namespace System.Security.Cryptography {
-#if NET_2_0
[ComVisible (true)]
public sealed class RSACryptoServiceProvider : RSA, ICspAsymmetricAlgorithm {
-#else
- public sealed class RSACryptoServiceProvider : RSA {
-#endif
private const int PROV_RSA_FULL = 1; // from WinCrypt.h
+ private const int AT_KEYEXCHANGE = 1;
+ private const int AT_SIGNATURE = 2;
private KeyPairPersistence store;
private bool persistKey;
private RSAManaged rsa;
public RSACryptoServiceProvider ()
+ : this (1024)
{
// Here it's not clear if we need to generate a keypair
// (note: MS implementation generates a keypair in this case).
// So we'll generate the keypair only when (and if) it's being
// used (or exported). This should save us a lot of time (at
// least in the unit tests).
- Common (1024, null);
}
public RSACryptoServiceProvider (CspParameters parameters)
+ : this (1024, parameters)
{
- Common (1024, parameters);
// no keypair generation done at this stage
}
public RSACryptoServiceProvider (int dwKeySize)
{
// Here it's clear that we need to generate a new keypair
- Common (dwKeySize, null);
+ Common (dwKeySize, false);
// no keypair generation done at this stage
}
public RSACryptoServiceProvider (int dwKeySize, CspParameters parameters)
{
- Common (dwKeySize, parameters);
+ bool has_parameters = parameters != null;
+ Common (dwKeySize, has_parameters);
+ if (has_parameters)
+ Common (parameters);
// no keypair generation done at this stage
}
- private void Common (int dwKeySize, CspParameters p)
+ void Common (int dwKeySize, bool parameters)
{
// Microsoft RSA CSP can do between 384 and 16384 bits keypair
LegalKeySizesValue = new KeySizes [1];
rsa = new RSAManaged (KeySize);
rsa.KeyGenerated += new RSAManaged.KeyGeneratedEventHandler (OnKeyGenerated);
- persistKey = (p != null);
- if (p == null) {
- p = new CspParameters (PROV_RSA_FULL);
-#if NET_1_1
- if (useMachineKeyStore)
- p.Flags |= CspProviderFlags.UseMachineKeyStore;
-#endif
- store = new KeyPairPersistence (p);
- // no need to load - it cannot exists
- }
- else {
- store = new KeyPairPersistence (p);
- store.Load ();
- if (store.KeyValue != null) {
- persisted = true;
- this.FromXmlString (store.KeyValue);
- }
+ persistKey = parameters;
+ if (parameters)
+ return;
+
+ // no need to load - it cannot exists
+ var p = new CspParameters (PROV_RSA_FULL);
+ if (useMachineKeyStore)
+ p.Flags |= CspProviderFlags.UseMachineKeyStore;
+ store = new KeyPairPersistence (p);
+ }
+
+ void Common (CspParameters p)
+ {
+ store = new KeyPairPersistence (p);
+ bool exists = store.Load ();
+ bool required = (p.Flags & CspProviderFlags.UseExistingKey) != 0;
+
+ if (required && !exists)
+ throw new CryptographicException ("Keyset does not exist");
+
+ if (store.KeyValue != null) {
+ persisted = true;
+ FromXmlString (store.KeyValue);
}
}
-#if NET_1_1
- private static bool useMachineKeyStore = false;
+ private static bool useMachineKeyStore;
public static bool UseMachineKeyStore {
get { return useMachineKeyStore; }
set { useMachineKeyStore = value; }
}
-#endif
~RSACryptoServiceProvider ()
{
}
}
-#if (NET_2_0)
[ComVisible (false)]
- public
-#else
- internal
-#endif
- bool PublicOnly {
+ public bool PublicOnly {
get { return rsa.PublicOnly; }
}
public byte[] Decrypt (byte[] rgb, bool fOAEP)
{
-#if NET_1_1
if (m_disposed)
throw new ObjectDisposedException ("rsa");
-#endif
// choose between OAEP or PKCS#1 v.1.5 padding
AsymmetricKeyExchangeDeformatter def = null;
if (fOAEP)
HashAlgorithm hash = null;
if (halg is String)
- hash = HashAlgorithm.Create ((String)halg);
+ hash = GetHashFromString ((string) halg);
else if (halg is HashAlgorithm)
hash = (HashAlgorithm) halg;
else if (halg is Type)
else
throw new ArgumentException ("halg");
+ if (hash == null)
+ throw new ArgumentException (
+ "Could not find provider for halg='" + halg + "'.",
+ "halg");
+
return hash;
}
+
+ private HashAlgorithm GetHashFromString (string name)
+ {
+ HashAlgorithm hash = HashAlgorithm.Create (name);
+ if (hash != null)
+ return hash;
+ try {
+ return HashAlgorithm.Create (GetHashNameFromOID (name));
+ } catch (CryptographicException e) {
+ throw new ArgumentException (e.Message, "halg", e);
+ }
+ }
// NOTE: this method can work with ANY configured (OID in machine.config)
// HashAlgorithm descendant
public byte[] SignData (byte[] buffer, object halg)
{
-#if NET_1_1
if (buffer == null)
throw new ArgumentNullException ("buffer");
-#endif
return SignData (buffer, 0, buffer.Length, halg);
}
private string GetHashNameFromOID (string oid)
{
switch (oid) {
- case "1.3.14.3.2.26":
- return "SHA1";
- case "1.2.840.113549.2.5":
- return "MD5";
- default:
- throw new NotSupportedException (oid + " is an unsupported hash algorithm for RSA signing");
+ case "1.3.14.3.2.26":
+ return "SHA1";
+ case "1.2.840.113549.2.5":
+ return "MD5";
+ case "2.16.840.1.101.3.4.2.1":
+ return "SHA256";
+ case "2.16.840.1.101.3.4.2.2":
+ return "SHA384";
+ case "2.16.840.1.101.3.4.2.3":
+ return "SHA512";
+ default:
+ throw new CryptographicException (oid + " is an unsupported hash algorithm for RSA signing");
}
}
- // LAMESPEC: str is not the hash name but an OID
- // NOTE: this method is LIMITED to SHA1 and MD5 like the MS framework 1.0
- // and 1.1 because there's no method to get a hash algorithm from an OID.
