2 // RSACryptoServiceProvider.cs: Handles an RSA implementation.
5 // Sebastien Pouliot <sebastien@ximian.com>
6 // Ben Maurer (bmaurer@users.sf.net)
8 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
9 // Portions (C) 2003 Ben Maurer
10 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33 using System.Runtime.InteropServices;
35 using Mono.Security.Cryptography;
37 namespace System.Security.Cryptography {
40 public sealed class RSACryptoServiceProvider : RSA, ICspAsymmetricAlgorithm {
42 public sealed class RSACryptoServiceProvider : RSA {
44 private const int PROV_RSA_FULL = 1; // from WinCrypt.h
46 private KeyPairPersistence store;
47 private bool persistKey;
48 private bool persisted;
50 private bool privateKeyExportable = true;
51 private bool m_disposed;
53 private RSAManaged rsa;
55 public RSACryptoServiceProvider ()
57 // Here it's not clear if we need to generate a keypair
58 // (note: MS implementation generates a keypair in this case).
60 // (a) often use this constructor to import an existing keypair.
61 // (b) take a LOT of time to generate the RSA keypair
62 // So we'll generate the keypair only when (and if) it's being
63 // used (or exported). This should save us a lot of time (at
64 // least in the unit tests).
68 public RSACryptoServiceProvider (CspParameters parameters)
70 Common (1024, parameters);
71 // no keypair generation done at this stage
74 public RSACryptoServiceProvider (int dwKeySize)
76 // Here it's clear that we need to generate a new keypair
77 Common (dwKeySize, null);
78 // no keypair generation done at this stage
81 public RSACryptoServiceProvider (int dwKeySize, CspParameters parameters)
83 Common (dwKeySize, parameters);
84 // no keypair generation done at this stage
87 private void Common (int dwKeySize, CspParameters p)
89 // Microsoft RSA CSP can do between 384 and 16384 bits keypair
90 LegalKeySizesValue = new KeySizes [1];
91 LegalKeySizesValue [0] = new KeySizes (384, 16384, 8);
92 base.KeySize = dwKeySize;
94 rsa = new RSAManaged (KeySize);
95 rsa.KeyGenerated += new RSAManaged.KeyGeneratedEventHandler (OnKeyGenerated);
97 persistKey = (p != null);
99 p = new CspParameters (PROV_RSA_FULL);
101 if (useMachineKeyStore)
102 p.Flags |= CspProviderFlags.UseMachineKeyStore;
104 store = new KeyPairPersistence (p);
105 // no need to load - it cannot exists
108 store = new KeyPairPersistence (p);
110 if (store.KeyValue != null) {
112 this.FromXmlString (store.KeyValue);
118 private static bool useMachineKeyStore = false;
120 public static bool UseMachineKeyStore {
121 get { return useMachineKeyStore; }
122 set { useMachineKeyStore = value; }
126 ~RSACryptoServiceProvider ()
128 // Zeroize private key
132 public override string KeyExchangeAlgorithm {
133 get { return "RSA-PKCS1-KeyEx"; }
136 public override int KeySize {
145 public bool PersistKeyInCsp {
146 get { return persistKey; }
150 OnKeyGenerated (rsa, null);
161 get { return rsa.PublicOnly; }
164 public override string SignatureAlgorithm {
165 get { return "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; }
168 public byte[] Decrypt (byte[] rgb, bool fOAEP)
172 throw new ObjectDisposedException ("rsa");
174 // choose between OAEP or PKCS#1 v.1.5 padding
175 AsymmetricKeyExchangeDeformatter def = null;
177 def = new RSAOAEPKeyExchangeDeformatter (rsa);
179 def = new RSAPKCS1KeyExchangeDeformatter (rsa);
181 return def.DecryptKeyExchange (rgb);
184 // NOTE: Unlike MS we need this method
185 // LAMESPEC: Not available from MS .NET framework but MS don't tell
186 // why! DON'T USE IT UNLESS YOU KNOW WHAT YOU ARE DOING!!! You should
187 // only encrypt/decrypt session (secret) key using asymmetric keys.
188 // Using this method to decrypt data IS dangerous (and very slow).
189 public override byte[] DecryptValue (byte[] rgb)
191 if (!rsa.IsCrtPossible)
192 throw new CryptographicException ("Incomplete private key - missing CRT.");
194 return rsa.DecryptValue (rgb);
197 public byte[] Encrypt (byte[] rgb, bool fOAEP)
199 // choose between OAEP or PKCS#1 v.1.5 padding
200 AsymmetricKeyExchangeFormatter fmt = null;
202 fmt = new RSAOAEPKeyExchangeFormatter (rsa);
204 fmt = new RSAPKCS1KeyExchangeFormatter (rsa);
206 return fmt.CreateKeyExchange (rgb);
209 // NOTE: Unlike MS we need this method
210 // LAMESPEC: Not available from MS .NET framework but MS don't tell
211 // why! DON'T USE IT UNLESS YOU KNOW WHAT YOU ARE DOING!!! You should
212 // only encrypt/decrypt session (secret) key using asymmetric keys.
213 // Using this method to encrypt data IS dangerous (and very slow).
