ bool KeychainReauthorize() {
  }

  error = keychain.AddGenericPassword(
-      nullptr, strlen(KeychainPassword::service_name),
-      KeychainPassword::service_name, strlen(KeychainPassword::account_name),
-      KeychainPassword::account_name, password.get()->size(),
-      password.get()->data(), nullptr);
+      strlen(KeychainPassword::service_name), KeychainPassword::service_name,
+      strlen(KeychainPassword::account_name), KeychainPassword::account_name,
+      password.get()->size(), password.get()->data(), nullptr);

  if (error != noErr) {
    OSSTATUS_LOG(ERROR, error) << "Failed to re-add storage password.";
@@ -121,7 +119,7 @@ bool KeychainReauthorize() {
    // This could happen if Chrome crashed after writing the backup entry and
    // before deleting the main entry.
    keychain.FindGenericPassword(
-        nullptr, backup_service_name.size(), backup_service_name.data(),
+        backup_service_name.size(), backup_service_name.data(),
        strlen(KeychainPassword::account_name), KeychainPassword::account_name,
        &pw_length, &password_data, backup_item.InitializeInto());
  }

--- a/components/os_crypt/keychain_password_mac.mm
+++ b/components/os_crypt/keychain_password_mac.mm
@@ -28,14 +28,9 @@ std::string AddRandomPasswordToKeychain(const AppleKeychain& keychain,
  void* password_data =
      const_cast<void*>(static_cast<const void*>(password.data()));

-  OSStatus error = keychain.AddGenericPassword(NULL,
-                                               service_name.size(),
-                                               service_name.data(),
-                                               account_name.size(),
-                                               account_name.data(),
-                                               password.size(),
-                                               password_data,
-                                               NULL);
+  OSStatus error = keychain.AddGenericPassword(
+      service_name.size(), service_name.data(), account_name.size(),
+      account_name.data(), password.size(), password_data, NULL);

  if (error != noErr) {
    OSSTATUS_DLOG(ERROR, error) << "Keychain add failed";
@@ -62,13 +57,13 @@ std::string KeychainPassword::GetPassword() const {
  UInt32 password_length = 0;
  void* password_data = NULL;
  OSStatus error = keychain_.FindGenericPassword(
-      nullptr, strlen(service_name), service_name, strlen(account_name),
-      account_name, &password_length, &password_data, NULL);
+      strlen(service_name), service_name, strlen(account_name), account_name,
+      &password_length, &password_data, NULL);

  if (error == noErr) {
    std::string password =
        std::string(static_cast<char*>(password_data), password_length);
-    keychain_.ItemFreeContent(NULL, password_data);
+    keychain_.ItemFreeContent(password_data);
    return password;
  } else if (error == errSecItemNotFound) {
    return AddRandomPasswordToKeychain(keychain_, service_name, account_name);

--- a/components/wifi/wifi_service_mac.mm
+++ b/components/wifi/wifi_service_mac.mm
@@ -364,14 +364,9 @@ void WiFiServiceMac::GetKeyFromSystem(const std::string& network_guid,
  UInt32 password_length = 0;
  void *password_data = NULL;
  crypto::AppleKeychain keychain;
-  OSStatus status = keychain.FindGenericPassword(NULL,
-                                                 strlen(kAirPortServiceName),
-                                                 kAirPortServiceName,
-                                                 network_guid.length(),
-                                                 network_guid.c_str(),
-                                                 &password_length,
-                                                 &password_data,
-                                                 NULL);
+  OSStatus status = keychain.FindGenericPassword(
+      strlen(kAirPortServiceName), kAirPortServiceName, network_guid.length(),
+      network_guid.c_str(), &password_length, &password_data, NULL);
  if (status != errSecSuccess) {
    *error = kErrorNotFound;
    return;
@@ -380,7 +375,7 @@ void WiFiServiceMac::GetKeyFromSystem(const std::string& network_guid,
  if (password_data) {
    *key_data = std::string(reinterpret_cast<char*>(password_data),
                            password_length);
-    keychain.ItemFreeContent(NULL, password_data);
+    keychain.ItemFreeContent(password_data);
  }
 }


