diff --git a/src/libraries/Native/Unix/CMakeLists.txt b/src/libraries/Native/Unix/CMakeLists.txt index a4bc235c63ba40..5d1ae5ecf28f3d 100644 --- a/src/libraries/Native/Unix/CMakeLists.txt +++ b/src/libraries/Native/Unix/CMakeLists.txt @@ -197,7 +197,6 @@ add_subdirectory(System.Native) if (NOT CLR_CMAKE_TARGET_ARCH_WASM AND NOT CLR_CMAKE_TARGET_IOS) # TODO: reenable for iOS add_subdirectory(System.Globalization.Native) - add_subdirectory(System.Net.Security.Native) # disable System.Security.Cryptography.Native build on iOS, # only used for interacting with OpenSSL which isn't useful there @@ -205,5 +204,6 @@ if (NOT CLR_CMAKE_TARGET_ARCH_WASM AND NOT CLR_CMAKE_TARGET_IOS) # TODO: reenab endif() if(CLR_CMAKE_TARGET_OSX OR CLR_CMAKE_TARGET_IOS) + add_subdirectory(System.Net.Security.Native) add_subdirectory(System.Security.Cryptography.Native.Apple) endif() diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt index 2e578633a80612..d8f6eb28445f7b 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt @@ -5,26 +5,24 @@ find_library(SECURITY_LIBRARY Security) set(NATIVECRYPTO_SOURCES pal_digest.c + pal_ecc.c pal_hmac.c + pal_keyagree.c + pal_keychain.c pal_random.c + pal_rsa.c + pal_sec.c + pal_seckey.c + pal_signverify.c + pal_ssl.c pal_symmetric.c + pal_trust.c + pal_x509.c + pal_x509chain.c ) -if (NOT CLR_CMAKE_TARGET_IOS) # TODO: reenable more sources - set(NATIVECRYPTO_SOURCES - ${NATIVECRYPTO_SOURCES} - pal_ecc.c - pal_keyagree.c - pal_keychain.c - pal_rsa.c - pal_sec.c - pal_seckey.c - pal_signverify.c - pal_ssl.c - pal_trust.c - pal_x509.c - pal_x509chain.c - ) +if (CLR_CMAKE_TARGET_IOS) + add_definitions(-DTARGET_IOS) endif() add_library(System.Security.Cryptography.Native.Apple diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c index 05e83310334f39..a7ff6ae370111f 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c @@ -4,6 +4,7 @@ #include "pal_ecc.h" +#ifndef TARGET_IOS int32_t AppleCryptoNative_EccGenerateKey( int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus) { @@ -51,6 +52,7 @@ int32_t AppleCryptoNative_EccGenerateKey( *pOSStatus = status; return status == noErr; } +#endif uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey) { diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h index 3ae5da555e1a90..859f0b8c11c439 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h @@ -9,6 +9,7 @@ #include +#ifndef TARGET_IOS /* Generate an ECC keypair of the specified size. @@ -19,6 +20,7 @@ PALEXPORT int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus); +#endif /* Get the keysize, in bits, of an ECC key. diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c index 8e41e199fa2664..7cc506fd6e2f11 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c @@ -5,6 +5,7 @@ #include "pal_keychain.h" #include "pal_utilities.h" +#ifndef TARGET_IOS int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut) { if (pKeychainOut != NULL) @@ -465,3 +466,4 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha CFRelease(cert); return *pOSStatus == noErr; } +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h index 7dbcd5e934cd78..dab2e9bcc0e4a7 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h @@ -9,6 +9,7 @@ #include +#ifndef TARGET_IOS /* Get a CFRetain()ed SecKeychainRef value for the keychain to which the keychain item belongs. @@ -137,3 +138,4 @@ pOSStatus: Receives the last OSStatus value.. */ PALEXPORT int32_t AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, uint8_t isReadOnlyMode, int32_t* pOSStatus); +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c index f2bc5da9e0377b..0f53b4cca644c6 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c @@ -4,6 +4,7 @@ #include "pal_rsa.h" +#ifndef TARGET_IOS static int32_t ExecuteCFDataTransform( SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); @@ -267,6 +268,7 @@ static int32_t ExecuteCFDataTransform( return ret; } +#endif static int32_t RsaPrimitive(SecKeyRef key, uint8_t* pbData, diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h index b9d0834d991d41..14df62a70b4aa1 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h @@ -10,6 +10,7 @@ #include +#ifndef TARGET_IOS /* Generate a new RSA keypair with the specified key size, in bits. @@ -60,6 +61,7 @@ Follows pal_seckey return conventions. */ PALEXPORT int32_t AppleCryptoNative_RsaEncryptPkcs( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut); +#endif /* Apply an RSA private key to a signing operation on data which was already padded. diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c index 5abbf37db2479c..58d6ab46ec4578 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c @@ -4,7 +4,9 @@ #include "pal_sec.h" +#ifndef TARGET_IOS CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus) { return SecCopyErrorMessageString(osStatus, NULL); } +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h index 4e81d6b57e13b2..966621875931bd 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h @@ -10,9 +10,11 @@ #include +#ifndef TARGET_IOS /* Get an error message for an OSStatus error from the security library. Returns NULL if no message is available for the code. */ PALEXPORT CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus); +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c index 99c2a661f6fa15..e7fc650bbacc0c 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c @@ -5,6 +5,7 @@ #include "pal_seckey.h" #include "pal_utilities.h" +#ifndef TARGET_IOS int32_t AppleCryptoNative_SecKeyExport( SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus) { @@ -128,6 +129,7 @@ int32_t AppleCryptoNative_SecKeyImportEphemeral( CFRelease(cfData); return ret; } +#endif uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey) { @@ -139,6 +141,7 @@ uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey) return SecKeyGetBlockSize(publicKey); } +#ifndef TARGET_IOS OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type) { SecExternalFormat