2 // RSACryptoServiceProvider.cs: Handles an RSA implementation.
5 // Sebastien Pouliot <sebastien@ximian.com>
6 // Ben Maurer (bmaurer@users.sf.net)
8 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
9 // Portions (C) 2003 Ben Maurer
10 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33 using System.Runtime.InteropServices;
35 using Mono.Security.Cryptography;
37 namespace System.Security.Cryptography {
40 public sealed class RSACryptoServiceProvider : RSA, ICspAsymmetricAlgorithm {
41 private const int PROV_RSA_FULL = 1; // from WinCrypt.h
42 private const int AT_KEYEXCHANGE = 1;
43 private const int AT_SIGNATURE = 2;
45 private KeyPairPersistence store;
46 private bool persistKey;
47 private bool persisted;
49 private bool privateKeyExportable = true;
50 private bool m_disposed;
52 private RSAManaged rsa;
54 public RSACryptoServiceProvider ()
57 // Here it's not clear if we need to generate a keypair
58 // (note: MS implementation generates a keypair in this case).
60 // (a) often use this constructor to import an existing keypair.
61 // (b) take a LOT of time to generate the RSA keypair
62 // So we'll generate the keypair only when (and if) it's being
63 // used (or exported). This should save us a lot of time (at
64 // least in the unit tests).
67 public RSACryptoServiceProvider (CspParameters parameters)
68 : this (1024, parameters)
70 // no keypair generation done at this stage
73 public RSACryptoServiceProvider (int dwKeySize)
75 // Here it's clear that we need to generate a new keypair
76 Common (dwKeySize, false);
77 // no keypair generation done at this stage
80 public RSACryptoServiceProvider (int dwKeySize, CspParameters parameters)
82 bool has_parameters = parameters != null;
83 Common (dwKeySize, has_parameters);
86 // no keypair generation done at this stage
89 void Common (int dwKeySize, bool parameters)
91 // Microsoft RSA CSP can do between 384 and 16384 bits keypair
92 LegalKeySizesValue = new KeySizes [1];
93 LegalKeySizesValue [0] = new KeySizes (384, 16384, 8);
94 base.KeySize = dwKeySize;
96 rsa = new RSAManaged (KeySize);
97 rsa.KeyGenerated += new RSAManaged.KeyGeneratedEventHandler (OnKeyGenerated);
99 persistKey = parameters;
103 // no need to load - it cannot exists
104 var p = new CspParameters (PROV_RSA_FULL);
105 if (useMachineKeyStore)
106 p.Flags |= CspProviderFlags.UseMachineKeyStore;
107 store = new KeyPairPersistence (p);
110 void Common (CspParameters p)
112 store = new KeyPairPersistence (p);
113 bool exists = store.Load ();
114 bool required = (p.Flags & CspProviderFlags.UseExistingKey) != 0;
116 if (required && !exists)
117 throw new CryptographicException ("Keyset does not exist");
119 if (store.KeyValue != null) {
121 FromXmlString (store.KeyValue);
125 private static bool useMachineKeyStore;
127 public static bool UseMachineKeyStore {
128 get { return useMachineKeyStore; }
129 set { useMachineKeyStore = value; }
132 ~RSACryptoServiceProvider ()
134 // Zeroize private key
138 public override string KeyExchangeAlgorithm {
139 get { return "RSA-PKCS1-KeyEx"; }
142 public override int KeySize {
151 public bool PersistKeyInCsp {
152 get { return persistKey; }
156 OnKeyGenerated (rsa, null);
161 public bool PublicOnly {
162 get { return rsa.PublicOnly; }
165 public override string SignatureAlgorithm {
166 get { return "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; }
169 public byte[] Decrypt (byte[] rgb, bool fOAEP)
172 throw new ArgumentNullException("rgb");
174 // size check -- must be at most the modulus size
175 if (rgb.Length > (KeySize / 8))
176 throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", KeySize / 8));
179 throw new ObjectDisposedException ("rsa");
180 // choose between OAEP or PKCS#1 v.1.5 padding
181 AsymmetricKeyExchangeDeformatter def = null;
183 def = new RSAOAEPKeyExchangeDeformatter (rsa);
185 def = new RSAPKCS1KeyExchangeDeformatter (rsa);
187 return def.DecryptKeyExchange (rgb);
190 // NOTE: Unlike MS we need this method
191 // LAMESPEC: Not available from MS .NET framework but MS don't tell
192 // why! DON'T USE IT UNLESS YOU KNOW WHAT YOU ARE DOING!!! You should
193 // only encrypt/decrypt session (secret) key using asymmetric keys.
