Support for CryptoTokenKit

[martinscholz83]

Are there any plans when Xamarin.Mac supports the new CryptoTokenKit API. Currently we have to build with Sharpie.

[chamons]

The fact that we are missing this binding shows up in our binding todos:

https://gist.github.com/chamons/b74a1133a44143c13ea438febbb9e2da

I don't have a timetable right now to give you, but this is on our radar.

[chamons]

I'm not sure if you were using my "instructions" in https://github.com/chamons/mac-samples/tree/master/SystemFrameworkBinding

Part of what makes this framework non-trivial is that you need specific hardware to test.

[martinscholz83]

Yeap, that the is the one I'm using. What you mean with special hardware? We have lot of different PIV tokens from Feitian, Yubico or Gemalto we could test with. Is this what you mean with hardware?

[martinscholz83]

I'm trying to get a Dev cert from Apple to add in VS to enable the com.apple.security.smartcard entitlement. Because currently I'm getting Null when trying to get TKSmartCardSlotManager.DefaultManager.

[chamons]

You will likely need to add com.apple.security.smartcard by hand to your entitlement, as there is not IDE support to my knowledge.

[martinscholz83]

That’s what I meant with add it to VS :o)

[martinscholz83]

I'm currently have a problem using the API. I'm trying to send some simple verify pin commands to a YubiKey. Here is my sample code

card.BeginSessionWithReply((bool reply, NSError error) =>
                {
                    if (reply)
                    {
                        List<Byte> _AID_PIV = new List<byte> { 0xa0, 0x00, 0x00, 0x03, 0x08 };
                        List<byte> apdu = new List<byte> { 0x00, 0xA4, 0x04, 0x00, (byte)(_AID_PIV.Count), 0x00 };
                        apdu.InsertRange(5, _AID_PIV);

                        card.TransmitRequest(NSData.FromArray(apdu.ToArray()), (NSData data, NSError error) =>
                        {
                            if (error == null)
                            {
                                List<byte> pin = new List<byte> { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 };
                                List<byte> apduVerify = new List<byte> { 0x00, 0x20, 0x00, 0x80, 0x08, 0x00 };
                                apduVerify.InsertRange(5, pin);

                                card.TransmitRequest(NSData.FromArray(apduVerify.ToArray()), (NSData data, NSError error) =>
                                {
                                    if (error == null)
                                    {
                                        if (data != null)
                                            // Do something with data
                                    }
                                    else
                                    {
                                        // Do something with error
                                    }
                                });                                
                            }
                        });                        
                    }
                });

The native functions BeginWithSessionReply and TransmitRequest are using some kind completionHandler, closures which are mapped to Action<type, type>. Unfortunately these Actions never called, except you debug the code and wait long enough for it. I also tried with Task.Run... but that didn't helped. Do you have any idea how to make theses closures awaitable?

[chamons]

Where is that code being run from? Do you have something running a message pump (such as a NSApplication/UIApplication)?

[martinscholz83]

It's running in normal NSViewController (simple UI/Window project)

[martinscholz83]

I tried with semaphore like in this example. But that didn't helper either.

[martinscholz83]

i think the signature

// -(void)beginSessionWithReply:(void (^ _Nonnull)(BOOL, NSError * _Nullable))reply;
[Export ("beginSessionWithReply:")]
void BeginSessionWithReply (Action<bool, NSError> reply);

needs to be something like

Func<bool, NSError, Task> reply

[dotMorten]

I just hit this missing binding hard today too. This prevents us from doing any CAC card support on iOS/Catalyst.

[rolfbjarne]

In order to test this:

1. Install the latest version of .NET 8 (should be .NET 8.0.300).

2. Save this json to ~/Downloads/WorkloadRollback.json:

   {
   "microsoft.net.sdk.ios": "17.2.8473-ci.main/8.0.100",
   "microsoft.net.sdk.tvos": "17.2.8473-ci.main/8.0.100",
   "microsoft.net.sdk.maccatalyst": "17.2.8473-ci.main/8.0.100",
   "microsoft.net.sdk.macos": "14.2.8473-ci.main/8.0.100"
   }

3. Add this NuGet.config to your project directory:

   <?xml version="1.0" encoding="utf-8"?>
   <configuration>
     <packageSources>
       <clear />
       <add key="xamarin-impl" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/xamarin-impl/nuget/v3/index.json" />
       <add key="dotnet8" value="https://dnceng.pkgs.visualstudio.com/public/_packaging/dotnet8/nuget/v3/index.json" />
     </packageSources>
   </configuration>

   If you're already have a NuGet.config, just add these package sources.

4. Install the iOS workload:

   $ sudo dotnet workload install ios --from-rollback-file ~/Downloads/WorkloadRollback.json

5. Try it out in your project:

   private void Tapped()
   {
   #pragma warning disable APL0001
       Console.WriteLine (typeof (CryptoTokenKit.TKTokenOperation));
   #pragma warning restore APL0001
   }

   Note that all CryptoTokenKit code must ignore the APL0001 warning, since this is preview API (https://github.com/xamarin/xamarin-macios/blob/main/docs/preview-apis.md#cryptotokenkit-apl0001)