iOS: Enable System.Net.Security.Native and parts of System.Security.Cryptography.Native.Apple (dotnet#33970)

akoeplinger · web-flow · commit 5cfaa96ea997 · 2020-03-24T14:29:16.000+01:00
Unavailable APIs are excluded via #if for now.
diff --git a/src/libraries/Native/Unix/CMakeLists.txt b/src/libraries/Native/Unix/CMakeLists.txt
@@ -197,13 +197,13 @@ add_subdirectory(System.Native)
 
 if (NOT CLR_CMAKE_TARGET_ARCH_WASM AND NOT CLR_CMAKE_TARGET_IOS)  # TODO: reenable for iOS
     add_subdirectory(System.Globalization.Native)
-    add_subdirectory(System.Net.Security.Native)
 
     # disable System.Security.Cryptography.Native build on iOS,
     # only used for interacting with OpenSSL which isn't useful there
     add_subdirectory(System.Security.Cryptography.Native)
 endif()
 
 if(CLR_CMAKE_TARGET_OSX OR CLR_CMAKE_TARGET_IOS)
+    add_subdirectory(System.Net.Security.Native)
     add_subdirectory(System.Security.Cryptography.Native.Apple)
 endif()
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt
@@ -5,26 +5,24 @@ find_library(SECURITY_LIBRARY Security)
 
 set(NATIVECRYPTO_SOURCES
     pal_digest.c
+    pal_ecc.c
     pal_hmac.c
+    pal_keyagree.c
+    pal_keychain.c
     pal_random.c
+    pal_rsa.c
+    pal_sec.c
+    pal_seckey.c
+    pal_signverify.c
+    pal_ssl.c
     pal_symmetric.c
+    pal_trust.c
+    pal_x509.c
+    pal_x509chain.c
 )
 
-if (NOT CLR_CMAKE_TARGET_IOS)  # TODO: reenable more sources
-    set(NATIVECRYPTO_SOURCES
-        ${NATIVECRYPTO_SOURCES}
-        pal_ecc.c
-        pal_keyagree.c
-        pal_keychain.c
-        pal_rsa.c
-        pal_sec.c
-        pal_seckey.c
-        pal_signverify.c
-        pal_ssl.c
-        pal_trust.c
-        pal_x509.c
-        pal_x509chain.c
-    )
+if (CLR_CMAKE_TARGET_IOS)
+    add_definitions(-DTARGET_IOS)
 endif()
 
 add_library(System.Security.Cryptography.Native.Apple
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c
@@ -4,6 +4,7 @@
 
 #include "pal_ecc.h"
 
+#ifndef TARGET_IOS
 int32_t AppleCryptoNative_EccGenerateKey(
     int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus)
 {
@@ -51,6 +52,7 @@ int32_t AppleCryptoNative_EccGenerateKey(
     *pOSStatus = status;
     return status == noErr;
 }
+#endif
 
 uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey)
 {
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h
@@ -9,6 +9,7 @@
 
 #include <Security/Security.h>
 
+#ifndef TARGET_IOS
 /*
 Generate an ECC keypair of the specified size.
 
@@ -19,6 +20,7 @@ PALEXPORT int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits,
                                                    SecKeyRef* pPublicKey,
                                                    SecKeyRef* pPrivateKey,
                                                    int32_t* pOSStatus);
+#endif
 
 /*
 Get the keysize, in bits, of an ECC key.
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c
@@ -5,6 +5,7 @@
 #include "pal_keychain.h"
 #include "pal_utilities.h"
 
+#ifndef TARGET_IOS
 int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut)
 {
     if (pKeychainOut != NULL)
@@ -465,3 +466,4 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha
     CFRelease(cert);
     return *pOSStatus == noErr;
 }
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h
@@ -9,6 +9,7 @@
 
 #include <Security/Security.h>
 
+#ifndef TARGET_IOS
 /*
 Get a CFRetain()ed SecKeychainRef value for the keychain to which the keychain item belongs.
 
@@ -137,3 +138,4 @@ pOSStatus: Receives the last OSStatus value..
 */
 PALEXPORT int32_t
 AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, uint8_t isReadOnlyMode, int32_t* pOSStatus);
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c
@@ -4,6 +4,7 @@
 
 #include "pal_rsa.h"
 
+#ifndef TARGET_IOS
 static int32_t ExecuteCFDataTransform(
     SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut);
 
@@ -267,6 +268,7 @@ static int32_t ExecuteCFDataTransform(
 
     return ret;
 }
+#endif
 
 static int32_t RsaPrimitive(SecKeyRef key,
                             uint8_t* pbData,
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h
@@ -10,6 +10,7 @@
 
 #include <Security/Security.h>
 
+#ifndef TARGET_IOS
 /*
 Generate a new RSA keypair with the specified key size, in bits.
 