--- a/crypto/apple_keychain.h
+++ b/crypto/apple_keychain.h
@@ -11,14 +11,14 @@
 #include "build/build_config.h"
 #include "crypto/crypto_export.h"

-#if defined (OS_IOS)
-typedef void* SecKeychainRef;
-typedef void* SecKeychainItemRef;
-typedef void SecKeychainAttributeList;
-#endif
-
 namespace crypto {

+#if defined(OS_IOS)
+using AppleSecKeychainItemRef = void*;
+#else
+using AppleSecKeychainItemRef = SecKeychainItemRef;
+#endif
+
 // Wraps the KeychainServices API in a very thin layer, to allow it to be
 // mocked out for testing.

@@ -32,29 +32,26 @@ class CRYPTO_EXPORT AppleKeychain {
  AppleKeychain();
  virtual ~AppleKeychain();

-  virtual OSStatus FindGenericPassword(CFTypeRef keychainOrArray,
-                                       UInt32 serviceNameLength,
+  virtual OSStatus FindGenericPassword(UInt32 serviceNameLength,
                                       const char* serviceName,
                                       UInt32 accountNameLength,
                                       const char* accountName,
                                       UInt32* passwordLength,
                                       void** passwordData,
-                                       SecKeychainItemRef* itemRef) const;
+                                       AppleSecKeychainItemRef* itemRef) const;

-  virtual OSStatus ItemFreeContent(SecKeychainAttributeList* attrList,
-                                   void* data) const;
+  virtual OSStatus ItemFreeContent(void* data) const;

-  virtual OSStatus AddGenericPassword(SecKeychainRef keychain,
-                                      UInt32 serviceNameLength,
+  virtual OSStatus AddGenericPassword(UInt32 serviceNameLength,
                                      const char* serviceName,
                                      UInt32 accountNameLength,
                                      const char* accountName,
                                      UInt32 passwordLength,
                                      const void* passwordData,
-                                      SecKeychainItemRef* itemRef) const;
+                                      AppleSecKeychainItemRef* itemRef) const;

 #if !defined(OS_IOS)
-  virtual OSStatus ItemDelete(SecKeychainItemRef itemRef) const;
+  virtual OSStatus ItemDelete(AppleSecKeychainItemRef itemRef) const;
 #endif  // !defined(OS_IOS)

 private:

--- a/crypto/apple_keychain_ios.mm
+++ b/crypto/apple_keychain_ios.mm
@@ -112,20 +112,19 @@ AppleKeychain::AppleKeychain() {}

 AppleKeychain::~AppleKeychain() {}

-OSStatus AppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList,
-                                        void* data) const {
+OSStatus AppleKeychain::ItemFreeContent(void* data) const {
  free(data);
  return noErr;
 }

-OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain,
-                                           UInt32 serviceNameLength,
-                                           const char* serviceName,
-                                           UInt32 accountNameLength,
-                                           const char* accountName,
-                                           UInt32 passwordLength,
-                                           const void* passwordData,
-                                           SecKeychainItemRef* itemRef) const {
+OSStatus AppleKeychain::AddGenericPassword(
+    UInt32 serviceNameLength,
+    const char* serviceName,
+    UInt32 accountNameLength,
+    const char* accountName,
+    UInt32 passwordLength,
+    const void* passwordData,
+    AppleSecKeychainItemRef* itemRef) const {
  base::ScopedCFTypeRef<CFDictionaryRef> query(CreateGenericPasswordQuery(
      serviceNameLength, serviceName, accountNameLength, accountName));
  // Check that there is not already a password.
@@ -157,14 +156,14 @@ OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain,
  return status;
 }

