diff --git a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs index acf7ea05d67589..bdad447dceb5a4 100644 --- a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs +++ b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs @@ -15,7 +15,6 @@ internal static partial class AppleCrypto internal enum PAL_SignatureAlgorithm : uint { Unknown = 0, - DSA = 1, RsaPkcs1 = 2, RsaPss = 3, RsaRaw = 4, diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs deleted file mode 100644 index d73cf2c333fd2a..00000000000000 --- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs +++ /dev/null @@ -1,187 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.IO; -using System.Security.Cryptography.Apple; -using Internal.Cryptography; - -namespace System.Security.Cryptography -{ - internal static partial class DSAImplementation - { - public sealed partial class DSASecurityTransforms : DSA, IRuntimeAlgorithm - { - private SecKeyPair? _keys; - private bool _disposed; - - public DSASecurityTransforms() - : this(1024) - { - } - - public DSASecurityTransforms(int keySize) - { - base.KeySize = keySize; - } - - internal DSASecurityTransforms(SafeSecKeyRefHandle publicKey) - { - SetKey(SecKeyPair.PublicOnly(publicKey)); - } - - internal DSASecurityTransforms(SafeSecKeyRefHandle publicKey, SafeSecKeyRefHandle privateKey) - { - SetKey(SecKeyPair.PublicPrivatePair(publicKey, privateKey)); - } - - public override KeySizes[] LegalKeySizes - { - get - { - return new[] { new KeySizes(minSize: 512, maxSize: 1024, skipSize: 64) }; - } - } - - public override int KeySize - { - get - { - return base.KeySize; - } - set - { - if (KeySize == value) - return; - - // Set the KeySize before freeing the key so that an invalid value doesn't throw away the key - base.KeySize = value; - - ThrowIfDisposed(); - - if (_keys != null) - { - _keys.Dispose(); - _keys = null; - } - } - } - - public override byte[] CreateSignature(byte[] rgbHash) - { - ArgumentNullException.ThrowIfNull(rgbHash); - - SecKeyPair keys = GetKeys(); - - if (keys.PrivateKey == null) - { - throw new CryptographicException(SR.Cryptography_CSP_NoPrivateKey); - } - - byte[] derFormatSignature = Interop.AppleCrypto.CreateSignature( - keys.PrivateKey, - rgbHash, - Interop.AppleCrypto.PAL_HashAlgorithm.Unknown, - Interop.AppleCrypto.PAL_SignatureAlgorithm.DSA); - - // Since the AppleCrypto implementation is limited to FIPS 186-2, signature field sizes - // are always 160 bits / 20 bytes (the size of SHA-1, and the only legal length for Q). - byte[] ieeeFormatSignature = AsymmetricAlgorithmHelpers.ConvertDerToIeee1363( - derFormatSignature.AsSpan(0, derFormatSignature.Length), - fieldSizeBits: SHA1.HashSizeInBits); - - return ieeeFormatSignature; - } - - public override bool VerifySignature(byte[] hash, byte[] signature) - { - ArgumentNullException.ThrowIfNull(hash); - ArgumentNullException.ThrowIfNull(signature); - - return VerifySignature((ReadOnlySpan)hash, (ReadOnlySpan)signature); - } - - public override bool VerifySignature(ReadOnlySpan hash, ReadOnlySpan signature) - { - byte[] derFormatSignature = AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(signature); - - return Interop.AppleCrypto.VerifySignature( - GetKeys().PublicKey, - hash, - derFormatSignature, - Interop.AppleCrypto.PAL_HashAlgorithm.Unknown, - Interop.AppleCrypto.PAL_SignatureAlgorithm.DSA); - } - - protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) - { - if (hashAlgorithm != HashAlgorithmName.SHA1) - { - // Matching DSACryptoServiceProvider's "I only understand SHA-1/FIPS 186-2" exception - throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithm.Name); - } - - return CryptographicOperations.HashData(hashAlgorithm, new ReadOnlySpan(data, offset, count)); - } - - protected override void Dispose(bool disposing) - { - if (disposing) - { - if (_keys != null) - { - _keys.Dispose(); - _keys = null; - } - - _disposed = true; - } - - base.Dispose(disposing); - } - - private void ThrowIfDisposed() - { - // The other SecurityTransforms types use _keys.PublicKey == null, - // but since Apple doesn't provide DSA key generation we can't easily tell - // if a failed attempt to generate a key happened, or we're in a pristine state. - // - // So this type uses an explicit field, rather than inferred state. - ObjectDisposedException.ThrowIf(_disposed, this); - } - - internal SecKeyPair GetKeys() - { - ThrowIfDisposed(); - - SecKeyPair? current = _keys; - - if (current != null) - { - return current; - } - - // macOS declares DSA invalid for key generation. - // Rather than write code which might or might not work, returning - // (OSStatus)-4 (errSecUnimplemented), just make the exception occur here. - // - // When the native code can be verified, then it can be added. - throw new PlatformNotSupportedException(SR.Cryptography_DSA_KeyGenNotSupported); - } - - private void SetKey(SecKeyPair newKeyPair) - { - ThrowIfDisposed(); - - SecKeyPair? current = _keys; - _keys = newKeyPair; - current?.Dispose(); - - if (newKeyPair != null) - { - int size = Interop.AppleCrypto.GetSimpleKeySizeInBits(newKeyPair.PublicKey); - KeySizeValue = size; - } - } - } - } -} diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs deleted file mode 100644 index fcf72d39044a64..00000000000000 --- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs +++ /dev/null @@ -1,211 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.Buffers; -using System.Diagnostics; -using System.Formats.Asn1; -using System.IO; -using System.Runtime.InteropServices; -using System.Security.Cryptography.Apple; -using Internal.Cryptography; - -namespace System.Security.Cryptography -{ - internal static partial class DSAImplementation - { - public sealed partial class DSASecurityTransforms : DSA - { - public override DSAParameters ExportParameters(bool includePrivateParameters) - { - // Apple requires all private keys to be exported encrypted, but since we're trying to export - // as parsed structures we will need to decrypt it for the user. - const string ExportPassword = "DotnetExportPassphrase"; - SecKeyPair keys = GetKeys(); - - if (includePrivateParameters && keys.PrivateKey == null) - { - throw new CryptographicException(SR.Cryptography_OpenInvalidHandle); - } - - byte[] keyBlob = Interop.AppleCrypto.SecKeyExport( - includePrivateParameters ? keys.PrivateKey : keys.PublicKey, - exportPrivate: includePrivateParameters, - password: ExportPassword); - - try - { - if (!includePrivateParameters) - { - DSAKeyFormatHelper.ReadSubjectPublicKeyInfo( - keyBlob, - out int localRead, - out DSAParameters key); - Debug.Assert(localRead == keyBlob.Length); - return key; - } - else - { - DSAKeyFormatHelper.ReadEncryptedPkcs8( - keyBlob, - (ReadOnlySpan)ExportPassword, - out int localRead, - out DSAParameters key); - Debug.Assert(localRead == keyBlob.Length); - return key; - } - } - finally - { - CryptographicOperations.ZeroMemory(keyBlob); - } - } - - public override void ImportParameters(DSAParameters parameters) - { - if (parameters.P == null || parameters.Q == null || parameters.G == null || parameters.Y == null) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MissingFields); - - // J is not required and is not even used on CNG blobs. - // It should, however, be less than P (J == (P-1) / Q). - // This validation check is just to maintain parity with DSACng and DSACryptoServiceProvider, - // which also perform this check. - if (parameters.J != null && parameters.J.Length >= parameters.P.Length) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MismatchedPJ); - - int keySize = parameters.P.Length; - bool hasPrivateKey = parameters.X != null; - - if (parameters.G.Length != keySize || parameters.Y.Length != keySize) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MismatchedPGY); - - if (hasPrivateKey && parameters.X!.Length != parameters.Q.Length) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MismatchedQX); - - if (!(8 * parameters.P.Length).IsLegalSize(LegalKeySizes)) - throw new CryptographicException(SR.Cryptography_InvalidKeySize); - - if (parameters.Q.Length != 20) - throw new CryptographicException(SR.Cryptography_InvalidDsaParameters_QRestriction_ShortKey); - - ThrowIfDisposed(); - - if (hasPrivateKey) - { - SafeSecKeyRefHandle privateKey = ImportKey(parameters); - - DSAParameters publicOnly = parameters; - publicOnly.X = null; - - SafeSecKeyRefHandle publicKey; - try - { - publicKey = ImportKey(publicOnly); - } - catch - { - privateKey.Dispose(); - throw; - } - - SetKey(SecKeyPair.PublicPrivatePair(publicKey, privateKey)); - } - else - { - SafeSecKeyRefHandle publicKey = ImportKey(parameters); - SetKey(SecKeyPair.PublicOnly(publicKey)); - } - } - - public override void ImportEncryptedPkcs8PrivateKey( - ReadOnlySpan passwordBytes, - ReadOnlySpan source, - out int bytesRead) - { - ThrowIfDisposed(); - base.ImportEncryptedPkcs8PrivateKey(passwordBytes, source, out bytesRead); - } - - public override void ImportEncryptedPkcs8PrivateKey( - ReadOnlySpan password, - ReadOnlySpan source, - out int bytesRead) - { - ThrowIfDisposed(); - base.ImportEncryptedPkcs8PrivateKey(password, source, out bytesRead); - } - - internal static SafeSecKeyRefHandle ImportKey(DSAParameters parameters) - { - AsnWriter keyWriter; - bool hasPrivateKey; - - if (parameters.X != null) - { - // DSAPrivateKey ::= SEQUENCE( - // version INTEGER, - // p INTEGER, - // q INTEGER, - // g INTEGER, - // y INTEGER, - // x INTEGER, - // ) - - keyWriter = new AsnWriter(AsnEncodingRules.DER); - - using (keyWriter.PushSequence()) - { - keyWriter.WriteInteger(0); - keyWriter.WriteKeyParameterInteger(parameters.P); - keyWriter.WriteKeyParameterInteger(parameters.Q); - keyWriter.WriteKeyParameterInteger(parameters.G); - keyWriter.WriteKeyParameterInteger(parameters.Y); - keyWriter.WriteKeyParameterInteger(parameters.X); - } - - hasPrivateKey = true; - } - else - { - keyWriter = DSAKeyFormatHelper.WriteSubjectPublicKeyInfo(parameters); - hasPrivateKey = false; - } - - try - { - return keyWriter.Encode(hasPrivateKey, static (hasPrivateKey, encoded) => - { - return Interop.AppleCrypto.ImportEphemeralKey(encoded, hasPrivateKey); - }); - } - finally - { - // Explicitly clear the inner buffer - keyWriter.Reset(); - } - } - - public override unsafe void ImportSubjectPublicKeyInfo( - ReadOnlySpan source, - out int bytesRead) - { - ThrowIfDisposed(); - - fixed (byte* ptr = &MemoryMarshal.GetReference(source)) - { - using (MemoryManager manager = new PointerMemoryManager(ptr, source.Length)) - { - // Validate the DER value and get the number of bytes. - DSAKeyFormatHelper.ReadSubjectPublicKeyInfo( - manager.Memory, - out int localRead); - - SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.ImportEphemeralKey(source.Slice(0, localRead), false); - SetKey(SecKeyPair.PublicOnly(publicKey)); - - bytesRead = localRead; - } - } - } - } - } -} diff --git a/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs b/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs index e6b8ec6b91fb46..8f9fa918f99929 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs @@ -30,7 +30,12 @@ internal static partial class Helpers #if NET [UnsupportedOSPlatformGuard("ios")] [UnsupportedOSPlatformGuard("tvos")] - public static bool IsDSASupported => !OperatingSystem.IsIOS() && !OperatingSystem.IsTvOS(); + public static bool IsDSASupported => + !OperatingSystem.IsIOS() && + !OperatingSystem.IsTvOS() && + !OperatingSystem.IsMacOS() && + !OperatingSystem.IsMacCatalyst() && + !OperatingSystem.IsBrowser(); #else public static bool IsDSASupported => true; #endif diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs index 9d2b09070dd1cf..2c138d33d1e4ab 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs @@ -8,7 +8,6 @@ public interface IDSAProvider DSA Create(); DSA Create(int keySize); bool SupportsFips186_3 { get; } - bool SupportsKeyGeneration { get; } } public static partial class DSAFactory @@ -35,7 +34,5 @@ public static DSA Create(in DSAParameters dsaParameters) /// If true, 186-3 includes support for keysizes >1024 and SHA-2 algorithms /// public static bool SupportsFips186_3 => s_provider.SupportsFips186_3; - - public static bool SupportsKeyGeneration => s_provider.SupportsKeyGeneration; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs index 992b5357484307..b36bdfb1c8a0f2 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs @@ -1,14 +1,14 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] public partial class DSAFactoryTests { - [Fact] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DSACreateDefault_Equals_SameInstance() { using DSA dsa = DSAFactory.Create(); @@ -16,14 +16,14 @@ public static void DSACreateDefault_Equals_SameInstance() AssertExtensions.TrueExpression(dsa.Equals(dsa)); } - [Fact] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DSACreateKeySize_Equals_SameInstance() { using DSA dsa = DSAFactory.Create(1024); AssertExtensions.TrueExpression(dsa.Equals(dsa)); } - [Fact] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DsaCreate_Equals_DifferentInstance_FalseForSameKeyMaterial() { using DSA dsa1 = DSAFactory.Create(); @@ -32,5 +32,12 @@ public static void DsaCreate_Equals_DifferentInstance_FalseForSameKeyMaterial() dsa2.ImportParameters(DSATestData.GetDSA1024Params()); AssertExtensions.FalseExpression(dsa1.Equals(dsa2)); } + + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSANotSupported))] + public static void DSACreate_NotSupported() + { + Assert.Throws(() => DSAFactory.Create()); + Assert.Throws(() => DSAFactory.Create(1024)); + } } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs index 50208a71b86b29..9ce2a37b5388a2 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs @@ -1,17 +1,15 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public partial class DSAImportExport { - public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; - - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void ExportAutoKey() { DSAParameters privateParams; @@ -73,7 +71,7 @@ public static void Import_1024() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public static void Import_2048() { using (DSA dsa = DSAFactory.Create()) @@ -143,13 +141,7 @@ public static void ExportAfterDispose(bool importKey) // Ensure that the key got created, and then Dispose it. using (key) { - try - { - key.CreateSignature(hash); - } - catch (PlatformNotSupportedException) when (!SupportsKeyGeneration) - { - } + key.CreateSignature(hash); // Assert.NoThrow } Assert.Throws(() => key.ExportParameters(false)); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs index 3d655f77ea96b1..b53547b6983a1a 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs @@ -10,12 +10,12 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSAKeyFileTests { public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsKeyGeneration))] + [Fact] public static void UseAfterDispose_NewKey() { UseAfterDispose(false); @@ -305,7 +305,6 @@ public static void ReadWriteDsa2048SubjectPublicKeyInfo() } [Fact] - [SkipOnPlatform(TestPlatforms.OSX, "DSASecurityTransforms goes straight to OS, has different failure mode")] public static void ImportNonsensePublicParameters() { AsnWriter writer = new AsnWriter(AsnEncodingRules.DER); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs index 7a7eb4e1f94de6..50006be25f8cb1 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs @@ -1,14 +1,14 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public partial class DSAKeyGeneration { - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; public static bool HasSecondMinSize { get; } = GetHasSecondMinSize(); [Fact] @@ -23,19 +23,19 @@ public static void VerifyDefaultKeySize_Fips186_2() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void GenerateMinKey() { GenerateKey(dsa => GetMin(dsa.LegalKeySizes)); } - [ConditionalFact(nameof(SupportsKeyGeneration), nameof(HasSecondMinSize))] + [ConditionalFact(nameof(HasSecondMinSize))] public static void GenerateSecondMinKey() { GenerateKey(dsa => GetSecondMin(dsa.LegalKeySizes)); } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void GenerateKey_1024() { GenerateKey(1024); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs index a00c34b0e4f9ae..86ae8ed1595efc 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSAKeyPemTests { private const string AmbiguousExceptionMarker = "multiple keys"; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs index 6ad596a040c4b3..658fc5cdfc9a04 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public sealed class DSASignVerify_Array : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -54,7 +54,7 @@ public void InvalidStreamArrayArguments_Throws() } } - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public sealed class DSASignVerify_Stream : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -76,7 +76,7 @@ public void InvalidArrayArguments_Throws() } #if NET - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public sealed class DSASignVerify_Span : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -109,13 +109,13 @@ private static byte[] TryWithOutputArray(Func func) } } #endif - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public abstract partial class DSASignVerify { public abstract byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm); public abstract bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm); - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void InvalidKeySize_DoesNotInvalidateKey() { using (DSA dsa = DSAFactory.Create()) @@ -129,7 +129,7 @@ public void InvalidKeySize_DoesNotInvalidateKey() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void UseAfterDispose_NewKey() { UseAfterDispose(false); @@ -191,7 +191,7 @@ protected virtual void UseAfterDispose(DSA dsa, byte[] data, byte[] sig) () => VerifyData(dsa, data, sig, HashAlgorithmName.SHA1)); } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void SignAndVerifyDataNew1024() { using (DSA dsa = DSAFactory.Create(1024)) @@ -255,13 +255,13 @@ public void SignAndVerifyDataExplicit1024() SignAndVerify(DSATestData.HelloBytes, "SHA1", DSATestData.GetDSA1024Params(), 40); } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void SignAndVerifyDataExplicit2048() { SignAndVerify(DSATestData.HelloBytes, "SHA256", DSATestData.GetDSA2048Params(), 64); } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void VerifyKnown_2048_SHA256() { byte[] signature = @@ -285,7 +285,7 @@ public void VerifyKnown_2048_SHA256() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void VerifyKnown_2048_SHA384() { byte[] signature = @@ -309,7 +309,7 @@ public void VerifyKnown_2048_SHA384() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void VerifyKnown_2048_SHA512() { byte[] signature = @@ -352,7 +352,7 @@ public void VerifyKnownSignature() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void Sign2048WithSha1() { byte[] data = { 1, 2, 3, 4 }; @@ -367,7 +367,7 @@ public void Sign2048WithSha1() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void Verify2048WithSha1() { byte[] data = { 1, 2, 3, 4 }; @@ -429,6 +429,5 @@ internal static bool SupportsFips186_3 return DSAFactory.SupportsFips186_3; } } - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs index 149f4825d3f96d..28ce3e7a0a60c0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs @@ -4,11 +4,12 @@ using System.Collections.Generic; using System.Linq; using System.Security.Cryptography.Algorithms.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public abstract class DSASignatureFormatTests : DsaFamilySignatureFormatTests { protected override bool SupportsSha2 => DSAFactory.SupportsFips186_3; @@ -49,18 +50,11 @@ private static KeyDescription OpenKey(in DSAParameters dsaParameters) protected static IEnumerable LocalGenerateTestKeys() { - if (DSAFactory.SupportsKeyGeneration) - { - yield return CreateKey(1024); - - if (DSAFactory.SupportsFips186_3) - { - yield return CreateKey(2048); - } - } + yield return CreateKey(1024); if (DSAFactory.SupportsFips186_3) { + yield return CreateKey(2048); yield return OpenKey(DSATestData.GetDSA2048Params()); } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs index 30d5dd6bb55271..9b19f42d34a9c5 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs @@ -2,11 +2,12 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public partial class DSASignatureFormatterTests : AsymmetricSignatureFormatterTests { [Fact] diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs index 69de7580f62e6a..4c6ea3050803f0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs @@ -3,11 +3,12 @@ using System.Collections.Generic; using System.Xml.Linq; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSAXml { [Fact] @@ -414,8 +415,8 @@ public static void TestWriteDeficientXParameters(bool includePrivateParameters) "AMhxt+OJaF25fZNN1wEfqwdv8n7EKC+wDA1kbSnV5OU="); } - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsKeyGeneration))] - [OuterLoop("DSA key generation is very slow", ~TestPlatforms.Browser)] + [Fact] + [OuterLoop("DSA key generation is very slow")] public static void FromToXml() { using (DSA dsa = DSAFactory.Create()) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs b/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs index 498fcd842bf6fd..a7e6dee0820d13 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs @@ -140,6 +140,9 @@ private static bool CheckIfRsaPssSupported() // Whether or not the current platform supports RC2 internal static bool IsRC2Supported => s_lazyIsRC2Supported.Value; + internal static bool IsDSASupported => !PlatformDetection.IsApplePlatform && !PlatformDetection.IsBrowser; + internal static bool IsDSANotSupported => !IsDSASupported; + #if NET internal static readonly bool IsAndroidVersionAtLeast31 = OperatingSystem.IsAndroidVersionAtLeast(31); #else diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs b/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs index dd88d0e9956ae4..5fdefd04f006f9 100644 --- a/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs +++ b/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs @@ -15,8 +15,7 @@ public DSA Create(int keySize) return new DSACng(keySize); } - public bool SupportsFips186_3 => (!PlatformDetection.IsWindows7); - public bool SupportsKeyGeneration => true; + public bool SupportsFips186_3 => !PlatformDetection.IsWindows7; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs index b4982af70f11ab..bf2ae8459307bc 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs @@ -16,7 +16,6 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => false; - public bool SupportsKeyGeneration => !PlatformDetection.IsApplePlatform; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs index ee39a1d91ee803..d01e787470c0c6 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs @@ -7,13 +7,11 @@ namespace System.Security.Cryptography.Csp.Tests { - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public class DSACryptoServiceProviderTests { const int PROV_DSS_DH = 13; - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; - [Fact] public static void DefaultKeySize() { @@ -248,7 +246,7 @@ public static void ImportParameters_KeyTooBig_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyHash_InvalidHashAlgorithm_Throws() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -260,7 +258,7 @@ public static void VerifyHash_InvalidHashAlgorithm_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void SignHash_DefaultAlgorithm_Success() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -272,7 +270,7 @@ public static void SignHash_DefaultAlgorithm_Success() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void SignHash_InvalidHashAlgorithm_Throws() { byte[] hashVal = SHA256.HashData(DSATestData.HelloBytes); @@ -283,7 +281,7 @@ public static void SignHash_InvalidHashAlgorithm_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyHash_DefaultAlgorithm_Success() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -295,7 +293,7 @@ public static void VerifyHash_DefaultAlgorithm_Success() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyHash_CaseInsensitive_Success() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -330,7 +328,7 @@ public static void SignData_InvalidHashAlgorithm_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyData_InvalidHashAlgorithm_Throws() { using (var dsa = new DSACryptoServiceProvider()) diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs b/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs index 491262dfc1ca6c..3d4b74ed7e43c5 100644 --- a/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs +++ b/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs @@ -16,7 +16,6 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => true; - public bool SupportsKeyGeneration => true; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 59a8be63676579..5d60257c68a279 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -511,10 +511,9 @@ public static void AddSignerWithNegativeSerial() cms.CheckSignature(true); } - [Theory] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, false)] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, true)] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void AddFirstSigner_DSA(SubjectIdentifierType identifierType, bool detached) { #if NET @@ -1126,8 +1125,8 @@ public static void EnsureExtraCertsAdded(bool newDocument) { cms = new SignedCms(); - // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead - if (PlatformDetection.UsesMobileAppleCrypto) + // DSA is not supported, so use ECDsa signed document instead + if (!PlatformSupport.IsDSASupported) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index b1a9683c401d58..2be391dfe1ff09 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -72,8 +72,7 @@ public static void SignCmsUsingExplicitRSAKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void SignCmsUsingExplicitDSAKey() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -123,8 +122,7 @@ public static void SignCmsUsingExplicitSlhDsaKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCounterSignature() { using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) @@ -136,8 +134,7 @@ public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCount } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CounterSignCmsUsingExplicitDSAKeyForFirstSignerAndECDsaForCounterSignature() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -574,8 +571,7 @@ public static void AddSigner_RSA_EphemeralKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void AddSigner_DSA_EphemeralKey() { using (DSA dsa = DSA.Create()) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index 8b5160ba843caf..c7b358e6c8f989 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -5,6 +5,7 @@ using System.Linq; using System.Security.Cryptography.SLHDsa.Tests; using System.Security.Cryptography.X509Certificates; +using Microsoft.DotNet.XUnitExtensions; using Test.Cryptography; using Xunit; @@ -441,11 +442,10 @@ public static void RemoveCounterSignature_WithNoMatch() () => signerInfo.RemoveCounterSignature(signerInfo)); } - [Theory] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] [InlineData(0)] [InlineData(1)] [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework, "NetFx bug")] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void RemoveCounterSignature_EncodedInSingleAttribute(int indexToRemove) { SignedCms cms = new SignedCms(); @@ -676,9 +676,13 @@ public static void AddCounterSignerToUnsortedAttributeSignature() } [ConditionalFact(typeof(SignatureSupport), nameof(SignatureSupport.SupportsRsaSha1Signatures))] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void AddCounterSigner_DSA() { + if (!PlatformSupport.IsDSASupported) + { + throw new SkipTestException("Platform does not support DSA."); + } + AssertAddCounterSigner( SubjectIdentifierType.IssuerAndSerialNumber, signer => @@ -1091,8 +1095,8 @@ public static void EnsureExtraCertsAdded() { SignedCms cms = new SignedCms(); - // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead - if (PlatformDetection.UsesMobileAppleCrypto) + // DSA is not supported, so use ECDsa signed document instead + if (!PlatformSupport.IsDSASupported) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs index fbf990edf27292..150d36340777a6 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs @@ -246,9 +246,9 @@ public static void SignerInfo_AddRemoveUnsignedAttributes_JoinCounterSignaturesA cms.ComputeSignature(signer); } - // DSA is not supported on mobile Apple platforms, so use ECDsa key instead + // DSA is not supported on Apple platforms, so use ECDsa key instead X509Certificate2 counterSigner1cert = - PlatformDetection.UsesMobileAppleCrypto ? + PlatformDetection.UsesAppleCrypto ? Certificates.ECDsaP521Win.TryGetCertificateWithPrivateKey() : Certificates.Dsa1024.TryGetCertificateWithPrivateKey(); diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs index 86a522bce53657..cae570ec896d10 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs @@ -18,7 +18,7 @@ namespace System.Security.Cryptography.Xml.Tests { - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public class DSAKeyValueTest { [Fact] diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs index e6fcdc1591c7dc..0a59657b601dfe 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs @@ -69,8 +69,7 @@ public void KeyInfoNode() // private static string xmlDSA = "

" + dsaP + "

" + dsaQ + "" + dsaG + "" + dsaY + "" + dsaJ + "" + dsaSeed + "" + dsaPgenCounter + ""; private static string xmlDSA = "

" + dsaP + "

" + dsaQ + "" + dsaG + "" + dsaY + ""; - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void DSAKeyValue() { using (DSA key = DSA.Create()) @@ -148,8 +147,7 @@ public void X509Data() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void Complex() { KeyInfoName name = new KeyInfoName(); @@ -199,8 +197,7 @@ public void Complex() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void ImportKeyNode() { string keyName = "Mono::"; diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs b/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs index 69af96accd8db0..176a68fa298be3 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs @@ -8,6 +8,7 @@ using System.Text; using System.Threading.Tasks; using System.Xml; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Xml.Tests @@ -77,8 +78,7 @@ public void SignedXmlHasCertificateVerifiableSignature() } } - [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void SignedXmlHasDSACertificateVerifiableSignature() { using (X509Certificate2 x509cert = TestHelpers.GetSampleDSAX509Certificate()) diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index 54c153694f7bf7..5d206380f427f4 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -292,8 +292,7 @@ public void AsymmetricRSAMixedCaseAttributesVerifyWindows() Assert.True(v1.CheckSignature()); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void AsymmetricDSASignature() { SignedXml signedXml = MSDNSample(); @@ -392,8 +391,7 @@ public void AsymmetricRSAVerify() // Using empty constructor // The two other constructors don't seems to apply in verifying signatures - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void AsymmetricDSAVerify() { string value = "/Vvq6sXEVbtZC8GwNtLQnGOy/VI=BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==

iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=

u4sowiJMHilNRojtdmIuQY2YnB8=SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBYsqzn8J6fd2gtEyq6YOqiUSHgPE8=sQ==This is some text"; @@ -543,8 +541,7 @@ public void ComputeSignatureNoSigningKey() Assert.Throws(() => signedXml.ComputeSignature()); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void ComputeSignatureMissingReferencedObject() { XmlDocument doc = new XmlDocument(); diff --git a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj index b7ef41c439c00f..aceaf6690a43f9 100644 --- a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj +++ b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj @@ -1450,16 +1450,12 @@ Link="Common\Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.SecKeyRef.macOS.cs" /> - - - + diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs index 1cbf5c0a861262..1ee1a11ca22a01 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs @@ -8,6 +8,7 @@ using System.Globalization; using System.Reflection; using System.Runtime.Versioning; +using Internal.Cryptography; namespace System.Security.Cryptography { @@ -189,8 +190,7 @@ private static Dictionary DefaultNameHT ht.Add("System.Security.Cryptography.RSA", RSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.AsymmetricAlgorithm", RSACryptoServiceProviderType); - if (!OperatingSystem.IsIOS() && - !OperatingSystem.IsTvOS()) + if (Helpers.IsDSASupported) { ht.Add("DSA", DSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType); diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs deleted file mode 100644 index 26ede00c6d1865..00000000000000 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs +++ /dev/null @@ -1,13 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -namespace System.Security.Cryptography -{ - public partial class DSA : AsymmetricAlgorithm - { - private static DSAImplementation.DSASecurityTransforms CreateCore() - { - return new DSAImplementation.DSASecurityTransforms(); - } - } -} diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs index 0b6eed7667269b..8db3b027922ca4 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs @@ -29,7 +29,6 @@ public sealed class DSACryptoServiceProvider : DSA, ICspAsymmetricAlgorithm // Depending on the platform, _impl's legal key sizes may be more restrictive than Windows provider. // DSAAndroid : (1024, 3072, 1024) // DSAOpenSsl : (512, 3072, 64) - // DSASecurityTransforms : (512, 1024, 64) // Windows CSP : (512, 1024, 64) // Use the most restrictive legal key sizes private static readonly KeySizes[] s_legalKeySizes = OperatingSystem.IsAndroid() diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs index c57e6194574e3c..ebc06e7b5d7744 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs @@ -16,40 +16,12 @@ internal sealed partial class AppleCertificatePal : ICertificatePal { public DSA? GetDSAPrivateKey() { - if (_identityHandle == null) - return null; - - Debug.Assert(!_identityHandle.IsInvalid); - SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.X509GetPublicKey(_certHandle); - SafeSecKeyRefHandle privateKey = Interop.AppleCrypto.X509GetPrivateKeyFromIdentity(_identityHandle); - - if (publicKey.IsInvalid) - { - // SecCertificateCopyKey returns null for DSA, so fall back to manually building it. - publicKey = Interop.AppleCrypto.ImportEphemeralKey(_certData.SubjectPublicKeyInfo, false); - } - - privateKey.SetParentHandle(_certHandle); - return new DSAImplementation.DSASecurityTransforms(publicKey, privateKey); + throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(DSA))); } public ICertificatePal CopyWithPrivateKey(DSA privateKey) { - var typedKey = privateKey as DSAImplementation.DSASecurityTransforms; - - if (typedKey != null) - { - return CopyWithPrivateKey(typedKey.GetKeys().PrivateKey); - } - - DSAParameters dsaParameters = privateKey.ExportParameters(true); - - using (PinAndClear.Track(dsaParameters.X!)) - using (typedKey = new DSAImplementation.DSASecurityTransforms()) - { - typedKey.ImportParameters(dsaParameters); - return CopyWithPrivateKey(typedKey.GetKeys().PrivateKey); - } + throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(DSA))); } public ICertificatePal CopyWithPrivateKey(ECDsa privateKey) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs index 8497b1e5a184be..dc652e06322156 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs @@ -144,12 +144,8 @@ private static partial Pkcs12Return FromCertAndKey(CertAndKey certAndKey, Import return new AsymmetricAlgorithmPkcs12PrivateKey( pkcs8, static () => new ECDsaImplementation.ECDsaSecurityTransforms()); - case Oids.Dsa: - return new AsymmetricAlgorithmPkcs12PrivateKey( - pkcs8, - static () => new DSAImplementation.DSASecurityTransforms()); default: - // No PQC support on macOS. + // No DSA or PQC support on macOS. return null; } } @@ -170,16 +166,6 @@ private static partial Pkcs12Return FromCertAndKey(CertAndKey certAndKey, Import } } - if (key.Key is DSAImplementation.DSASecurityTransforms dsa) - { - DSAParameters dsaParameters = dsa.ExportParameters(true); - - using (PinAndClear.Track(dsaParameters.X!)) - { - return DSAImplementation.DSASecurityTransforms.ImportKey(dsaParameters); - } - } - if (key.Key is ECDsaImplementation.ECDsaSecurityTransforms ecdsa) { byte[] ecdsaPrivateKey = ecdsa.ExportECPrivateKey(); diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs index 54f8ff0a90889f..e67c70a2d4e69f 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs @@ -29,31 +29,17 @@ public AsymmetricAlgorithm DecodePublicKey(Oid oid, byte[] encodedKeyValue, byte { SafeSecKeyRefHandle key = Interop.AppleCrypto.X509GetPublicKey(applePal.CertificateHandle); - switch (oid.Value) + if (oid.Value == Oids.Rsa) { - case Oids.Rsa: - Debug.Assert(!key.IsInvalid); - return new RSAImplementation.RSASecurityTransforms(key); - case Oids.Dsa: - if (key.IsInvalid) - { - // SecCertificateCopyKey returns null for DSA, so fall back to manually building it. - return DecodeDsaPublicKey(encodedKeyValue, encodedParameters); - } - return new DSAImplementation.DSASecurityTransforms(key); + Debug.Assert(!key.IsInvalid); + return new RSAImplementation.RSASecurityTransforms(key); } key.Dispose(); } - else + else if (oid.Value == Oids.Rsa) { - switch (oid.Value) - { - case Oids.Rsa: - return DecodeRsaPublicKey(encodedKeyValue); - case Oids.Dsa: - return DecodeDsaPublicKey(encodedKeyValue, encodedParameters); - } + return