// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-#if !MOONLIGHT
-
using System.IO;
using System.Runtime.InteropServices;
namespace System.Security.Cryptography {
- [ComVisible (true)]
- public sealed class RSACryptoServiceProvider : RSA, ICspAsymmetricAlgorithm {
+ public partial class RSACryptoServiceProvider {
private const int PROV_RSA_FULL = 1; // from WinCrypt.h
private const int AT_KEYEXCHANGE = 1;
private const int AT_SIGNATURE = 2;
private RSAManaged rsa;
public RSACryptoServiceProvider ()
+ : this (1024)
{
// Here it's not clear if we need to generate a keypair
// (note: MS implementation generates a keypair in this case).
// So we'll generate the keypair only when (and if) it's being
// used (or exported). This should save us a lot of time (at
// least in the unit tests).
- Common (1024, null);
}
public RSACryptoServiceProvider (CspParameters parameters)
+ : this (1024, parameters)
{
- Common (1024, parameters);
// no keypair generation done at this stage
}
public RSACryptoServiceProvider (int dwKeySize)
{
// Here it's clear that we need to generate a new keypair
- Common (dwKeySize, null);
+ Common (dwKeySize, false);
// no keypair generation done at this stage
}
public RSACryptoServiceProvider (int dwKeySize, CspParameters parameters)
{
- Common (dwKeySize, parameters);
+ bool has_parameters = parameters != null;
+ Common (dwKeySize, has_parameters);
+ if (has_parameters)
+ Common (parameters);
// no keypair generation done at this stage
}
- private void Common (int dwKeySize, CspParameters p)
+ void Common (int dwKeySize, bool parameters)
{
// Microsoft RSA CSP can do between 384 and 16384 bits keypair
LegalKeySizesValue = new KeySizes [1];
rsa = new RSAManaged (KeySize);
rsa.KeyGenerated += new RSAManaged.KeyGeneratedEventHandler (OnKeyGenerated);
- persistKey = (p != null);
- if (p == null) {
- p = new CspParameters (PROV_RSA_FULL);
- if (useMachineKeyStore)
- p.Flags |= CspProviderFlags.UseMachineKeyStore;
- store = new KeyPairPersistence (p);
- // no need to load - it cannot exists
- }
- else {
- store = new KeyPairPersistence (p);
- bool exists = store.Load ();
- bool required = (p.Flags & CspProviderFlags.UseExistingKey) != 0;
-
- if (required && !exists)
- throw new CryptographicException ("Keyset does not exist");
+ persistKey = parameters;
+ if (parameters)
+ return;
- if (store.KeyValue != null) {
- persisted = true;
- this.FromXmlString (store.KeyValue);
- }
- }
+ // no need to load - it cannot exists
+ var p = new CspParameters (PROV_RSA_FULL);
+ if (UseMachineKeyStore)
+ p.Flags |= CspProviderFlags.UseMachineKeyStore;
+ store = new KeyPairPersistence (p);
}
- private static bool useMachineKeyStore = false;
+ void Common (CspParameters p)
+ {
+ store = new KeyPairPersistence (p);
+ bool exists = store.Load ();
+ bool required = (p.Flags & CspProviderFlags.UseExistingKey) != 0;
+ privateKeyExportable = (p.Flags & CspProviderFlags.UseNonExportableKey) == 0;
+
+ if (required && !exists)
+ throw new CryptographicException ("Keyset does not exist");
- public static bool UseMachineKeyStore {
- get { return useMachineKeyStore; }
- set { useMachineKeyStore = value; }
+ if (store.KeyValue != null) {
+ persisted = true;
+ FromXmlString (store.KeyValue);
+ }
}
~RSACryptoServiceProvider ()
public bool PublicOnly {
get { return rsa.PublicOnly; }
}
-
- public override string SignatureAlgorithm {
- get { return "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; }
- }
-
+
public byte[] Decrypt (byte[] rgb, bool fOAEP)
{
+ if (rgb == null)
+ throw new ArgumentNullException("rgb");
+
+ // size check -- must be at most the modulus size
+ if (rgb.Length > (KeySize / 8))
+ throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", KeySize / 8));
+
if (m_disposed)
throw new ObjectDisposedException ("rsa");
// choose between OAEP or PKCS#1 v.1.5 padding
if ((includePrivateParameters) && (!privateKeyExportable))
throw new CryptographicException ("cannot export private key");
- return rsa.ExportParameters (includePrivateParameters);
+ var rsaParams = rsa.ExportParameters (includePrivateParameters);
+ if (includePrivateParameters) {
+ // we want an ArgumentNullException is only the D is missing, but a
+ // CryptographicException if other parameters (CRT) are missings
+ if (rsaParams.D == null) {
+ throw new ArgumentNullException ("Missing D parameter for the private key.");
+ } else if ((rsaParams.P == null) || (rsaParams.Q == null) || (rsaParams.DP == null) ||
+ (rsaParams.DQ == null) || (rsaParams.InverseQ == null)) {
+ // note: we can import a private key, using FromXmlString,
+ // without the CRT parameters but we export it using ToXmlString!