214 public override byte[] EncryptValue (byte[] rgb)
216 return rsa.EncryptValue (rgb);
219 public override RSAParameters ExportParameters (bool includePrivateParameters)
221 if ((includePrivateParameters) && (!privateKeyExportable))
222 throw new CryptographicException ("cannot export private key");
224 return rsa.ExportParameters (includePrivateParameters);
227 public override void ImportParameters (RSAParameters parameters)
229 rsa.ImportParameters (parameters);
232 private HashAlgorithm GetHash (object halg)
235 throw new ArgumentNullException ("halg");
237 HashAlgorithm hash = null;
239 hash = HashAlgorithm.Create ((String)halg);
240 else if (halg is HashAlgorithm)
241 hash = (HashAlgorithm) halg;
242 else if (halg is Type)
243 hash = (HashAlgorithm) Activator.CreateInstance ((Type)halg);
245 throw new ArgumentException ("halg");
250 // NOTE: this method can work with ANY configured (OID in machine.config)
251 // HashAlgorithm descendant
252 public byte[] SignData (byte[] buffer, object halg)
256 throw new ArgumentNullException ("buffer");
258 return SignData (buffer, 0, buffer.Length, halg);
261 // NOTE: this method can work with ANY configured (OID in machine.config)
262 // HashAlgorithm descendant
263 public byte[] SignData (Stream inputStream, object halg)
265 HashAlgorithm hash = GetHash (halg);
266 byte[] toBeSigned = hash.ComputeHash (inputStream);
267 return PKCS1.Sign_v15 (this, hash, toBeSigned);
270 // NOTE: this method can work with ANY configured (OID in machine.config)
271 // HashAlgorithm descendant
272 public byte[] SignData (byte[] buffer, int offset, int count, object halg)
274 HashAlgorithm hash = GetHash (halg);
275 byte[] toBeSigned = hash.ComputeHash (buffer, offset, count);
276 return PKCS1.Sign_v15 (this, hash, toBeSigned);
279 private string GetHashNameFromOID (string oid)
282 case "1.3.14.3.2.26":
284 case "1.2.840.113549.2.5":
287 throw new NotSupportedException (oid + " is an unsupported hash algorithm for RSA signing");
291 // LAMESPEC: str is not the hash name but an OID
292 // NOTE: this method is LIMITED to SHA1 and MD5 like the MS framework 1.0
293 // and 1.1 because there's no method to get a hash algorithm from an OID.
294 // However there's no such limit when using the [De]Formatter class.
295 public byte[] SignHash (byte[] rgbHash, string str)
298 throw new ArgumentNullException ("rgbHash");
300 // Fx 2.0 defaults to the SHA-1
301 string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
304 throw new CryptographicException (Locale.GetText ("No OID specified"));
305 string hashName = GetHashNameFromOID (str);
307 HashAlgorithm hash = HashAlgorithm.Create (hashName);
308 return PKCS1.Sign_v15 (this, hash, rgbHash);
311 // NOTE: this method can work with ANY configured (OID in machine.config)
312 // HashAlgorithm descendant
313 public bool VerifyData (byte[] buffer, object halg, byte[] signature)
317 throw new ArgumentNullException ("buffer");
319 if (signature == null)
320 throw new ArgumentNullException ("signature");
322 HashAlgorithm hash = GetHash (halg);
323 byte[] toBeVerified = hash.ComputeHash (buffer);
324 return PKCS1.Verify_v15 (this, hash, toBeVerified, signature);
327 // LAMESPEC: str is not the hash name but an OID
328 // NOTE: this method is LIMITED to SHA1 and MD5 like the MS framework 1.0
329 // and 1.1 because there's no method to get a hash algorithm from an OID.
330 // However there's no such limit when using the [De]Formatter class.
331 public bool VerifyHash (byte[] rgbHash, string str, byte[] rgbSignature)
334 throw new ArgumentNullException ("rgbHash");
335 if (rgbSignature == null)
336 throw new ArgumentNullException ("rgbSignature");
338 // Fx 2.0 defaults to the SHA-1
339 string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
342 throw new CryptographicException (Locale.GetText ("No OID specified"));
343 string hashName = GetHashNameFromOID (str);
345 HashAlgorithm hash = HashAlgorithm.Create (hashName);
346 return PKCS1.Verify_v15 (this, hash, rgbHash, rgbSignature);
349 protected override void Dispose (bool disposing)
352 // the key is persisted and we do not want it persisted
353 if ((persisted) && (!persistKey)) {
354 store.Remove (); // delete the container
359 // no need as they all are abstract before us
366 private void OnKeyGenerated (object sender, EventArgs e)
368 // the key isn't persisted and we want it persisted
369 if ((persistKey) && (!persisted)) {
370 // save the current keypair
371 store.KeyValue = this.ToXmlString (!rsa.PublicOnly);
377 // ICspAsymmetricAlgorithm
379 [MonoTODO ("call into KeyPairPersistence to get details")]
381 public CspKeyContainerInfo CspKeyContainerInfo {
385 [MonoTODO ("call into CryptoConvert")]
387 public byte[] ExportCspBlob (bool includePrivateParameters)
390 if (includePrivateParameters)
391 blob = CryptoConvert.ToCapiPrivateKeyBlob (this);
393 blob = CryptoConvert.ToCapiPublicKeyBlob (this);
395 // ALGID (bytes 4-7) - default is KEYX
396 // 00 24 00 00 (for CALG_RSA_SIGN)
397 // 00 A4 00 00 (for CALG_RSA_KEYX)
402 [MonoTODO ("call into CryptoConvert")]
404 public void ImportCspBlob (byte[] rawData)
407 throw new ArgumentNullException ("rawData");
409 RSA rsa = CryptoConvert.FromCapiKeyBlob (rawData);
410 if (rsa is RSACryptoServiceProvider) {
411 // default (if no change are present in machine.config)
412 RSAParameters rsap = rsa.ExportParameters (!(rsa as RSACryptoServiceProvider).PublicOnly);
413 ImportParameters (rsap);
415 // we can't know from RSA if the private key is available
418 RSAParameters rsap = rsa.ExportParameters (true);
419 ImportParameters (rsap);
423 RSAParameters rsap = rsa.ExportParameters (false);
424 ImportParameters (rsap);