-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[iOS] DSA API surface on iOS #52758
Comments
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue DetailsRef: #51926 (comment), #52755 (comment) Currently There are two way to deal with it:
Preferably this should be decided and cleaned up before putting any more annotations in the S.S.C.Algorithms code and before specific DSA-related tests are disabled.
|
I think PNSE on |
It's definitely possible. At some point I had a branch with it but I decided not to pursue it as part of the bring-up PR because it would be hard to read along with the other changes. |
I'll revive the branch once my other iOS PRs are merged, it would only create conflicts now. |
I agree. There may be some annoying collateral, but it's probably OK. private AsymmetricAlgorithm LoadAnything(ReadOnlySpan<byte> data)
{
RSA rsa = RSA.Create();
DSA dsa = DSA.Create();
ECDsa ecdsa = ECDsa.Create();
try
{
rsa.ImportRSAPrivateKey(data, out _);
return rsa;
}
// repeat for all file formats of all types
} This kind of thing would need to structure the code to not call DSA.Create too early (and to check for it failing). But it'll be pretty rare, I think, and the platform squiggler will warn them if they say iOS is in scope. |
The change is quite small: https:/dotnet/runtime/compare/main...filipnavara:dsa-ios?expand=1 ... it can be cleaned up a bit once #52191 is merged to remove DSASecurityTransforms.iOS.cs completely. |
Ref: #51926 (comment), #52755 (comment)
Currently
System.Security.Cryptography.DSA.Create
returns a useless object on iOS. The object doesn't implement key generation, signing or verification since none of them are supported at the OS level. This is obviously not ideal because it may falsely lead someone to believe that theDSA
works under some circumstances and it increases the binary size.There are two way to deal with it:
DSASecurityTransforms
on iOS completely and makeDSA.Create
itself throwPlatformNotSupportedException
. This has some collateral damage whereCryptoConfig
needs to be modified not to return anyDSA
types to avoid breaking assumptions elsewhere in the code.Preferably this should be decided and cleaned up before putting any more annotations in the S.S.C.Algorithms code and before specific DSA-related tests are disabled.
The text was updated successfully, but these errors were encountered: