-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[macOS/iOS] Implement RSA, ECDsa signing using macOS 10.12+ API #51914
Conversation
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue DetailsAlso unify DSA signing under the same native API. It's not supported on iOS and throws error there.
|
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Outdated
Show resolved
Hide resolved
@vcsjones FYI this takes parts of #38101. In the next follow-up PR I plan to introduce the import/export of data/iOS keys but keep it enabled only for iOS. After the whole iOS bring-up is finished we can re-evaluate their usage on macOS. I've the necessary changes locally but I anticipate the iOS implementation of S.S.C.X509Certificates will need some larger changes and I want to shape that first. |
Also unify DSA signing under the same native API. It's not supported on iOS and throws error there. Co-authored-by: Kevin Jones <[email protected]>
d3dfa94
to
05e04c8
Compare
|
||
if (!SecTransformSetAttribute(xform, kSecDigestTypeAttribute, cfHashName, pErrorOut)) | ||
} | ||
// Requires macOS 10.13+ or iOS 11+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The native support for RSA-PSS can be enabled on macOS if desired. However, minimum supported iOS version is still iOS 10 so we'd need a special code path there anyway and it didn't make sense to diverge the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I gave it a skim and it looks more or less in line with what I envisioned.
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Outdated
Show resolved
Hide resolved
...aries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs
Outdated
Show resolved
Hide resolved
...aries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs
Outdated
Show resolved
Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Outdated
Show resolved
Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Outdated
Show resolved
Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Outdated
Show resolved
Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Show resolved
Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Show resolved
Hide resolved
src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_signverify.c
Show resolved
Hide resolved
A few comments, but generally looks pretty slick. |
I think I addressed all the feedback. Local build still works, let's see what the CI thinks. |
Also unify DSA signing under the same native API. It's not supported on iOS and throws error there.