From e6b37e3ccf88bf98d427bef1283e816bae074d06 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 11:31:55 -0400 Subject: [PATCH 01/13] Remove DSA from macOS --- .../Interop.SignVerify.cs | 1 - .../Cryptography/DSASecurityTransforms.cs | 187 ---------------- .../DSASecurityTransforms.macOS.cs | 211 ------------------ .../src/System.Security.Cryptography.csproj | 6 +- .../DSA.Create.SecurityTransforms.cs | 13 -- .../DSACryptoServiceProvider.Unix.cs | 1 - .../AppleCertificatePal.Keys.macOS.cs | 32 +-- .../X509CertificateLoader.macOS.cs | 16 +- .../X509Certificates/X509Pal.macOS.cs | 54 +---- .../pal_seckey.h | 4 +- .../pal_signverify.c | 191 ++-------------- .../pal_signverify.h | 9 +- 12 files changed, 37 insertions(+), 688 deletions(-) delete mode 100644 src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs delete mode 100644 src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs delete mode 100644 src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs diff --git a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs index acf7ea05d67589..bdad447dceb5a4 100644 --- a/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs +++ b/src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SignVerify.cs @@ -15,7 +15,6 @@ internal static partial class AppleCrypto internal enum PAL_SignatureAlgorithm : uint { Unknown = 0, - DSA = 1, RsaPkcs1 = 2, RsaPss = 3, RsaRaw = 4, diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs deleted file mode 100644 index d73cf2c333fd2a..00000000000000 --- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs +++ /dev/null @@ -1,187 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.IO; -using System.Security.Cryptography.Apple; -using Internal.Cryptography; - -namespace System.Security.Cryptography -{ - internal static partial class DSAImplementation - { - public sealed partial class DSASecurityTransforms : DSA, IRuntimeAlgorithm - { - private SecKeyPair? _keys; - private bool _disposed; - - public DSASecurityTransforms() - : this(1024) - { - } - - public DSASecurityTransforms(int keySize) - { - base.KeySize = keySize; - } - - internal DSASecurityTransforms(SafeSecKeyRefHandle publicKey) - { - SetKey(SecKeyPair.PublicOnly(publicKey)); - } - - internal DSASecurityTransforms(SafeSecKeyRefHandle publicKey, SafeSecKeyRefHandle privateKey) - { - SetKey(SecKeyPair.PublicPrivatePair(publicKey, privateKey)); - } - - public override KeySizes[] LegalKeySizes - { - get - { - return new[] { new KeySizes(minSize: 512, maxSize: 1024, skipSize: 64) }; - } - } - - public override int KeySize - { - get - { - return base.KeySize; - } - set - { - if (KeySize == value) - return; - - // Set the KeySize before freeing the key so that an invalid value doesn't throw away the key - base.KeySize = value; - - ThrowIfDisposed(); - - if (_keys != null) - { - _keys.Dispose(); - _keys = null; - } - } - } - - public override byte[] CreateSignature(byte[] rgbHash) - { - ArgumentNullException.ThrowIfNull(rgbHash); - - SecKeyPair keys = GetKeys(); - - if (keys.PrivateKey == null) - { - throw new CryptographicException(SR.Cryptography_CSP_NoPrivateKey); - } - - byte[] derFormatSignature = Interop.AppleCrypto.CreateSignature( - keys.PrivateKey, - rgbHash, - Interop.AppleCrypto.PAL_HashAlgorithm.Unknown, - Interop.AppleCrypto.PAL_SignatureAlgorithm.DSA); - - // Since the AppleCrypto implementation is limited to FIPS 186-2, signature field sizes - // are always 160 bits / 20 bytes (the size of SHA-1, and the only legal length for Q). - byte[] ieeeFormatSignature = AsymmetricAlgorithmHelpers.ConvertDerToIeee1363( - derFormatSignature.AsSpan(0, derFormatSignature.Length), - fieldSizeBits: SHA1.HashSizeInBits); - - return ieeeFormatSignature; - } - - public override bool VerifySignature(byte[] hash, byte[] signature) - { - ArgumentNullException.ThrowIfNull(hash); - ArgumentNullException.ThrowIfNull(signature); - - return VerifySignature((ReadOnlySpan)hash, (ReadOnlySpan)signature); - } - - public override bool VerifySignature(ReadOnlySpan hash, ReadOnlySpan signature) - { - byte[] derFormatSignature = AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(signature); - - return Interop.AppleCrypto.VerifySignature( - GetKeys().PublicKey, - hash, - derFormatSignature, - Interop.AppleCrypto.PAL_HashAlgorithm.Unknown, - Interop.AppleCrypto.PAL_SignatureAlgorithm.DSA); - } - - protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) - { - if (hashAlgorithm != HashAlgorithmName.SHA1) - { - // Matching DSACryptoServiceProvider's "I only understand SHA-1/FIPS 186-2" exception - throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithm.Name); - } - - return CryptographicOperations.HashData(hashAlgorithm, new ReadOnlySpan(data, offset, count)); - } - - protected override void Dispose(bool disposing) - { - if (disposing) - { - if (_keys != null) - { - _keys.Dispose(); - _keys = null; - } - - _disposed = true; - } - - base.Dispose(disposing); - } - - private void ThrowIfDisposed() - { - // The other SecurityTransforms types use _keys.PublicKey == null, - // but since Apple doesn't provide DSA key generation we can't easily tell - // if a failed attempt to generate a key happened, or we're in a pristine state. - // - // So this type uses an explicit field, rather than inferred state. - ObjectDisposedException.ThrowIf(_disposed, this); - } - - internal SecKeyPair GetKeys() - { - ThrowIfDisposed(); - - SecKeyPair? current = _keys; - - if (current != null) - { - return current; - } - - // macOS declares DSA invalid for key generation. - // Rather than write code which might or might not work, returning - // (OSStatus)-4 (errSecUnimplemented), just make the exception occur here. - // - // When the native code can be verified, then it can be added. - throw new PlatformNotSupportedException(SR.Cryptography_DSA_KeyGenNotSupported); - } - - private void SetKey(SecKeyPair newKeyPair) - { - ThrowIfDisposed(); - - SecKeyPair? current = _keys; - _keys = newKeyPair; - current?.Dispose(); - - if (newKeyPair != null) - { - int size = Interop.AppleCrypto.GetSimpleKeySizeInBits(newKeyPair.PublicKey); - KeySizeValue = size; - } - } - } - } -} diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs deleted file mode 100644 index fcf72d39044a64..00000000000000 --- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.macOS.cs +++ /dev/null @@ -1,211 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.Buffers; -using System.Diagnostics; -using System.Formats.Asn1; -using System.IO; -using System.Runtime.InteropServices; -using System.Security.Cryptography.Apple; -using Internal.Cryptography; - -namespace System.Security.Cryptography -{ - internal static partial class DSAImplementation - { - public sealed partial class DSASecurityTransforms : DSA - { - public override DSAParameters ExportParameters(bool includePrivateParameters) - { - // Apple requires all private keys to be exported encrypted, but since we're trying to export - // as parsed structures we will need to decrypt it for the user. - const string ExportPassword = "DotnetExportPassphrase"; - SecKeyPair keys = GetKeys(); - - if (includePrivateParameters && keys.PrivateKey == null) - { - throw new CryptographicException(SR.Cryptography_OpenInvalidHandle); - } - - byte[] keyBlob = Interop.AppleCrypto.SecKeyExport( - includePrivateParameters ? keys.PrivateKey : keys.PublicKey, - exportPrivate: includePrivateParameters, - password: ExportPassword); - - try - { - if (!includePrivateParameters) - { - DSAKeyFormatHelper.ReadSubjectPublicKeyInfo( - keyBlob, - out int localRead, - out DSAParameters key); - Debug.Assert(localRead == keyBlob.Length); - return key; - } - else - { - DSAKeyFormatHelper.ReadEncryptedPkcs8( - keyBlob, - (ReadOnlySpan)ExportPassword, - out int localRead, - out DSAParameters key); - Debug.Assert(localRead == keyBlob.Length); - return key; - } - } - finally - { - CryptographicOperations.ZeroMemory(keyBlob); - } - } - - public override void ImportParameters(DSAParameters parameters) - { - if (parameters.P == null || parameters.Q == null || parameters.G == null || parameters.Y == null) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MissingFields); - - // J is not required and is not even used on CNG blobs. - // It should, however, be less than P (J == (P-1) / Q). - // This validation check is just to maintain parity with DSACng and DSACryptoServiceProvider, - // which also perform this check. - if (parameters.J != null && parameters.J.Length >= parameters.P.Length) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MismatchedPJ); - - int keySize = parameters.P.Length; - bool hasPrivateKey = parameters.X != null; - - if (parameters.G.Length != keySize || parameters.Y.Length != keySize) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MismatchedPGY); - - if (hasPrivateKey && parameters.X!.Length != parameters.Q.Length) - throw new ArgumentException(SR.Cryptography_InvalidDsaParameters_MismatchedQX); - - if (!(8 * parameters.P.Length).IsLegalSize(LegalKeySizes)) - throw new CryptographicException(SR.Cryptography_InvalidKeySize); - - if (parameters.Q.Length != 20) - throw new CryptographicException(SR.Cryptography_InvalidDsaParameters_QRestriction_ShortKey); - - ThrowIfDisposed(); - - if (hasPrivateKey) - { - SafeSecKeyRefHandle privateKey = ImportKey(parameters); - - DSAParameters publicOnly = parameters; - publicOnly.X = null; - - SafeSecKeyRefHandle publicKey; - try - { - publicKey = ImportKey(publicOnly); - } - catch - { - privateKey.Dispose(); - throw; - } - - SetKey(SecKeyPair.PublicPrivatePair(publicKey, privateKey)); - } - else - { - SafeSecKeyRefHandle publicKey = ImportKey(parameters); - SetKey(SecKeyPair.PublicOnly(publicKey)); - } - } - - public override void ImportEncryptedPkcs8PrivateKey( - ReadOnlySpan passwordBytes, - ReadOnlySpan source, - out int bytesRead) - { - ThrowIfDisposed(); - base.ImportEncryptedPkcs8PrivateKey(passwordBytes, source, out bytesRead); - } - - public override void ImportEncryptedPkcs8PrivateKey( - ReadOnlySpan password, - ReadOnlySpan source, - out int bytesRead) - { - ThrowIfDisposed(); - base.ImportEncryptedPkcs8PrivateKey(password, source, out bytesRead); - } - - internal static SafeSecKeyRefHandle ImportKey(DSAParameters parameters) - { - AsnWriter keyWriter; - bool hasPrivateKey; - - if (parameters.X != null) - { - // DSAPrivateKey ::= SEQUENCE( - // version INTEGER, - // p INTEGER, - // q INTEGER, - // g INTEGER, - // y INTEGER, - // x INTEGER, - // ) - - keyWriter = new AsnWriter(AsnEncodingRules.DER); - - using (keyWriter.PushSequence()) - { - keyWriter.WriteInteger(0); - keyWriter.WriteKeyParameterInteger(parameters.P); - keyWriter.WriteKeyParameterInteger(parameters.Q); - keyWriter.WriteKeyParameterInteger(parameters.G); - keyWriter.WriteKeyParameterInteger(parameters.Y); - keyWriter.WriteKeyParameterInteger(parameters.X); - } - - hasPrivateKey = true; - } - else - { - keyWriter = DSAKeyFormatHelper.WriteSubjectPublicKeyInfo(parameters); - hasPrivateKey = false; - } - - try - { - return keyWriter.Encode(hasPrivateKey, static (hasPrivateKey, encoded) => - { - return Interop.AppleCrypto.ImportEphemeralKey(encoded, hasPrivateKey); - }); - } - finally - { - // Explicitly clear the inner buffer - keyWriter.Reset(); - } - } - - public override unsafe void ImportSubjectPublicKeyInfo( - ReadOnlySpan source, - out int bytesRead) - { - ThrowIfDisposed(); - - fixed (byte* ptr = &MemoryMarshal.GetReference(source)) - { - using (MemoryManager manager = new PointerMemoryManager(ptr, source.Length)) - { - // Validate the DER value and get the number of bytes. - DSAKeyFormatHelper.ReadSubjectPublicKeyInfo( - manager.Memory, - out int localRead); - - SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.ImportEphemeralKey(source.Slice(0, localRead), false); - SetKey(SecKeyPair.PublicOnly(publicKey)); - - bytesRead = localRead; - } - } - } - } - } -} diff --git a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj index b7ef41c439c00f..aceaf6690a43f9 100644 --- a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj +++ b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj @@ -1450,16 +1450,12 @@ Link="Common\Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.SecKeyRef.macOS.cs" /> - - - + diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs deleted file mode 100644 index 26ede00c6d1865..00000000000000 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSA.Create.SecurityTransforms.cs +++ /dev/null @@ -1,13 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -namespace System.Security.Cryptography -{ - public partial class DSA : AsymmetricAlgorithm - { - private static DSAImplementation.DSASecurityTransforms CreateCore() - { - return new DSAImplementation.DSASecurityTransforms(); - } - } -} diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs index 0b6eed7667269b..8db3b027922ca4 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/DSACryptoServiceProvider.Unix.cs @@ -29,7 +29,6 @@ public sealed class DSACryptoServiceProvider : DSA, ICspAsymmetricAlgorithm // Depending on the platform, _impl's legal key sizes may be more restrictive than Windows provider. // DSAAndroid : (1024, 3072, 1024) // DSAOpenSsl : (512, 3072, 64) - // DSASecurityTransforms : (512, 1024, 64) // Windows CSP : (512, 1024, 64) // Use the most restrictive legal key sizes private static readonly KeySizes[] s_legalKeySizes = OperatingSystem.IsAndroid() diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs index c57e6194574e3c..ebc06e7b5d7744 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs @@ -16,40 +16,12 @@ internal sealed partial class AppleCertificatePal : ICertificatePal { public DSA? GetDSAPrivateKey() { - if (_identityHandle == null) - return null; - - Debug.Assert(!_identityHandle.IsInvalid); - SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.X509GetPublicKey(_certHandle); - SafeSecKeyRefHandle privateKey = Interop.AppleCrypto.X509GetPrivateKeyFromIdentity(_identityHandle); - - if (publicKey.IsInvalid) - { - // SecCertificateCopyKey returns null for DSA, so fall back to manually building it. - publicKey = Interop.AppleCrypto.ImportEphemeralKey(_certData.SubjectPublicKeyInfo, false); - } - - privateKey.SetParentHandle(_certHandle); - return new DSAImplementation.DSASecurityTransforms(publicKey, privateKey); + throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(DSA))); } public ICertificatePal CopyWithPrivateKey(DSA privateKey) { - var typedKey = privateKey as DSAImplementation.DSASecurityTransforms; - - if (typedKey != null) - { - return CopyWithPrivateKey(typedKey.GetKeys().PrivateKey); - } - - DSAParameters dsaParameters = privateKey.ExportParameters(true); - - using (PinAndClear.Track(dsaParameters.X!)) - using (typedKey = new DSAImplementation.DSASecurityTransforms()) - { - typedKey.ImportParameters(dsaParameters); - return CopyWithPrivateKey(typedKey.GetKeys().PrivateKey); - } + throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(DSA))); } public ICertificatePal CopyWithPrivateKey(ECDsa privateKey) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs index 8497b1e5a184be..dc652e06322156 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs @@ -144,12 +144,8 @@ private static partial Pkcs12Return FromCertAndKey(CertAndKey certAndKey, Import return new AsymmetricAlgorithmPkcs12PrivateKey( pkcs8, static () => new ECDsaImplementation.ECDsaSecurityTransforms()); - case Oids.Dsa: - return new AsymmetricAlgorithmPkcs12PrivateKey( - pkcs8, - static () => new DSAImplementation.DSASecurityTransforms()); default: - // No PQC support on macOS. + // No DSA or PQC support on macOS. return null; } } @@ -170,16 +166,6 @@ private static partial Pkcs12Return FromCertAndKey(CertAndKey certAndKey, Import } } - if (key.Key is DSAImplementation.DSASecurityTransforms dsa) - { - DSAParameters dsaParameters = dsa.ExportParameters(true); - - using (PinAndClear.Track(dsaParameters.X!)) - { - return DSAImplementation.DSASecurityTransforms.ImportKey(dsaParameters); - } - } - if (key.Key is ECDsaImplementation.ECDsaSecurityTransforms ecdsa) { byte[] ecdsaPrivateKey = ecdsa.ExportECPrivateKey(); diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs index 54f8ff0a90889f..e67c70a2d4e69f 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs @@ -29,31 +29,17 @@ public AsymmetricAlgorithm DecodePublicKey(Oid oid, byte[] encodedKeyValue, byte { SafeSecKeyRefHandle key = Interop.AppleCrypto.X509GetPublicKey(applePal.CertificateHandle); - switch (oid.Value) + if (oid.Value == Oids.Rsa) { - case Oids.Rsa: - Debug.Assert(!key.IsInvalid); - return new RSAImplementation.RSASecurityTransforms(key); - case Oids.Dsa: - if (key.IsInvalid) - { - // SecCertificateCopyKey returns null for DSA, so fall back to manually building it. - return DecodeDsaPublicKey(encodedKeyValue, encodedParameters); - } - return new DSAImplementation.DSASecurityTransforms(key); + Debug.Assert(!key.IsInvalid); + return new RSAImplementation.RSASecurityTransforms(key); } key.Dispose(); } - else + else if (oid.Value == Oids.Rsa) { - switch (oid.Value) - { - case Oids.Rsa: - return DecodeRsaPublicKey(encodedKeyValue); - case Oids.Dsa: - return DecodeDsaPublicKey(encodedKeyValue, encodedParameters); - } + return DecodeRsaPublicKey(encodedKeyValue); } throw new NotSupportedException(SR.NotSupported_KeyAlgorithm); @@ -74,36 +60,6 @@ private static RSA DecodeRsaPublicKey(byte[] encodedKeyValue) } } - private static DSA DecodeDsaPublicKey(byte[] encodedKeyValue, byte[]? encodedParameters) - { - SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn - { - Algorithm = new AlgorithmIdentifierAsn - { - Algorithm = Oids.Dsa, - Parameters = encodedParameters.ToNullableMemory(), - }, - SubjectPublicKey = encodedKeyValue, - }; - - AsnWriter writer = new AsnWriter(AsnEncodingRules.DER); - spki.Encode(writer); - - DSA dsa = DSA.Create(); - DSA? toDispose = dsa; - - try - { - writer.Encode(dsa, static (dsa, encoded) => dsa.ImportSubjectPublicKeyInfo(encoded, out _)); - toDispose = null; - return dsa; - } - finally - { - toDispose?.Dispose(); - } - } - public X509ContentType GetCertContentType(ReadOnlySpan rawData) { const int errSecUnknownFormat = -25257; diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h index 97543db915c576..9d78403cddd2ed 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h +++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h @@ -28,8 +28,8 @@ enum typedef uint32_t PAL_KeyAlgorithm; /* -For RSA and DSA this function returns the number of bytes in "the key", which corresponds to -the length of n/Modulus for RSA and for P in DSA. +For RSA this function returns the number of bytes in "the key", which corresponds to +the length of n/Modulus for RSA. For ECC the value should not be used. diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c index e7aac896311f55..3c6566260973c6 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c +++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c @@ -3,105 +3,6 @@ #include "pal_signverify.h" -#if defined(TARGET_OSX) -static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut); -static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut); - -static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, CFDataRef cfDataHash, CFErrorRef* pErrorOut); - -static int32_t ExecuteSignTransform(SecTransformRef signer, CFDataRef* pSignatureOut, CFErrorRef* pErrorOut) -{ - assert(signer != NULL); - assert(pSignatureOut != NULL); - assert(pErrorOut != NULL); - - int32_t ret = INT_MIN; -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - CFTypeRef signerResponse = SecTransformExecute(signer, pErrorOut); -#pragma clang diagnostic pop - CFDataRef signature = NULL; - - if (signerResponse == NULL || *pErrorOut != NULL) - { - ret = kErrorSeeError; - goto cleanup; - } - - if (CFGetTypeID(signerResponse) != CFDataGetTypeID()) - { - ret = kErrorUnknownState; - goto cleanup; - } - - signature = (CFDataRef)signerResponse; - - if (CFDataGetLength(signature) > 0) - { - // We're going to call CFRelease in cleanup, so this keeps it alive - // to be interpreted by the managed code. - CFRetain(signature); - *pSignatureOut = signature; - ret = 1; - } - else - { - ret = kErrorUnknownState; - *pSignatureOut = NULL; - } - -cleanup: - if (signerResponse != NULL) - { - CFRelease(signerResponse); - } - - return ret; -} - -static int32_t ExecuteVerifyTransform(SecTransformRef verifier, CFErrorRef* pErrorOut) -{ - assert(verifier != NULL); - assert(pErrorOut != NULL); - - int32_t ret = kErrorSeeError; -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - CFTypeRef verifierResponse = SecTransformExecute(verifier, pErrorOut); -#pragma clang diagnostic pop - - if (verifierResponse != NULL) - { - if (*pErrorOut == NULL) - { - ret = (verifierResponse == kCFBooleanTrue); - } - - CFRelease(verifierResponse); - } - - return ret; -} - -static int32_t ConfigureSignVerifyTransform(SecTransformRef xform, CFDataRef cfDataHash, CFErrorRef* pErrorOut) -{ -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - if (!SecTransformSetAttribute(xform, kSecInputIsAttributeName, kSecInputIsDigest, pErrorOut)) - { - return 0; - } - - if (!SecTransformSetAttribute(xform, kSecTransformInputAttributeName, cfDataHash, pErrorOut)) - { - return 0; - } -#pragma clang diagnostic pop - - return 1; -} -#endif - // Legacy algorithm identifiers static const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5"); @@ -177,44 +78,20 @@ int32_t AppleCryptoNative_SecKeyCreateSignature(SecKeyRef privateKey, return kErrorUnknownState; } - if (signatureAlgorithm == PAL_SignatureAlgorithm_DSA) - { -#if defined(TARGET_OSX) - SecTransformRef signer = SecSignTransformCreate(privateKey, pErrorOut); - - if (signer != NULL) - { - if (*pErrorOut == NULL) - { - if (ConfigureSignVerifyTransform(signer, dataHash, pErrorOut)) - { - ret = ExecuteSignTransform(signer, pSignatureOut, pErrorOut); - } - } + CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - CFRelease(signer); - } -#else - ret = kPlatformNotSupported; -#endif - } - else + if (algorithm == NULL) { - CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - - if (algorithm == NULL) - { - CFRelease(dataHash); - return kErrorUnknownAlgorithm; - } + CFRelease(dataHash); + return kErrorUnknownAlgorithm; + } - CFDataRef sig = SecKeyCreateSignature(privateKey, algorithm, dataHash, pErrorOut); + CFDataRef sig = SecKeyCreateSignature(privateKey, algorithm, dataHash, pErrorOut); - if (sig != NULL) - { - *pSignatureOut = sig; - ret = 1; - } + if (sig != NULL) + { + *pSignatureOut = sig; + ret = 1; } CFRelease(dataHash); @@ -253,46 +130,22 @@ int32_t AppleCryptoNative_SecKeyVerifySignature(SecKeyRef publicKey, return kErrorUnknownState; } - if (signatureAlgorithm == PAL_SignatureAlgorithm_DSA) - { -#if defined(TARGET_OSX) - SecTransformRef verifier = SecVerifyTransformCreate(publicKey, signature, pErrorOut); + CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - if (verifier != NULL) - { - if (*pErrorOut == NULL) - { - if (ConfigureSignVerifyTransform(verifier, dataHash, pErrorOut)) - { - ret = ExecuteVerifyTransform(verifier, pErrorOut); - } - } + if (algorithm == NULL) + { + CFRelease(dataHash); + CFRelease(signature); + return kErrorBadInput; + } - CFRelease(verifier); - } -#else - ret = kPlatformNotSupported; -#endif + if (SecKeyVerifySignature(publicKey, algorithm, dataHash, signature, pErrorOut)) + { + ret = 1; } - else + else if (CFErrorGetCode(*pErrorOut) == errSecVerifyFailed || CFErrorGetCode(*pErrorOut) == errSecParam) { - CFStringRef algorithm = GetSignatureAlgorithmIdentifier(hashAlgorithm, signatureAlgorithm); - - if (algorithm == NULL) - { - CFRelease(dataHash); - CFRelease(signature); - return kErrorBadInput; - } - - if (SecKeyVerifySignature(publicKey, algorithm, dataHash, signature, pErrorOut)) - { - ret = 1; - } - else if (CFErrorGetCode(*pErrorOut) == errSecVerifyFailed || CFErrorGetCode(*pErrorOut) == errSecParam) - { - ret = 0; - } + ret = 0; } CFRelease(dataHash); diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h index 8879a4a00621d4..c70845ef48a86c 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h +++ b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h @@ -12,7 +12,6 @@ enum { PAL_SignatureAlgorithm_Unknown = 0, - PAL_SignatureAlgorithm_DSA = 1, PAL_SignatureAlgorithm_RSA_Pkcs1 = 2, PAL_SignatureAlgorithm_RSA_Pss = 3, PAL_SignatureAlgorithm_RSA_Raw = 4, @@ -21,9 +20,9 @@ enum typedef uint32_t PAL_SignatureAlgorithm; /* -Generate a DSA, RSA or ECDsa signature. +Generate an RSA or ECDsa signature. -For DSA and ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. +For ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. Follows pal_seckey return conventions. */ @@ -36,9 +35,9 @@ PALEXPORT int32_t AppleCryptoNative_SecKeyCreateSignature(SecKeyRef privateKey, CFErrorRef* pErrorOut); /* -Verify a DSA, RSA or ECDsa signature. +Verify an RSA or ECDsa signature. -For DSA and ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. +For ECDsa the hashAlgorithm parameter is ignored and should be set to PAL_Unknown. Follows pal_seckey return conventions. */ From 86d20dba9f100e1e3f8e23b468e1b8aa346718dd Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 12:34:27 -0400 Subject: [PATCH 02/13] Get System.Security.Cryptography back to green --- .../DSA/DSAFactory.cs | 4 +-- .../DSA/DSAFactoryTests.cs | 16 ++++++--- .../DSA/DSAImportExport.cs | 14 +++----- .../DSA/DSAKeyFileTests.cs | 4 +-- .../DSA/DSAKeyGeneration.cs | 10 +++--- .../DSA/DSAKeyPemTests.cs | 2 +- .../DSA/DSASignVerify.cs | 16 ++++----- .../DSA/DSASignatureFormatTests.cs | 13 ++----- .../DSA/DSASignatureFormatter.cs | 2 +- .../AlgorithmImplementations/DSA/DSAXml.cs | 6 ++-- .../tests/DSACngProvider.cs | 2 +- .../tests/DSACryptoServiceProviderProvider.cs | 2 +- .../tests/DSACryptoServiceProviderTests.cs | 16 ++++----- .../tests/DsaOpenSslProvider.cs | 2 +- .../tests/SignedCms/SignedCmsTests.cs | 2 +- .../SignedCms/SignedCmsTests.netcoreapp.cs | 8 ++--- .../tests/SignedCms/SignerInfoTests.cs | 4 +-- .../tests/DSAKeyValueTest.cs | 2 +- .../tests/KeyInfoTest.cs | 6 ++-- .../tests/SignedXmlTest.cs | 6 ++-- .../tests/CryptoConfigTests.cs | 4 +-- .../tests/DSACreateTests.cs | 36 ++++++++++--------- .../tests/DSATests.cs | 14 ++++---- .../tests/DefaultDSAProvider.cs | 2 +- .../tests/PKCS1MaskGenerationMethodTest.cs | 2 +- .../tests/SignatureDescriptionTests.cs | 7 ++-- .../tests/X509Certificates/CertTests.cs | 4 +-- .../CertificateRequestLoadTests.cs | 2 +- .../CertificateCreation/CrlBuilderTests.cs | 2 +- .../PrivateKeyAssociationTests.cs | 4 +-- .../tests/X509Certificates/ExportTests.cs | 4 +-- .../tests/X509Certificates/PfxTests.cs | 4 +-- .../tests/X509Certificates/PublicKeyTests.cs | 22 ++++++------ .../X509Certificate2PemTests.cs | 4 +-- 34 files changed, 122 insertions(+), 126 deletions(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs index 9d2b09070dd1cf..1d351449e2fb03 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs @@ -8,7 +8,7 @@ public interface IDSAProvider DSA Create(); DSA Create(int keySize); bool SupportsFips186_3 { get; } - bool SupportsKeyGeneration { get; } + bool IsSupported { get; } } public static partial class DSAFactory @@ -36,6 +36,6 @@ public static DSA Create(in DSAParameters dsaParameters) /// public static bool SupportsFips186_3 => s_provider.SupportsFips186_3; - public static bool SupportsKeyGeneration => s_provider.SupportsKeyGeneration; + public static bool IsSupported => s_provider.IsSupported; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs index 992b5357484307..f1f70b3b563499 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs @@ -5,10 +5,11 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] public partial class DSAFactoryTests { - [Fact] + public static bool IsNotSupported => DSAFactory.IsSupported; + + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static void DSACreateDefault_Equals_SameInstance() { using DSA dsa = DSAFactory.Create(); @@ -16,14 +17,14 @@ public static void DSACreateDefault_Equals_SameInstance() AssertExtensions.TrueExpression(dsa.Equals(dsa)); } - [Fact] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static void DSACreateKeySize_Equals_SameInstance() { using DSA dsa = DSAFactory.Create(1024); AssertExtensions.TrueExpression(dsa.Equals(dsa)); } - [Fact] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static void DsaCreate_Equals_DifferentInstance_FalseForSameKeyMaterial() { using DSA dsa1 = DSAFactory.Create(); @@ -32,5 +33,12 @@ public static void DsaCreate_Equals_DifferentInstance_FalseForSameKeyMaterial() dsa2.ImportParameters(DSATestData.GetDSA1024Params()); AssertExtensions.FalseExpression(dsa1.Equals(dsa2)); } + + [ConditionalFact(nameof(IsNotSupported))] + public static void DSACreate_NotSupported() + { + Assert.Throws(() => DSAFactory.Create()); + Assert.Throws(() => DSAFactory.Create(1024)); + } } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs index 50208a71b86b29..774f7b6af09214 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs @@ -5,13 +5,13 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public partial class DSAImportExport { public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; + public static bool IsSupported => DSAFactory.IsSupported; - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void ExportAutoKey() { DSAParameters privateParams; @@ -143,13 +143,7 @@ public static void ExportAfterDispose(bool importKey) // Ensure that the key got created, and then Dispose it. using (key) { - try - { - key.CreateSignature(hash); - } - catch (PlatformNotSupportedException) when (!SupportsKeyGeneration) - { - } + key.CreateSignature(hash); // Assert.NoThrow } Assert.Throws(() => key.ExportParameters(false)); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs index 3d655f77ea96b1..64969f76fb0afe 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs @@ -10,12 +10,12 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static class DSAKeyFileTests { public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsKeyGeneration))] + [Fact] public static void UseAfterDispose_NewKey() { UseAfterDispose(false); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs index 7a7eb4e1f94de6..7b860498d4ced7 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs @@ -5,10 +5,10 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public partial class DSAKeyGeneration { - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; + public static bool IsSupported => DSAFactory.IsSupported; public static bool HasSecondMinSize { get; } = GetHasSecondMinSize(); [Fact] @@ -23,19 +23,19 @@ public static void VerifyDefaultKeySize_Fips186_2() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void GenerateMinKey() { GenerateKey(dsa => GetMin(dsa.LegalKeySizes)); } - [ConditionalFact(nameof(SupportsKeyGeneration), nameof(HasSecondMinSize))] + [ConditionalFact(nameof(HasSecondMinSize))] public static void GenerateSecondMinKey() { GenerateKey(dsa => GetSecondMin(dsa.LegalKeySizes)); } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void GenerateKey_1024() { GenerateKey(1024); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs index a00c34b0e4f9ae..5d285fa40c594c 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static class DSAKeyPemTests { private const string AmbiguousExceptionMarker = "multiple keys"; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs index 6ad596a040c4b3..626e33aae22fd0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public sealed class DSASignVerify_Array : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -54,7 +54,7 @@ public void InvalidStreamArrayArguments_Throws() } } - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public sealed class DSASignVerify_Stream : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -76,7 +76,7 @@ public void InvalidArrayArguments_Throws() } #if NET - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public sealed class DSASignVerify_Span : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -109,13 +109,13 @@ private static byte[] TryWithOutputArray(Func func) } } #endif - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public abstract partial class DSASignVerify { public abstract byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm); public abstract bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm); - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void InvalidKeySize_DoesNotInvalidateKey() { using (DSA dsa = DSAFactory.Create()) @@ -129,7 +129,7 @@ public void InvalidKeySize_DoesNotInvalidateKey() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void UseAfterDispose_NewKey() { UseAfterDispose(false); @@ -191,7 +191,7 @@ protected virtual void UseAfterDispose(DSA dsa, byte[] data, byte[] sig) () => VerifyData(dsa, data, sig, HashAlgorithmName.SHA1)); } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void SignAndVerifyDataNew1024() { using (DSA dsa = DSAFactory.Create(1024)) @@ -429,6 +429,6 @@ internal static bool SupportsFips186_3 return DSAFactory.SupportsFips186_3; } } - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; + public static bool IsSupported => DSAFactory.IsSupported; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs index 149f4825d3f96d..94f1ca57b422dd 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs @@ -8,7 +8,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public abstract class DSASignatureFormatTests : DsaFamilySignatureFormatTests { protected override bool SupportsSha2 => DSAFactory.SupportsFips186_3; @@ -49,18 +49,11 @@ private static KeyDescription OpenKey(in DSAParameters dsaParameters) protected static IEnumerable LocalGenerateTestKeys() { - if (DSAFactory.SupportsKeyGeneration) - { - yield return CreateKey(1024); - - if (DSAFactory.SupportsFips186_3) - { - yield return CreateKey(2048); - } - } + yield return CreateKey(1024); if (DSAFactory.SupportsFips186_3) { + yield return CreateKey(2048); yield return OpenKey(DSATestData.GetDSA2048Params()); } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs index 30d5dd6bb55271..bac817eed206f0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs @@ -6,7 +6,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public partial class DSASignatureFormatterTests : AsymmetricSignatureFormatterTests { [Fact] diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs index 69de7580f62e6a..beee5011d7de07 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static class DSAXml { [Fact] @@ -414,8 +414,8 @@ public static void TestWriteDeficientXParameters(bool includePrivateParameters) "AMhxt+OJaF25fZNN1wEfqwdv8n7EKC+wDA1kbSnV5OU="); } - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsKeyGeneration))] - [OuterLoop("DSA key generation is very slow", ~TestPlatforms.Browser)] + [Fact] + [OuterLoop("DSA key generation is very slow")] public static void FromToXml() { using (DSA dsa = DSAFactory.Create()) diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs b/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs index dd88d0e9956ae4..07dc42ac2b6b29 100644 --- a/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs +++ b/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs @@ -16,7 +16,7 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => (!PlatformDetection.IsWindows7); - public bool SupportsKeyGeneration => true; + public bool IsSupported => true; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs index b4982af70f11ab..499f4df181d8a3 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs @@ -16,7 +16,7 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => false; - public bool SupportsKeyGeneration => !PlatformDetection.IsApplePlatform; + public bool IsSupported => !PlatformDetection.IsApplePlatform; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs index ee39a1d91ee803..fbc81e4a8c6bbe 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs @@ -7,12 +7,12 @@ namespace System.Security.Cryptography.Csp.Tests { - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public class DSACryptoServiceProviderTests { const int PROV_DSS_DH = 13; - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; + public static bool IsSupported => DSAFactory.IsSupported; [Fact] public static void DefaultKeySize() @@ -248,7 +248,7 @@ public static void ImportParameters_KeyTooBig_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyHash_InvalidHashAlgorithm_Throws() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -260,7 +260,7 @@ public static void VerifyHash_InvalidHashAlgorithm_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void SignHash_DefaultAlgorithm_Success() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -272,7 +272,7 @@ public static void SignHash_DefaultAlgorithm_Success() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void SignHash_InvalidHashAlgorithm_Throws() { byte[] hashVal = SHA256.HashData(DSATestData.HelloBytes); @@ -283,7 +283,7 @@ public static void SignHash_InvalidHashAlgorithm_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyHash_DefaultAlgorithm_Success() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -295,7 +295,7 @@ public static void VerifyHash_DefaultAlgorithm_Success() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyHash_CaseInsensitive_Success() { byte[] hashVal = SHA1.HashData(DSATestData.HelloBytes); @@ -330,7 +330,7 @@ public static void SignData_InvalidHashAlgorithm_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public static void VerifyData_InvalidHashAlgorithm_Throws() { using (var dsa = new DSACryptoServiceProvider()) diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs b/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs index 491262dfc1ca6c..992074e1baf387 100644 --- a/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs +++ b/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs @@ -16,7 +16,7 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => true; - public bool SupportsKeyGeneration => true; + public bool IsSupported => true; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 59a8be63676579..e203640e0a6ca4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -514,7 +514,7 @@ public static void AddSignerWithNegativeSerial() [Theory] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, false)] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, true)] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void AddFirstSigner_DSA(SubjectIdentifierType identifierType, bool detached) { #if NET diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index b1a9683c401d58..8043781749fd96 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -73,7 +73,7 @@ public static void SignCmsUsingExplicitRSAKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void SignCmsUsingExplicitDSAKey() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -124,7 +124,7 @@ public static void SignCmsUsingExplicitSlhDsaKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCounterSignature() { using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) @@ -137,7 +137,7 @@ public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCount } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CounterSignCmsUsingExplicitDSAKeyForFirstSignerAndECDsaForCounterSignature() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -575,7 +575,7 @@ public static void AddSigner_RSA_EphemeralKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void AddSigner_DSA_EphemeralKey() { using (DSA dsa = DSA.Create()) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index 8b5160ba843caf..f1f6c0a3b5c86b 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -445,7 +445,7 @@ public static void RemoveCounterSignature_WithNoMatch() [InlineData(0)] [InlineData(1)] [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework, "NetFx bug")] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void RemoveCounterSignature_EncodedInSingleAttribute(int indexToRemove) { SignedCms cms = new SignedCms(); @@ -676,7 +676,7 @@ public static void AddCounterSignerToUnsortedAttributeSignature() } [ConditionalFact(typeof(SignatureSupport), nameof(SignatureSupport.SupportsRsaSha1Signatures))] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void AddCounterSigner_DSA() { AssertAddCounterSigner( diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs index 86a522bce53657..60718c1f7b8600 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs @@ -18,7 +18,7 @@ namespace System.Security.Cryptography.Xml.Tests { - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public class DSAKeyValueTest { [Fact] diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs index e6fcdc1591c7dc..2556f0b544503e 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs @@ -70,7 +70,7 @@ public void KeyInfoNode() private static string xmlDSA = "

" + dsaP + "

" + dsaQ + "" + dsaG + "" + dsaY + ""; [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public void DSAKeyValue() { using (DSA key = DSA.Create()) @@ -149,7 +149,7 @@ public void X509Data() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public void Complex() { KeyInfoName name = new KeyInfoName(); @@ -200,7 +200,7 @@ public void Complex() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public void ImportKeyNode() { string keyName = "Mono::"; diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index 54c153694f7bf7..f055a34b68b3b3 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -293,7 +293,7 @@ public void AsymmetricRSAMixedCaseAttributesVerifyWindows() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public void AsymmetricDSASignature() { SignedXml signedXml = MSDNSample(); @@ -393,7 +393,7 @@ public void AsymmetricRSAVerify() // Using empty constructor // The two other constructors don't seems to apply in verifying signatures [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public void AsymmetricDSAVerify() { string value = "/Vvq6sXEVbtZC8GwNtLQnGOy/VI=BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==

iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=

u4sowiJMHilNRojtdmIuQY2YnB8=SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBYsqzn8J6fd2gtEyq6YOqiUSHgPE8=sQ==This is some text"; @@ -544,7 +544,7 @@ public void ComputeSignatureNoSigningKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public void ComputeSignatureMissingReferencedObject() { XmlDocument doc = new XmlDocument(); diff --git a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs index b9e99144f6b8fa..47359e6b7f0dfe 100644 --- a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs @@ -150,7 +150,7 @@ public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseTy [ActiveIssue("https://github.com/dotnet/runtime/issues/37669", TestPlatforms.Browser)] [InlineData("DSA", typeof(DSA))] [InlineData("System.Security.Cryptography.DSA", typeof(DSA))] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type baseType) { using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier)) @@ -405,7 +405,7 @@ public static IEnumerable AllValidNames yield return new object[] { "RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.AsymmetricAlgorithm", "System.Security.Cryptography.RSACryptoServiceProvider", true }; - if (!PlatformDetection.UsesMobileAppleCrypto) + if (!PlatformDetection.IsApplePlatform) { yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true }; diff --git a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs index b69a62808148c4..e8e97b40eb1ed1 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs @@ -6,13 +6,13 @@ namespace System.Security.Cryptography.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static class DSACreateTests { - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; + public static bool IsSupported => DSAFactory.IsSupported; public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - [ConditionalTheory(nameof(SupportsKeyGeneration))] + [Theory] [SkipOnPlatform(TestPlatforms.Android, "Android only supports key sizes that are a multiple of 1024")] [InlineData(512)] [InlineData(960)] @@ -28,32 +28,34 @@ public static void CreateWithKeysize_SmallKeys(int keySizeInBits) } } - [ConditionalTheory(nameof(SupportsKeyGeneration))] - [InlineData(1024)] - public static void CreateWithKeysize(int keySizeInBits) + [Fact] + public static void CreateWithKeysize() { - using (DSA dsa = DSA.Create(keySizeInBits)) + const int KeySizeInBits = 1024; + + using (DSA dsa = DSA.Create(KeySizeInBits)) { - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, dsa.KeySize); DSAParameters parameters = dsa.ExportParameters(false); - Assert.Equal(keySizeInBits, parameters.Y.Length << 3); - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, parameters.Y.Length << 3); + Assert.Equal(KeySizeInBits, dsa.KeySize); } } - [ConditionalTheory(nameof(SupportsKeyGeneration), nameof(SupportsFips186_3))] + [Fact] [SkipOnPlatform(TestPlatforms.Android, "Android only supports key sizes that are a multiple of 1024")] - [InlineData(1088)] - public static void CreateWithKeysize_BigKeys(int keySizeInBits) + public static void CreateWithKeysize_BigKey() { - using (DSA dsa = DSA.Create(keySizeInBits)) + const int KeySizeInBits = 1088; + + using (DSA dsa = DSA.Create(KeySizeInBits)) { - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, dsa.KeySize); DSAParameters parameters = dsa.ExportParameters(false); - Assert.Equal(keySizeInBits, parameters.Y.Length << 3); - Assert.Equal(keySizeInBits, dsa.KeySize); + Assert.Equal(KeySizeInBits, parameters.Y.Length << 3); + Assert.Equal(KeySizeInBits, dsa.KeySize); } } diff --git a/src/libraries/System.Security.Cryptography/tests/DSATests.cs b/src/libraries/System.Security.Cryptography/tests/DSATests.cs index 8eca860fe4fb9b..e0bcdf3f45e27f 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSATests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSATests.cs @@ -8,12 +8,10 @@ namespace System.Security.Cryptography.Tests { - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public class DSATests { - public static bool SupportsKeyGeneration => DSAFactory.SupportsKeyGeneration; - - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void TryCreateSignature_UsesCreateSignature() { var input = new byte[1024]; @@ -54,7 +52,7 @@ public void SignData_InvalidArguments_Throws() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void TrySignData_UsesTryHashDataAndTryCreateSignature() { var input = new byte[1024]; @@ -79,7 +77,7 @@ public void TrySignData_UsesTryHashDataAndTryCreateSignature() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void VerifyData_Array_UsesHashDataAndVerifySignature() { var input = new byte[1024]; @@ -103,7 +101,7 @@ public void VerifyData_Array_UsesHashDataAndVerifySignature() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void VerifyData_Stream_UsesHashDataAndVerifySignature() { var input = new byte[1024]; @@ -122,7 +120,7 @@ public void VerifyData_Stream_UsesHashDataAndVerifySignature() } } - [ConditionalFact(nameof(SupportsKeyGeneration))] + [Fact] public void VerifyData_Span_UsesTryHashDataAndVerifySignature() { var input = new byte[1024]; diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs index 03c3bf5d02a349..eeaa27bc70c34b 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs @@ -29,7 +29,7 @@ public bool SupportsFips186_3 } } - public bool SupportsKeyGeneration => !PlatformDetection.IsApplePlatform; + public bool IsSupported => !PlatformDetection.IsApplePlatform; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs b/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs index a57d3d9118a3d2..62e65a4973cb76 100644 --- a/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs +++ b/src/libraries/System.Security.Cryptography/tests/PKCS1MaskGenerationMethodTest.cs @@ -71,7 +71,7 @@ public static void NegativeReturnParameterTest() [Theory] [InlineData("DoesntExist")] - [InlineData("DSA")] + [InlineData("RSA")] public static void GenerateMask_InvalidHashName_Throws(string hashName) { PKCS1MaskGenerationMethod pkcs1 = new PKCS1MaskGenerationMethod(); diff --git a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs index a1b346b8176aeb..d12d2821606332 100644 --- a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs @@ -4,6 +4,8 @@ // (C) 2002 Motus Technologies Inc. (http://www.motus.com) // (C) 2004 Novell http://www.novell.com +using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Tests @@ -102,8 +104,7 @@ public void Properties() Assert.Null(sig.KeyAlgorithm); } - [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on iOS/tvOS/MacCatalyst")] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public void Deformatter() { AsymmetricSignatureDeformatter def; @@ -154,7 +155,7 @@ public void Digest() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on iOS/tvOS/MacCatalyst")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not supported on Apple platforms")] public void Formatter() { SignatureDescription sig = new SignatureDescription(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs index 0ad15b272e1565..c9815405b6294a 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs @@ -62,7 +62,7 @@ public static void PrivateKey_FromCertificate_CanExportPrivate_RSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void PrivateKey_FromCertificate_CanExportPrivate_DSA() { DSAParameters originalParameters = DSATestData.GetDSA1024Params(); @@ -283,7 +283,7 @@ public static void PublicPrivateKey_IndependentLifetimes_RSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void PublicPrivateKey_IndependentLifetimes_DSA() { X509Certificate2 loaded; diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs index 418552c4ea1cb3..83e915bb1e8a90 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs @@ -428,7 +428,7 @@ public static void VerifySignature_RSA_PSS(string hashAlgorithm) } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void VerifySignature_DSA() { // macOS is limited to FIPS 186-2 DSA, so SHA-1 is the only valid algorithm. diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs index 6723283a95097a..e6b92fd3f5b81c 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs @@ -777,7 +777,7 @@ public static void UnsupportedRevocationReasons() } [Fact] - [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on Browser/iOS/tvOS/MacCatalyst")] + [SkipOnPlatform(TestPlatforms.Browser | PlatformSupport.AppleCrypto, "Not supported on Browser/Apple")] public static void DsaNotDirectlySupported() { CertificateRevocationListBuilder builder = new CertificateRevocationListBuilder(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs index f9f503d111dcea..b397ed38f69464 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs @@ -428,7 +428,7 @@ public static void AssociatePersistedKey_CNG_DSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void ThirdPartyProvider_DSA() { using (DSA dsaOther = new DSAOther()) @@ -583,7 +583,7 @@ public static void CheckCopyWithPrivateKey_RSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CheckCopyWithPrivateKey_DSA() { using (X509Certificate2 withKey = X509CertificateLoader.LoadPkcs12(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword)) diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs index c526790a90432c..0159383fdb8c7c 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/ExportTests.cs @@ -801,7 +801,7 @@ public static void ECDH_Export_DefaultKeyStorePermitsUnencryptedExports_Pkcs8Pri } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS, "The PKCS#12 Exportable flag is not supported on iOS/MacCatalyst/tvOS")] + [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS | TestPlatforms.OSX, "DSA is not supported on Apple platforms")] public static void DSA_Export_DefaultKeyStorePermitsUnencryptedExports_ExportParameters() { (byte[] pkcs12, DSA dsa) = CreateSimplePkcs12(); @@ -818,7 +818,7 @@ public static void DSA_Export_DefaultKeyStorePermitsUnencryptedExports_ExportPar } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS, "The PKCS#12 Exportable flag is not supported on iOS/MacCatalyst/tvOS")] + [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.MacCatalyst | TestPlatforms.tvOS | TestPlatforms.OSX, "DSA is not supported on Apple platforms")] public static void DSA_Export_DefaultKeyStorePermitsUnencryptedExports_Pkcs8PrivateKey() { (byte[] pkcs12, DSA dsa) = CreateSimplePkcs12(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs index e1f0412ec53c0c..a35521adcbb585 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs @@ -268,7 +268,7 @@ public static void ECDHPrivateKey_PfxKeyIsEcdsaConstrained() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void DsaPrivateKeyProperty() { using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible)) @@ -366,7 +366,7 @@ public static void ReadECDsaPrivateKey_OpenSslPfx(X509KeyStorageFlags keyStorage } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void ReadDSAPrivateKey() { byte[] data = { 1, 2, 3, 4, 5 }; diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs index 1dc7217ee02639..f7cf6071d1436a 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs @@ -107,7 +107,7 @@ public static void TestPublicKey_Key_RSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void TestPublicKey_Key_DSA() { PublicKey pk = GetTestDsaKey(); @@ -586,7 +586,7 @@ public static void TestECDsa224PublicKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void TestDSAPublicKey() { using (var cert = new X509Certificate2(TestData.DssCer)) @@ -598,7 +598,7 @@ public static void TestDSAPublicKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void TestDSAPublicKey_VerifiesSignature() { byte[] data = { 1, 2, 3, 4, 5 }; @@ -618,7 +618,7 @@ public static void TestDSAPublicKey_VerifiesSignature() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void TestDSAPublicKey_RSACert() { using (var cert = new X509Certificate2(TestData.Rsa384CertificatePemBytes)) @@ -629,7 +629,7 @@ public static void TestDSAPublicKey_RSACert() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void TestDSAPublicKey_ECDSACert() { using (var cert = new X509Certificate2(TestData.ECDsa256Certificate)) @@ -681,7 +681,7 @@ public static void ExportSubjectPublicKeyInfo_RSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void ExportSubjectPublicKeyInfo_DSA() { using DSA dsa = DSA.Create(); @@ -793,7 +793,7 @@ public static void CreateFromSubjectPublicKeyInfo_Roundtrip_RSA() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA() { using DSA dsa = DSA.Create(); @@ -839,7 +839,7 @@ public static void CreateFromSubjectPublicKeyInfo_Roundtrip_ECDH() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA_InvalidKey() { // The DSA key is invalid here, but we should be able to round-trip the @@ -928,7 +928,7 @@ public static void GetPublicKey_NullForDifferentAlgorithm() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void GetDSAPublicKey_NullForDifferentAlgorithm() { byte[] spki = TestData.GostR3410SubjectPublicKeyInfo; @@ -959,7 +959,7 @@ public static void GetRSAPublicKey_ThrowsForCorruptKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void GetDSAPublicKey_ReturnsDsaKey() { PublicKey key = GetTestDsaKey(); @@ -972,7 +972,7 @@ public static void GetDSAPublicKey_ReturnsDsaKey() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void GetDSAPublicKey_ThrowsForCorruptKey() { AsnEncodedData badData = new AsnEncodedData(new byte[] { 1, 2, 3, 4 }); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs index 7c247857a6d2dd..6843059794f3e2 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs @@ -644,7 +644,7 @@ public static void CreateFromPem_SlhDsa_Pkcs8_Success(SlhDsaTestData.SlhDsaGener } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CreateFromPem_Dsa_Pkcs8_Success() { using (X509Certificate2 cert = X509Certificate2.CreateFromPem(TestData.DsaCertificate, TestData.DsaPkcs8Key)) @@ -655,7 +655,7 @@ public static void CreateFromPem_Dsa_Pkcs8_Success() } [Fact] - [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")] + [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void CreateFromPem_Dsa_EncryptedPkcs8_Success() { X509Certificate2 cert = X509Certificate2.CreateFromEncryptedPem( From 0a048caf845e7eaf3679b05be716503643c5a520 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 12:37:32 -0400 Subject: [PATCH 03/13] Get System.Security.Cryptography.Pkcs back to green --- .../tests/SignedCms/SignedCmsTests.cs | 4 ++-- .../tests/SignedCms/SignerInfoTests.cs | 4 ++-- .../tests/SignedCms/SignerInfoTests.netcoreapp.cs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index e203640e0a6ca4..622bce42aed8bd 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1126,8 +1126,8 @@ public static void EnsureExtraCertsAdded(bool newDocument) { cms = new SignedCms(); - // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead - if (PlatformDetection.UsesMobileAppleCrypto) + // DSA is not supported on Apple platforms, so use ECDsa signed document instead + if (PlatformDetection.UsesAppleCrypto) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index f1f6c0a3b5c86b..974d21a70cbc55 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -1091,8 +1091,8 @@ public static void EnsureExtraCertsAdded() { SignedCms cms = new SignedCms(); - // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead - if (PlatformDetection.UsesMobileAppleCrypto) + // DSA is not supported on Apple platforms, so use ECDsa signed document instead + if (PlatformDetection.UsesAppleCrypto) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs index fbf990edf27292..150d36340777a6 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs @@ -246,9 +246,9 @@ public static void SignerInfo_AddRemoveUnsignedAttributes_JoinCounterSignaturesA cms.ComputeSignature(signer); } - // DSA is not supported on mobile Apple platforms, so use ECDsa key instead + // DSA is not supported on Apple platforms, so use ECDsa key instead X509Certificate2 counterSigner1cert = - PlatformDetection.UsesMobileAppleCrypto ? + PlatformDetection.UsesAppleCrypto ? Certificates.ECDsaP521Win.TryGetCertificateWithPrivateKey() : Certificates.Dsa1024.TryGetCertificateWithPrivateKey(); From a9775afcb4b0dde989b5001a547287034236c18f Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 12:38:35 -0400 Subject: [PATCH 04/13] Get System.Security.Cryptography.Xml back to green --- .../tests/Samples/SigningVerifyingX509Cert.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs b/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs index 69af96accd8db0..7e98a995a15f03 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs @@ -78,7 +78,7 @@ public void SignedXmlHasCertificateVerifiableSignature() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "DSA is not available")] + [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst | TestPlatforms.OSX, "DSA is not available")] public void SignedXmlHasDSACertificateVerifiableSignature() { using (X509Certificate2 x509cert = TestHelpers.GetSampleDSAX509Certificate()) From dc5f0bc3d2c24d6e232b580d76f0397e96db32bc Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 14:51:05 -0400 Subject: [PATCH 05/13] Put the not in the not so CI is not tied in a knot --- .../AlgorithmImplementations/DSA/DSAFactoryTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs index f1f70b3b563499..96be7e8645a2fa 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { public partial class DSAFactoryTests { - public static bool IsNotSupported => DSAFactory.IsSupported; + public static bool IsNotSupported => !DSAFactory.IsSupported; [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static void DSACreateDefault_Equals_SameInstance() From 192118202d50e210ddd1d8577b50f7a91a931e8f Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 17:28:14 -0400 Subject: [PATCH 06/13] Make DSAFactory.IsSupported do the right thing on browser --- .../System.Security.Cryptography/tests/DefaultDSAProvider.