Open Radar

 
SecKeyGenerateSymmetric generates 3DES keys w/ an undocumented kSecAttrKeyType

Mac OS X SDK, Other Bug, 10.7.2 (11C73), Always reproducible.

Summary:

When SecKeyGenerateSymmetric is called with kSecAttrKeyType set to kSecAttrKeyType3DES, it produces a symmetric key with a mismatching, undocumented kSecAttrKeyType value (@"17", a.k.a. CSSM_ALGID_3DES_3KEY_EDE). 

These keys seem to confuse Keychain Access as well. The resulting key's detail window displays the following "kind":

  "symmetric key, <CSSM_ALGID: 17>, 192-bit"

3DES keys generated by SecKeyGenerateSymmetric should have kSecAttrType3DES as their key type. Alternatively, the value of the kSecAttrType3DES constant should be changed from "77" to "17".


Steps to Reproduce:

Build and run the attached project. It creates a keychain called "Test Keychain" in a temp directory and generates a 3DES key into it using SecKeyGenerateSymmetric.  Open Keychain Access and find the new keychain and its freshly generated 3DES key.


Expected Results:

The generated key should have a key type attribute of kSecAttrKeyType3DES (with the value @"77", corresponding to CSSM_ALGID_3DES) and Keychain Access should display the type of the generated key as "3DES", or a similarly descriptive algorithm name.


Actual Results:

The generated key has the unlisted, undocumented attribute value of @"17", which is the decimal value of  CSSM_ALGID_3DES_3KEY_EDE.  When I double-click the key in Keychain Access, the Kind field displays "symmetric key, <CSSM_ALGID: 17>, 192-bit". (Screen shot attached.)


Regression:

None; SecKeyGenerateSymmetric and kSecAttrKeyType3DES are new in 10.7.

Notes: