SslCipherSuite size

[rolfbjarne]

Apple defines SSLCipherSuite as:

/*
 * Defined as enum for debugging, but in the protocol
 * it is actually exactly two bytes
 */
#if ((TARGET_OS_IPHONE && !TARGET_OS_MACCATALYST) || (TARGET_OS_OSX && TARGET_CPU_ARM64))
/* 16-bit value on iOS */
typedef uint16_t SSLCipherSuite;
#else
/* 32-bit value elsewhere */
typedef uint32_t SSLCipherSuite;
#endif

Apple's documentation about SSLCipherSuite says (including as a screenshot, because it's changed in the past):

1. The comments in the headers are wrong.
2. The comments do not match the documentation.
3. The documentation is also wrong.

The truth is:

	uint16_t	uint32_t
iOS	X
tvOS	X
watchOS	X
Mac Catalyst		X
macOS (x64)		X
macOS (arm64)	X

The question is how to model this in C#, and there are two ways:

1️⃣ Make our enum size match Apple's

Pros:

• It matches Apple, which is always good.
• Less likely to run into unwelcome surprises in API updates in the future.

Cons:

• It requires us to build different assemblies for x64 and arm64 for macOS.
• It makes code that works on iOS not work on Mac Catalyst.

2️⃣ Choose an enum size for all platforms, and hide the underlying size differences from app developers

Pros:

• Unified managed API.
• Simpler build logic (for our platform assemblies)
• Faster build (for Xamarin.Mac: no need to build multiple versions).

Cons:

• More work on our side (for the C# code). We'd have to:
  • Make sure we don't use SslCipherSuite in any P/Invoke and instead use the correct underlying type based on the platform and architecture.
• App developers would run into the same size problem if they were to create P/Invokes with our enum type.
• More likely that Apple comes up with something that breaks us in the future.

---

Until macOS (arm64) I leaned towards option 1, since it was the simpler option for us to implement, and just one of several API differences between iOS and Mac Catalyst. With the difference between x64 and arm64 on macOS, I'm leaning towards option 2, since having different managed API depending on only the architecture is something we've been able to avoid in the past (re: native enums).

To recap: thumbs up for option 2️⃣, thumbs down for option 1️⃣

---

This test ignore must be reverted when this is fixed: #11613

[filipnavara]

Note that all the SecureTransport APIs that take the SSLCipherSuite parameter are marked as deprecated in macOS 10.15, iOS/tvOS/Mac Catalyst 13 and watchOS 6. On newer versions they are marked as unavailable. Since the first ARM64 macOS version is 11 these APIs are not supposed to exist and to be P/Invoked. That leaves the SSLCipherSuite enum the only part that is not deprecated.

Implementation-wise the Security framework on macOS uses int16_t in the arm64e version of the library and int32_t on the x86-64 version. That's verified on macOS 11.3 and it applies to both macOS and Mac Catalyst since they link to the same library.

Essentially the P/Invokes may not be affected by the macOS arm64 change since they are no longer public API and hence I would not expect Xamarin to bind them. In fact, I would even consider not binding them for Mac Catalyst since they existed there precisely for one version and they were already deprecated at that moment.

[spouliot]

Pretty sure that was already discussed (there might be another bug somewhere).

Make sure we don't use SslCipherSuite in any P/Invoke

We can add an introspection test that does this.

App developers would run into the same size problem if they were to create P/Invokes with our enum type.

We can add an [Obsolete] (now with URL support) on the enum since all API that use it are already deprecated (iirc).

All new API are using tls_ciphersuite_t
https://developer.apple.com/documentation/security/tls_ciphersuite_t?language=objc

More likely that Apple comes up with something that breaks us in the future.

They don't need SslCipherSuite for that 😉

[rolfbjarne]

We can add an [Obsolete] (now with URL support) on the enum since all API that use it are already deprecated (iirc).

In the end I think this would be the easiest solution, just add [Obsolete] attributes to the enum and all the API that uses the enum, something like this:

#if __MACOS__ || __MACCATALYST__
[Obsolete ("This enum is deprecated, and does not work on ARM64")]
#endif