@@ -60,6 +61,7 @@ Follows pal_seckey return conventions.
 */
 PALEXPORT int32_t AppleCryptoNative_RsaEncryptPkcs(
     SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut);
+#endif
 
 /*
 Apply an RSA private key to a signing operation on data which was already padded.
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c
@@ -4,7 +4,9 @@
 
 #include "pal_sec.h"
 
+#ifndef TARGET_IOS
 CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus)
 {
     return SecCopyErrorMessageString(osStatus, NULL);
 }
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h
@@ -10,9 +10,11 @@
 
 #include <Security/Security.h>
 
+#ifndef TARGET_IOS
 /*
 Get an error message for an OSStatus error from the security library.
 
 Returns NULL if no message is available for the code.
 */
 PALEXPORT CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus);
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c
@@ -5,6 +5,7 @@
 #include "pal_seckey.h"
 #include "pal_utilities.h"
 
+#ifndef TARGET_IOS
 int32_t AppleCryptoNative_SecKeyExport(
     SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus)
 {
@@ -128,6 +129,7 @@ int32_t AppleCryptoNative_SecKeyImportEphemeral(
     CFRelease(cfData);
     return ret;
 }
+#endif
 
 uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey)
 {
@@ -139,6 +141,7 @@ uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey)
     return SecKeyGetBlockSize(publicKey);
 }
 
+#ifndef TARGET_IOS
 OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type)
 {
     SecExternalFormat dataFormat = kSecFormatOpenSSL;
@@ -197,3 +200,4 @@ OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type)
 
     return status;
 }
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h
@@ -17,6 +17,7 @@ static const int32_t kErrorSeeError = -2;
 static const int32_t kErrorUnknownAlgorithm = -3;
 static const int32_t kErrorUnknownState = -4;
 
+#ifndef TARGET_IOS
 /*
 Export a key object.
 
@@ -48,6 +49,7 @@ state machine errors.
 */
 PALEXPORT int32_t AppleCryptoNative_SecKeyImportEphemeral(
     uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus);
+#endif
 
 /*
 For RSA and DSA this function returns the number of bytes in "the key", which corresponds to
@@ -59,9 +61,11 @@ For ECC the value should not be used.
 */
 PALEXPORT uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey);
 
+#ifndef TARGET_IOS
 /*
 Export a key and re-import it to the NULL keychain.
 
 Only internal callers are expected.
 */
 OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type);
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
@@ -4,6 +4,7 @@
 
 #include "pal_signverify.h"
 
+#ifndef TARGET_IOS
 static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut);
 static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut);
 
@@ -285,3 +286,4 @@ static int32_t ConfigureSignVerifyTransform(SecTransformRef xform,
 
     return 1;
 }
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.h
@@ -10,6 +10,7 @@
 
 #include <Security/Security.h>
 
+#ifndef TARGET_IOS
 /*
 Generate a signature for algorithms which require only the data hash blob, like DSA and ECDSA.
 
@@ -56,3 +57,4 @@ PALEXPORT int32_t AppleCryptoNative_VerifySignature(SecKeyRef publicKey,
                                                     uint8_t* pbSignature,
                                                     int32_t cbSignature,
                                                     CFErrorRef* pErrorOut);
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c
@@ -585,6 +585,7 @@ int32_t AppleCryptoNative_SslSetEnabledCipherSuites(SSLContextRef sslContext, co
     // Max numCipherSuites is 2^16 (all possible cipher suites)
     assert(numCipherSuites < (1 << 16));
 
+#ifndef TARGET_IOS
     if (sizeof(SSLCipherSuite) == sizeof(uint32_t))
     {
 #pragma clang diagnostic push
@@ -594,6 +595,7 @@ int32_t AppleCryptoNative_SslSetEnabledCipherSuites(SSLContextRef sslContext, co
 #pragma clang diagnostic pop   
     }
     else
+#endif
     {
         // iOS, tvOS, watchOS
         SSLCipherSuite* cipherSuites16 = (SSLCipherSuite*)calloc((size_t)numCipherSuites, sizeof(SSLCipherSuite));
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.h
@@ -6,6 +6,7 @@
 
 #include "pal_compiler.h"
 #include <Security/Security.h>
+#include <Security/SecureTransport.h>
 
 enum
 {
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.c
@@ -5,6 +5,7 @@
 #include "pal_trust.h"
 #include "pal_utilities.h"
 
+#ifndef TARGET_IOS
 static bool CheckTrustMatch(SecCertificateRef cert,
                             SecTrustSettingsDomain domain,
                             SecTrustSettingsResult result,
@@ -245,3 +246,4 @@ int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut,
 
     return ret;
 }
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_trust.h
@@ -9,6 +9,7 @@
 
 #include <Security/Security.h>
 
+#ifndef TARGET_IOS
 /*
 Enumerate the certificates which are root trusted by the user.
 
