Unavailable APIs are excluded via #if for now.
if (NOT CLR_CMAKE_TARGET_ARCH_WASM AND NOT CLR_CMAKE_TARGET_IOS) # TODO: reenable for iOS
add_subdirectory(System.Globalization.Native)
- add_subdirectory(System.Net.Security.Native)
# disable System.Security.Cryptography.Native build on iOS,
# only used for interacting with OpenSSL which isn't useful there
endif()
if(CLR_CMAKE_TARGET_OSX OR CLR_CMAKE_TARGET_IOS)
+ add_subdirectory(System.Net.Security.Native)
add_subdirectory(System.Security.Cryptography.Native.Apple)
endif()
set(NATIVECRYPTO_SOURCES
pal_digest.c
+ pal_ecc.c
pal_hmac.c
+ pal_keyagree.c
+ pal_keychain.c
pal_random.c
+ pal_rsa.c
+ pal_sec.c
+ pal_seckey.c
+ pal_signverify.c
+ pal_ssl.c
pal_symmetric.c
+ pal_trust.c
+ pal_x509.c
+ pal_x509chain.c
)
-if (NOT CLR_CMAKE_TARGET_IOS) # TODO: reenable more sources
- set(NATIVECRYPTO_SOURCES
- ${NATIVECRYPTO_SOURCES}
- pal_ecc.c
- pal_keyagree.c
- pal_keychain.c
- pal_rsa.c
- pal_sec.c
- pal_seckey.c
- pal_signverify.c
- pal_ssl.c
- pal_trust.c
- pal_x509.c
- pal_x509chain.c
- )
+if (CLR_CMAKE_TARGET_IOS)
+ add_definitions(-DTARGET_IOS)
endif()
add_library(System.Security.Cryptography.Native.Apple
#include "pal_ecc.h"
+#ifndef TARGET_IOS
int32_t AppleCryptoNative_EccGenerateKey(
int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus)
{
*pOSStatus = status;
return status == noErr;
}
+#endif
uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey)
{
#include <Security/Security.h>
+#ifndef TARGET_IOS
/*
Generate an ECC keypair of the specified size.
SecKeyRef* pPublicKey,
SecKeyRef* pPrivateKey,
int32_t* pOSStatus);
+#endif
/*
Get the keysize, in bits, of an ECC key.
#include "pal_keychain.h"
#include "pal_utilities.h"
+#ifndef TARGET_IOS
int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut)
{
if (pKeychainOut != NULL)
CFRelease(cert);
return *pOSStatus == noErr;
}
+#endif
#include <Security/Security.h>
+#ifndef TARGET_IOS
/*
Get a CFRetain()ed SecKeychainRef value for the keychain to which the keychain item belongs.
*/
PALEXPORT int32_t
AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, uint8_t isReadOnlyMode, int32_t* pOSStatus);
+#endif
#include "pal_rsa.h"
+#ifndef TARGET_IOS
static int32_t ExecuteCFDataTransform(
SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut);
return ret;
}
+#endif
static int32_t RsaPrimitive(SecKeyRef key,
uint8_t* pbData,
#include <Security/Security.h>
+#ifndef TARGET_IOS
/*
Generate a new RSA keypair with the specified key size, in bits.
*/
PALEXPORT int32_t AppleCryptoNative_RsaEncryptPkcs(
SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut);
+#endif
/*
Apply an RSA private key to a signing operation on data which was already padded.
#include "pal_sec.h"
+#ifndef TARGET_IOS
CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus)
{
return SecCopyErrorMessageString(osStatus, NULL);
}
+#endif
#include <Security/Security.h>
+#ifndef TARGET_IOS
/*
Get an error message for an OSStatus error from the security library.
Returns NULL if no message is available for the code.
