Open tipa opened 10 months ago
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.
Author: | tipa |
---|---|
Assignees: | - |
Labels: | `area-System.Security`, `untriaged` |
Milestone: | - |
Tagging subscribers to 'os-ios': @steveisok, @akoeplinger, @kotlarmilos See info in area-owners.md if you want to be subscribed.
Author: | tipa |
---|---|
Assignees: | - |
Labels: | `area-System.Security`, `untriaged`, `os-ios` |
Milestone: | - |
Yes, available for macOS, but not iOS - that's why I opened this issue :)
PlatformNotSupportedException
is still thrown on net8.0-ios
Yes, available for macOS, but not iOS - that's why I opened this issue :)
PlatformNotSupportedException
is still thrown on net8.0-ios
Yep, sorry, didn't notice 🙂
As CryptoKit is also available on iOS (iOS 13+), maybe there is an easy way to also bring support to iOS?
The last time @filipnavara and I looked in to this, there were challenges for mobile Apple platforms. This comment for ChaCha20Poly1305 summarizes things: https://github.com/dotnet/runtime/issues/52482#issuecomment-838290365
That issue also tracks ChaCha20Poly1305 for iOS / tvOS as well.
@filipnavara has the state of this changed with _MainLinkerFlags
? You're more well versed on the iOS side of things.
We discussed it in June with @akoeplinger. The current situation is that we still support iOS versions without built-in Swift. That may change in .NET 9 but nothing is set in stone yet. The old workaround to weakly link against system Swift libraries no longer works because Apple decided to move parts of swiftFoundation into Foundation framework. Thus you need to additionally tell the linker to weakly link to Foundation framework itself. It's doable but fragile and likely not worth the effort. If we are targeting .NET 9 at this point then we may as well get the necessary minimum iOS version bump and do it the proper/simple way.
Cross referencing this: https://github.com/dotnet/runtime/issues/91736
I believe that is the major blocker for this. Once this is addressed we can link to the swift runtime.
CryptoKit is still iOS 13 though. We can use if #available
in the swift shim to return an error code that the platform is not supported.
Tagging subscribers to 'os-tvos': @steveisok, @akoeplinger See info in area-owners.md if you want to be subscribed.
Author: | tipa |
---|---|
Assignees: | - |
Labels: | `area-System.Security`, `os-ios`, `os-tvos`, `os-maccatalyst` |
Milestone: | Future |
AES-GCM algorithm (as well as ChaCha20Poly1305 and AES-CCM) are available for macOS, powered by CryptoKit, but not on iOS.
As CryptoKit is also available on iOS (iOS 13+), maybe there is an easy way to also bring support to iOS?
Motivation: I am building a cross-platform app for Windows, iOS, Android & macOS. Missing support for AES-GCM on iOS forces me to either pull in an additional dependency (e.g. BouncyCastle) or use AES-CBC (which seemingly the whole internet is advising against in favor of AES-GCM)
NOTE: once this is implemented we should update the docs: https://github.com/dotnet/docs/blob/main/docs/standard/security/cross-platform-cryptography.md