+ throw new CryptographicException ("Missing some CRT parameters for the private key.");
+ }
+ }
+
+ return rsaParams;
}
public override void ImportParameters (RSAParameters parameters)
HashAlgorithm hash = null;
if (halg is String)
- hash = HashAlgorithm.Create ((String)halg);
+ hash = GetHashFromString ((string) halg);
else if (halg is HashAlgorithm)
hash = (HashAlgorithm) halg;
else if (halg is Type)
else
throw new ArgumentException ("halg");
+ if (hash == null)
+ throw new ArgumentException (
+ "Could not find provider for halg='" + halg + "'.",
+ "halg");
+
return hash;
}
+
+ private HashAlgorithm GetHashFromString (string name)
+ {
+ HashAlgorithm hash = HashAlgorithm.Create (name);
+ if (hash != null)
+ return hash;
+ try {
+ return HashAlgorithm.Create (GetHashNameFromOID (name));
+ } catch (CryptographicException e) {
+ throw new ArgumentException (e.Message, "halg", e);
+ }
+ }
// NOTE: this method can work with ANY configured (OID in machine.config)
// HashAlgorithm descendant
return PKCS1.Sign_v15 (this, hash, rgbHash);
}
+ byte[] SignHash(byte[] rgbHash, int calgHash)
+ {
+ return PKCS1.Sign_v15 (this, InternalHashToHashAlgorithm (calgHash), rgbHash);
+ }
+
+ static HashAlgorithm InternalHashToHashAlgorithm (int calgHash)
+ {
+ switch (calgHash) {
+ case Constants.CALG_MD5:
+ return MD5.Create ();
+ case Constants.CALG_SHA1:
+ return SHA1.Create ();
+ case Constants.CALG_SHA_256:
+ return SHA256.Create ();
+ case Constants.CALG_SHA_384:
+ return SHA384.Create ();
+ case Constants.CALG_SHA_512:
+ return SHA512.Create ();
+ }
+
+ throw new NotImplementedException (calgHash.ToString ());
+ }
+
// NOTE: this method can work with ANY configured (OID in machine.config)
// HashAlgorithm descendant
public bool VerifyData (byte[] buffer, object halg, byte[] signature)
HashAlgorithm hash = HashAlgorithm.Create (hashName);
return PKCS1.Verify_v15 (this, hash, rgbHash, rgbSignature);
}
+
+ bool VerifyHash(byte[] rgbHash, int calgHash, byte[] rgbSignature)
+ {
+ return PKCS1.Verify_v15 (this, InternalHashToHashAlgorithm (calgHash), rgbHash, rgbSignature);
+ }
protected override void Dispose (bool disposing)
{
var p = new CspParameters (PROV_RSA_FULL);
p.KeyNumber = keyBlob [5] == 0x24 ? AT_SIGNATURE : AT_KEYEXCHANGE;
- if (useMachineKeyStore)
+ if (UseMachineKeyStore)
p.Flags |= CspProviderFlags.UseMachineKeyStore;
store = new KeyPairPersistence (p);
}
}
}
-
-#endif
-