Keychain and Touch ID, issues using new access control kSecAccessControlApplicationPassword

I would link to implement the new Access Control kSecAccessControlApplicationPassword.

I've build a small test app that write and read a value into the keychain using this mode, but I'm experimenting some issues with read.

I'm using iPhone 5S with iOS 9.0.2 and xcode 7.0.1.


A) The SecItemCopyMatching seem very slow for both show the popup and dismiss the popup (more than 5 seconds). Debugging it is blocked in some "semaphore" in SecItemCopyMatching

B) If the user insert the wrong password the popup is never re-presented (the SecItemCopyMatching directly return -25293)

C) Console show me random _BSMachError: (os/kern) invalid capability (20)


Any idea for the issues A) B) and C)? Thanks!


Valerio


-----------------------------


Below some details.


STORE:

SecAccessControlRef sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,

kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,

kSecAccessControlApplicationPassword,

&error);

NSData * theApplicationPassword = [@"my_password" dataUsingEncoding:NSUTF8StringEncoding];

LAContext *localAuthContext = [[LAContext alloc] init];

[localAuthContext setCredential:theApplicationPassword type:LACredentialTypeApplicationPassword];


query = @{

(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,

(__bridge id)kSecAttrService: self.service,

(__bridge id)kSecAttrAccount: self.account,

(__bridge id)kSecAttrGeneric: aKey,

(__bridge id)kSecValueData: aDataToProtect,

(__bridge id)kSecAttrAccessControl: (__bridge id)sacObject,

(__bridge id)kSecUseAuthenticationContext:localAuthContext

};

OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, nil);


READ:

NSDictionary *query = @{

(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,

(__bridge id)kSecAttrService: self.service,

(__bridge id)kSecAttrAccount: self.account,

(__bridge id)kSecAttrGeneric: aKey,

(__bridge id)kSecReturnData: @YES,

(__bridge id)kSecUseOperationPrompt: NSLocalizedString(aReasonDescription, nil)

};

OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), &dataTypeRef);