194 // Using this method to decrypt data IS dangerous (and very slow).
195 public override byte[] DecryptValue (byte[] rgb)
197 if (!rsa.IsCrtPossible)
198 throw new CryptographicException ("Incomplete private key - missing CRT.");
200 return rsa.DecryptValue (rgb);
203 public byte[] Encrypt (byte[] rgb, bool fOAEP)
205 // choose between OAEP or PKCS#1 v.1.5 padding
206 AsymmetricKeyExchangeFormatter fmt = null;
208 fmt = new RSAOAEPKeyExchangeFormatter (rsa);
210 fmt = new RSAPKCS1KeyExchangeFormatter (rsa);
212 return fmt.CreateKeyExchange (rgb);
215 // NOTE: Unlike MS we need this method
216 // LAMESPEC: Not available from MS .NET framework but MS don't tell
217 // why! DON'T USE IT UNLESS YOU KNOW WHAT YOU ARE DOING!!! You should
218 // only encrypt/decrypt session (secret) key using asymmetric keys.
219 // Using this method to encrypt data IS dangerous (and very slow).
220 public override byte[] EncryptValue (byte[] rgb)
222 return rsa.EncryptValue (rgb);
225 public override RSAParameters ExportParameters (bool includePrivateParameters)
227 if ((includePrivateParameters) && (!privateKeyExportable))
228 throw new CryptographicException ("cannot export private key");
230 var rsaParams = rsa.ExportParameters (includePrivateParameters);
231 if (includePrivateParameters) {
232 // we want an ArgumentNullException is only the D is missing, but a
233 // CryptographicException if other parameters (CRT) are missings
234 if (rsaParams.D == null) {
235 throw new ArgumentNullException ("Missing D parameter for the private key.");
236 } else if ((rsaParams.P == null) || (rsaParams.Q == null) || (rsaParams.DP == null) ||
237 (rsaParams.DQ == null) || (rsaParams.InverseQ == null)) {
238 // note: we can import a private key, using FromXmlString,
239 // without the CRT parameters but we export it using ToXmlString!
240 throw new CryptographicException ("Missing some CRT parameters for the private key.");
247 public override void ImportParameters (RSAParameters parameters)
249 rsa.ImportParameters (parameters);
252 private HashAlgorithm GetHash (object halg)
255 throw new ArgumentNullException ("halg");
257 HashAlgorithm hash = null;
259 hash = GetHashFromString ((string) halg);
260 else if (halg is HashAlgorithm)
261 hash = (HashAlgorithm) halg;
262 else if (halg is Type)
263 hash = (HashAlgorithm) Activator.CreateInstance ((Type)halg);
265 throw new ArgumentException ("halg");
268 throw new ArgumentException (
269 "Could not find provider for halg='" + halg + "'.",
275 private HashAlgorithm GetHashFromString (string name)
277 HashAlgorithm hash = HashAlgorithm.Create (name);
281 return HashAlgorithm.Create (GetHashNameFromOID (name));
282 } catch (CryptographicException e) {
283 throw new ArgumentException (e.Message, "halg", e);
287 // NOTE: this method can work with ANY configured (OID in machine.config)
288 // HashAlgorithm descendant
289 public byte[] SignData (byte[] buffer, object halg)
292 throw new ArgumentNullException ("buffer");
293 return SignData (buffer, 0, buffer.Length, halg);
296 // NOTE: this method can work with ANY configured (OID in machine.config)
297 // HashAlgorithm descendant
298 public byte[] SignData (Stream inputStream, object halg)
300 HashAlgorithm hash = GetHash (halg);
301 byte[] toBeSigned = hash.ComputeHash (inputStream);
302 return PKCS1.Sign_v15 (this, hash, toBeSigned);
305 // NOTE: this method can work with ANY configured (OID in machine.config)
306 // HashAlgorithm descendant
307 public byte[] SignData (byte[] buffer, int offset, int count, object halg)
309 HashAlgorithm hash = GetHash (halg);
