From 42755615cfc7378b0045da105238ce44cd385a12 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Fri, 4 Jun 2021 00:38:13 +0200
Subject: [PATCH] Specify kSecUseDataProtectionKeychain when generating RSA/ECC
 keys on macOS/iOS

---
 .../Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c   | 4 ++++
 .../Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c   | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c
index bf320e7..39d7a99 100644
--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c
+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c
@@ -24,6 +24,10 @@ int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits,
     {
         CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeEC);
         CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue);
+        if (__builtin_available(macOS 10.15, iOS 13, tvOS 13, *))
+        {
+            CFDictionaryAddValue(attributes, kSecUseDataProtectionKeychain, kCFBooleanTrue);
+        }
 
         *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut);
         if (*pPrivateKey != NULL)
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c
index ba2525f..a9aece3 100644
--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c
+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c
@@ -26,6 +26,10 @@ int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits,
     {
         CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeRSA);
         CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue);
+        if (__builtin_available(macOS 10.15, iOS 13, tvOS 13, *))
+        {
+            CFDictionaryAddValue(attributes, kSecUseDataProtectionKeychain, kCFBooleanTrue);
+        }
 
         *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut);
         if (*pPrivateKey != NULL)
-- 
2.7.4