Specify kSecUseDataProtectionKeychain when generating RSA/ECC keys

dotnet · May 18, 2021 · 1074e56 · 1074e56
1 parent 4e4b8bf
commit 1074e56
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c
@@ -24,6 +24,10 @@ int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits,
     {
         CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeEC);
         CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue);
+        if (__builtin_available(macOS 10.15, iOS 13, tvOS 13, *))
+        {
+            CFDictionaryAddValue(attributes, kSecUseDataProtectionKeychain, kCFBooleanTrue);
+        }
 
         *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut);
         if (*pPrivateKey != NULL)

diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c
@@ -26,6 +26,10 @@ int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits,
     {
         CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeRSA);
         CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue);
+        if (__builtin_available(macOS 10.15, iOS 13, tvOS 13, *))
+        {
+            CFDictionaryAddValue(attributes, kSecUseDataProtectionKeychain, kCFBooleanTrue);
+        }
 
         *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut);
         if (*pPrivateKey != NULL)