Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iOS: Enable System.Net.Security.Native and parts of System.Security.Cryptography.Native.Apple #33970

Merged
merged 4 commits into from
Mar 24, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/libraries/Native/Unix/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -197,13 +197,13 @@ add_subdirectory(System.Native)

if (NOT CLR_CMAKE_TARGET_ARCH_WASM AND NOT CLR_CMAKE_TARGET_IOS) # TODO: reenable for iOS
add_subdirectory(System.Globalization.Native)
add_subdirectory(System.Net.Security.Native)

# disable System.Security.Cryptography.Native build on iOS,
# only used for interacting with OpenSSL which isn't useful there
add_subdirectory(System.Security.Cryptography.Native)
endif()

if(CLR_CMAKE_TARGET_OSX OR CLR_CMAKE_TARGET_IOS)
add_subdirectory(System.Net.Security.Native)
add_subdirectory(System.Security.Cryptography.Native.Apple)
endif()
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,24 @@ find_library(SECURITY_LIBRARY Security)

set(NATIVECRYPTO_SOURCES
pal_digest.c
pal_ecc.c
pal_hmac.c
pal_keyagree.c
pal_keychain.c
pal_random.c
pal_rsa.c
pal_sec.c
pal_seckey.c
pal_signverify.c
pal_ssl.c
pal_symmetric.c
pal_trust.c
pal_x509.c
pal_x509chain.c
)

if (NOT CLR_CMAKE_TARGET_IOS) # TODO: reenable more sources
set(NATIVECRYPTO_SOURCES
${NATIVECRYPTO_SOURCES}
pal_ecc.c
pal_keyagree.c
pal_keychain.c
pal_rsa.c
pal_sec.c
pal_seckey.c
pal_signverify.c
pal_ssl.c
pal_trust.c
pal_x509.c
pal_x509chain.c
)
if (CLR_CMAKE_TARGET_IOS)
add_definitions(-DTARGET_IOS)
endif()

add_library(System.Security.Cryptography.Native.Apple
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

#include "pal_ecc.h"

#ifndef TARGET_IOS
int32_t AppleCryptoNative_EccGenerateKey(
int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus)
{
Expand Down Expand Up @@ -51,6 +52,7 @@ int32_t AppleCryptoNative_EccGenerateKey(
*pOSStatus = status;
return status == noErr;
}
#endif

uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

#include <Security/Security.h>

#ifndef TARGET_IOS
/*
Generate an ECC keypair of the specified size.

Expand All @@ -19,6 +20,7 @@ PALEXPORT int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits,
SecKeyRef* pPublicKey,
SecKeyRef* pPrivateKey,
int32_t* pOSStatus);
#endif

/*
Get the keysize, in bits, of an ECC key.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include "pal_keychain.h"
#include "pal_utilities.h"

#ifndef TARGET_IOS
int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut)
{
if (pKeychainOut != NULL)
Expand Down Expand Up @@ -465,3 +466,4 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha
CFRelease(cert);
return *pOSStatus == noErr;
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

#include <Security/Security.h>

#ifndef TARGET_IOS
/*
Get a CFRetain()ed SecKeychainRef value for the keychain to which the keychain item belongs.

Expand Down Expand Up @@ -137,3 +138,4 @@ pOSStatus: Receives the last OSStatus value..
*/
PALEXPORT int32_t
AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, uint8_t isReadOnlyMode, int32_t* pOSStatus);
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

#include "pal_rsa.h"

#ifndef TARGET_IOS
static int32_t ExecuteCFDataTransform(
SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut);

Expand Down Expand Up @@ -267,6 +268,7 @@ static int32_t ExecuteCFDataTransform(

return ret;
}
#endif

static int32_t RsaPrimitive(SecKeyRef key,
uint8_t* pbData,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

#include <Security/Security.h>

#ifndef TARGET_IOS
/*
Generate a new RSA keypair with the specified key size, in bits.

Expand Down Expand Up @@ -60,6 +61,7 @@ Follows pal_seckey return conventions.
*/
PALEXPORT int32_t AppleCryptoNative_RsaEncryptPkcs(
SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut);
#endif

/*
Apply an RSA private key to a signing operation on data which was already padded.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@

#include "pal_sec.h"

#ifndef TARGET_IOS
CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus)
{
return SecCopyErrorMessageString(osStatus, NULL);
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,11 @@

#include <Security/Security.h>

#ifndef TARGET_IOS
/*
Get an error message for an OSStatus error from the security library.

Returns NULL if no message is available for the code.
*/
PALEXPORT CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus);
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include "pal_seckey.h"
#include "pal_utilities.h"

#ifndef TARGET_IOS
int32_t AppleCryptoNative_SecKeyExport(
SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus)
{
Expand Down Expand Up @@ -128,6 +129,7 @@ int32_t AppleCryptoNative_SecKeyImportEphemeral(
CFRelease(cfData);
return ret;
}
#endif

uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey)
{
Expand All @@ -139,6 +141,7 @@ uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey)
return SecKeyGetBlockSize(publicKey);
}

#ifndef TARGET_IOS
OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type)
{
SecExternalFormat dataFormat = kSecFormatOpenSSL;
Expand Down Expand Up @@ -197,3 +200,4 @@ OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type)

return status;
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ static const int32_t kErrorSeeError = -2;
static const int32_t kErrorUnknownAlgorithm = -3;
static const int32_t kErrorUnknownState = -4;

#ifndef TARGET_IOS
/*
Export a key object.