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs index eeaa27bc70c34b..c8a0528e750c9d 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs @@ -25,11 +25,11 @@ public bool SupportsFips186_3 { get { - return !(PlatformDetection.IsWindows7 || PlatformDetection.IsApplePlatform); + return IsSupported && !PlatformDetection.IsWindows7; } } - public bool IsSupported => !PlatformDetection.IsApplePlatform; + public bool IsSupported => !PlatformDetection.IsApplePlatform && !PlatformDetection.IsBrowser; } public partial class DSAFactory From 9ffc91fa19c4dfe4febac5048ced92ee1ab2dd2d Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 18:40:01 -0400 Subject: [PATCH 07/13] Partially addresses code review feedback --- .../AlgorithmImplementations/DSA/DSAImportExport.cs | 5 +---- .../DSA/DSAKeyGeneration.cs | 1 - .../AlgorithmImplementations/DSA/DSASignVerify.cs | 13 ++++++------- .../tests/DSACryptoServiceProviderTests.cs | 2 -- .../tests/DSACreateTests.cs | 5 +---- .../tests/SignatureDescriptionTests.cs | 4 +--- 6 files changed, 9 insertions(+), 21 deletions(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs index 774f7b6af09214..91fa036ba66656 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs @@ -8,9 +8,6 @@ namespace System.Security.Cryptography.Dsa.Tests [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public partial class DSAImportExport { - public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - public static bool IsSupported => DSAFactory.IsSupported; - [Fact] public static void ExportAutoKey() { @@ -73,7 +70,7 @@ public static void Import_1024() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public static void Import_2048() { using (DSA dsa = DSAFactory.Create()) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs index 7b860498d4ced7..981835cb6c82a3 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs @@ -8,7 +8,6 @@ namespace System.Security.Cryptography.Dsa.Tests [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public partial class DSAKeyGeneration { - public static bool IsSupported => DSAFactory.IsSupported; public static bool HasSecondMinSize { get; } = GetHasSecondMinSize(); [Fact] diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs index 626e33aae22fd0..16d54d7b836733 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs @@ -255,13 +255,13 @@ public void SignAndVerifyDataExplicit1024() SignAndVerify(DSATestData.HelloBytes, "SHA1", DSATestData.GetDSA1024Params(), 40); } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void SignAndVerifyDataExplicit2048() { SignAndVerify(DSATestData.HelloBytes, "SHA256", DSATestData.GetDSA2048Params(), 64); } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void VerifyKnown_2048_SHA256() { byte[] signature = @@ -285,7 +285,7 @@ public void VerifyKnown_2048_SHA256() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void VerifyKnown_2048_SHA384() { byte[] signature = @@ -309,7 +309,7 @@ public void VerifyKnown_2048_SHA384() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void VerifyKnown_2048_SHA512() { byte[] signature = @@ -352,7 +352,7 @@ public void VerifyKnownSignature() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void Sign2048WithSha1() { byte[] data = { 1, 2, 3, 4 }; @@ -367,7 +367,7 @@ public void Sign2048WithSha1() } } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public void Verify2048WithSha1() { byte[] data = { 1, 2, 3, 4 }; @@ -429,6 +429,5 @@ internal static bool SupportsFips186_3 return DSAFactory.SupportsFips186_3; } } - public static bool IsSupported => DSAFactory.IsSupported; } } diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs index fbc81e4a8c6bbe..866be6cb5548d7 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs @@ -12,8 +12,6 @@ public class DSACryptoServiceProviderTests { const int PROV_DSS_DH = 13; - public static bool IsSupported => DSAFactory.IsSupported; - [Fact] public static void DefaultKeySize() { diff --git a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs index e8e97b40eb1ed1..a7473d263c732d 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs @@ -9,9 +9,6 @@ namespace System.Security.Cryptography.Tests [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public static class DSACreateTests { - public static bool IsSupported => DSAFactory.IsSupported; - public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; - [Theory] [SkipOnPlatform(TestPlatforms.Android, "Android only supports key sizes that are a multiple of 1024")] [InlineData(512)] @@ -80,7 +77,7 @@ public static void CreateWithParameters_1024() CreateWithParameters(DSATestData.GetDSA1024Params()); } - [ConditionalFact(nameof(SupportsFips186_3))] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.SupportsFips186_3))] public static void CreateWithParameters_2048() { CreateWithParameters(DSATestData.GetDSA2048Params()); diff --git a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs index d12d2821606332..3ee000b910467f 100644 --- a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs @@ -41,7 +41,6 @@ public void Constructor_SecurityElement_Empty() } [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst, "Not supported on iOS/tvOS/MacCatalyst")] public void Constructor_SecurityElement_DSA() { SecurityElement se = new SecurityElement("DSASignature"); @@ -154,8 +153,7 @@ public void Digest() Assert.Null(sig.CreateDigest()); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not supported on Apple platforms")] + [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] public void Formatter() { SignatureDescription sig = new SignatureDescription(); From 500d58e82dd956664d47752cbf683f393a63b0da Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 28 Aug 2025 22:17:21 -0400 Subject: [PATCH 08/13] Code review feedback --- .../DSA/DSAFactory.cs | 3 -- .../DSA/DSAFactoryTests.cs | 11 +++---- .../DSA/DSAImportExport.cs | 3 +- .../DSA/DSAKeyFileTests.cs | 2 +- .../DSA/DSAKeyGeneration.cs | 3 +- .../DSA/DSAKeyPemTests.cs | 2 +- .../DSA/DSASignVerify.cs | 8 ++--- .../DSA/DSASignatureFormatTests.cs | 3 +- .../DSA/DSASignatureFormatter.cs | 3 +- .../AlgorithmImplementations/DSA/DSAXml.cs | 3 +- .../Security/Cryptography/PlatformSupport.cs | 3 ++ .../tests/DSACngProvider.cs | 3 +- .../tests/DSACryptoServiceProviderProvider.cs | 1 - .../tests/DSACryptoServiceProviderTests.cs | 2 +- .../tests/DsaOpenSslProvider.cs | 1 - .../tests/SignedCms/SignedCmsTests.cs | 3 +- .../SignedCms/SignedCmsTests.netcoreapp.cs | 12 +++---- .../tests/SignedCms/SignerInfoTests.cs | 3 +- .../tests/DSAKeyValueTest.cs | 2 +- .../tests/KeyInfoTest.cs | 9 ++--- .../tests/SignedXmlTest.cs | 9 ++--- .../tests/DSACreateTests.cs | 3 +- .../tests/DSATests.cs | 3 +- .../tests/DefaultDSAProvider.cs | 6 ++-- .../tests/SignatureDescriptionTests.cs | 4 +-- .../tests/X509Certificates/CertTests.cs | 6 ++-- .../CertificateRequestLoadTests.cs | 3 +- .../CertificateCreation/CrlBuilderTests.cs | 3 +- .../PrivateKeyAssociationTests.cs | 6 ++-- .../tests/X509Certificates/PfxTests.cs | 6 ++-- .../tests/X509Certificates/PublicKeyTests.cs | 33 +++++++------------ .../X509Certificate2PemTests.cs | 6 ++-- 32 files changed, 69 insertions(+), 99 deletions(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs index 1d351449e2fb03..2c138d33d1e4ab 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs @@ -8,7 +8,6 @@ public interface IDSAProvider DSA Create(); DSA Create(int keySize); bool SupportsFips186_3 { get; } - bool IsSupported { get; } } public static partial class DSAFactory @@ -35,7 +34,5 @@ public static DSA Create(in DSAParameters dsaParameters) /// If true, 186-3 includes support for keysizes >1024 and SHA-2 algorithms /// public static bool SupportsFips186_3 => s_provider.SupportsFips186_3; - - public static bool IsSupported => s_provider.IsSupported; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs index 96be7e8645a2fa..b36bdfb1c8a0f2 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs @@ -1,15 +1,14 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { public partial class DSAFactoryTests { - public static bool IsNotSupported => !DSAFactory.IsSupported; - - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DSACreateDefault_Equals_SameInstance() { using DSA dsa = DSAFactory.Create(); @@ -17,14 +16,14 @@ public static void DSACreateDefault_Equals_SameInstance() AssertExtensions.TrueExpression(dsa.Equals(dsa)); } - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DSACreateKeySize_Equals_SameInstance() { using DSA dsa = DSAFactory.Create(1024); AssertExtensions.TrueExpression(dsa.Equals(dsa)); } - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DsaCreate_Equals_DifferentInstance_FalseForSameKeyMaterial() { using DSA dsa1 = DSAFactory.Create(); @@ -34,7 +33,7 @@ public static void DsaCreate_Equals_DifferentInstance_FalseForSameKeyMaterial() AssertExtensions.FalseExpression(dsa1.Equals(dsa2)); } - [ConditionalFact(nameof(IsNotSupported))] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSANotSupported))] public static void DSACreate_NotSupported() { Assert.Throws(() => DSAFactory.Create()); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs index 91fa036ba66656..9ce2a37b5388a2 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs @@ -1,11 +1,12 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public partial class DSAImportExport { [Fact] diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs index 64969f76fb0afe..5dd4647990d41c 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs @@ -10,7 +10,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSAKeyFileTests { public static bool SupportsFips186_3 => DSAFactory.SupportsFips186_3; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs index 981835cb6c82a3..50006be25f8cb1 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs @@ -1,11 +1,12 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public partial class DSAKeyGeneration { public static bool HasSecondMinSize { get; } = GetHasSecondMinSize(); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs index 5d285fa40c594c..86ae8ed1595efc 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSAKeyPemTests { private const string AmbiguousExceptionMarker = "multiple keys"; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs index 16d54d7b836733..658fc5cdfc9a04 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public sealed class DSASignVerify_Array : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -54,7 +54,7 @@ public void InvalidStreamArrayArguments_Throws() } } - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public sealed class DSASignVerify_Stream : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -76,7 +76,7 @@ public void InvalidArrayArguments_Throws() } #if NET - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public sealed class DSASignVerify_Span : DSASignVerify { public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => @@ -109,7 +109,7 @@ private static byte[] TryWithOutputArray(Func func) } } #endif - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public abstract partial class DSASignVerify { public abstract byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs index 94f1ca57b422dd..28ce3e7a0a60c0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs @@ -4,11 +4,12 @@ using System.Collections.Generic; using System.Linq; using System.Security.Cryptography.Algorithms.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public abstract class DSASignatureFormatTests : DsaFamilySignatureFormatTests { protected override bool SupportsSha2 => DSAFactory.SupportsFips186_3; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs index bac817eed206f0..9b19f42d34a9c5 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs @@ -2,11 +2,12 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public partial class DSASignatureFormatterTests : AsymmetricSignatureFormatterTests { [Fact] diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs index beee5011d7de07..4c6ea3050803f0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs @@ -3,11 +3,12 @@ using System.Collections.Generic; using System.Xml.Linq; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Dsa.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSAXml { [Fact] diff --git a/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs b/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs index 498fcd842bf6fd..a7e6dee0820d13 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs @@ -140,6 +140,9 @@ private static bool CheckIfRsaPssSupported() // Whether or not the current platform supports RC2 internal static bool IsRC2Supported => s_lazyIsRC2Supported.Value; + internal static bool IsDSASupported => !PlatformDetection.IsApplePlatform && !PlatformDetection.IsBrowser; + internal static bool IsDSANotSupported => !IsDSASupported; + #if NET internal static readonly bool IsAndroidVersionAtLeast31 = OperatingSystem.IsAndroidVersionAtLeast(31); #else diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs b/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs index 07dc42ac2b6b29..5fdefd04f006f9 100644 --- a/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs +++ b/src/libraries/System.Security.Cryptography.Cng/tests/DSACngProvider.cs @@ -15,8 +15,7 @@ public DSA Create(int keySize) return new DSACng(keySize); } - public bool SupportsFips186_3 => (!PlatformDetection.IsWindows7); - public bool IsSupported => true; + public bool SupportsFips186_3 => !PlatformDetection.IsWindows7; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs index 499f4df181d8a3..bf2ae8459307bc 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderProvider.cs @@ -16,7 +16,6 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => false; - public bool IsSupported => !PlatformDetection.IsApplePlatform; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs index 866be6cb5548d7..d01e787470c0c6 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs @@ -7,7 +7,7 @@ namespace System.Security.Cryptography.Csp.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public class DSACryptoServiceProviderTests { const int PROV_DSS_DH = 13; diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs b/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs index 992074e1baf387..3d4b74ed7e43c5 100644 --- a/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs +++ b/src/libraries/System.Security.Cryptography.OpenSsl/tests/DsaOpenSslProvider.cs @@ -16,7 +16,6 @@ public DSA Create(int keySize) } public bool SupportsFips186_3 => true; - public bool IsSupported => true; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 622bce42aed8bd..37d3ea2385f204 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -511,10 +511,9 @@ public static void AddSignerWithNegativeSerial() cms.CheckSignature(true); } - [Theory] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, false)] [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, true)] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void AddFirstSigner_DSA(SubjectIdentifierType identifierType, bool detached) { #if NET diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index 8043781749fd96..2be391dfe1ff09 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -72,8 +72,7 @@ public static void SignCmsUsingExplicitRSAKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void SignCmsUsingExplicitDSAKey() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -123,8 +122,7 @@ public static void SignCmsUsingExplicitSlhDsaKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCounterSignature() { using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) @@ -136,8 +134,7 @@ public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCount } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CounterSignCmsUsingExplicitDSAKeyForFirstSignerAndECDsaForCounterSignature() { using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey()) @@ -574,8 +571,7 @@ public static void AddSigner_RSA_EphemeralKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void AddSigner_DSA_EphemeralKey() { using (DSA dsa = DSA.Create()) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index 974d21a70cbc55..97f8d7c2e6016e 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -441,11 +441,10 @@ public static void RemoveCounterSignature_WithNoMatch() () => signerInfo.RemoveCounterSignature(signerInfo)); } - [Theory] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] [InlineData(0)] [InlineData(1)] [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework, "NetFx bug")] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void RemoveCounterSignature_EncodedInSingleAttribute(int indexToRemove) { SignedCms cms = new SignedCms(); diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs index 60718c1f7b8600..cae570ec896d10 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs @@ -18,7 +18,7 @@ namespace System.Security.Cryptography.Xml.Tests { - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public class DSAKeyValueTest { [Fact] diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs index 2556f0b544503e..0a59657b601dfe 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs @@ -69,8 +69,7 @@ public void KeyInfoNode() // private static string xmlDSA = "

" + dsaP + "

" + dsaQ + "" + dsaG + "" + dsaY + "" + dsaJ + "" + dsaSeed + "" + dsaPgenCounter + ""; private static string xmlDSA = "

" + dsaP + "

" + dsaQ + "" + dsaG + "" + dsaY + ""; - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void DSAKeyValue() { using (DSA key = DSA.Create()) @@ -148,8 +147,7 @@ public void X509Data() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void Complex() { KeyInfoName name = new KeyInfoName(); @@ -199,8 +197,7 @@ public void Complex() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void ImportKeyNode() { string keyName = "Mono::"; diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index f055a34b68b3b3..5d206380f427f4 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -292,8 +292,7 @@ public void AsymmetricRSAMixedCaseAttributesVerifyWindows() Assert.True(v1.CheckSignature()); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void AsymmetricDSASignature() { SignedXml signedXml = MSDNSample(); @@ -392,8 +391,7 @@ public void AsymmetricRSAVerify() // Using empty constructor // The two other constructors don't seems to apply in verifying signatures - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void AsymmetricDSAVerify() { string value = "/Vvq6sXEVbtZC8GwNtLQnGOy/VI=BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==

iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=

u4sowiJMHilNRojtdmIuQY2YnB8=SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBYsqzn8J6fd2gtEyq6YOqiUSHgPE8=sQ==This is some text"; @@ -543,8 +541,7 @@ public void ComputeSignatureNoSigningKey() Assert.Throws(() => signedXml.ComputeSignature()); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void ComputeSignatureMissingReferencedObject() { XmlDocument doc = new XmlDocument(); diff --git a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs index a7473d263c732d..4e4d29b5a70d48 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs @@ -2,11 +2,12 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static class DSACreateTests { [Theory] diff --git a/src/libraries/System.Security.Cryptography/tests/DSATests.cs b/src/libraries/System.Security.Cryptography/tests/DSATests.cs index e0bcdf3f45e27f..5bc60f47668d28 100644 --- a/src/libraries/System.Security.Cryptography/tests/DSATests.cs +++ b/src/libraries/System.Security.Cryptography/tests/DSATests.cs @@ -4,11 +4,12 @@ using System.IO; using System.Reflection; using System.Security.Cryptography.Dsa.Tests; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Tests { - [ConditionalClass(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalClass(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public class DSATests { [Fact] diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs index c8a0528e750c9d..14ca873d365293 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs @@ -1,6 +1,8 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using Test.Cryptography; + namespace System.Security.Cryptography.Dsa.Tests { public class DefaultDSAProvider : IDSAProvider @@ -25,11 +27,9 @@ public bool SupportsFips186_3 { get { - return IsSupported && !PlatformDetection.IsWindows7; + return PlatformSupport.IsDSASupported && !PlatformDetection.IsWindows7; } } - - public bool IsSupported => !PlatformDetection.IsApplePlatform && !PlatformDetection.IsBrowser; } public partial class DSAFactory diff --git a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs index 3ee000b910467f..726ed287891e65 100644 --- a/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/SignatureDescriptionTests.cs @@ -103,7 +103,7 @@ public void Properties() Assert.Null(sig.KeyAlgorithm); } - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void Deformatter() { AsymmetricSignatureDeformatter def; @@ -153,7 +153,7 @@ public void Digest() Assert.Null(sig.CreateDigest()); } - [ConditionalFact(typeof(DSAFactory), nameof(DSAFactory.IsSupported))] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void Formatter() { SignatureDescription sig = new SignatureDescription(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs index c9815405b6294a..5dc6cdb777a62f 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs @@ -61,8 +61,7 @@ public static void PrivateKey_FromCertificate_CanExportPrivate_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void PrivateKey_FromCertificate_CanExportPrivate_DSA() { DSAParameters originalParameters = DSATestData.GetDSA1024Params(); @@ -282,8 +281,7 @@ public static void PublicPrivateKey_IndependentLifetimes_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void PublicPrivateKey_IndependentLifetimes_DSA() { X509Certificate2 loaded; diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs index 83e915bb1e8a90..4d4903f5b6fcda 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CertificateRequestLoadTests.cs @@ -427,8 +427,7 @@ public static void VerifySignature_RSA_PSS(string hashAlgorithm) } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void VerifySignature_DSA() { // macOS is limited to FIPS 186-2 DSA, so SHA-1 is the only valid algorithm. diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs index e6b92fd3f5b81c..b9d1c6beb90efb 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs @@ -776,8 +776,7 @@ public static void UnsupportedRevocationReasons() () => builder.AddEntry(serial, reason: X509RevocationReason.RemoveFromCrl)); } - [Fact] - [SkipOnPlatform(TestPlatforms.Browser | PlatformSupport.AppleCrypto, "Not supported on Browser/Apple")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DsaNotDirectlySupported() { CertificateRevocationListBuilder builder = new CertificateRevocationListBuilder(); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs index b397ed38f69464..91c1525d3cdcf6 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs @@ -427,8 +427,7 @@ public static void AssociatePersistedKey_CNG_DSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void ThirdPartyProvider_DSA() { using (DSA dsaOther = new DSAOther()) @@ -582,8 +581,7 @@ public static void CheckCopyWithPrivateKey_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CheckCopyWithPrivateKey_DSA() { using (X509Certificate2 withKey = X509CertificateLoader.LoadPkcs12(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword)) diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs index a35521adcbb585..24bd437d7cb24e 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs @@ -267,8 +267,7 @@ public static void