DecodeRsaPublicKey(encodedKeyValue); } throw new NotSupportedException(SR.NotSupported_KeyAlgorithm); @@ -74,36 +60,6 @@ private static RSA DecodeRsaPublicKey(byte[] encodedKeyValue) } } - private static DSA DecodeDsaPublicKey(byte[] encodedKeyValue, byte[]? encodedParameters) - { - SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn - { - Algorithm = new AlgorithmIdentifierAsn - { - Algorithm = Oids.Dsa, - Parameters = encodedParameters.ToNullableMemory(), - }, - SubjectPublicKey = encodedKeyValue, - }; - - AsnWriter writer = new AsnWriter(AsnEncodingRules.DER); - spki.Encode(writer); - - DSA dsa = DSA.Create(); - DSA? toDispose = dsa; - - try - { - writer.Encode(dsa, static (dsa, encoded) => dsa.ImportSubjectPublicKeyInfo(encoded, out _)); - toDispose = null; - return dsa; - } - finally - { - toDispose?.Dispose(); - } - } - public X509ContentType GetCertContentType(ReadOnlySpan rawData) { const int errSecUnknownFormat = -25257; diff --git a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs index b9e99144f6b8fa..edfaa26f60286e 100644 --- a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using System.Reflection; using System.Text; +using Microsoft.DotNet.XUnitExtensions; using Test.Cryptography; using Xunit; @@ -150,9 +151,13 @@ public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseTy [ActiveIssue("https://github.com/dotnet/runtime/issues/37669", TestPlatforms.Browser)] [InlineData("DSA", typeof(DSA))] [InlineData("System.Security.Cryptography.DSA", typeof(DSA))] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type baseType) { + if (!PlatformSupport.IsDSASupported) + { + throw new SkipTestException("Platform does not support DSA."); + } + using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier)) { Assert.NotNull(created); @@ -160,10 +165,9 @@ public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type ba } } - [Theory] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSANotSupported))] [InlineData("DSA")] [InlineData("System.Security.Cryptography.DSA")] - [PlatformSpecific(PlatformSupport.MobileAppleCrypto)] public static void NamedAsymmetricAlgorithmCreate_DSA_NotSupported(string identifier) { Assert.Null(AsymmetricAlgorithm.Create(identifier)); @@ -405,7 +409,7 @@ public static IEnumerable AllValidNames yield return new object[] { "RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.AsymmetricAlgorithm", "System.Security.Cryptography.RSACryptoServiceProvider", true }; - if (!PlatformDetection.UsesMobileAppleCrypto) + if (!PlatformDetection.IsApplePlatform) { yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; diff --git a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs index b69a62808148c4..4e4d29b5a70d48 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs @@ -2,17 +2,15 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSACreateTests { - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; - public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - - [ConditionalTheory(nameof(SupportsKeyGeneration))] + [Theory] [SkipOnPlatform(TestPlatforms.Android, "Android only supports key sizes that are a multiple of 1024")] [InlineData(512)] [InlineData(960)] @@ -28,32 +26,34 @@ public static void CreateWithKeysize_SmallKeys(int keySizeInBits) } } - [ConditionalTheory(nameof(SupportsKeyGeneration))] - [InlineData(1024)] - public static void CreateWithKeysize(int keySizeInBits) + [Fact] + public static void CreateWithKeysize() { - using (DSA dsa = DSA.Create(keySizeInBits)) + const int KeySizeInBits = 1024; + + using (DSA dsa = DSA.Create(KeySizeInBits)) { - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, dsa.KeySize); DSAParameters parameters = dsa.ExportParameters(false); - Assert.Equal(keySizeInBits, parameters.Y.Length << 3); - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, parameters.Y.Length << 3); + Assert.Equal(KeySizeInBits, dsa.KeySize); } } - [ConditionalTheory(nameof(SupportsKeyGeneration), nameof(SupportsFips186_3))] + [Fact] [SkipOnPlatform(TestPlatforms.Android, "Android only supports key sizes that are a multiple of 1024")] - [InlineData(1088)] - public static void CreateWithKeysize_BigKeys(int keySizeInBits) + public static void CreateWithKeysize_BigKey() { - using (DSA dsa = DSA.Create(keySizeInBits)) + const int KeySizeInBits = 1088; + + using (DSA dsa = DSA.Create(KeySizeInBits)) { - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, dsa.KeySize); DSAParameters parameters = dsa.ExportParameters(false); - Assert.Equal(keySizeInBits, parameters.Y.Length << 3); - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, parameters.Y.Length << 3); + Assert.Equal(KeySizeInBits, dsa.KeySize); } } @@ -78,7 +78,7 @@ public static void CreateWithParameters_1024() CreateWithParameters(DSATestData.GetDSA1024Params()); } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public static void CreateWithParameters_2048() { CreateWithParameters(DSATestData.GetDSA2048Params()); diff --git a/src/libraries/System.Security.Cryptography/tests/DSATests.cs b/src/libraries/System.Security.Cryptography/tests/DSATests.cs index 8eca860fe4fb9b..5bc60f47668d28 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSATests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSATests.cs @@ -4,16 +4,15 @@ using System.IO; using System.Reflection; using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public class DSATests { - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; - - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void TryCreateSignature_UsesCreateSignature() { var input = new byte[1024]; @@ -54,7 +53,7 @@ public void SignData_InvalidArguments_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void TrySignData_UsesTryHashDataAndTryCreateSignature() { var input = new byte[1024]; @@ -79,7 +78,7 @@ public void TrySignData_UsesTryHashDataAndTryCreateSignature() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void VerifyData_Array_UsesHashDataAndVerifySignature() { var input = new byte[1024]; @@ -103,7 +102,7 @@ public void VerifyData_Array_UsesHashDataAndVerifySignature() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void VerifyData_Stream_UsesHashDataAndVerifySignature() { var input = new byte[1024]; @@ -122,7 +121,7 @@ public void VerifyData_Stream_UsesHashDataAndVerifySignature() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void VerifyData_Span_UsesTryHashDataAndVerifySignature() { var input = new byte[1024]; diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs index 03c3bf5d02a349..14ca873d365293 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs @@ -1,6 +1,8 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; + namespace System.Security.Cryptography.Dsa.Tests { public class DefaultDSAProvider : IDSAProvider @@ -25,11 +27,9 @@ public bool SupportsFips186_3 { get { - return !