[iOS/macOS] Split S.S.C.Native.Apple into platform specific files where needed

Instead of using #if to remove functions that don't work/make sense on iOS,
move them to a file that is conditionally included in the library compile.

Author: filipnavara

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/CMakeLists.txt

@@ -10,20 +10,28 @@ set(NATIVECRYPTO_SOURCES
     pal_ecc.c
     pal_hmac.c
     pal_keyagree.c
-    pal_keyderivation.c
-    pal_keychain.c
     pal_random.c
     pal_rsa.c
     pal_sec.c
     pal_seckey.c
     pal_signverify.c
     pal_ssl.c
     pal_symmetric.c
-    pal_trust.c
     pal_x509.c
     pal_x509chain.c
 )
 
+if (NOT CLR_CMAKE_TARGET_MACCATALYST AND NOT CLR_CMAKE_TARGET_IOS AND NOT CLR_CMAKE_TARGET_TVOS)
+    set(NATIVECRYPTO_SOURCES
+        ${NATIVECRYPTO_SOURCES}
+        pal_keychain_macos.c
+        pal_keyderivation_macos.c
+        pal_seckey_macos.c
+        pal_trust_macos.c
+        pal_x509_macos.c
+    )
+endif()
+
 if (CLR_CMAKE_TARGET_MACCATALYST)
     add_definitions(-DTARGET_MACCATALYST)
 endif()

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/entrypoints.c

@@ -1,26 +1,26 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)
-
 #include "../../AnyOS/entrypoints.h"
 
 // Include System.Security.Cryptography.Native.Apple headers
 #include "pal_digest.h"
 #include "pal_ecc.h"
 #include "pal_hmac.h"
-#include "pal_keychain.h"
+#include "pal_keychain_macos.h"
 #include "pal_random.h"
 #include "pal_rsa.h"
 #include "pal_sec.h"
 #include "pal_seckey.h"
+#include "pal_seckey_macos.h"
 #include "pal_signverify.h"
 #include "pal_ssl.h"
 #include "pal_symmetric.h"
-#include "pal_trust.h"
+#include "pal_trust_macos.h"
 #include "pal_x509.h"
+#include "pal_x509_macos.h"
 #include "pal_x509chain.h"
-#include "pal_keyderivation.h"
+#include "pal_keyderivation_macos.h"
 
 static const Entry s_cryptoAppleNative[] =
 {
@@ -113,5 +113,3 @@ EXTERN_C const void* CryptoAppleResolveDllImport(const char* name)
 {
     return ResolveDllImport(s_cryptoAppleNative, lengthof(s_cryptoAppleNative), name);
 }
-
-#endif // !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.c renamed to src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain_macos.c

@@ -1,10 +1,9 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-#include "pal_keychain.h"
+#include "pal_keychain_macos.h"
 #include "pal_utilities.h"
 
-#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)
 int32_t AppleCryptoNative_SecKeychainItemCopyKeychain(SecKeychainItemRef item, SecKeychainRef* pKeychainOut)
 {
     if (pKeychainOut != NULL)
@@ -465,4 +464,3 @@ AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeycha
     CFRelease(cert);
     return *pOSStatus == noErr;
 }
-#endif

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain.h renamed to src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keychain_macos.h

@@ -8,7 +8,6 @@
 
 #include <Security/Security.h>
 
-#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)
 /*
 Get a CFRetain()ed SecKeychainRef value for the keychain to which the keychain item belongs.
 
@@ -137,4 +136,3 @@ pOSStatus: Receives the last OSStatus value..
 */
 PALEXPORT int32_t
 AppleCryptoNative_X509StoreRemoveCertificate(CFTypeRef certOrIdentity, SecKeychainRef keychain, uint8_t isReadOnlyMode, int32_t* pOSStatus);
-#endif

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyderivation.c renamed to src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyderivation_macos.c