- // However there's no such limit when using the [De]Formatter class.
public byte[] SignHash (byte[] rgbHash, string str)
{
if (rgbHash == null)
throw new ArgumentNullException ("rgbHash");
-#if NET_2_0
// Fx 2.0 defaults to the SHA-1
string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
-#else
- if (str == null)
- throw new CryptographicException (Locale.GetText ("No OID specified"));
- string hashName = GetHashNameFromOID (str);
-#endif
HashAlgorithm hash = HashAlgorithm.Create (hashName);
return PKCS1.Sign_v15 (this, hash, rgbHash);
}
// HashAlgorithm descendant
public bool VerifyData (byte[] buffer, object halg, byte[] signature)
{
-#if NET_1_1
if (buffer == null)
throw new ArgumentNullException ("buffer");
-#endif
if (signature == null)
throw new ArgumentNullException ("signature");
return PKCS1.Verify_v15 (this, hash, toBeVerified, signature);
}
- // LAMESPEC: str is not the hash name but an OID
- // NOTE: this method is LIMITED to SHA1 and MD5 like the MS framework 1.0
- // and 1.1 because there's no method to get a hash algorithm from an OID.
- // However there's no such limit when using the [De]Formatter class.
public bool VerifyHash (byte[] rgbHash, string str, byte[] rgbSignature)
{
if (rgbHash == null)
throw new ArgumentNullException ("rgbHash");
if (rgbSignature == null)
throw new ArgumentNullException ("rgbSignature");
-#if NET_2_0
// Fx 2.0 defaults to the SHA-1
string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
-#else
- if (str == null)
- throw new CryptographicException (Locale.GetText ("No OID specified"));
- string hashName = GetHashNameFromOID (str);
-#endif
HashAlgorithm hash = HashAlgorithm.Create (hashName);
return PKCS1.Verify_v15 (this, hash, rgbHash, rgbSignature);
}
persisted = true;
}
}
-#if NET_2_0
// ICspAsymmetricAlgorithm
- [MonoTODO ("Always return null")]
- // FIXME: call into KeyPairPersistence to get details
[ComVisible (false)]
public CspKeyContainerInfo CspKeyContainerInfo {
- get { return null; }
+ get {
+ return new CspKeyContainerInfo(store.Parameters);
+ }
}
[ComVisible (false)]
// ALGID (bytes 4-7) - default is KEYX
// 00 24 00 00 (for CALG_RSA_SIGN)
// 00 A4 00 00 (for CALG_RSA_KEYX)
- blob [5] = 0xA4;
+ blob [5] = (byte) (((store != null) && (store.Parameters.KeyNumber == AT_SIGNATURE)) ? 0x24 : 0xA4);
return blob;
}
[ComVisible (false)]
- public void ImportCspBlob (byte[] rawData)
+ public void ImportCspBlob (byte[] keyBlob)
{
- if (rawData == null)
- throw new ArgumentNullException ("rawData");
+ if (keyBlob == null)
+ throw new ArgumentNullException ("keyBlob");
- RSA rsa = CryptoConvert.FromCapiKeyBlob (rawData);
+ RSA rsa = CryptoConvert.FromCapiKeyBlob (keyBlob);
if (rsa is RSACryptoServiceProvider) {
// default (if no change are present in machine.config)
RSAParameters rsap = rsa.ExportParameters (!(rsa as RSACryptoServiceProvider).PublicOnly);
ImportParameters (rsap);
}
}
+
+ var p = new CspParameters (PROV_RSA_FULL);
+ p.KeyNumber = keyBlob [5] == 0x24 ? AT_SIGNATURE : AT_KEYEXCHANGE;
+ if (useMachineKeyStore)
+ p.Flags |= CspProviderFlags.UseMachineKeyStore;
+ store = new KeyPairPersistence (p);
}
-#endif
}
}