From: Filip Navara Date: Thu, 3 Jun 2021 22:38:13 +0000 (+0200) Subject: Specify kSecUseDataProtectionKeychain when generating RSA/ECC keys on macOS/iOS X-Git-Tag: submit/tizen/20210909.063632~1001 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=42755615cfc7378b0045da105238ce44cd385a12;p=platform%2Fupstream%2Fdotnet%2Fruntime.git Specify kSecUseDataProtectionKeychain when generating RSA/ECC keys on macOS/iOS --- diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c index bf320e7..39d7a99 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c @@ -24,6 +24,10 @@ int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits, { CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeEC); CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue); + if (__builtin_available(macOS 10.15, iOS 13, tvOS 13, *)) + { + CFDictionaryAddValue(attributes, kSecUseDataProtectionKeychain, kCFBooleanTrue); + } *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut); if (*pPrivateKey != NULL) diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c index ba2525f..a9aece3 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c @@ -26,6 +26,10 @@ int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits, { CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeRSA); CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue); + if (__builtin_available(macOS 10.15, iOS 13, tvOS 13, *)) + { + CFDictionaryAddValue(attributes, kSecUseDataProtectionKeychain, kCFBooleanTrue); + } *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut); if (*pPrivateKey != NULL)