ECDHPrivateKey_PfxKeyIsEcdsaConstrained() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void DsaPrivateKeyProperty() { using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible)) @@ -365,8 +364,7 @@ public static void ReadECDsaPrivateKey_OpenSslPfx(X509KeyStorageFlags keyStorage } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void ReadDSAPrivateKey() { byte[] data = { 1, 2, 3, 4, 5 }; diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs index f7cf6071d1436a..61bbd4a537d047 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PublicKeyTests.cs @@ -106,8 +106,7 @@ public static void TestPublicKey_Key_RSA() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestPublicKey_Key_DSA() { PublicKey pk = GetTestDsaKey(); @@ -585,8 +584,7 @@ public static void TestECDsa224PublicKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey() { using (var cert = new X509Certificate2(TestData.DssCer)) @@ -597,8 +595,7 @@ public static void TestDSAPublicKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey_VerifiesSignature() { byte[] data = { 1, 2, 3, 4, 5 }; @@ -617,8 +614,7 @@ public static void TestDSAPublicKey_VerifiesSignature() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey_RSACert() { using (var cert = new X509Certificate2(TestData.Rsa384CertificatePemBytes)) @@ -628,8 +624,7 @@ public static void TestDSAPublicKey_RSACert() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void TestDSAPublicKey_ECDSACert() { using (var cert = new X509Certificate2(TestData.ECDsa256Certificate)) @@ -680,8 +675,7 @@ public static void ExportSubjectPublicKeyInfo_RSA() AssertExportSubjectPublicKeyInfo(key, rsa.ExportSubjectPublicKeyInfo()); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void ExportSubjectPublicKeyInfo_DSA() { using DSA dsa = DSA.Create(); @@ -792,8 +786,7 @@ public static void CreateFromSubjectPublicKeyInfo_Roundtrip_RSA() Assert.Equal(spki.Length, read); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA() { using DSA dsa = DSA.Create(); @@ -838,8 +831,7 @@ public static void CreateFromSubjectPublicKeyInfo_Roundtrip_ECDH() Assert.Equal(spki.Length, read); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA_InvalidKey() { // The DSA key is invalid here, but we should be able to round-trip the @@ -927,8 +919,7 @@ public static void GetPublicKey_NullForDifferentAlgorithm() Assert.Null(key.GetECDiffieHellmanPublicKey()); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void GetDSAPublicKey_NullForDifferentAlgorithm() { byte[] spki = TestData.GostR3410SubjectPublicKeyInfo; @@ -958,8 +949,7 @@ public static void GetRSAPublicKey_ThrowsForCorruptKey() Assert.ThrowsAny(() => key.GetRSAPublicKey()); } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void GetDSAPublicKey_ReturnsDsaKey() { PublicKey key = GetTestDsaKey(); @@ -971,8 +961,7 @@ public static void GetDSAPublicKey_ReturnsDsaKey() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void GetDSAPublicKey_ThrowsForCorruptKey() { AsnEncodedData badData = new AsnEncodedData(new byte[] { 1, 2, 3, 4 }); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs index 6843059794f3e2..81e5fca66fef18 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509Certificate2PemTests.cs @@ -643,8 +643,7 @@ public static void CreateFromPem_SlhDsa_Pkcs8_Success(SlhDsaTestData.SlhDsaGener } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromPem_Dsa_Pkcs8_Success() { using (X509Certificate2 cert = X509Certificate2.CreateFromPem(TestData.DsaCertificate, TestData.DsaPkcs8Key)) @@ -654,8 +653,7 @@ public static void CreateFromPem_Dsa_Pkcs8_Success() } } - [Fact] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public static void CreateFromPem_Dsa_EncryptedPkcs8_Success() { X509Certificate2 cert = X509Certificate2.CreateFromEncryptedPem( From dd5113f7c6252c062e1dc125d3ee685cd18e6389 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 29 Aug 2025 12:34:05 -0400 Subject: [PATCH 09/13] Remove skip for macOS that no longer applies and the last reference to DSASecurityTransforms --- .../Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs index 5dd4647990d41c..b53547b6983a1a 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs @@ -305,7 +305,6 @@ public static void ReadWriteDsa2048SubjectPublicKeyInfo() } [Fact] - [SkipOnPlatform(TestPlatforms.OSX, "DSASecurityTransforms goes straight to OS, has different failure mode")] public static void ImportNonsensePublicParameters() { AsnWriter writer = new AsnWriter(AsnEncodingRules.DER); From 3aa2e2d1087c41ce35b515c675a967fb38825cbc Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 29 Aug 2025 13:09:16 -0400 Subject: [PATCH 10/13] Use PlatformSupport in more places --- .../tests/SignedCms/SignedCmsTests.cs | 4 ++-- .../tests/SignedCms/SignerInfoTests.cs | 11 ++++++++--- .../tests/Samples/SigningVerifyingX509Cert.cs | 4 ++-- .../tests/CryptoConfigTests.cs | 10 +++++++--- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 37d3ea2385f204..7ff5dbebde9b17 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1125,8 +1125,8 @@ public static void EnsureExtraCertsAdded(bool newDocument) { cms = new SignedCms(); - // DSA is not supported on Apple platforms, so use ECDsa signed document instead - if (PlatformDetection.UsesAppleCrypto) + // DSA is not supported, so use ECDsa signed document instead + if (PlatformSupport.IsDSASupported) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index 97f8d7c2e6016e..c7b358e6c8f989 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -5,6 +5,7 @@ using System.Linq; using System.Security.Cryptography.SLHDsa.Tests; using System.Security.Cryptography.X509Certificates; +using Microsoft.DotNet.XUnitExtensions; using Test.Cryptography; using Xunit; @@ -675,9 +676,13 @@ public static void AddCounterSignerToUnsortedAttributeSignature() } [ConditionalFact(typeof(SignatureSupport), nameof(SignatureSupport.SupportsRsaSha1Signatures))] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void AddCounterSigner_DSA() { + if (!PlatformSupport.IsDSASupported) + { + throw new SkipTestException("Platform does not support DSA."); + } + AssertAddCounterSigner( SubjectIdentifierType.IssuerAndSerialNumber, signer => @@ -1090,8 +1095,8 @@ public static void EnsureExtraCertsAdded() { SignedCms cms = new SignedCms(); - // DSA is not supported on Apple platforms, so use ECDsa signed document instead - if (PlatformDetection.UsesAppleCrypto) + // DSA is not supported, so use ECDsa signed document instead + if (!PlatformSupport.IsDSASupported) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); } diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs b/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs index 7e98a995a15f03..176a68fa298be3 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/Samples/SigningVerifyingX509Cert.cs @@ -8,6 +8,7 @@ using System.Text; using System.Threading.Tasks; using System.Xml; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.Xml.Tests @@ -77,8 +78,7 @@ public void SignedXmlHasCertificateVerifiableSignature() } } - [Fact] - [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS | TestPlatforms.MacCatalyst | TestPlatforms.OSX, "DSA is not available")] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsDSASupported))] public void SignedXmlHasDSACertificateVerifiableSignature() { using (X509Certificate2 x509cert = TestHelpers.GetSampleDSAX509Certificate()) diff --git a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs index 47359e6b7f0dfe..23cdfb612f73fc 100644 --- a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using System.Reflection; using System.Text; +using Microsoft.DotNet.XUnitExtensions; using Test.Cryptography; using Xunit; @@ -150,9 +151,13 @@ public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseTy [ActiveIssue("https://github.com/dotnet/runtime/issues/37669", TestPlatforms.Browser)] [InlineData("DSA", typeof(DSA))] [InlineData("System.Security.Cryptography.DSA", typeof(DSA))] - [SkipOnPlatform(PlatformSupport.AppleCrypto, "DSA is not available")] public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type baseType) { + if (!PlatformSupport.IsDSASupported) + { + throw new SkipTestException("Platform does not support DSA."); + } + using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier)) { Assert.NotNull(created); @@ -160,10 +165,9 @@ public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type ba } } - [Theory] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSANotAvailable))] [InlineData("DSA")] [InlineData("System.Security.Cryptography.DSA")] - [PlatformSpecific(PlatformSupport.MobileAppleCrypto)] public static void NamedAsymmetricAlgorithmCreate_DSA_NotSupported(string identifier) { Assert.Null(AsymmetricAlgorithm.Create(identifier)); From 2063c094d14128b7eefe168daa24427b19fedeab Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 29 Aug 2025 13:59:53 -0400 Subject: [PATCH 11/13] Compiling helps --- .../System.Security.Cryptography/tests/CryptoConfigTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs index 23cdfb612f73fc..edfaa26f60286e 100644 --- a/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/CryptoConfigTests.cs @@ -165,7 +165,7 @@ public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type ba } } - [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSANotAvailable))] + [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsDSANotSupported))] [InlineData("DSA")] [InlineData("System.Security.Cryptography.DSA")] public static void NamedAsymmetricAlgorithmCreate_DSA_NotSupported(string identifier) From 08596fd29bd002ca7f4c30f928e5a6b2c29d07fb Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 29 Aug 2025 19:50:08 -0400 Subject: [PATCH 12/13] Properly disable DSA for CryptoConfig on macOS --- .../Common/src/System/Security/Cryptography/Helpers.cs | 7 ++++++- .../src/System/Security/Cryptography/CryptoConfig.cs | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs b/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs index e6b8ec6b91fb46..8f9fa918f99929 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/Helpers.cs @@ -30,7 +30,12 @@ internal static partial class Helpers #if NET [UnsupportedOSPlatformGuard("ios")] [UnsupportedOSPlatformGuard("tvos")] - public static bool IsDSASupported => !OperatingSystem.IsIOS() && !OperatingSystem.IsTvOS(); + public static bool IsDSASupported => + !OperatingSystem.IsIOS() && + !OperatingSystem.IsTvOS() && + !OperatingSystem.IsMacOS() && + !OperatingSystem.IsMacCatalyst() && + !OperatingSystem.IsBrowser(); #else public static bool IsDSASupported => true; #endif diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs index 1cbf5c0a861262..1ee1a11ca22a01 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CryptoConfig.cs @@ -8,6 +8,7 @@ using System.Globalization; using System.Reflection; using System.Runtime.Versioning; +using Internal.Cryptography; namespace System.Security.Cryptography { @@ -189,8 +190,7 @@ private static Dictionary DefaultNameHT ht.Add("System.Security.Cryptography.RSA", RSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.AsymmetricAlgorithm", RSACryptoServiceProviderType); - if (!OperatingSystem.IsIOS() && - !OperatingSystem.IsTvOS()) + if (Helpers.IsDSASupported) { ht.Add("DSA", DSACryptoServiceProviderType); ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType); From 6a33e07df952384e7ae7ad8e37178907a3a2088d Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 29 Aug 2025 21:06:43 -0400 Subject: [PATCH 13/13] Fix backward condition --- .../tests/SignedCms/SignedCmsTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 7ff5dbebde9b17..5d60257c68a279 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1126,7 +1126,7 @@ public static void EnsureExtraCertsAdded(bool newDocument) cms = new SignedCms(); // DSA is not supported, so use ECDsa signed document instead - if (PlatformSupport.IsDSASupported) + if (!PlatformSupport.IsDSASupported) { cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier); }