[iOS] Implement DSA, RSA, EC key import/export

Author: filipnavara

src/libraries/Common/src/Internal/Cryptography/AsymmetricAlgorithmHelpers.Ansi.cs

@@ -0,0 +1,67 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics;
+using System.Security.Cryptography;
+
+namespace Internal.Cryptography
+{
+    internal static partial class AsymmetricAlgorithmHelpers
+    {
+        // Encodes a EC key as an uncompressed set of concatenated scalars,
+        // optionally including the private key. To omit the private parameter,
+        // "d" must have a length of zero.
+        public static void EncodeToUncompressedAnsiX963Key(
+            ReadOnlySpan<byte> x,
+            ReadOnlySpan<byte> y,
+            ReadOnlySpan<byte> d,
+            Span<byte> destination)
+        {
+            const byte UncompressedKeyPrefix = 0x04;
+            if (x.Length != y.Length || (d.Length > 0 && d.Length != y.Length))
+                throw new CryptographicException(SR.Cryptography_NotValidPublicOrPrivateKey);
+
+            int size = 1 + x.Length + y.Length + d.Length; // 0x04 || X || Y { || D }
+
+            if (destination.Length < size)
+            {
+                Debug.Fail("destination.Length < size");
+                throw new CryptographicException();
+            }
+
+            destination[0] = UncompressedKeyPrefix;
+            x.CopyTo(destination.Slice(1));
+            y.CopyTo(destination.Slice(1 + x.Length));
+            d.CopyTo(destination.Slice(1 + x.Length + y.Length));
+        }
+
+        public static void DecodeFromUncompressedAnsiX963Key(
+            ReadOnlySpan<byte> ansiKey,
+            bool hasPrivateKey,
+            out ECParameters ret)
+        {
+            ret = default;
+
+            const byte UncompressedKeyPrefix = 0x04;
+            if (ansiKey.Length < 1 || ansiKey[0] != UncompressedKeyPrefix)
+                throw new CryptographicException(SR.Cryptography_NotValidPublicOrPrivateKey);
+
+            int fieldCount = hasPrivateKey ? 3 : 2;
+            int fieldSize = (ansiKey.Length - 1) / fieldCount;
+
+            if (ansiKey.Length != 1 + fieldSize * fieldCount)
+                throw new CryptographicException(SR.Cryptography_NotValidPublicOrPrivateKey);
+
+            ret.Q = new ECPoint {
+                X = ansiKey.Slice(1, fieldSize).ToArray(),
+                Y = ansiKey.Slice(1 + fieldSize, fieldSize).ToArray()
+            };
+
+            if (hasPrivateKey)
+            {
+                ret.D = ansiKey.Slice(1 + fieldSize + fieldSize, fieldSize).ToArray();
+            }
+        }
+    }
+}

src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.Keychain.cs

@@ -66,7 +66,7 @@ private static extern int AppleCryptoNative_SecKeychainEnumerateIdentities(
             out SafeCFArrayHandle matches,
             out int pOSStatus);
 
-        internal static SafeKeychainHandle SecKeychainItemCopyKeychain(SafeKeychainItemHandle item)
+        private static SafeKeychainHandle SecKeychainItemCopyKeychain(SafeHandle item)
         {
             bool addedRef = false;
 
@@ -85,6 +85,12 @@ internal static SafeKeychainHandle SecKeychainItemCopyKeychain(SafeKeychainItemH
             }
         }
 
+        internal static SafeKeychainHandle SecKeychainItemCopyKeychain(SafeKeychainItemHandle item)
+            => SecKeychainItemCopyKeychain((SafeHandle)item);
+
+        internal static SafeKeychainHandle SecKeychainItemCopyKeychain(SafeSecKeyRefHandle item)
+            => SecKeychainItemCopyKeychain((SafeHandle)item);
+
         internal static SafeKeychainHandle SecKeychainItemCopyKeychain(IntPtr item)
         {
             SafeKeychainHandle keychain;

src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.cs

@@ -16,26 +16,6 @@ internal static partial class AppleCrypto
         private const int kErrorSeeError = -2;
         private const int kPlatformNotSupported = -5;
 