@@ -1,9 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-#include "pal_keyderivation.h"
-
-#if !defined(TARGET_IOS) && !defined(TARGET_TVOS)
+#include "pal_keyderivation_macos.h"
 
 static int32_t PrfAlgorithmFromHashAlgorithm(PAL_HashAlgorithm hashAlgorithm, CCPseudoRandomAlgorithm* algorithm)
 {
@@ -80,4 +78,3 @@ int32_t AppleCryptoNative_Pbkdf2(PAL_HashAlgorithm prfAlgorithm,
     *errorCode = result;
     return result == kCCSuccess ? 1 : 0;
 }
-#endif

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyderivation.h renamed to src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_keyderivation_macos.h

@@ -6,7 +6,6 @@
 #include "pal_digest.h"
 #include <Security/Security.h>
 
-#if !defined(TARGET_IOS) && !defined(TARGET_TVOS)
 /*
 Filled the derivedKey buffer with PBKDF2 derived data.
 
@@ -37,4 +36,3 @@ PALEXPORT int32_t AppleCryptoNative_Pbkdf2(PAL_HashAlgorithm prfAlgorithm,
                                            uint8_t* derivedKey,
                                            uint32_t derivedKeyLen,
                                            int32_t* errorCode);
-#endif

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.c

@@ -3,10 +3,10 @@
 
 #include "pal_sec.h"
 
-CFStringRef AppleCryptoNative_SecCopyErrorMessageString(int32_t osStatus)
+CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus)
 {
 #if (defined(TARGET_IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_11_3) || (defined(TARGET_TVOS) && __IPHONE_OS_VERSION_MIN_REQUIRED < __TVOS_11_3)
-    return CFStringCreateWithCString(NULL, "", kCFStringEncodingUTF8);
+    return CFStringCreateWithFormat(NULL, NULL, CFSTR("OSStatus %d"), (int)osStatus);
 #else
     return SecCopyErrorMessageString(osStatus, NULL);
 #endif

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_sec.h

@@ -8,11 +8,9 @@
 
 #include <Security/Security.h>
 
-#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)
 /*
 Get an error message for an OSStatus error from the security library.
 
 Returns NULL if no message is available for the code.
 */
 PALEXPORT CFStringRef AppleCryptoNative_SecCopyErrorMessageString(OSStatus osStatus);
-#endif

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.c

@@ -4,132 +4,6 @@
 #include "pal_seckey.h"
 #include "pal_utilities.h"
 
