1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
|
// Copyright (c) Microsoft. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
namespace System.Security.Cryptography {
using System.IO;
using System.Text;
using System.Runtime.Serialization;
using System.Security.Util;
using System.Globalization;
using System.Diagnostics.Contracts;
// We allow only the public components of an RSAParameters object, the Modulus and Exponent
// to be serializable.
[Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
public struct RSAParameters {
public byte[] Exponent;
public byte[] Modulus;
[NonSerialized] public byte[] P;
[NonSerialized] public byte[] Q;
[NonSerialized] public byte[] DP;
[NonSerialized] public byte[] DQ;
[NonSerialized] public byte[] InverseQ;
[NonSerialized] public byte[] D;
}
[System.Runtime.InteropServices.ComVisible(true)]
public abstract class RSA : AsymmetricAlgorithm
{
protected RSA() { }
//
// public methods
//
new static public RSA Create() {
return Create("System.Security.Cryptography.RSA");
}
new static public RSA Create(String algName) {
return (RSA) CryptoConfig.CreateFromName(algName);
}
#if !FEATURE_CORECLR
//
// New RSA encrypt/decrypt/sign/verify RSA abstractions in .NET 4.6+ and .NET Core
//
// Methods that throw DerivedClassMustOverride are effectively abstract but we
// cannot mark them as such as it would be a breaking change. We'll make them
// abstract in .NET Core.
public virtual byte[] Encrypt(byte[] data, RSAEncryptionPadding padding) {
throw DerivedClassMustOverride();
}
public virtual byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) {
throw DerivedClassMustOverride();
}
public virtual byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
throw DerivedClassMustOverride();
}
public virtual bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
throw DerivedClassMustOverride();
}
protected virtual byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) {
throw DerivedClassMustOverride();
}
protected virtual byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) {
throw DerivedClassMustOverride();
}
public byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
if (data == null) {
throw new ArgumentNullException("data");
}
return SignData(data, 0, data.Length, hashAlgorithm, padding);
}
public virtual byte[] SignData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
if (data == null) {
throw new ArgumentNullException("data");
}
if (offset < 0 || offset > data.Length) {
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > data.Length - offset) {
throw new ArgumentOutOfRangeException("count");
}
if (String.IsNullOrEmpty(hashAlgorithm.Name)) {
throw HashAlgorithmNameNullOrEmpty();
}
if (padding == null) {
throw new ArgumentNullException("padding");
}
byte[] hash = HashData(data, offset, count, hashAlgorithm);
return SignHash(hash, hashAlgorithm, padding);
}
public virtual byte[] SignData(Stream data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
if (data == null) {
throw new ArgumentNullException("data");
}
if (String.IsNullOrEmpty(hashAlgorithm.Name)) {
throw HashAlgorithmNameNullOrEmpty();
}
if (padding == null) {
throw new ArgumentNullException("padding");
}
byte[] hash = HashData(data, hashAlgorithm);
return SignHash(hash, hashAlgorithm, padding);
}
public bool VerifyData(byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
if (data == null) {
throw new ArgumentNullException("data");
}
return VerifyData(data, 0, data.Length, signature, hashAlgorithm, padding);
}
public virtual bool VerifyData(byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
if (data == null) {
throw new ArgumentNullException("data");
}
if (offset < 0 || offset > data.Length) {
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > data.Length - offset) {
throw new ArgumentOutOfRangeException("count");
}
if (signature == null) {
throw new ArgumentNullException("signature");
}
if (String.IsNullOrEmpty(hashAlgorithm.Name)) {
throw HashAlgorithmNameNullOrEmpty();
}
if (padding == null) {
throw new ArgumentNullException("padding");
}
byte[] hash = HashData(data, offset, count, hashAlgorithm);
return VerifyHash(hash, signature, hashAlgorithm, padding);
}
public bool VerifyData(Stream data, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) {
if (data == null) {
throw new ArgumentNullException("data");
}
if (signature == null) {
throw new ArgumentNullException("signature");
}
if (String.IsNullOrEmpty(hashAlgorithm.Name)) {
throw HashAlgorithmNameNullOrEmpty();
}
if (padding == null) {
throw new ArgumentNullException("padding");
}
byte[] hash = HashData(data, hashAlgorithm);
return VerifyHash(hash, signature, hashAlgorithm, padding);
}
private static Exception DerivedClassMustOverride() {
return new NotImplementedException(Environment.GetResourceString("NotSupported_SubclassOverride"));
}
internal static Exception HashAlgorithmNameNullOrEmpty() {
return new ArgumentException(Environment.GetResourceString("Cryptography_HashAlgorithmNameNullOrEmpty"), "hashAlgorithm");
}
#endif
//
// Legacy encrypt/decrypt RSA abstraction from .NET < 4.6
//
// These should be obsolete, but we can't mark them as such here due to rules around not introducing
// source breaks to scenarios that compile against the GAC.
//
// They used to be abstract, but the only concrete implementation in RSACryptoServiceProvider threw
// NotSupportedException! This has been moved up to the base so all subclasses can ignore them moving forward.
// They will also be removed from .NET Core altogether.
//
// The original intent was for these to perform the RSA algorithm without padding/depadding. This can
// be seen by how the RSAXxx(De)Formatter classes call them in the non-RSACryptoServiceProvider case --
// they do the padding/depadding in managed code.