-        private static int AppleCryptoNative_SecKeyImportEphemeral(
-            ReadOnlySpan<byte> pbKeyBlob,
-            int isPrivateKey,
-            out SafeSecKeyRefHandle ppKeyOut,
-            out int pOSStatus) =>
-            AppleCryptoNative_SecKeyImportEphemeral(
-                ref MemoryMarshal.GetReference(pbKeyBlob),
-                pbKeyBlob.Length,
-                isPrivateKey,
-                out ppKeyOut,
-                out pOSStatus);
-
-        [DllImport(Libraries.AppleCryptoNative)]
-        private static extern int AppleCryptoNative_SecKeyImportEphemeral(
-            ref byte pbKeyBlob,
-            int cbKeyBlob,
-            int isPrivateKey,
-            out SafeSecKeyRefHandle ppKeyOut,
-            out int pOSStatus);
-
         [DllImport(Libraries.AppleCryptoNative)]
         private static extern ulong AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SafeSecKeyRefHandle publicKey);
 
@@ -102,40 +82,27 @@ internal static int GetSimpleKeySizeInBits(SafeSecKeyRefHandle publicKey)
                 return (int)(keySizeInBytes * 8);
             }
         }
-
-        internal static SafeSecKeyRefHandle ImportEphemeralKey(ReadOnlySpan<byte> keyBlob, bool hasPrivateKey)
-        {
-            Debug.Assert(keyBlob != null);
-
-            SafeSecKeyRefHandle keyHandle;
-            int osStatus;
-
-            int ret = AppleCryptoNative_SecKeyImportEphemeral(
-                keyBlob,
-                hasPrivateKey ? 1 : 0,
-                out keyHandle,
-                out osStatus);
-
-            if (ret == 1 && !keyHandle.IsInvalid)
-            {
-                return keyHandle;
-            }
-
-            if (ret == 0)
-            {
-                throw CreateExceptionForOSStatus(osStatus);
-            }
-
-            Debug.Fail($"SecKeyImportEphemeral returned {ret}");
-            throw new CryptographicException();
-        }
     }
 }
 
 namespace System.Security.Cryptography.Apple
 {
-    internal sealed class SafeSecKeyRefHandle : SafeKeychainItemHandle
+    internal sealed class SafeSecKeyRefHandle : SafeHandle
     {
+        public SafeSecKeyRefHandle()
+            : base(IntPtr.Zero, ownsHandle: true)
+        {
+        }
+
+        protected override bool ReleaseHandle()
+        {
+            Interop.CoreFoundation.CFRelease(handle);
+            SetHandle(IntPtr.Zero);
+            return true;
+        }
+
+        public override bool IsInvalid => handle == IntPtr.Zero;
+
         protected override void Dispose(bool disposing)
         {
             if (disposing && SafeHandleCache<SafeSecKeyRefHandle>.IsCachedInvalidHandle(this))