(PlatformDetection.IsWindows7 || PlatformDetection.IsApplePlatform); + return PlatformSupport.IsDSASupported && !PlatformDetection.IsWindows7; } } - - public bool SupportsKeyGeneration => !PlatformDetection.IsApplePlatform; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs b/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs index a57d3d9118a3d2..62e65a4973cb76 100644 --- a/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs +++ b/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs @@ -71,7 +71,7 @@ public static void NegativeReturnParameterTest() [Theory] [InlineData("DoesntExist")] - [InlineData("DSA")] + [InlineData("RSA")] public static void GenerateMask_InvalidHashName_Throws(string hashName) { PKCS1MaskGenerationMethod pkcs1 = new PKCS1MaskGenerationMethod(); diff --git a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs index a1b346b8176aeb..726ed287891e65 100644 --- a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs @@ -4,6 +4,8 @@ // (C) 2002 Motus Technologies Inc. (http://www.motus.com) // (C) 2004 Novell http://www.novell.com +using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Tests @@ -39,7 +41,6 @@ public void Constructor_SecurityElement_Empty() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on iOS/tvOS/MacCatalyst")] public void Constructor_SecurityElement_DSA() { SecurityElement se = new SecurityElement("DSASignature"); @@ -102,8 +103,7 @@ public void Properties() Assert.Null(sig.KeyAlgorithm); } - [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on iOS/tvOS/MacCatalyst")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void Deformatter() { AsymmetricSignatureDeformatter def; @@ -153,8 +153,7 @@ public void Digest() Assert.Null(sig.CreateDigest()); } - [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on iOS/tvOS/MacCatalyst")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void Formatter() { SignatureDescription sig = new SignatureDescription(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs index 0ad15b272e1565..5dc6cdb777a62f 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs @@ -61,8 +61,7 @@ public static void PrivateKey_FromCertificate_CanExportPrivate_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void PrivateKey_FromCertificate_CanExportPrivate_DSA() { DSAParameters originalParameters = DSATestData.GetDSA1024Params(); @@ -282,8 +281,7 @@ public static void PublicPrivateKey_IndependentLifetimes_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void PublicPrivateKey_IndependentLifetimes_DSA() { X509Certificate2 loaded; diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs index 418552c4ea1cb3..4d4903f5b6fcda 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs @@ -427,8 +427,7 @@ public static void VerifySignature_RSA_PSS(string hashAlgorithm) } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void VerifySignature_DSA() { // macOS is limited to FIPS 186-2 DSA, so SHA-1 is the only valid algorithm. diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs index 6723283a95097a..b9d1c6beb90efb 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs @@ -776,8 +776,7 @@ public static void UnsupportedRevocationReasons() () => builder.AddEntry(serial, reason: X509RevocationReason.RemoveFromCrl)); } - [Fact] - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DsaNotDirectlySupported() { CertificateRevocationListBuilder builder = new CertificateRevocationListBuilder(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs index f9f503d111dcea..91c1525d3cdcf6 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs @@ -427,8 +427,7 @@ public static void AssociatePersistedKey_CNG_DSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void ThirdPartyProvider_DSA() { using (DSA dsaOther = new DSAOther()) @@ -582,8 +581,7 @@ public static void CheckCopyWithPrivateKey_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CheckCopyWithPrivateKey_DSA() { using (X509Certificate2 withKey = X509CertificateLoader.LoadPkcs12(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword)) diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs index c526790a90432c..0159383fdb8c7c 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs @@ -801,7 +801,7 @@ public static void ECDH_Export_DefaultKeyStorePermitsUnencryptedExports_Pkcs8Pri } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS, "The PKCS#12 Exportable flag is not supported on iOS/MacCatalyst/tvOS")] + [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS | TestPlatforms.OSX, "DSA is not supported on Apple platforms")] public static void DSA_Export_DefaultKeyStorePermitsUnencryptedExports_ExportParameters() { (byte[] pkcs12, DSA dsa) = CreateSimplePkcs12(); @@ -818,7 +818,7 @@ public static void DSA_Export_DefaultKeyStorePermitsUnencryptedExports_ExportPar } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS, "The PKCS#12 Exportable flag is not supported on iOS/MacCatalyst/tvOS")] + [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS | TestPlatforms.OSX, "DSA is not supported on Apple platforms")] public static void DSA_Export_DefaultKeyStorePermitsUnencryptedExports_Pkcs8PrivateKey() { (byte[] pkcs12, DSA dsa) = CreateSimplePkcs12(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs index e1f0412ec53c0c..24bd437d7cb24e 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs @@ -267,8 +267,7 @@ public static void ECDHPrivateKey_PfxKeyIsEcdsaConstrained() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DsaPrivateKeyProperty() { using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible)) @@ -365,8 +364,7 @@ public static void ReadECDsaPrivateKey_OpenSslPfx(X509KeyStorageFlags keyStorage } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void ReadDSAPrivateKey() { byte[] data = { 1, 2, 3, 4, 5 }; diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs index 1dc7217ee02639..61bbd4a537d047 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs @@ -106,8 +106,7 @@ public static void TestPublicKey_Key_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestPublicKey_Key_DSA() { PublicKey pk = GetTestDsaKey(); @@ -585,8 +584,7 @@ public static void TestECDsa224PublicKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey() { using (var cert = new X509Certificate2(TestData.DssCer)) @@ -597,8 +595,7 @@ public static void TestDSAPublicKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey_VerifiesSignature() { byte[] data = { 1, 2, 3, 4, 5 }; @@ -617,8 +614,7 @@ public static void TestDSAPublicKey_VerifiesSignature() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey_RSACert() { using (var cert = new X509Certificate2(TestData.Rsa384CertificatePemBytes)) @@ -628,8 +624,7 @@ public static void TestDSAPublicKey_RSACert() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey_ECDSACert() { using (var cert = new X509Certificate2(TestData.ECDsa256Certificate)) @@ -680,8 +675,7 @@ public static void ExportSubjectPublicKeyInfo_RSA() AssertExportSubjectPublicKeyInfo(key, rsa.ExportSubjectPublicKeyInfo()); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void ExportSubjectPublicKeyInfo_DSA() { using DSA dsa = DSA.Create(); @@ -792,8 +786,7 @@ public static void CreateFromSubjectPublicKeyInfo_Roundtrip_RSA() Assert.Equal(spki.Length, read); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA() { using DSA dsa = DSA.Create(); @@ -838,8 +831,7 @@ public static void CreateFromSubjectPublicKeyInfo_Roundtrip_ECDH() Assert.Equal(spki.Length, read); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA_InvalidKey() { // The DSA key is invalid here, but we should be able to round-trip the @@ -927,8 +919,7 @@ public static void GetPublicKey_NullForDifferentAlgorithm() Assert.Null(key.GetECDiffieHellmanPublicKey()); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void GetDSAPublicKey_NullForDifferentAlgorithm() { byte[] spki = TestData.GostR3410SubjectPublicKeyInfo; @@ -958,8 +949,7 @@ public static void GetRSAPublicKey_ThrowsForCorruptKey() Assert.ThrowsAny(() => key.GetRSAPublicKey()); } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void GetDSAPublicKey_ReturnsDsaKey() { PublicKey key = GetTestDsaKey(); @@ -971,8 +961,7 @@ public static void GetDSAPublicKey_ReturnsDsaKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void GetDSAPublicKey_ThrowsForCorruptKey() { AsnEncodedData