-OSStatus AppleKeychain::FindGenericPassword(CFTypeRef keychainOrArray,
-                                            UInt32 serviceNameLength,
-                                            const char* serviceName,
-                                            UInt32 accountNameLength,
-                                            const char* accountName,
-                                            UInt32* passwordLength,
-                                            void** passwordData,
-                                            SecKeychainItemRef* itemRef) const {
+OSStatus AppleKeychain::FindGenericPassword(
+    UInt32 serviceNameLength,
+    const char* serviceName,
+    UInt32 accountNameLength,
+    const char* accountName,
+    UInt32* passwordLength,
+    void** passwordData,
+    AppleSecKeychainItemRef* itemRef) const {
  DCHECK((passwordData && passwordLength) ||
         (!passwordData && !passwordLength));
  base::ScopedCFTypeRef<CFDictionaryRef> query(CreateGenericPasswordQuery(

--- a/crypto/apple_keychain_mac.mm
+++ b/crypto/apple_keychain_mac.mm
@@ -15,53 +15,42 @@ AppleKeychain::AppleKeychain() {}

 AppleKeychain::~AppleKeychain() {}

-OSStatus AppleKeychain::ItemDelete(SecKeychainItemRef itemRef) const {
+OSStatus AppleKeychain::ItemDelete(AppleSecKeychainItemRef itemRef) const {
  base::AutoLock lock(GetMacSecurityServicesLock());
  return SecKeychainItemDelete(itemRef);
 }

-OSStatus AppleKeychain::FindGenericPassword(CFTypeRef keychainOrArray,
-                                            UInt32 serviceNameLength,
-                                            const char* serviceName,
-                                            UInt32 accountNameLength,
-                                            const char* accountName,
-                                            UInt32* passwordLength,
-                                            void** passwordData,
-                                            SecKeychainItemRef* itemRef) const {
+OSStatus AppleKeychain::FindGenericPassword(
+    UInt32 serviceNameLength,
+    const char* serviceName,
+    UInt32 accountNameLength,
+    const char* accountName,
+    UInt32* passwordLength,
+    void** passwordData,
+    AppleSecKeychainItemRef* itemRef) const {
  base::AutoLock lock(GetMacSecurityServicesLock());
-  return SecKeychainFindGenericPassword(keychainOrArray,
-                                        serviceNameLength,
-                                        serviceName,
-                                        accountNameLength,
-                                        accountName,
-                                        passwordLength,
-                                        passwordData,
-                                        itemRef);
+  return SecKeychainFindGenericPassword(nullptr, serviceNameLength, serviceName,
+                                        accountNameLength, accountName,
+                                        passwordLength, passwordData, itemRef);
 }

-OSStatus AppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList,
-                                        void* data) const {
+OSStatus AppleKeychain::ItemFreeContent(void* data) const {
  base::AutoLock lock(GetMacSecurityServicesLock());
-  return SecKeychainItemFreeContent(attrList, data);
+  return SecKeychainItemFreeContent(nullptr, data);
 }

-OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain,
-                                           UInt32 serviceNameLength,
-                                           const char* serviceName,
-                                           UInt32 accountNameLength,
-                                           const char* accountName,
-                                           UInt32 passwordLength,
-                                           const void* passwordData,
-                                           SecKeychainItemRef* itemRef) const {
+OSStatus AppleKeychain::AddGenericPassword(
+    UInt32 serviceNameLength,
+    const char* serviceName,
+    UInt32 accountNameLength,
+    const char* accountName,
+    UInt32 passwordLength,
+    const void* passwordData,
+    AppleSecKeychainItemRef* itemRef) const {
  base::AutoLock lock(GetMacSecurityServicesLock());
-  return SecKeychainAddGenericPassword(keychain,
-                                       serviceNameLength,
-                                       serviceName,
-                                       accountNameLength,
-                                       accountName,
-                                       passwordLength,
-                                       passwordData,
-                                       itemRef);
+  return SecKeychainAddGenericPassword(nullptr, serviceNameLength, serviceName,
+                                       accountNameLength, accountName,
+                                       passwordLength, passwordData, itemRef);
 }