src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.iOS.cs

@@ -0,0 +1,87 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Apple;
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class AppleCrypto
+    {
+        internal enum PAL_KeyAlgorithm : uint
+        {
+            Unknown = 0,
+            EC = 1,
+            RSA = 2,
+        }
+
+        internal static unsafe SafeSecKeyRefHandle CreateDataKey(
+            ReadOnlySpan<byte> keyData,
+            PAL_KeyAlgorithm keyAlgorithm,
+            bool isPublic)
+        {
+            fixed (byte* pKey = keyData)
+            {
+                int result = AppleCryptoNative_SecKeyCreateWithData(
+                    pKey,
+                    keyData.Length,
+                    keyAlgorithm,
+                    isPublic ? 1 : 0,
+                    out SafeSecKeyRefHandle dataKey,
+                    out SafeCFErrorHandle errorHandle);
+
+                using (errorHandle)
+                {
+                    return result switch
+                    {
+                        kSuccess => dataKey,
+                        kErrorSeeError => throw CreateExceptionForCFError(errorHandle),
+                        _ => throw new CryptographicException { HResult = result }
+                    };
+                }
+            }
+        }
+
+        internal static byte[] SecKeyCopyExternalRepresentation(
+            SafeSecKeyRefHandle key)
+        {
+            int result = AppleCryptoNative_SecKeyCopyExternalRepresentation(
+                key,
+                out SafeCFDataHandle data,
+                out SafeCFErrorHandle errorHandle);
+
+            using (errorHandle)
+            using (data)
+            {
+                return result switch
+                {
+                    kSuccess => CoreFoundation.CFGetData(data),
+                    kErrorSeeError => throw CreateExceptionForCFError(errorHandle),
+                    _ => throw new CryptographicException { HResult = result }
+                };
+            }
+        }
+
+        [DllImport(Libraries.AppleCryptoNative)]
+        private static unsafe extern int AppleCryptoNative_SecKeyCreateWithData(
+            byte* pKey,
+            int cbKey,
+            PAL_KeyAlgorithm keyAlgorithm,
+            int isPublic,
+            out SafeSecKeyRefHandle pDataKey,
+            out SafeCFErrorHandle pErrorOut);
+
+        [DllImport(Libraries.AppleCryptoNative)]
+        private static unsafe extern int AppleCryptoNative_SecKeyCopyExternalRepresentation(
+            SafeSecKeyRefHandle key,
+            out SafeCFDataHandle pDataOut,
+            out SafeCFErrorHandle pErrorOut);
+
+        [DllImport(Libraries.AppleCryptoNative, EntryPoint = "AppleCryptoNative_SecKeyCopyPublicKey")]
+        internal static unsafe extern SafeSecKeyRefHandle CopyPublicKey(SafeSecKeyRefHandle privateKey);
+    }
+}

src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.Export.cs src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.SecKeyRef.macOS.cs

@@ -14,6 +14,53 @@ internal static partial class AppleCrypto
     {
         private static readonly SafeCreateHandle s_nullExportString = new SafeCreateHandle();
 
+        private static int AppleCryptoNative_SecKeyImportEphemeral(
+            ReadOnlySpan<byte> pbKeyBlob,
+            int isPrivateKey,
+            out SafeSecKeyRefHandle ppKeyOut,
+            out int pOSStatus) =>
+            AppleCryptoNative_SecKeyImportEphemeral(
+                ref MemoryMarshal.GetReference(pbKeyBlob),
+                pbKeyBlob.Length,
+                isPrivateKey,
+                out ppKeyOut,
+                out pOSStatus);
+
+        [DllImport(Libraries.AppleCryptoNative)]
+        private static extern int AppleCryptoNative_SecKeyImportEphemeral(
+            ref byte pbKeyBlob,
+            int cbKeyBlob,
+            int isPrivateKey,
+            out SafeSecKeyRefHandle ppKeyOut,
+            out int pOSStatus);
+
+        internal static SafeSecKeyRefHandle ImportEphemeralKey(ReadOnlySpan<byte> keyBlob, bool hasPrivateKey)
+        {
+            Debug.Assert(keyBlob != null);
+
+            SafeSecKeyRefHandle keyHandle;
+            int osStatus;
+
+            int ret = AppleCryptoNative_SecKeyImportEphemeral(
+                keyBlob,
+                hasPrivateKey ? 1 : 0,
+                out keyHandle,
+                out osStatus);
+
+            if (ret == 1 && !keyHandle.IsInvalid)
+            {
+                return keyHandle;
+            }
+
+            if (ret == 0)
+            {
+                throw CreateExceptionForOSStatus(osStatus);
+            }
+
+            Debug.Fail($"SecKeyImportEphemeral returned {ret}");
+            throw new CryptographicException();
+        }
+
         [DllImport(Libraries.AppleCryptoNative)]
         private static extern int AppleCryptoNative_SecKeyExport(
             SafeSecKeyRefHandle? key,