NSInternalInconsistencyException when trying to create signature using SecKeyCreateSignature

Hi


I am using SecKeyCreateSignature to sign the data. It works for most users but for some iOS 13 users we are getting following fatal exception:


Fatal Exception: NSInternalInconsistencyException
Unexpected sessionID mismatch


Here's the stack trace. The crash was happened inside "SecKeyCreateSignature".


CoreFoundation    __exceptionPreprocess
...
...
Security          SecKeyCreateSignature
MyApp             MyHelper.m - [MyHelper signature:withKey:err:]
...


I've copy the code snippet below:


-(NSData*)signature:(NSData*)plainData withKey:(SecKeyRef)privateKey err:(UAF_ErrorCode*)errorCodeBack
{
    NSError *error;
    NSData *signature = CFBridgingRelease(SecKeyCreateSignature(privateKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA256, (CFDataRef)plainData, (void *)&error));

    if (error) {
        //some error handling code...
        return nil;
    }
    return signature;
}


Based on our crash log, it seems this exception happened only on some (not all) iOS 13 users (13.3.0 - 13.3.4).

I can't find any information about this error "NSInternalInconsistencyException: Unexpected sessionID mismatch".


Are there any problems with my code or this is a known issue on iOS 13?

I would appreciate it if someone can provide any insight on the issue.


Thanks

Up vote post of ccyanni Down vote post of ccyanni
1.1k views
Posted by
ccyanni
Reply
Add a Comment

Replies

The 

Unexpected sessionID mismatch
exception is coming out of CryptoTokenKit. Presumably your 
privateKey
value is held on a hardware token of some form, most likely the Secure Enclave (SE). What’s the lifecycle of that value? Specifically, do you keep the 
SecKey
value around for long periods of time?

Our general advice for SE keys is that leave them in the keychain as much as possible, and only create a 

SecKey
value when you need to operate on the key.

Regardless, the fact that you’re tripping an asset with CryptoTokenKit is definitely bugworthy. Please file a bug about this, including whatever info you have available (an Apple crash report would be especially useful). Oh, and I’d appreciate you posting your bug number, just for the record

Based on our crash log, it seems this exception happened only on some (not all) iOS 13 users (13.3.0 - 13.3.4).

Does that mean you’ve never seen it on 13.4.x?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hi, eskimo,

Thanks for your reply.


Yes, the eclipse curve private key is in the Secure Enclave.

I query the SecKeyRef from the keychain (at line #11) and then use it to create the signature almost immediately (call signature at line #18).


    NSDictionary *query = @{
                            (__bridge id)kSecClass: (__bridge id)kSecClassKey,
                            (__bridge id)kSecAttrKeyClass: (__bridge id)kSecAttrKeyClassPrivate,
                            (__bridge id)kSecAttrLabel: index,
                            (__bridge id)kSecReturnRef: @YES,
                            (__bridge id)kSecUseOperationPrompt: promptStr
                            };
    
        // Retrieve the key from the keychain.  
        SecKeyRef privateKey;
        OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&privateKey);
        NSData* dataToReturn = nil;
        
        if (status == errSecSuccess)
        {
            *errorCodeBack = NO_ERROR;
            dataToReturn = [self signature:inputData withKey:privateKey err:errorCodeBack];
            CFRelease(privateKey);
        }


And the NSInternalInconsistencyException happened at line #4 when calling SecKeyCreateSignature.


-(NSData*)signature:(NSData*)plainData withKey:(SecKeyRef)privateKey err:(UAF_ErrorCode*)errorCodeBack  
{  
    NSError *error;  
    NSData *signature = CFBridgingRelease(SecKeyCreateSignature(privateKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA256, (CFDataRef)plainData, (void *)&error));  

    if (error) {  
        //some error handling code...  
        return nil;  
    }  
    return signature;  
}


I review the latest crash log again, there are also 13.4.x users now (13.1.x - 13.4.x).

All the crashes are on 13.x for now.


I'll try to collect more information and file a bug about this.


Many thanks.


Posted by
ccyanni
Up vote reply of ccyanni Down vote reply of ccyanni
Add a Comment

I query the SecKeyRef from the keychain … and then use it to create the signature almost immediately …

Oh well, so much for that theory )-:

I'll try to collect more information and file a bug about this.

Thanks. Once you’ve filed the bug, post the bug number here and I’ll take another look.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

We are experiencing same crash. FB7723269

Breakdown by device:


66% iPhone 7
11% iPhone X
7% iPhone 7
5% iPhone 7 Plus
5% iPhone 11
2% iPhone 6s
2% iPhone 11 Pro Max
2% iPhone XR



Breakdown by OS:


68% iOS 13.3.1
30% iOS 13.4.1
2% iOS 13.4.0


Stacktrace:

Fatal Exception: NSInternalInconsistencyException
0  CoreFoundation                 0x182a515f0 __exceptionPreprocess
1  libobjc.A.dylib                0x182773bcc objc_exception_throw
2  CoreFoundation                 0x1829547bc +[_CFXNotificationTokenRegistration keyCallbacks]
3  Foundation                     0x182d8bd1c -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:]
4  CryptoTokenKit                 0x1ba06205c -[TKClientTokenSession withError:accessControl:invoke:]
5  CryptoTokenKit                 0x1ba060cf0 -[TKClientTokenObject operation:data:algorithms:parameters:error:]
6  Security                       0x183868054 TKTokenCopyOperationResult
7  Security                       0x1838e02d4 __SecCTKKeyCopyOperationResult_block_invoke
8  Security                       0x1838f59b0 SecItemAuthDo
9  Security                       0x1838dfdfc SecCTKKeyCopyOperationResult
10 Security                       0x1838fe558 SecKeyRunAlgorithmAndCopyResult
11 Security                       0x1838fe41c SecKeyCreateSignature
12 Security                       0x1838fe2bc SecKeyPerformLegacyOperation
13 Security                       0x1838fe0e8 SecKeyRawSign
Posted by
alvar.hansen
Up vote reply of alvar.hansen Down vote reply of alvar.hansen
Add a Comment

We are experiencing same crash. FB7723269

Thanks. And thanks for posting the bug number. Unfortunately ccyanni didn’t post theirs, so I can’t check on its status.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment