Make DSA.Create, AesCcm, AesGcm, ChaCha20Poly1305 throw PNSE on iOS (#…

…52978)

src/libraries/Common/src/Internal/Cryptography/Helpers.cs

@@ -4,11 +4,21 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Cryptography;
+using System.Runtime.Versioning;
 
 namespace Internal.Cryptography
 {
  internal static partial class Helpers
  {
+#if NET5_0_OR_GREATER
+ [UnsupportedOSPlatformGuard("ios")]
+ [UnsupportedOSPlatformGuard("tvos")]
+ [UnsupportedOSPlatformGuard("maccatalyst")]
+ public static bool IsDSASupported => !OperatingSystem.IsIOS() && !OperatingSystem.IsTvOS() && !OperatingSystem.IsMacCatalyst();
+#else
+ public static bool IsDSASupported => true;
+#endif
+
  [return: NotNullIfNotNull("src")]
  public static byte[]? CloneByteArray(this byte[]? src)
  {

src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs

@@ -11,7 +11,7 @@ namespace System.Security.Cryptography
 #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
  public partial class DSA : AsymmetricAlgorithm
  {
- public static new DSA Create()
+ private static DSA CreateCore()
  {
  return new DSAImplementation.DSAOpenSsl();
  }

src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs

@@ -12,10 +12,9 @@
 namespace System.Security.Cryptography
 {
 #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
-
  public partial class DSA : AsymmetricAlgorithm
  {
- public static new DSA Create()
+ private static DSA CreateCore()
  {
  return new DSAImplementation.DSASecurityTransforms();
  }

src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs

@@ -105,7 +105,7 @@ public static bool OpenSslPresentOnSystem
  {
  get
  {
- if (IsAndroid || IsiOS || IstvOS || IsMacCatalyst || IsBrowser)
+ if (IsAndroid || UsesMobileAppleCrypto || IsBrowser)
  {
  return false;
  }

src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs

@@ -138,6 +138,7 @@ public static bool IsNonZeroLowerBoundArraySupported
  public static bool IsOpenSslSupported => IsLinux || IsFreeBSD || Isillumos || IsSolaris;
 
  public static bool UsesAppleCrypto => IsOSX || IsMacCatalyst || IsiOS || IstvOS;
+ public static bool UsesMobileAppleCrypto => IsMacCatalyst || IsiOS || IstvOS;
 
  // Changed to `true` when linking
  public static bool IsBuiltWithAggressiveTrimming => false;

src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs

@@ -15,6 +15,9 @@ protected Aes() { }
  public static new System.Security.Cryptography.Aes? Create(string algorithmName) { throw null; }
  }
  [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
  public sealed partial class AesCcm : System.IDisposable
  {
  public AesCcm(byte[] key) { }
@@ -29,6 +32,9 @@ public void Encrypt(byte[] nonce, byte[] plaintext, byte[] ciphertext, byte[] ta
  public void Encrypt(System.ReadOnlySpan<byte> nonce, System.ReadOnlySpan<byte> plaintext, System.Span<byte> ciphertext, System.Span<byte> tag, System.ReadOnlySpan<byte> associatedData = default(System.ReadOnlySpan<byte>)) { }
  }
  [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
  public sealed partial class AesGcm : System.IDisposable
  {
  public AesGcm(byte[] key) { }
@@ -101,6 +107,9 @@ protected AsymmetricSignatureFormatter() { }
  public abstract void SetKey(System.Security.Cryptography.AsymmetricAlgorithm key);
  }
  [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
  public sealed partial class ChaCha20Poly1305 : System.IDisposable
  {
  public ChaCha20Poly1305(byte[] key) { }
@@ -154,8 +163,17 @@ protected DES() { }
  public abstract partial class DSA : System.Security.Cryptography.AsymmetricAlgorithm
  {
  protected DSA() { }
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
  public static new System.Security.Cryptography.DSA Create() { throw null; }
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
  public static System.Security.Cryptography.DSA Create(int keySizeInBits) { throw null; }
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+ [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
  public static System.Security.Cryptography.DSA Create(System.Security.Cryptography.DSAParameters parameters) { throw null; }
  [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The default algorithm implementations might be removed, use strong type references like 'RSA.Create()' instead.")]
  public static new System.Security.Cryptography.DSA? Create(string algName) { throw null; }

