CryptoKit Symmetric Keys are not the same

Hello everybody,


So after days of headache and extreme *head against the wall* situations due to the following issue I believe now that this a bug not in my code but in the SDK. (Please if I am mistaking let me know)


I am on MacOS 10.15.1, xcode 11.1 and iOS 13.1 if that is relevant


Let me explain the problem


If I create two Symmetric Keys based on the same password and then transformed using SHA256 the following way:

let pass1 = SHA256.hash(data:"password".data(using: .utf8)!.base64EncodedData())
let pass2 = SHA256.hash(data:"password".data(using: .utf8)!.base64EncodedData())


let key1: SymmetricKey = SymmetricKey(data: pass1.dataRepresentation)
let key2: SymmetricKey = SymmetricKey(data: pass2.dataRepresentation)


I can now test if those keys are equals like so:


if key1 == key2 { print("same key") }


Indeed this works boths keys are detected as the same exact key


Now onto my second test (using keystore to save the key and retrieve it) I do the following:


deleteKey(account: "pass2") //delete the key from the keychain in case it exists

let key = SymmetricKey(data: pass2.dataRepresentation) // create a key same as step one
try! storeKey(key, account: "pass2") // stores the key

let keyFromKeychain: SymmetricKey = try! readKey(account: "pass2")!  // retrieves the key
if keyFromKeychain == key1 {
    print("same key again") // this is working both keys are the same
}


Until here everything is working as intended and it works perfectly the keys are the same

Now onto my final test, the only thing I will do is extract the line 3 and 4 from the above example into a function of its own like so:


deleteKey(account: "pass2")
      
generateSymmetricKey(password: pass2, account: "pass2")
      
let keyFromKeychain2: SymmetricKey = try! readKey(account: "pass2")!
if keyFromKeychain2 == key1 {
    print("same key again")
}

public static func generateSymmetricKey(password: SHA256Digest, account: String) {
        let key = SymmetricKey(data: password.dataRepresentation)
        try! storeKey(key, account: account)
}


Now once I have done that, the keys are not marked as being the same anymore...

So is this a normal behavior or not ? Am I going insane for a reason ?


Thank you !

Replies

Could you print the key in both cases ?


public static func generateSymmetricKey(password: SHA256Digest, account: String) {
        let key = SymmetricKey(data: password.dataRepresentation)
        print("from function", key)
        try! storeKey(key, account: account)
}



deleteKey(account: "pass2") //delete the key from the keychain in case it exists

let key = SymmetricKey(data: pass2.dataRepresentation) // create a key same as step one
        print("direct", key)
try! storeKey(key, account: "pass2") // stores the key