From 7b7c02aac50d6c4cb99404988e7a211822f8490e Mon Sep 17 00:00:00 2001
From: Berend Sliedrecht <sliedrecht@berend.io>
Date: Thu, 15 Feb 2024 14:48:00 +0100
Subject: [PATCH] fix(ios): disable macos

Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
---
 .github/workflows/ci.yml    |  4 +-
 Cargo.toml                  |  5 +--
 examples/android/Cargo.lock | 42 +------------------
 src/ios.rs                  | 80 +++++++------------------------------
 src/lib.rs                  |  4 +-
 5 files changed, 22 insertions(+), 113 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index de78db3..d8124f1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,7 +38,7 @@ jobs:
         include:
           - target: aarch64-linux-android
             runner: ubuntu-latest
-          - target: aarch64-apple-darwin
+          - target: aarch64-apple-ios
             runner: macos-latest
 
     runs-on: ${{ matrix.runner }}
@@ -86,7 +86,7 @@ jobs:
         include:
           - target: aarch64-linux-android
             runner: macos-latest
-          - target: aarch64-apple-darwin
+          - target: aarch64-apple-ios
             runner: macos-latest
 
     runs-on: ${{ matrix.runner }}
diff --git a/Cargo.toml b/Cargo.toml
index 59ecf64..f85f5f8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,8 +17,8 @@ crate-type = ["cdylib", "rlib"]
 name = "secure_env"
 
 [target.'cfg(target_os = "ios")'.dependencies]
-p256 = { version = "0.13.2", features = ["ecdsa-core"] }
 security-framework = { version = "2.9.2" }
+p256 = { version = "0.13.2", features = ["ecdsa-core"] }
 
 [target.'cfg(target_os = "android")'.dependencies]
 android-activity = { version = "0.5.0", features = ["native-activity"] }
@@ -28,6 +28,3 @@ ndk-context = "0.1.1"
 
 [dependencies]
 thiserror = "1.0.50"
-
-[target.'cfg(any(target_os = "macos", target_os = "ios"))'.dev-dependencies]
-askar-crypto = "0.3.0"
diff --git a/examples/android/Cargo.lock b/examples/android/Cargo.lock
index 0db7279..9eb9a5d 100644
--- a/examples/android/Cargo.lock
+++ b/examples/android/Cargo.lock
@@ -69,12 +69,6 @@ dependencies = [
  "once_cell",
 ]
 
-[[package]]
-name = "autocfg"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-
 [[package]]
 name = "base16ct"
 version = "0.2.0"
@@ -453,35 +447,6 @@ dependencies = [
  "jni-sys",
 ]
 
-[[package]]
-name = "num-bigint"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
-
-[[package]]
-name = "num-integer"
-version = "0.1.46"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
-dependencies = [
- "num-traits",
-]
-
-[[package]]
-name = "num-traits"
-version = "0.2.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a"
-dependencies = [
- "autocfg",
-]
-
 [[package]]
 name = "num_enum"
 version = "0.7.1"
@@ -669,22 +634,19 @@ dependencies = [
 [[package]]
 name = "security-framework"
 version = "2.9.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de"
+source = "git+https://github.com/berendsliedrecht/rust-security-framework?branch=main#53e05311f7ff7a7cfae4ff38f7f22452407684fc"
 dependencies = [
  "bitflags 1.3.2",
  "core-foundation",
  "core-foundation-sys",
  "libc",
- "num-bigint",
  "security-framework-sys",
 ]
 