src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj

@@ -520,8 +520,6 @@
  Link="Common\Microsoft\Win32\SafeHandles\SafeCreateHandle.OSX.cs" />
  <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeHandleCache.cs"
  Link="Common\Microsoft\Win32\SafeHandles\SafeHandleCache.cs" />
- <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.cs"
- Link="Common\System\Security\Cryptography\DSASecurityTransforms.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\EccSecurityTransforms.cs"
  Link="Common\System\Security\Cryptography\EccSecurityTransforms.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\ECDiffieHellmanSecurityTransforms.cs"
@@ -546,6 +544,8 @@
  Link="Common\Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.Pbkdf2.cs" />
  <Compile Include="$(CommonPath)Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.SecKeyRef.macOS.cs"
  Link="Common\Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.SecKeyRef.macOS.cs" />
+ <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.cs"
+ Link="Common\System\Security\Cryptography\DSASecurityTransforms.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.macOS.cs"
  Link="Common\System\Security\Cryptography\DSASecurityTransforms.macOS.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\EccSecurityTransforms.macOS.cs"
@@ -555,25 +555,27 @@
  <Compile Include="Internal\Cryptography\Pbkdf2Implementation.OSX.cs" />
  </ItemGroup>
  <ItemGroup Condition="'$(UseAppleCrypto)' == 'true' AND '$(TargetsOSX)' != 'true'">
- <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.iOS.cs"
- Link="Common\System\Security\Cryptography\DSASecurityTransforms.iOS.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\EccSecurityTransforms.iOS.cs"
  Link="Common\System\Security\Cryptography\EccSecurityTransforms.iOS.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\RSASecurityTransforms.iOS.cs"
  Link="Common\System\Security\Cryptography\RSASecurityTransforms.iOS.cs" />
  <Compile Include="Internal\Cryptography\Pbkdf2Implementation.Managed.cs" />
+ <Compile Include="System\Security\Cryptography\AesCcm.NotSupported.cs" />
+ <Compile Include="System\Security\Cryptography\AesGcm.NotSupported.cs" />
+ <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.NotSupported.cs" />
+ <Compile Include="System\Security\Cryptography\DSA.Create.NotSupported.cs" />
  </ItemGroup>
  <ItemGroup Condition=" '$(TargetsUnix)' == 'true'">
  <Compile Include="$(CommonPath)Interop\Unix\Interop.Libraries.cs"
  Link="Common\Interop\Unix\Interop.Libraries.cs" />
  <Compile Include="$(CommonPath)Internal\Cryptography\AsymmetricAlgorithmHelpers.Hash.cs"
  Link="Common\Internal\Cryptography\AsymmetricAlgorithmHelpers.Hash.cs" />
- <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
- Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\ECDiffieHellmanDerivation.cs"
  Link="Common\System\Security\Cryptography\ECDiffieHellmanDerivation.cs" />
  </ItemGroup>
- <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true'">
+ <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true' and '$(TargetsiOS)' != 'true' and '$(TargetstvOS)' != 'true'">
+ <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
+ Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
  <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs"
  Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs" />
  <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.EVP.Cipher.cs"
@@ -582,9 +584,9 @@
  Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.ERR.cs" />
  <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs"
  Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs" />
+ <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.Unix.cs" />
  <Compile Include="System\Security\Cryptography\AesCcm.Unix.cs" />
  <Compile Include="System\Security\Cryptography\AesGcm.Unix.cs" />
- <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.Unix.cs" />
  </ItemGroup>
  <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true' and '$(UseAppleCrypto)' != 'true'">
  <Compile Include="Internal\Cryptography\DesImplementation.Unix.cs" />
@@ -676,6 +678,8 @@
  Link="Common\Interop\Android\System.Security.Cryptography.Native.Android\Interop.Rsa.cs" />
  <Compile Include="$(CommonPath)Interop\Android\System.Security.Cryptography.Native.Android\SafeKeyHandle.cs"
  Link="Common\Interop\Android\System.Security.Cryptography.Native.Android\SafeKeyHandle.cs" />
+ <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
+ Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
  <Compile Include="$(CommonPath)System\Security\Cryptography\DSAAndroid.cs"
  Link="Common\System\Security\Cryptography\DSAAndroid.cs" />
  <Compile Include="System\Security\Cryptography\DSA.Create.Android.cs" />