@@ -62,3 +63,4 @@ pCertsOut: When the return value is not 1, NULL. Otherwise NULL on "no certs fou
 pOSStatus: Receives the last OSStatus value.
 */
 PALEXPORT int32_t AppleCryptoNative_StoreEnumerateMachineDisallowed(CFArrayRef* pCertsOut, int32_t* pOSStatusOut);
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c
@@ -108,6 +108,7 @@ PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_
         return PAL_Certificate;
     }
 
+#ifndef TARGET_IOS
     SecExternalFormat dataFormat = kSecFormatPKCS7;
     SecExternalFormat actualFormat = dataFormat;
     SecExternalItemType itemType = kSecItemTypeAggregate;
@@ -175,6 +176,7 @@ PAL_X509ContentType AppleCryptoNative_X509GetContentType(uint8_t* pbData, int32_
             return PAL_Certificate;
         }
     }
+#endif
 
     CFRelease(cfData);
     return PAL_X509Unknown;
@@ -256,6 +258,7 @@ int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity
     return SecIdentityCopyPrivateKey(identity, pPrivateKeyOut);
 }
 
+#ifndef TARGET_IOS
 static int32_t ReadX509(uint8_t* pbData,
                         int32_t cbData,
                         PAL_X509ContentType contentType,
@@ -914,3 +917,4 @@ int32_t AppleCryptoNative_X509MoveToKeychain(SecCertificateRef cert,
     *pOSStatus = status;
     return status == noErr;
 }
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.h
@@ -74,6 +74,7 @@ pPrivateKeyOut: Receives a SecKeyRef for the private key associated with the ide
 */
 PALEXPORT int32_t AppleCryptoNative_X509CopyPrivateKeyFromIdentity(SecIdentityRef identity, SecKeyRef* pPrivateKeyOut);
 
+#ifndef TARGET_IOS
 /*
 Read cbData bytes of data from pbData and interpret it to a collection of certificates (or identities).
 
@@ -191,3 +192,4 @@ PALEXPORT int32_t AppleCryptoNative_X509MoveToKeychain(SecCertificateRef cert,
                                                        SecKeyRef privateKey,
                                                        SecIdentityRef* pIdentityOut,
                                                        int32_t* pOSStatus);
+#endif
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.h
@@ -42,8 +42,8 @@ enum
 typedef uint32_t PAL_X509ChainStatusFlags;
 
 #define PAL_X509ChainErrorNone             0
-#define PAL_X509ChainErrorUnknownValueType 0x0001L << 32
-#define PAL_X509ChainErrorUnknownValue     0x0002L << 32
+#define PAL_X509ChainErrorUnknownValueType (((uint64_t)0x0001L) << 32)
+#define PAL_X509ChainErrorUnknownValue     (((uint64_t)0x0002L) << 32)
 typedef uint64_t PAL_X509ChainErrorFlags;
 
 /*

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`#include "pal_ecc.h"`
`6`	`6`
	`7`	`+#ifndef TARGET_IOS`
`7`	`8`	`int32_t AppleCryptoNative_EccGenerateKey(`
`8`	`9`	`int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus)`
`9`	`10`	`{`
`@@ -51,6 +52,7 @@ int32_t AppleCryptoNative_EccGenerateKey(`
`51`	`52`	`*pOSStatus = status;`
`52`	`53`	`return status == noErr;`
`53`	`54`	`}`
	`55`	`+#endif`
`54`	`56`
`55`	`57`	`uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey)`
`56`	`58`	`{`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`#include "pal_keychain.h"`
`6`	`6`	`#include "pal_utilities.h"`
`7`	`7`
	`8`	`+#ifndef TARGET_IOS`
`8`	`9`	`int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut)`
`9`	`10`	`{`
`10`	`11`	`if (pKeychainOut != NULL)`
`@@ -465,3 +466,4 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha`
`465`	`466`	`CFRelease(cert);`
`466`	`467`	`return *pOSStatus == noErr;`
`467`	`468`	`}`
	`469`	`+#endif`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,9 @@`
`4`	`4`
`5`	`5`	`#include "pal_sec.h"`
`6`	`6`
	`7`	`+#ifndef TARGET_IOS`
`7`	`8`	`CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus)`
`8`	`9`	`{`
`9`	`10`	`return SecCopyErrorMessageString(osStatus, NULL);`
`10`	`11`	`}`
	`12`	`+#endif`