*/
PALEXPORT CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus);
+#endif
#include "pal_seckey.h"
#include "pal_utilities.h"
+#ifndef TARGET_IOS
int32_t AppleCryptoNative_SecKeyExport(
SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus)
{
CFRelease(cfData);
return ret;
}
+#endif
uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey)
{
return SecKeyGetBlockSize(publicKey);
}
+#ifndef TARGET_IOS
OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type)
{
SecExternalFormat dataFormat = kSecFormatOpenSSL;
return status;
}
+#endif
static const int32_t kErrorUnknownAlgorithm = -3;
static const int32_t kErrorUnknownState = -4;
+#ifndef TARGET_IOS
/*
Export a key object.
*/
PALEXPORT int32_t AppleCryptoNative_SecKeyImportEphemeral(
uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus);
+#endif
/*
For RSA and DSA this function returns the number of bytes in "the key", which corresponds to
*/
PALEXPORT uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey);
+#ifndef TARGET_IOS
/*
Export a key and re-import it to the NULL keychain.
Only internal callers are expected.
*/
OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type);
+#endif
#include "pal_signverify.h"
+#ifndef TARGET_IOS
static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut);
static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut);
return 1;
}
+#endif
#include <Security/Security.h>
+#ifndef TARGET_IOS
/*
Generate a signature for algorithms which require only the data hash blob, like DSA and ECDSA.
uint8_t* pbSignature,
int32_t cbSignature,
CFErrorRef* pErrorOut);
+#endif
// Max numCipherSuites is 2^16 (all possible cipher suites)
assert(numCipherSuites < (1 << 16));
+#ifndef TARGET_IOS
if (sizeof(SSLCipherSuite) == sizeof(uint32_t))
{
#pragma clang diagnostic push
#pragma clang diagnostic pop
}
else
+#endif
{
// iOS, tvOS, watchOS
SSLCipherSuite* cipherSuites16 = (SSLCipherSuite*)calloc((size_t)numCipherSuites, sizeof(SSLCipherSuite));
#include "pal_compiler.h"
#include <Security/Security.h>
+#include <Security/SecureTransport.h>
enum
{
#include "pal_trust.h"
#include "pal_utilities.h"
+#ifndef TARGET_IOS
static bool CheckTrustMatch(SecCertificateRef cert,
SecTrustSettingsDomain domain,
SecTrustSettingsResult result,
return ret;
}
+#endif
#include <Security/Security.h>
+#ifndef TARGET_IOS
/*
Enumerate the certificates which are root trusted by the user.
pOSStatus: Receives the last OSStatus value.
*/
PALEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut);
+#endif
return PAL_Certificate;
}
+#ifndef TARGET_IOS
SecExternalFormat dataFormat = kSecFormatPKCS7;
SecExternalFormat actualFormat = dataFormat;
SecExternalItemType itemType = kSecItemTypeAggregate;
return PAL_Certificate;
}
}
+#endif
CFRelease(cfData);
return PAL_X509Unknown;
return SecIdentityCopyPrivateKey(identity, pPrivateKeyOut);
}
+#ifndef TARGET_IOS
static int32_t ReadX509(uint8_t* pbData,
int32_t cbData,
PAL_X509ContentType contentType,
*pOSStatus = status;
return status == noErr;
}
+#endif
*/
PALEXPORT int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut);
+#ifndef TARGET_IOS
/*
Read cbData bytes of data from pbData and interpret it to a collection of certificates (or identities).
SecKeyRef privateKey,
SecIdentityRef* pIdentityOut,
int32_t* pOSStatus);
+#endif
typedef uint32_t PAL_X509ChainStatusFlags;
#define PAL_X509ChainErrorNone 0
-#define PAL_X509ChainErrorUnknownValueType 0x0001L << 32
-#define PAL_X509ChainErrorUnknownValue 0x0002L << 32
+#define PAL_X509ChainErrorUnknownValueType (((uint64_t)0x0001L) << 32)
+#define PAL_X509ChainErrorUnknownValue (((uint64_t)0x0002L) << 32)
typedef uint64_t PAL_X509ChainErrorFlags;
/*