dataFormat = kSecFormatOpenSSL; @@ -197,3 +200,4 @@ OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type) return status; } +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h index a645d8600fe147..d4dd95ab81fc0a 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h @@ -17,6 +17,7 @@ static const int32_t kErrorSeeError = -2; static const int32_t kErrorUnknownAlgorithm = -3; static const int32_t kErrorUnknownState = -4; +#ifndef TARGET_IOS /* Export a key object. @@ -48,6 +49,7 @@ state machine errors. */ PALEXPORT int32_t AppleCryptoNative_SecKeyImportEphemeral( uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus); +#endif /* For RSA and DSA this function returns the number of bytes in "the key", which corresponds to @@ -59,9 +61,11 @@ For ECC the value should not be used. */ PALEXPORT uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey); +#ifndef TARGET_IOS /* Export a key and re-import it to the NULL keychain. Only internal callers are expected. */ OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type); +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c index fe791cba0ab93d..792ffeb455004c 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c @@ -4,6 +4,7 @@ #include "pal_signverify.h" +#ifndef TARGET_IOS static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut); static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut); @@ -285,3 +286,4 @@ static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, return 1; } +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h index 37060b93edeb23..a8ff06660460b3 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h @@ -10,6 +10,7 @@ #include +#ifndef TARGET_IOS /* Generate a signature for algorithms which require only the data hash blob, like DSA and ECDSA. @@ -56,3 +57,4 @@ PALEXPORT int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey, uint8_t* pbSignature, int32_t cbSignature, CFErrorRef* pErrorOut); +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c index 127a84626379aa..c77218e51204ac 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c @@ -585,6 +585,7 @@ int32_t AppleCryptoNative_SslSetEnabledCipherSuites(SSLContextRef sslContext, co // Max numCipherSuites is 2^16 (all possible cipher suites) assert(numCipherSuites < (1 << 16)); +#ifndef TARGET_IOS if (sizeof(SSLCipherSuite) == sizeof(uint32_t)) { #pragma clang diagnostic push @@ -594,6 +595,7 @@ int32_t AppleCryptoNative_SslSetEnabledCipherSuites(SSLContextRef sslContext, co #pragma clang diagnostic pop } else +#endif { // iOS, tvOS, watchOS SSLCipherSuite* cipherSuites16 = (SSLCipherSuite*)calloc((size_t)numCipherSuites, sizeof(SSLCipherSuite)); diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h index 48cff8839a40dd..7c65ac9000586d 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h @@ -6,6 +6,7 @@ #include "pal_compiler.h" #include +#include enum { diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c index 0d083bd9bb3ea7..7167ecf9b04c51 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c @@ -5,6 +5,7 @@ #include "pal_trust.h" #include "pal_utilities.h" +#ifndef TARGET_IOS static bool CheckTrustMatch(SecCertificateRef cert, SecTrustSettingsDomain domain, SecTrustSettingsResult result, @@ -245,3 +246,4 @@ int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, return ret; } +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h index ae2ee23e6bb831..6776fc35e3b7eb 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h @@ -9,6 +9,7 @@ #include +#ifndef TARGET_IOS /* Enumerate the certificates which are root trusted by the user. @@ -62,3 +63,4 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou pOSStatus: Receives the last OSStatus value. */ PALEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut); +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c index b6d620de3bd316..08d7974c16e790 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c @@ -108,6 +108,7 @@ PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_ return PAL_Certificate; } +#ifndef TARGET_IOS SecExternalFormat dataFormat = kSecFormatPKCS7; SecExternalFormat actualFormat = dataFormat; SecExternalItemType itemType = kSecItemTypeAggregate; @@ -175,6 +176,7 @@ PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_ return PAL_Certificate; } } +#endif CFRelease(cfData); return PAL_X509Unknown; @@ -256,6 +258,7 @@ int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity return SecIdentityCopyPrivateKey(identity, pPrivateKeyOut); } +#ifndef TARGET_IOS static int32_t ReadX509(uint8_t* pbData, int32_t cbData, PAL_X509ContentType contentType, @@ -914,3 +917,4 @@ int32_t AppleCryptoNative_X509MoveToKeychain(SecCertificateRef cert, *pOSStatus = status; return status == noErr; } +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h index 951a25ae6c4260..5b712e0c2ea8d8 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h @@ -74,6 +74,7 @@ pPrivateKeyOut: Receives a SecKeyRef for the private key associated with the ide */ PALEXPORT int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut); +#ifndef TARGET_IOS /* Read cbData bytes of data from pbData and interpret it to a collection of certificates (or identities). @@ -191,3 +192,4 @@ PALEXPORT int32_t AppleCryptoNative_X509MoveToKeychain(SecCertificateRef cert, SecKeyRef privateKey, SecIdentityRef* pIdentityOut, int32_t* pOSStatus); +#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h index 599d2409f8acd8..e62e818beab2e0 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h @@ -42,8 +42,8 @@ enum typedef uint32_t PAL_X509ChainStatusFlags; #define PAL_X509ChainErrorNone 0 -#define PAL_X509ChainErrorUnknownValueType 0x0001L << 32 -#define PAL_X509ChainErrorUnknownValue 0x0002L << 32 +#define PAL_X509ChainErrorUnknownValueType (((uint64_t)0x0001L) << 32) +#define PAL_X509ChainErrorUnknownValue (((uint64_t)0x0002L) << 32) typedef uint64_t PAL_X509ChainErrorFlags; /*