 }  // namespace crypto
--- a/crypto/mock_apple_keychain.cc
+++ b/crypto/mock_apple_keychain.cc
@@ -25,14 +25,13 @@ void IncrementKeychainAccessHistogram() {
 namespace crypto {

 OSStatus MockAppleKeychain::FindGenericPassword(
-    CFTypeRef keychainOrArray,
    UInt32 serviceNameLength,
    const char* serviceName,
    UInt32 accountNameLength,
    const char* accountName,
    UInt32* passwordLength,
    void** passwordData,
-    SecKeychainItemRef* itemRef) const {
+    AppleSecKeychainItemRef* itemRef) const {
  IncrementKeychainAccessHistogram();

  // When simulating |noErr|, return canned |passwordData| and
@@ -50,22 +49,20 @@ OSStatus MockAppleKeychain::FindGenericPassword(
  return find_generic_result_;
 }

-OSStatus MockAppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList,
-                                            void* data) const {
+OSStatus MockAppleKeychain::ItemFreeContent(void* data) const {
  // No-op.
  password_data_count_--;
  return noErr;
 }

 OSStatus MockAppleKeychain::AddGenericPassword(
-    SecKeychainRef keychain,
    UInt32 serviceNameLength,
    const char* serviceName,
    UInt32 accountNameLength,
    const char* accountName,
    UInt32 passwordLength,
    const void* passwordData,
-    SecKeychainItemRef* itemRef) const {
+    AppleSecKeychainItemRef* itemRef) const {
  IncrementKeychainAccessHistogram();

  called_add_generic_ = true;

--- a/crypto/mock_apple_keychain.h
+++ b/crypto/mock_apple_keychain.h
@@ -31,24 +31,21 @@ class CRYPTO_EXPORT MockAppleKeychain : public AppleKeychain {
  ~MockAppleKeychain() override;

  // AppleKeychain implementation.
-  OSStatus FindGenericPassword(CFTypeRef keychainOrArray,
-                               UInt32 serviceNameLength,
+  OSStatus FindGenericPassword(UInt32 serviceNameLength,
                               const char* serviceName,
                               UInt32 accountNameLength,
                               const char* accountName,
                               UInt32* passwordLength,
                               void** passwordData,
-                               SecKeychainItemRef* itemRef) const override;
-  OSStatus ItemFreeContent(SecKeychainAttributeList* attrList,
-                           void* data) const override;
-  OSStatus AddGenericPassword(SecKeychainRef keychain,
-                              UInt32 serviceNameLength,
+                               AppleSecKeychainItemRef* itemRef) const override;
+  OSStatus ItemFreeContent(void* data) const override;
+  OSStatus AddGenericPassword(UInt32 serviceNameLength,
                              const char* serviceName,
                              UInt32 accountNameLength,
                              const char* accountName,
                              UInt32 passwordLength,
                              const void* passwordData,
-                              SecKeychainItemRef* itemRef) const override;
+                              AppleSecKeychainItemRef* itemRef) const override;

  // Returns the password that OSCrypt uses to generate its encryption key.
  std::string GetEncryptionPassword() const;

--- a/crypto/mock_apple_keychain_mac.cc
+++ b/crypto/mock_apple_keychain_mac.cc
@@ -18,7 +18,7 @@ MockAppleKeychain::MockAppleKeychain()

 MockAppleKeychain::~MockAppleKeychain() {}

-OSStatus MockAppleKeychain::ItemDelete(SecKeychainItemRef itemRef) const {
+OSStatus MockAppleKeychain::ItemDelete(AppleSecKeychainItemRef itemRef) const {
  return noErr;
 }