-#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)
-int32_t AppleCryptoNative_SecKeyExport(
-    SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus)
-{
-    if (ppDataOut != NULL)
-        *ppDataOut = NULL;
-    if (pOSStatus != NULL)
-        *pOSStatus = noErr;
-
-    if (pKey == NULL || ppDataOut == NULL || pOSStatus == NULL)
-    {
-        return kErrorBadInput;
-    }
-
-    SecExternalFormat dataFormat = kSecFormatOpenSSL;
-    SecItemImportExportKeyParameters keyParams;
-    memset(&keyParams, 0, sizeof(SecItemImportExportKeyParameters));
-
-    keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
-
-    if (exportPrivate)
-    {
-        if (cfExportPassphrase == NULL)
-        {
-            return kErrorBadInput;
-        }
-
-        keyParams.passphrase = cfExportPassphrase;
-        dataFormat = kSecFormatWrappedPKCS8;
-    }
-
-    *pOSStatus = SecItemExport(pKey, dataFormat, 0, &keyParams, ppDataOut);
-
-    return (*pOSStatus == noErr);
-}
-
-int32_t AppleCryptoNative_SecKeyImportEphemeral(
-    uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus)
-{
-    if (ppKeyOut != NULL)
-        *ppKeyOut = NULL;
-    if (pOSStatus != NULL)
-        *pOSStatus = noErr;
-
-    if (pbKeyBlob == NULL || cbKeyBlob < 0 || isPrivateKey < 0 || isPrivateKey > 1 || ppKeyOut == NULL ||
-        pOSStatus == NULL)
-    {
-        return kErrorBadInput;
-    }
-
-    int32_t ret = 0;
-    CFDataRef cfData = CFDataCreateWithBytesNoCopy(NULL, pbKeyBlob, cbKeyBlob, kCFAllocatorNull);
-
-    SecExternalFormat dataFormat = kSecFormatOpenSSL;
-    SecExternalFormat actualFormat = dataFormat;
-
-    SecExternalItemType itemType = isPrivateKey ? kSecItemTypePrivateKey : kSecItemTypePublicKey;
-    SecExternalItemType actualType = itemType;
-
-    CFIndex itemCount;
-    CFArrayRef outItems = NULL;
-    CFTypeRef outItem = NULL;
-
-    *pOSStatus = SecItemImport(cfData, NULL, &actualFormat, &actualType, 0, NULL, NULL, &outItems);
-
-    if (*pOSStatus != noErr)
-    {
-        ret = 0;
-        goto cleanup;
-    }
-
-    if (actualFormat != dataFormat || actualType != itemType)
-    {
-        ret = -2;
-        goto cleanup;
-    }
-
-    if (outItems == NULL)
-    {
-        ret = -3;
-        goto cleanup;
-    }
-
-    itemCount = CFArrayGetCount(outItems);
-
-    if (itemCount == 0)
-    {
-        ret = -4;
-        goto cleanup;
-    }
-
-    if (itemCount > 1)
-    {
-        ret = -5;
-        goto cleanup;
-    }
-
-    outItem = CFArrayGetValueAtIndex(outItems, 0);
-
-    if (outItem == NULL)
-    {
-        ret = -6;
-        goto cleanup;
-    }
-
-    if (CFGetTypeID(outItem) != SecKeyGetTypeID())
-    {
-        ret = -7;
-        goto cleanup;
-    }
-
-    CFRetain(outItem);
-    *ppKeyOut = (SecKeyRef)CONST_CAST(void *, outItem);
-    ret = 1;
-
-cleanup:
-    if (outItems != NULL)
-    {
-        CFRelease(outItems);
-    }
-
-    CFRelease(cfData);
-    return ret;
-}
-#endif
-
 uint64_t AppleCryptoNative_SecKeyGetSimpleKeySizeInBytes(SecKeyRef publicKey)
 {
     if (publicKey == NULL)

src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_seckey.h

@@ -25,40 +25,6 @@ enum
 };
 typedef uint32_t PAL_KeyAlgorithm;
 
-#if !defined(TARGET_MACCATALYST) && !defined(TARGET_IOS) && !defined(TARGET_TVOS)
-/*
-Export a key object.
-
-Public keys are exported using the "OpenSSL" format option, which means, essentially,
-"whatever format the openssl CLI would use for this algorithm by default".
-
-Private keys are exported using the "Wrapped PKCS#8" format. These formats are available via
-`openssl pkcs8 -topk8 ...`. While the PKCS#8 container is the same for all key types, the
-payload is algorithm-dependent (though identified by the PKCS#8 wrapper).
-
-An export passphrase is required for private keys, and ignored for public keys.
-
-Follows pal_seckey return conventions.
-*/
-PALEXPORT int32_t AppleCryptoNative_SecKeyExport(
-    SecKeyRef pKey, int32_t exportPrivate, CFStringRef cfExportPassphrase, CFDataRef* ppDataOut, int32_t* pOSStatus);
-
-/*
-Import a key from a key blob.
-
-Imports are always done using the "OpenSSL" format option, which means the format used for an
-unencrypted private key via the openssl CLI verb of the algorithm being imported.
-
-For public keys the "OpenSSL" format is NOT the format used by the openssl CLI for that algorithm,
-but is in fact the X.509 SubjectPublicKeyInfo structure.
-
-Returns 1 on success, 0 on failure (*pOSStatus should be set) and negative numbers for various
-state machine errors.
-*/
-PALEXPORT int32_t AppleCryptoNative_SecKeyImportEphemeral(
-    uint8_t* pbKeyBlob, int32_t cbKeyBlob, int32_t isPrivateKey, SecKeyRef* ppKeyOut, int32_t* pOSStatus);
-#endif
-
 /*
 For RSA and DSA this function returns the number of bytes in "the key", which corresponds to
 the length of n/Modulus for RSA and for P in DSA.