//
// Unfortunately, these formatter classes are still incompatible with RSACng or any derived class that does not
// implement EncryptValue, DecryptValue as the formatters speculatively expected non-RSACryptoServiceProvider
// to do. That needs to be fixed in a subsequent release. We can still do it as it would move an exception to a
// correct result...
//
// [Obsolete]
public virtual byte[] DecryptValue(byte[] rgb) {
throw new NotSupportedException(Environment.GetResourceString("NotSupported_Method"));
}
// [Obsolete]
public virtual byte[] EncryptValue(byte[] rgb) {
throw new NotSupportedException(Environment.GetResourceString("NotSupported_Method"));
}
//
// These should also be obsolete (on the base). They aren't well defined nor are they used
// anywhere in the FX apart from checking that they're not null.
//
// For new derived RSA classes, we'll just return "RSA" which is analagous to what ECDsa
// and ECDiffieHellman do.
//
// Note that for compat, RSACryptoServiceProvider still overrides and returns RSA-PKCS1-KEYEX
// and http://www.w3.org/2000/09/xmldsig#rsa-sha1
//
public override string KeyExchangeAlgorithm {
get { return "RSA"; }
}
public override string SignatureAlgorithm {
get { return "RSA"; }
}
// Import/export functions
// We can provide a default implementation of FromXmlString because we require
// every RSA implementation to implement ImportParameters
// All we have to do here is parse the XML.
public override void FromXmlString(String xmlString) {
if (xmlString == null) throw new ArgumentNullException("xmlString");
Contract.EndContractBlock();
RSAParameters rsaParams = new RSAParameters();
Parser p = new Parser(xmlString);
SecurityElement topElement = p.GetTopElement();
// Modulus is always present
String modulusString = topElement.SearchForTextOfLocalName("Modulus");
if (modulusString == null) {
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidFromXmlString","RSA","Modulus"));
}
rsaParams.Modulus = Convert.FromBase64String(Utils.DiscardWhiteSpaces(modulusString));
// Exponent is always present
String exponentString = topElement.SearchForTextOfLocalName("Exponent");
if (exponentString == null) {
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidFromXmlString","RSA","Exponent"));
}
rsaParams.Exponent = Convert.FromBase64String(Utils.DiscardWhiteSpaces(exponentString));
// P is optional
String pString = topElement.SearchForTextOfLocalName("P");
if (pString != null) rsaParams.P = Convert.FromBase64String(Utils.DiscardWhiteSpaces(pString));
// Q is optional
String qString = topElement.SearchForTextOfLocalName("Q");
if (qString != null) rsaParams.Q = Convert.FromBase64String(Utils.DiscardWhiteSpaces(qString));
// DP is optional
String dpString = topElement.SearchForTextOfLocalName("DP");
if (dpString != null) rsaParams.DP = Convert.FromBase64String(Utils.DiscardWhiteSpaces(dpString));
// DQ is optional
String dqString = topElement.SearchForTextOfLocalName("DQ");
if (dqString != null) rsaParams.DQ = Convert.FromBase64String(Utils.DiscardWhiteSpaces(dqString));
// InverseQ is optional
String inverseQString = topElement.SearchForTextOfLocalName("InverseQ");
if (inverseQString != null) rsaParams.InverseQ = Convert.FromBase64String(Utils.DiscardWhiteSpaces(inverseQString));
// D is optional
String dString = topElement.SearchForTextOfLocalName("D");
if (dString != null) rsaParams.D = Convert.FromBase64String(Utils.DiscardWhiteSpaces(dString));
ImportParameters(rsaParams);
}
// We can provide a default implementation of ToXmlString because we require
// every RSA implementation to implement ImportParameters
// If includePrivateParameters is false, this is just an XMLDSIG RSAKeyValue
// clause. If includePrivateParameters is true, then we extend RSAKeyValue with
// the other (private) elements.
public override String ToXmlString(bool includePrivateParameters) {
// From the XMLDSIG spec, RFC 3075, Section 6.4.2, an RSAKeyValue looks like this:
/*
<element name="RSAKeyValue">
<complexType>
<sequence>
<element name="Modulus" type="ds:CryptoBinary"/>
<element name="Exponent" type="ds:CryptoBinary"/>
</sequence>
</complexType>
</element>
*/
// we extend appropriately for private components
RSAParameters rsaParams = this.ExportParameters(includePrivateParameters);
StringBuilder sb = new StringBuilder();
sb.Append("<RSAKeyValue>");
// Add the modulus
sb.Append("<Modulus>"+Convert.ToBase64String(rsaParams.Modulus)+"</Modulus>");
// Add the exponent
sb.Append("<Exponent>"+Convert.ToBase64String(rsaParams.Exponent)+"</Exponent>");
if (includePrivateParameters) {
// Add the private components
sb.Append("<P>"+Convert.ToBase64String(rsaParams.P)+"</P>");
sb.Append("<Q>"+Convert.ToBase64String(rsaParams.Q)+"</Q>");
sb.Append("<DP>"+Convert.ToBase64String(rsaParams.DP)+"</DP>");
sb.Append("<DQ>"+Convert.ToBase64String(rsaParams.DQ)+"</DQ>");
sb.Append("<InverseQ>"+Convert.ToBase64String(rsaParams.InverseQ)+"</InverseQ>");
sb.Append("<D>"+Convert.ToBase64String(rsaParams.D)+"</D>");
}
sb.Append("</RSAKeyValue>");
return(sb.ToString());
}
abstract public RSAParameters ExportParameters(bool includePrivateParameters);
abstract public void ImportParameters(RSAParameters parameters);
}
}
|