badData = new AsnEncodedData(new byte[] { 1, 2, 3, 4 }); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs index 7c247857a6d2dd..81e5fca66fef18 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs @@ -643,8 +643,7 @@ public static void CreateFromPem_SlhDsa_Pkcs8_Success(SlhDsaTestData.SlhDsaGener } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromPem_Dsa_Pkcs8_Success() { using (X509Certificate2 cert = X509Certificate2.CreateFromPem(TestData.DsaCertificate, TestData.DsaPkcs8Key)) @@ -654,8 +653,7 @@ public static void CreateFromPem_Dsa_Pkcs8_Success() } } - [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromPem_Dsa_EncryptedPkcs8_Success() { X509Certificate2 cert = X509Certificate2.CreateFromEncryptedPem( diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h index 97543db915c576..9d78403cddd2ed 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h +++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h @@ -28,8 +28,8 @@ enum typedef uint32_t PAL_KeyAlgorithm; /* -For RSA and DSA this function returns the number of bytes in "the key", which corresponds to -the length of n/Modulus for RSA and for P in DSA. +For RSA this function returns the number of bytes in "the key", which corresponds to +the length of n/Modulus for RSA. For ECC the value should not be used. diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c index e7aac896311f55..3c6566260973c6 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c +++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c @@ -3,105 +3,6 @@ #include "pal_signverify.h" -#if defined(TARGET_OSX) -static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut); -static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut); - -static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, CFDataRef cfDataHash, CFErrorRef* pErrorOut); - -static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut) -{ - assert(signer != NULL); - assert(pSignatureOut != NULL); - assert(pErrorOut != NULL); - - int32_t ret = INT_MIN; -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - CFTypeRef signerResponse = SecTransformExecute(signer, pErrorOut); -#pragma clang diagnostic pop - CFDataRef signature = NULL; - - if (signerResponse == NULL || *pErrorOut != NULL) - { - ret = kErrorSeeError; - goto cleanup; - } - - if (CFGetTypeID(signerResponse) != CFDataGetTypeID()) - { - ret = kErrorUnknownState; - goto cleanup; - } - - signature = (CFDataRef)signerResponse; - - if (CFDataGetLength(signature) > 0) - { - // We're going to call CFRelease in cleanup, so this keeps it alive - // to be interpreted by the managed code. - CFRetain(signature); - *pSignatureOut = signature; - ret = 1; - } - else - { - ret = kErrorUnknownState; - *pSignatureOut = NULL; - } - -cleanup: - if (signerResponse != NULL) - { - CFRelease(signerResponse); - } - - return ret; -} - -static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut) -{ - assert(verifier != NULL); - assert(pErrorOut != NULL); - - int32_t ret = kErrorSeeError; -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - CFTypeRef verifierResponse = SecTransformExecute(verifier, pErrorOut); -#pragma clang diagnostic pop - - if (verifierResponse != NULL) - { - if (*pErrorOut == NULL) - { - ret = (verifierResponse == kCFBooleanTrue); - } - - CFRelease(verifierResponse); - } - - return ret; -} - -static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, CFDataRef cfDataHash, CFErrorRef* pErrorOut) -{ -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - if (!SecTransformSetAttribute(xform, kSecInputIsAttributeName, kSecInputIsDigest, pErrorOut)) - { - return 0; - } - - if (!SecTransformSetAttribute(xform, kSecTransformInputAttributeName, cfDataHash, pErrorOut)) - { - return 0; - } -#pragma clang diagnostic pop - - return 1; -} -#endif - // Legacy algorithm identifiers static const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5"); @@ -177,44 +78,20 @@ int32_t AppleCryptoNative_SecKeyCreateSignature(SecKeyRef privateKey, return kErrorUnknownState; } - if (signatureAlgorithm == PAL_SignatureAlgorithm_DSA) - { -#if defined(TARGET_OSX) - SecTransformRef signer = SecSignTransformCreate(privateKey, pErrorOut); - - if (signer != NULL) - { - if (*pErrorOut == NULL) - { - if (ConfigureSignVerifyTransform(signer, dataHash, pErrorOut)) - { - ret = ExecuteSignTransform(signer, pSignatureOut, pErrorOut); - } - } + CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - CFRelease(signer); - } -#else - ret = kPlatformNotSupported; -#endif - } - else + if (algorithm == NULL) { - CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - - if (algorithm == NULL) - { - CFRelease(dataHash); - return kErrorUnknownAlgorithm; - } + CFRelease(dataHash); + return kErrorUnknownAlgorithm; + } - CFDataRef sig = SecKeyCreateSignature(privateKey, algorithm, dataHash, pErrorOut); + CFDataRef sig = SecKeyCreateSignature(privateKey, algorithm, dataHash, pErrorOut); - if (sig != NULL) - { - *pSignatureOut = sig; - ret = 1; - } + if (sig != NULL) + { + *pSignatureOut = sig; + ret = 1; } CFRelease(dataHash); @@ -253,46 +130,22 @@ int32_t AppleCryptoNative_SecKeyVerifySignature(SecKeyRef publicKey, return kErrorUnknownState; } - if (signatureAlgorithm == PAL_SignatureAlgorithm_DSA) - { -#if defined(TARGET_OSX) - SecTransformRef verifier = SecVerifyTransformCreate(publicKey, signature, pErrorOut); + CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - if (verifier != NULL) - { - if (*pErrorOut == NULL) - { - if (ConfigureSignVerifyTransform(verifier, dataHash, pErrorOut)) - { - ret = ExecuteVerifyTransform(verifier, pErrorOut); - } - } + if (algorithm == NULL) + { + CFRelease(dataHash); + CFRelease(signature); + return kErrorBadInput; + } - CFRelease(verifier); - } -#else - ret = kPlatformNotSupported; -#endif + if (SecKeyVerifySignature(publicKey, algorithm, dataHash, signature, pErrorOut)) + { + ret = 1; } - else + else if (CFErrorGetCode(*pErrorOut) == errSecVerifyFailed || CFErrorGetCode(*pErrorOut) == errSecParam) { - CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - - if (algorithm == NULL) - { - CFRelease(dataHash); - CFRelease(signature); - return kErrorBadInput; - } - - if (SecKeyVerifySignature(publicKey, algorithm, dataHash, signature, pErrorOut)) - { - ret = 1; - } - else if (CFErrorGetCode(*pErrorOut) == errSecVerifyFailed || CFErrorGetCode(*pErrorOut) == errSecParam) - { - ret = 0; - } + ret = 0; } CFRelease(dataHash); diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h index 8879a4a00621d4..c70845ef48a86c 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h +++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h @@ -12,7 +12,6 @@ enum { PAL_SignatureAlgorithm_Unknown = 0, - PAL_SignatureAlgorithm_DSA = 1, PAL_SignatureAlgorithm_RSA_Pkcs1 = 2, PAL_SignatureAlgorithm_RSA_Pss = 3, PAL_SignatureAlgorithm_RSA_Raw = 4, @@ -21,9 +20,9 @@ enum typedef uint32_t PAL_SignatureAlgorithm; /* -Generate a DSA, RSA or ECDsa signature. +Generate an RSA or ECDsa signature. -For DSA and ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. +For ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. Follows pal_seckey return conventions. */ @@ -36,9 +35,9 @@ PALEXPORT int32_t AppleCryptoNative_SecKeyCreateSignature(SecKeyRef privateKey, CFErrorRef* pErrorOut); /* -Verify a DSA, RSA or ECDsa signature. +Verify an RSA or ECDsa signature. -For DSA and ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. +For ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. Follows pal_seckey return conventions. */