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs

@@ -1,10 +1,48 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics;
+
 namespace System.Security.Cryptography
 {
  public partial class AesCcm
  {
  public static bool IsSupported => false;
+
+#if !BROWSER // allow GenFacades to handle browser target
+ private void ImportKey(ReadOnlySpan<byte> key)
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ throw new NotImplementedException();
+ }
+
+ private void EncryptCore(
+ ReadOnlySpan<byte> nonce,
+ ReadOnlySpan<byte> plaintext,
+ Span<byte> ciphertext,
+ Span<byte> tag,
+ ReadOnlySpan<byte> associatedData = default)
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ throw new NotImplementedException();
+ }
+
+ private void DecryptCore(
+ ReadOnlySpan<byte> nonce,
+ ReadOnlySpan<byte> ciphertext,
+ ReadOnlySpan<byte> tag,
+ Span<byte> plaintext,
+ ReadOnlySpan<byte> associatedData = default)
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ throw new NotImplementedException();
+ }
+
+ public void Dispose()
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ // no-op
+ }
+#endif
  }
 }

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs

@@ -7,6 +7,9 @@
 namespace System.Security.Cryptography
 {
  [UnsupportedOSPlatform("browser")]
+ [UnsupportedOSPlatform("ios")]
+ [UnsupportedOSPlatform("tvos")]
+ [UnsupportedOSPlatform("maccatalyst")]
  public sealed partial class AesCcm : IDisposable
  {
  public static KeySizes NonceByteSizes { get; } = new KeySizes(7, 13, 1);

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs

@@ -1,10 +1,48 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics;
+
 namespace System.Security.Cryptography
 {
  public partial class AesGcm
  {
  public static bool IsSupported => false;
+
+#if !BROWSER // allow GenFacades to handle browser target
+ private void ImportKey(ReadOnlySpan<byte> key)
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ throw new NotImplementedException();
+ }
+
+ private void EncryptCore(
+ ReadOnlySpan<byte> nonce,
+ ReadOnlySpan<byte> plaintext,
+ Span<byte> ciphertext,
+ Span<byte> tag,
+ ReadOnlySpan<byte> associatedData = default)
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ throw new NotImplementedException();
+ }
+
+ private void DecryptCore(
+ ReadOnlySpan<byte> nonce,
+ ReadOnlySpan<byte> ciphertext,
+ ReadOnlySpan<byte> tag,
+ Span<byte> plaintext,
+ ReadOnlySpan<byte> associatedData = default)
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ throw new NotImplementedException();
+ }
+
+ public void Dispose()
+ {
+ Debug.Fail("Instance ctor should fail before we reach this point.");
+ // no-op
+ }
+#endif
  }
 }

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs

@@ -7,6 +7,9 @@
 namespace System.Security.Cryptography
 {
  [UnsupportedOSPlatform("browser")]
+ [UnsupportedOSPlatform("ios")]
+ [UnsupportedOSPlatform("tvos")]
+ [UnsupportedOSPlatform("maccatalyst")]
  public sealed partial class AesGcm : IDisposable
  {
  private const int NonceSize = 12;

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs

@@ -7,6 +7,9 @@
 namespace System.Security.Cryptography
 {
  [UnsupportedOSPlatform("browser")]
+ [UnsupportedOSPlatform("ios")]
+ [UnsupportedOSPlatform("tvos")]
+ [UnsupportedOSPlatform("maccatalyst")]
  public sealed partial class ChaCha20Poly1305 : IDisposable
  {
  // Per https://tools.ietf.org/html/rfc7539, ChaCha20Poly1305 AEAD requires a 256-bit key and 96-bit nonce,

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs

@@ -185,8 +185,13 @@ private static Dictionary<string, object> DefaultNameHT
  ht.Add("System.Security.Cryptography.RSA", RSACryptoServiceProviderType);
  ht.Add("System.Security.Cryptography.AsymmetricAlgorithm", RSACryptoServiceProviderType);
 
- ht.Add("DSA", DSACryptoServiceProviderType);
- ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType);
+ if (!OperatingSystem.IsIOS() &&
+ !OperatingSystem.IsTvOS() &&
+ !OperatingSystem.IsMacCatalyst())
+ {
+ ht.Add("DSA", DSACryptoServiceProviderType);
+ ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType);
+ }
 
  // Windows will register the public ECDsaCng type. Non-Windows gets a special handler.
  if (OperatingSystem.IsWindows())

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs

@@ -5,7 +5,7 @@ namespace System.Security.Cryptography
 {
  public partial class DSA : AsymmetricAlgorithm
  {
- public static new DSA Create()
+ private static DSA CreateCore()
  {
  return new DSAImplementation.DSAAndroid();
  }

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs

@@ -0,0 +1,15 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.Versioning;
+
+namespace System.Security.Cryptography
+{
+ public partial class DSA : AsymmetricAlgorithm
+ {
+ private static DSA CreateCore()
+ {
+ throw new PlatformNotSupportedException();
+ }
+ }
+}