310 byte[] toBeSigned = hash.ComputeHash (buffer, offset, count);
311 return PKCS1.Sign_v15 (this, hash, toBeSigned);
314 private string GetHashNameFromOID (string oid)
317 case "1.3.14.3.2.26":
319 case "1.2.840.113549.2.5":
321 case "2.16.840.1.101.3.4.2.1":
323 case "2.16.840.1.101.3.4.2.2":
325 case "2.16.840.1.101.3.4.2.3":
328 throw new CryptographicException (oid + " is an unsupported hash algorithm for RSA signing");
332 public byte[] SignHash (byte[] rgbHash, string str)
335 throw new ArgumentNullException ("rgbHash");
336 // Fx 2.0 defaults to the SHA-1
337 string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
338 HashAlgorithm hash = HashAlgorithm.Create (hashName);
339 return PKCS1.Sign_v15 (this, hash, rgbHash);
342 // NOTE: this method can work with ANY configured (OID in machine.config)
343 // HashAlgorithm descendant
344 public bool VerifyData (byte[] buffer, object halg, byte[] signature)
347 throw new ArgumentNullException ("buffer");
348 if (signature == null)
349 throw new ArgumentNullException ("signature");
351 HashAlgorithm hash = GetHash (halg);
352 byte[] toBeVerified = hash.ComputeHash (buffer);
353 return PKCS1.Verify_v15 (this, hash, toBeVerified, signature);
356 public bool VerifyHash (byte[] rgbHash, string str, byte[] rgbSignature)
359 throw new ArgumentNullException ("rgbHash");
360 if (rgbSignature == null)
361 throw new ArgumentNullException ("rgbSignature");
362 // Fx 2.0 defaults to the SHA-1
363 string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
364 HashAlgorithm hash = HashAlgorithm.Create (hashName);
365 return PKCS1.Verify_v15 (this, hash, rgbHash, rgbSignature);
368 protected override void Dispose (bool disposing)
371 // the key is persisted and we do not want it persisted
372 if ((persisted) && (!persistKey)) {
373 store.Remove (); // delete the container
378 // no need as they all are abstract before us
385 private void OnKeyGenerated (object sender, EventArgs e)
387 // the key isn't persisted and we want it persisted
388 if ((persistKey) && (!persisted)) {
389 // save the current keypair
390 store.KeyValue = this.ToXmlString (!rsa.PublicOnly);
395 // ICspAsymmetricAlgorithm
398 public CspKeyContainerInfo CspKeyContainerInfo {
400 return new CspKeyContainerInfo(store.Parameters);
405 public byte[] ExportCspBlob (bool includePrivateParameters)
408 if (includePrivateParameters)
409 blob = CryptoConvert.ToCapiPrivateKeyBlob (this);
411 blob = CryptoConvert.ToCapiPublicKeyBlob (this);
413 // ALGID (bytes 4-7) - default is KEYX
414 // 00 24 00 00 (for CALG_RSA_SIGN)
415 // 00 A4 00 00 (for CALG_RSA_KEYX)
416 blob [5] = (byte) (((store != null) && (store.Parameters.KeyNumber == AT_SIGNATURE)) ? 0x24 : 0xA4);
421 public void ImportCspBlob (byte[] keyBlob)
424 throw new ArgumentNullException ("keyBlob");
426 RSA rsa = CryptoConvert.FromCapiKeyBlob (keyBlob);
427 if (rsa is RSACryptoServiceProvider) {
428 // default (if no change are present in machine.config)
429 RSAParameters rsap = rsa.ExportParameters (!(rsa as RSACryptoServiceProvider).PublicOnly);
430 ImportParameters (rsap);
432 // we can't know from RSA if the private key is available
435 RSAParameters rsap = rsa.ExportParameters (true);
436 ImportParameters (rsap);
440 RSAParameters rsap = rsa.ExportParameters (false);
441 ImportParameters (rsap);
445 var p = new CspParameters (PROV_RSA_FULL);
446 p.KeyNumber = keyBlob [5] == 0x24 ? AT_SIGNATURE : AT_KEYEXCHANGE;
447 if (useMachineKeyStore)
448 p.Flags |= CspProviderFlags.UseMachineKeyStore;
449 store = new KeyPairPersistence (p);