diff --git a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Ecc.cs b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Ecc.cs index 57e77b46f5a843..9d02c165b21774 100644 --- a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Ecc.cs +++ b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Ecc.cs @@ -5,6 +5,7 @@ using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Security.Cryptography.Apple; +using Microsoft.Win32.SafeHandles; internal static partial class Interop { @@ -13,10 +14,9 @@ internal static partial class AppleCrypto [DllImport(Libraries.AppleCryptoNative)] private static extern int AppleCryptoNative_EccGenerateKey( int keySizeInBits, - SafeKeychainHandle tempKeychain, out SafeSecKeyRefHandle pPublicKey, out SafeSecKeyRefHandle pPrivateKey, - out int pOSStatus); + out SafeCFErrorHandle pErrorOut); [DllImport(Libraries.AppleCryptoNative, EntryPoint = "AppleCryptoNative_EccGetKeySizeInBits")] internal static extern long EccGetKeySizeInBits(SafeSecKeyRefHandle publicKey); @@ -26,20 +26,19 @@ internal static void EccGenerateKey( out SafeSecKeyRefHandle pPublicKey, out SafeSecKeyRefHandle pPrivateKey) { - using (SafeTemporaryKeychainHandle tempKeychain = CreateTemporaryKeychain()) + SafeSecKeyRefHandle keychainPublic; + SafeSecKeyRefHandle keychainPrivate; + SafeCFErrorHandle error; + + int result = AppleCryptoNative_EccGenerateKey( + keySizeInBits, + out keychainPublic, + out keychainPrivate, + out error); + + using (error) { - SafeSecKeyRefHandle keychainPublic; - SafeSecKeyRefHandle keychainPrivate; - int osStatus; - - int result = AppleCryptoNative_EccGenerateKey( - keySizeInBits, - tempKeychain, - out keychainPublic, - out keychainPrivate, - out osStatus); - - if (result == 1) + if (result == kSuccess) { pPublicKey = keychainPublic; pPrivateKey = keychainPrivate; @@ -49,9 +48,9 @@ internal static void EccGenerateKey( using (keychainPrivate) using (keychainPublic) { - if (result == 0) + if (result == kErrorSeeError) { - throw CreateExceptionForOSStatus(osStatus); + throw CreateExceptionForCFError(error); } Debug.Fail($"Unexpected result from AppleCryptoNative_EccGenerateKey: {result}"); diff --git a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs index 0c4f1a7a7e3b82..99ff01b901e03f 100644 --- a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs +++ b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs @@ -15,10 +15,9 @@ internal static partial class AppleCrypto [DllImport(Libraries.AppleCryptoNative, EntryPoint = "AppleCryptoNative_RsaGenerateKey")] private static extern int AppleCryptoNative_RsaGenerateKey( int keySizeInBits, - SafeKeychainHandle keychain, out SafeSecKeyRefHandle pPublicKey, out SafeSecKeyRefHandle pPrivateKey, - out int pOSStatus); + out SafeCFErrorHandle pErrorOut); [DllImport(Libraries.AppleCryptoNative)] private static extern int AppleCryptoNative_RsaSignaturePrimitive( @@ -125,20 +124,19 @@ internal static void RsaGenerateKey( out SafeSecKeyRefHandle pPublicKey, out SafeSecKeyRefHandle pPrivateKey) { - using (SafeTemporaryKeychainHandle tempKeychain = CreateTemporaryKeychain()) + SafeSecKeyRefHandle keychainPublic; + SafeSecKeyRefHandle keychainPrivate; + SafeCFErrorHandle error; + + int result = AppleCryptoNative_RsaGenerateKey( + keySizeInBits, + out keychainPublic, + out keychainPrivate, + out error); + + using (error) { - SafeSecKeyRefHandle keychainPublic; - SafeSecKeyRefHandle keychainPrivate; - int osStatus; - - int result = AppleCryptoNative_RsaGenerateKey( - keySizeInBits, - tempKeychain, - out keychainPublic, - out keychainPrivate, - out osStatus); - - if (result == 1) + if (result == kSuccess) { pPublicKey = keychainPublic; pPrivateKey = keychainPrivate; @@ -148,9 +146,9 @@ internal static void RsaGenerateKey( using (keychainPrivate) using (keychainPublic) { - if (result == 0) + if (result == kErrorSeeError) { - throw CreateExceptionForOSStatus(osStatus); + throw CreateExceptionForCFError(error); } Debug.Fail($"Unexpected result from AppleCryptoNative_RsaGenerateKey: {result}"); @@ -258,9 +256,6 @@ private static bool ProcessPrimitiveResponse( Span destination, out int bytesWritten) { - const int kErrorSeeError = -2; - const int kSuccess = 1; - if (returnValue == kErrorSeeError) { throw CreateExceptionForCFError(cfError); diff --git a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.cs b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.cs index 7fbdc9ee79af23..f9fdc9f55f9a0b 100644 --- a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.cs +++ b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.cs @@ -12,6 +12,9 @@ internal static partial class Interop { internal static partial class AppleCrypto { + private const int kSuccess = 1; + private const int kErrorSeeError = -2; + private static int AppleCryptoNative_SecKeyImportEphemeral( ReadOnlySpan pbKeyBlob, int isPrivateKey, @@ -129,9 +132,6 @@ private static extern int AppleCryptoNative_VerifySignatureWithHashAlgorithm( private static byte[] ExecuteTransform(ReadOnlySpan source, SecKeyTransform transform) { - const int Success = 1; - const int kErrorSeeError = -2; - SafeCFDataHandle data; SafeCFErrorHandle error; @@ -140,7 +140,7 @@ private static byte[] ExecuteTransform(ReadOnlySpan source, SecKeyTransfor using (error) using (data) { - if (ret == Success) + if (ret == kSuccess) { return CoreFoundation.CFGetData(data); } @@ -169,11 +169,9 @@ private static bool TryExecuteTransform( using (errorHandle) using (outputHandle) { - const int Success = 1; - const int kErrorSeeError = -2; switch (ret) { - case Success: + case kSuccess: return CoreFoundation.TryCFWriteData(outputHandle, destination, out bytesWritten); case kErrorSeeError: throw CreateExceptionForCFError(errorHandle); @@ -292,7 +290,6 @@ internal static bool VerifySignature( const int True = 1; const int False = 0; - const int kErrorSeeError = -2; using (error) { @@ -331,7 +328,6 @@ internal static bool VerifySignature( const int True = 1; const int False = 0; - const int kErrorSeeError = -2; using (error) { diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c index d0189f5e78760c..bf320e7c627cea 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.c @@ -3,44 +3,38 @@ #include "pal_ecc.h" -#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS) -int32_t AppleCryptoNative_EccGenerateKey( - int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus) +int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits, + SecKeyRef* pPublicKey, + SecKeyRef* pPrivateKey, + CFErrorRef* pErrorOut) { if (pPublicKey != NULL) *pPublicKey = NULL; if (pPrivateKey != NULL) *pPrivateKey = NULL; - if (pPublicKey == NULL || pPrivateKey == NULL || pOSStatus == NULL) + if (pPublicKey == NULL || pPrivateKey == NULL || pErrorOut == NULL) return kErrorBadInput; + int32_t ret = kErrorSeeError; CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(NULL, 3, &kCFTypeDictionaryKeyCallBacks, NULL); - CFNumberRef cfKeySizeValue = CFNumberCreate(NULL, kCFNumberIntType, &keySizeBits); - OSStatus status; if (attributes != NULL && cfKeySizeValue != NULL) { CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeEC); CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue); - CFDictionaryAddValue(attributes, kSecUseKeychain, tempKeychain); - - status = SecKeyGeneratePair(attributes, pPublicKey, pPrivateKey); - - if (status == noErr) - { - status = ExportImportKey(pPublicKey, kSecItemTypePublicKey); - } - if (status == noErr) + *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut); + if (*pPrivateKey != NULL) { - status = ExportImportKey(pPrivateKey, kSecItemTypePrivateKey); + *pPublicKey = SecKeyCopyPublicKey(*pPrivateKey); + ret = 1; } } else { - status = errSecAllocate; + ret = errSecAllocate; } if (attributes != NULL) @@ -48,10 +42,8 @@ int32_t AppleCryptoNative_EccGenerateKey( if (cfKeySizeValue != NULL) CFRelease(cfKeySizeValue); - *pOSStatus = status; - return status == noErr; + return ret; } -#endif uint64_t AppleCryptoNative_EccGetKeySizeInBits(SecKeyRef publicKey) { diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h index 0e044376d17dd2..38abd4684dff6b 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ecc.h @@ -8,18 +8,15 @@ #include -#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS) /* Generate an ECC keypair of the specified size. -Returns 1 on success, 0 on failure. On failure, *pOSStatus should carry the OS failure code. +Follows pal_seckey return conventions. */ PALEXPORT int32_t AppleCryptoNative_EccGenerateKey(int32_t keySizeBits, - SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, - int32_t* pOSStatus); -#endif + CFErrorRef* pErrorOut); /* Get the keysize, in bits, of an ECC key. diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c index a4240bf5bf9350..f6a74bd350433b 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.c @@ -3,49 +3,40 @@ #include "pal_rsa.h" -#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS) -static int32_t ExecuteCFDataTransform( - SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut); - -int32_t AppleCryptoNative_RsaGenerateKey( - int32_t keySizeBits, SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, int32_t* pOSStatus) +int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits, + SecKeyRef* pPublicKey, + SecKeyRef* pPrivateKey, + CFErrorRef* pErrorOut) { if (pPublicKey != NULL) *pPublicKey = NULL; if (pPrivateKey != NULL) *pPrivateKey = NULL; - if (pPublicKey == NULL || pPrivateKey == NULL || pOSStatus == NULL) + if (pPublicKey == NULL || pPrivateKey == NULL || pErrorOut == NULL) return kErrorBadInput; if (keySizeBits < 384 || keySizeBits > 16384) return -2; + int32_t ret = kErrorSeeError; CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(NULL, 3, &kCFTypeDictionaryKeyCallBacks, NULL); - CFNumberRef cfKeySizeValue = CFNumberCreate(NULL, kCFNumberIntType, &keySizeBits); - OSStatus status; if (attributes != NULL && cfKeySizeValue != NULL) { CFDictionaryAddValue(attributes, kSecAttrKeyType, kSecAttrKeyTypeRSA); CFDictionaryAddValue(attributes, kSecAttrKeySizeInBits, cfKeySizeValue); - CFDictionaryAddValue(attributes, kSecUseKeychain, tempKeychain); - - status = SecKeyGeneratePair(attributes, pPublicKey, pPrivateKey); - - if (status == noErr) - { - status = ExportImportKey(pPublicKey, kSecItemTypePublicKey); - } - if (status == noErr) + *pPrivateKey = SecKeyCreateRandomKey(attributes, pErrorOut); + if (*pPrivateKey != NULL) { - status = ExportImportKey(pPrivateKey, kSecItemTypePrivateKey); + *pPublicKey = SecKeyCopyPublicKey(*pPrivateKey); + ret = 1; } } else { - status = errSecAllocate; + ret = errSecAllocate; } if (attributes != NULL) @@ -53,222 +44,9 @@ int32_t AppleCryptoNative_RsaGenerateKey( if (cfKeySizeValue != NULL) CFRelease(cfKeySizeValue); - *pOSStatus = status; - return status == noErr; -} - -static int32_t ExecuteOaepTransform(SecTransformRef xform, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm algorithm, - CFDataRef* pDataOut, - CFErrorRef* pErrorOut) -{ - if (!SecTransformSetAttribute(xform, kSecPaddingKey, kSecPaddingOAEPKey, pErrorOut)) - { - return kErrorSeeError; - } - - // Documentation mentions kSecOAEPMGF1DigestAlgorithmAttributeName, but on the Apple platform - // "SHA2" is an algorithm and the size is encoded separately. Since there doesn't seem to be - // a second attribute to encode SHA2-256 vs SHA2-384, be limited to SHA-1. - if (algorithm != PAL_SHA1) - { - return kErrorUnknownAlgorithm; - } - - return ExecuteCFDataTransform(xform, pbData, cbData, pDataOut, pErrorOut); -} - -int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm mfgAlgorithm, - CFDataRef* pDecryptedOut, - CFErrorRef* pErrorOut) -{ - if (pDecryptedOut != NULL) - *pDecryptedOut = NULL; - if (pErrorOut != NULL) - *pErrorOut = NULL; - - if (privateKey == NULL || pbData == NULL || cbData < 0 || pDecryptedOut == NULL || pErrorOut == NULL) - { - return kErrorBadInput; - } - - int32_t ret = kErrorSeeError; - SecTransformRef decryptor = SecDecryptTransformCreate(privateKey, pErrorOut); - - if (decryptor != NULL) - { - if (*pErrorOut == NULL) - { - ret = ExecuteOaepTransform(decryptor, pbData, cbData, mfgAlgorithm, pDecryptedOut, pErrorOut); - } - - CFRelease(decryptor); - } - return ret; } -int32_t AppleCryptoNative_RsaDecryptPkcs( - SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDecryptedOut, CFErrorRef* pErrorOut) -{ - if (pDecryptedOut != NULL) - *pDecryptedOut = NULL; - if (pErrorOut != NULL) - *pErrorOut = NULL; - - if (privateKey == NULL || pbData == NULL || cbData < 0 || pDecryptedOut == NULL || pErrorOut == NULL) - { - return kErrorBadInput; - } - - int32_t ret = kErrorSeeError; - SecTransformRef decryptor = SecDecryptTransformCreate(privateKey, pErrorOut); - - if (decryptor != NULL) - { - if (*pErrorOut == NULL) - { - ret = ExecuteCFDataTransform(decryptor, pbData, cbData, pDecryptedOut, pErrorOut); - } - - CFRelease(decryptor); - } - - return ret; -} - -int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, - uint8_t* pbData, - int32_t cbData, - PAL_HashAlgorithm mgfAlgorithm, - CFDataRef* pEncryptedOut, - CFErrorRef* pErrorOut) -{ - if (pEncryptedOut != NULL) - *pEncryptedOut = NULL; - if (pErrorOut != NULL) - *pErrorOut = NULL; - - if (publicKey == NULL || pbData == NULL || cbData < 0 || pEncryptedOut == NULL || pErrorOut == NULL) - { - return kErrorBadInput; - } - - int32_t ret = kErrorSeeError; - SecTransformRef encryptor = SecEncryptTransformCreate(publicKey, pErrorOut); - - if (encryptor != NULL) - { - if (*pErrorOut == NULL) - { - ret = ExecuteOaepTransform(encryptor, pbData, cbData, mgfAlgorithm, pEncryptedOut, pErrorOut); - } - - CFRelease(encryptor); - } - - return ret; -} - -int32_t AppleCryptoNative_RsaEncryptPkcs( - SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut) -{ - if (pEncryptedOut != NULL) - *pEncryptedOut = NULL; - if (pErrorOut != NULL) - *pErrorOut = NULL; - - if (publicKey == NULL || pbData == NULL || cbData < 0 || pEncryptedOut == NULL || pErrorOut == NULL) - { - return kErrorBadInput; - } - - int32_t ret = kErrorSeeError; - SecTransformRef encryptor = SecEncryptTransformCreate(publicKey, pErrorOut); - - if (encryptor != NULL) - { - if (*pErrorOut == NULL) - { - ret = ExecuteCFDataTransform(encryptor, pbData, cbData, pEncryptedOut, pErrorOut); - } - - CFRelease(encryptor); - } - - return ret; -} - -static int32_t ExecuteCFDataTransform( - SecTransformRef xform, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) -{ - if (xform == NULL || pbData == NULL || cbData < 0 || pDataOut == NULL || pErrorOut == NULL) - { - return kErrorBadInput; - } - - *pDataOut = NULL; - *pErrorOut = NULL; - - CFTypeRef xformOutput = NULL; - CFDataRef cfData = NULL; - int32_t ret = INT_MIN; - - cfData = CFDataCreateWithBytesNoCopy(NULL, pbData, cbData, kCFAllocatorNull); - - if (cfData == NULL) - { - // This probably means that there wasn't enough memory available, but no - // particular failure cases are described. - return kErrorUnknownState; - } - - if (!SecTransformSetAttribute(xform, kSecTransformInputAttributeName, cfData, pErrorOut)) - { - ret = kErrorSeeError; - goto cleanup; - } - - xformOutput = SecTransformExecute(xform, pErrorOut); - - if (xformOutput == NULL || *pErrorOut != NULL) - { - ret = kErrorSeeError; - goto cleanup; - } - - if (CFGetTypeID(xformOutput) == CFDataGetTypeID()) - { - CFDataRef cfDataOut = (CFDataRef)xformOutput; - CFRetain(cfDataOut); - *pDataOut = cfDataOut; - ret = 1; - } - else - { - ret = kErrorUnknownState; - } - -cleanup: - if (xformOutput != NULL) - { - CFRelease(xformOutput); - } - - if (cfData != NULL) - { - CFRelease(cfData); - } - - return ret; -} -#endif - static int32_t RsaPrimitive(SecKeyRef key, uint8_t* pbData, int32_t cbData, @@ -312,6 +90,71 @@ static int32_t RsaPrimitive(SecKeyRef key, return 1; } +static int32_t RsaOaepPrimitive(SecKeyRef key, + uint8_t* pbData, + int32_t cbData, + CFDataRef* pDataOut, + CFErrorRef* pErrorOut, + PAL_HashAlgorithm mgfAlgorithm, + CFDataRef func(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*)) +{ + if (pDataOut != NULL) + *pDataOut = NULL; + if (pErrorOut != NULL) + *pErrorOut = NULL; + + SecKeyAlgorithm algorithm; + switch (mgfAlgorithm) + { + case PAL_SHA1: algorithm = kSecKeyAlgorithmRSAEncryptionOAEPSHA1; break; + case PAL_SHA256: algorithm = kSecKeyAlgorithmRSAEncryptionOAEPSHA256; break; + case PAL_SHA384: algorithm = kSecKeyAlgorithmRSAEncryptionOAEPSHA384; break; + case PAL_SHA512: algorithm = kSecKeyAlgorithmRSAEncryptionOAEPSHA512; break; + default: + return kErrorUnknownAlgorithm; + } + + return RsaPrimitive( + key, pbData, cbData, pDataOut, pErrorOut, algorithm, func); + +} + +int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, + uint8_t* pbData, + int32_t cbData, + PAL_HashAlgorithm mgfAlgorithm, + CFDataRef* pDecryptedOut, + CFErrorRef* pErrorOut) +{ + return RsaOaepPrimitive( + privateKey, pbData, cbData, pDecryptedOut, pErrorOut, mgfAlgorithm, SecKeyCreateDecryptedData); +} + +int32_t AppleCryptoNative_RsaDecryptPkcs( + SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDecryptedOut, CFErrorRef* pErrorOut) +{ + return RsaPrimitive( + privateKey, pbData, cbData, pDecryptedOut, pErrorOut, kSecKeyAlgorithmRSAEncryptionPKCS1, SecKeyCreateDecryptedData); +} + +int32_t AppleCryptoNative_RsaEncryptOaep(SecKeyRef publicKey, + uint8_t* pbData, + int32_t cbData, + PAL_HashAlgorithm mgfAlgorithm, + CFDataRef* pEncryptedOut, + CFErrorRef* pErrorOut) +{ + return RsaOaepPrimitive( + publicKey, pbData, cbData, pEncryptedOut, pErrorOut, mgfAlgorithm, SecKeyCreateEncryptedData); +} + +int32_t AppleCryptoNative_RsaEncryptPkcs( + SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut) +{ + return RsaPrimitive( + publicKey, pbData, cbData, pEncryptedOut, pErrorOut, kSecKeyAlgorithmRSAEncryptionPKCS1, SecKeyCreateEncryptedData); +} + int32_t AppleCryptoNative_RsaSignaturePrimitive( SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, CFDataRef* pDataOut, CFErrorRef* pErrorOut) { diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h index fb44bf21733c0c..253fdae78e4b3e 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_rsa.h @@ -9,17 +9,15 @@ #include -#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS) /* Generate a new RSA keypair with the specified