Expand Down Expand Up @@ -48,6 +49,7 @@ state machine errors.
*/
PALEXPORT int32_t AppleCryptoNative_SecKeyImportEphemeral(
uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus);
#endif

/*
For RSA and DSA this function returns the number of bytes in "the key", which corresponds to
Expand All @@ -59,9 +61,11 @@ For ECC the value should not be used.
*/
PALEXPORT uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey);

#ifndef TARGET_IOS
/*
Export a key and re-import it to the NULL keychain.

Only internal callers are expected.
*/
OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type);
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

#include "pal_signverify.h"

#ifndef TARGET_IOS
static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut);
static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut);

Expand Down Expand Up @@ -285,3 +286,4 @@ static int32_t ConfigureSignVerifyTransform(SecTransformRef xform,

return 1;
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

#include <Security/Security.h>

#ifndef TARGET_IOS
/*
Generate a signature for algorithms which require only the data hash blob, like DSA and ECDSA.

Expand Down Expand Up @@ -56,3 +57,4 @@ PALEXPORT int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey,
uint8_t* pbSignature,
int32_t cbSignature,
CFErrorRef* pErrorOut);
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -585,6 +585,7 @@ int32_t AppleCryptoNative_SslSetEnabledCipherSuites(SSLContextRef sslContext, co
// Max numCipherSuites is 2^16 (all possible cipher suites)
assert(numCipherSuites < (1 << 16));

#ifndef TARGET_IOS
if (sizeof(SSLCipherSuite) == sizeof(uint32_t))
{
#pragma clang diagnostic push
Expand All @@ -594,6 +595,7 @@ int32_t AppleCryptoNative_SslSetEnabledCipherSuites(SSLContextRef sslContext, co
#pragma clang diagnostic pop
}
else
#endif
{
// iOS, tvOS, watchOS
SSLCipherSuite* cipherSuites16 = (SSLCipherSuite*)calloc((size_t)numCipherSuites, sizeof(SSLCipherSuite));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

#include "pal_compiler.h"
#include <Security/Security.h>
#include <Security/SecureTransport.h>

enum
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include "pal_trust.h"
#include "pal_utilities.h"

#ifndef TARGET_IOS
static bool CheckTrustMatch(SecCertificateRef cert,
SecTrustSettingsDomain domain,
SecTrustSettingsResult result,
Expand Down Expand Up @@ -245,3 +246,4 @@ int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut,

return ret;
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

#include <Security/Security.h>

#ifndef TARGET_IOS
/*
Enumerate the certificates which are root trusted by the user.

Expand Down Expand Up @@ -62,3 +63,4 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou
pOSStatus: Receives the last OSStatus value.
*/
PALEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut);
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_
return PAL_Certificate;
}

#ifndef TARGET_IOS
SecExternalFormat dataFormat = kSecFormatPKCS7;
SecExternalFormat actualFormat = dataFormat;
SecExternalItemType itemType = kSecItemTypeAggregate;
Expand Down Expand Up @@ -175,6 +176,7 @@ PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_
return PAL_Certificate;
}
}
#endif

CFRelease(cfData);
return PAL_X509Unknown;
Expand Down Expand Up @@ -256,6 +258,7 @@ int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity
return SecIdentityCopyPrivateKey(identity, pPrivateKeyOut);
}

#ifndef TARGET_IOS
static int32_t ReadX509(uint8_t* pbData,
int32_t cbData,
PAL_X509ContentType contentType,
Expand Down Expand Up @@ -914,3 +917,4 @@ int32_t AppleCryptoNative_X509MoveToKeychain(SecCertificateRef cert,
*pOSStatus = status;
return status == noErr;
}
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ pPrivateKeyOut: Receives a SecKeyRef for the private key associated with the ide
*/
PALEXPORT int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut);

#ifndef TARGET_IOS
/*
Read cbData bytes of data from pbData and interpret it to a collection of certificates (or identities).

Expand Down Expand Up @@ -191,3 +192,4 @@ PALEXPORT int32_t AppleCryptoNative_X509MoveToKeychain(SecCertificateRef cert,
SecKeyRef privateKey,
SecIdentityRef* pIdentityOut,
int32_t* pOSStatus);
#endif
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ enum
typedef uint32_t PAL_X509ChainStatusFlags;

#define PAL_X509ChainErrorNone 0
#define PAL_X509ChainErrorUnknownValueType 0x0001L << 32
#define PAL_X509ChainErrorUnknownValue 0x0002L << 32
#define PAL_X509ChainErrorUnknownValueType (((uint64_t)0x0001L) << 32)
#define PAL_X509ChainErrorUnknownValue (((uint64_t)0x0002L) << 32)
typedef uint64_t PAL_X509ChainErrorFlags;

/*
Expand Down