 [[package]]
 name = "security-framework-sys"
 version = "2.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a"
+source = "git+https://github.com/berendsliedrecht/rust-security-framework?branch=main#53e05311f7ff7a7cfae4ff38f7f22452407684fc"
 dependencies = [
  "core-foundation-sys",
  "libc",
diff --git a/src/ios.rs b/src/ios.rs
index 2b94eb4..14ab319 100644
--- a/src/ios.rs
+++ b/src/ios.rs
@@ -14,10 +14,24 @@ use security_framework::{
 ///
 /// # Examples
 ///
+/// ## Generate a keypair
+///
+/// ```
+/// use secure_env::{SecureEnvironment, SecureEnvironmentOps};
+///
+/// let key = SecureEnvironment::generate_keypair("my-unique-id").unwrap();
+/// ```
+///
+/// ## Get a keypair from the keychain
+///
 /// ```
 /// use secure_env::{SecureEnvironment, SecureEnvironmentOps};
 ///
-/// let _key = SecureEnvironment::generate_keypair("my-unique-id").unwrap();
+/// {
+///     SecureEnvironment::generate_keypair("my-unique-id").unwrap();
+/// }
+///
+/// let key = SecureEnvironment::get_keypair_by_id("my-unique-id").unwrap();
 /// ```
 #[derive(Debug, Clone, Eq, PartialEq, Copy)]
 pub struct SecureEnvironment;
@@ -30,12 +44,6 @@ impl SecureEnvironmentOps<Key> for SecureEnvironment {
         // Set the key type to `ec` (Elliptic Curve)
         let opts = opts.set_key_type(KeyType::ec());
 
-        let options = AccessControlOptions::PRIVATE_KEY_USAGE & AccessControlOptions::BIOMETRY_CURRENT_SET;
-        let flags = SecAccessControl::create_with_flags(options.bits()).unwrap();
-        let opts = opts.set_access_control(flags);
-
-        // let opts = opts.set_app_tag("id.animo.ios");
-
         // Set the a token of `SecureEnclave`.
         // Meaning Apple will store the key in a secure element
         let opts = opts.set_token(Token::SecureEnclave);
@@ -173,61 +181,3 @@ impl KeyOps for Key {
         Ok(signature)
     }
 }
-
-#[cfg(all(test, any(target_os = "macos", target_os = "ios")))]
-mod test {
-    use std::ptr::addr_of;
-
-    use askar_crypto::{alg::p256::P256KeyPair, repr::KeyPublicBytes};
-
-    use super::*;
-
-    #[test]
-    fn generate_key_pair() {
-        let key = SecureEnvironment::generate_keypair("my-test-key").unwrap();
-        assert!(!addr_of!(key).is_null());
-    }
-
-    #[test]
-    fn get_keypair_by_id() {
-        let id = "my-get-keypair-by-id-test-key";
-        let key = SecureEnvironment::generate_keypair(id).unwrap();
-        let public_key = key.get_public_key().unwrap();
-
-        let retrieved_key = SecureEnvironment::get_keypair_by_id(id).unwrap();
-        let retrieved_public_key = retrieved_key.get_public_key().unwrap();
-
-        assert_eq!(public_key, retrieved_public_key);
-    }
-
-    #[test]
-    fn get_public_key() {
-        let key = SecureEnvironment::generate_keypair("my-test-public-key").unwrap();
-        let public_key_bytes = key.get_public_key().unwrap();
-
-        assert_eq!(public_key_bytes.len(), 33);
-    }
-
-    #[test]
-    fn sign() {
-        let key = SecureEnvironment::generate_keypair("my-test-sign-key").unwrap();
-
-        let signature = key.sign(b"Hello World!").unwrap();
-
-        assert_eq!(signature.len(), 64);
-    }
-
-    #[test]
-    fn sign_and_external_verification() {
-        let msg = b"Hello World!";
-        let key = SecureEnvironment::generate_keypair("my-test-sign-key").unwrap();
-
-        let public_key = key.get_public_key().unwrap();
-        let signature = key.sign(b"Hello World!").unwrap();
-
-        let verify_key = P256KeyPair::from_public_bytes(&public_key).unwrap();
-        let is_signature_valid = verify_key.verify_signature(msg, &signature);
-
-        assert!(is_signature_valid);
-    }
-}
diff --git a/src/lib.rs b/src/lib.rs
index 949ef14..2461ff2 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -11,9 +11,9 @@ pub use key::*;
 mod secure_environment;
 pub use secure_environment::*;
 
-#[cfg(any(target_os = "macos", target_os = "ios"))]
+#[cfg(target_os = "ios")]
 mod ios;
-#[cfg(any(target_os = "macos", target_os = "ios"))]
+#[cfg(target_os = "ios")]
 pub use ios::*;
 
 #[cfg(target_os = "android")]