key size, in bits. -Returns 1 on success, 0 on failure. On failure, *pOSStatus should contain the OS reported error. +Follows pal_seckey return conventions. */ PALEXPORT int32_t AppleCryptoNative_RsaGenerateKey(int32_t keySizeBits, - SecKeychainRef tempKeychain, SecKeyRef* pPublicKey, SecKeyRef* pPrivateKey, - int32_t* pOSStatus); + CFErrorRef* pErrorOut); /* Decrypt the contents of pbData using the provided privateKey under OAEP padding. @@ -60,7 +58,6 @@ Follows pal_seckey return conventions. */ PALEXPORT int32_t AppleCryptoNative_RsaEncryptPkcs( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut); -#endif /* Apply an RSA private key to a signing operation on data which was already padded. diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c index 99c4a1c4820ad1..4588ab2278c539 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c @@ -139,64 +139,3 @@ uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey) return SecKeyGetBlockSize(publicKey); } - -#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS) -OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type) -{ - SecExternalFormat dataFormat = kSecFormatOpenSSL; - CFDataRef exportData = NULL; - - SecItemImportExportKeyParameters keyParams; - memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters)); - - keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - keyParams.passphrase = CFSTR("ExportImportPassphrase"); - - OSStatus status = SecItemExport(*key, dataFormat, 0, &keyParams, &exportData); - CFRelease(*key); - *key = NULL; - - SecExternalFormat actualFormat = dataFormat; - SecExternalItemType actualType = type; - CFArrayRef outItems = NULL; - - if (status == noErr) - { - status = SecItemImport(exportData, NULL, &actualFormat, &actualType, 0, NULL, NULL, &outItems); - } - - CFRelease(exportData); - exportData = NULL; - - CFRelease(keyParams.passphrase); - keyParams.passphrase = NULL; - - if (status == noErr && outItems != NULL) - { - CFIndex count = CFArrayGetCount(outItems); - - if (count == 1) - { - CFTypeRef outItem = CFArrayGetValueAtIndex(outItems, 0); - - if (CFGetTypeID(outItem) == SecKeyGetTypeID()) - { - CFRetain(outItem); - *key = (SecKeyRef)CONST_CAST(void *, outItem); - - goto cleanup; - } - } - } - - status = errSecBadReq; - -cleanup: - if (outItems != NULL) - { - CFRelease(outItems); - } - - return status; -} -#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h index 37fcb4f5cd2269..0e98d1667d1409 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h @@ -59,12 +59,3 @@ For ECC the value should not be used. 0 is returned for invalid inputs. */ PALEXPORT uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey); - -#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS) -/* -Export a key and re-import it to the NULL keychain. - -Only internal callers are expected. -*/ -OSStatus ExportImportKey(SecKeyRef* key, SecExternalItemType type); -#endif diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c index f69ddd81a0eb81..4a9b973c339c3c 100644 --- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c +++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509.c @@ -528,10 +528,6 @@ int32_t AppleCryptoNative_X509ExportData(CFArrayRef data, static OSStatus AddKeyToKeychain(SecKeyRef privateKey, SecKeychainRef targetKeychain, SecKeyRef* importedKey) { - // This is quite similar to pal_seckey's ExportImportKey, but - // a) is used to put something INTO a keychain, instead of to take it out. - // b) Doesn't assume that the input should be CFRelease()d and overwritten. - // c) Works on private keys. SecExternalFormat dataFormat = kSecFormatWrappedPKCS8; CFDataRef exportData = NULL;