search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
use MOONLIGHT symbol
[mcs.git] / class / corlib / Mono.Security.Cryptography / PKCS8.cs
blob84b830f245835b9db8069e4f126f7261a636fa1f
1 //
2 // PKCS8.cs: PKCS #8 - Private-Key Information Syntax Standard
3 // ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-8.doc
4 //
5 // Author:
6 // Sebastien Pouliot <sebastien@ximian.com>
7 //
8 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
9 // Copyright (C) 2004-2006 Novell Inc. (http://www.novell.com)
10 //
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
18 //
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
21 //
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30
31 using System;
32 using System.Collections;
33 using System.Security.Cryptography;
34 using System.Text;
35
36 using Mono.Security.X509;
37
38 namespace Mono.Security.Cryptography {
39
40 #if INSIDE_CORLIB
41 internal
42 #else
43 public
44 #endif
45 sealed class PKCS8 {
46
47 public enum KeyInfo {
48 PrivateKey,
49 EncryptedPrivateKey,
50 Unknown
51 }
52
53 private PKCS8 ()
54 {
55 }
56
57 static public KeyInfo GetType (byte[] data)
58 {
59 if (data == null)
60 throw new ArgumentNullException ("data");
61
62 KeyInfo ki = KeyInfo.Unknown;
63 try {
64 ASN1 top = new ASN1 (data);
65 if ((top.Tag == 0x30) && (top.Count > 0)) {
66 ASN1 firstLevel = top [0];
67 switch (firstLevel.Tag) {
68 case 0x02:
69 ki = KeyInfo.PrivateKey;
70 break;
71 case 0x30:
72 ki = KeyInfo.EncryptedPrivateKey;
73 break;
74 }
75 }
76 }
77 catch {
78 throw new CryptographicException ("invalid ASN.1 data");
79 }
80 return ki;
81 }
82
83 /*
84 * PrivateKeyInfo ::= SEQUENCE {
85 * version Version,
86 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
87 * privateKey PrivateKey,
88 * attributes [0] IMPLICIT Attributes OPTIONAL
89 * }
90 *
91 * Version ::= INTEGER
92 *
93 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
94 *
95 * PrivateKey ::= OCTET STRING
96 *
97 * Attributes ::= SET OF Attribute
98 */
99 public class PrivateKeyInfo {
100
101 private int _version;
102 private string _algorithm;
103 private byte[] _key;
104 private ArrayList _list;
105
106 public PrivateKeyInfo ()
107 {
108 _version = 0;
109 _list = new ArrayList ();
110 }
111
112 public PrivateKeyInfo (byte[] data) : this ()
113 {
114 Decode (data);
115 }
116
117 // properties
118
119 public string Algorithm {
120 get { return _algorithm; }
121 set { _algorithm = value; }
122 }
123
124 public ArrayList Attributes {
125 get { return _list; }
126 }
127
128 public byte[] PrivateKey {
129 get {
130 if (_key == null)
131 return null;
132 return (byte[]) _key.Clone ();
133 }
134 set {
135 if (value == null)
136 throw new ArgumentNullException ("PrivateKey");
137 _key = (byte[]) value.Clone ();
138 }
139 }
140
141 public int Version {
142 get { return _version; }
143 set {
144 if (value < 0)
145 throw new ArgumentOutOfRangeException ("negative version");
146 _version = value;
147 }
148 }
149
150 // methods
151
152 private void Decode (byte[] data)
153 {
154 ASN1 privateKeyInfo = new ASN1 (data);
155 if (privateKeyInfo.Tag != 0x30)
156 throw new CryptographicException ("invalid PrivateKeyInfo");
157
158 ASN1 version = privateKeyInfo [0];
159 if (version.Tag != 0x02)
160 throw new CryptographicException ("invalid version");
161 _version = version.Value [0];
162
163 ASN1 privateKeyAlgorithm = privateKeyInfo [1];
164 if (privateKeyAlgorithm.Tag != 0x30)
165 throw new CryptographicException ("invalid algorithm");
166
167 ASN1 algorithm = privateKeyAlgorithm [0];
168 if (algorithm.Tag != 0x06)
169 throw new CryptographicException ("missing algorithm OID");
170 _algorithm = ASN1Convert.ToOid (algorithm);
171
172 ASN1 privateKey = privateKeyInfo [2];
173 _key = privateKey.Value;
174
175 // attributes [0] IMPLICIT Attributes OPTIONAL
176 if (privateKeyInfo.Count > 3) {
177 ASN1 attributes = privateKeyInfo [3];
178 for (int i=0; i < attributes.Count; i++) {
179 _list.Add (attributes [i]);
180 }
181 }
182 }
183
184 public byte[] GetBytes ()
185 {
186 ASN1 privateKeyAlgorithm = new ASN1 (0x30);
187 privateKeyAlgorithm.Add (ASN1Convert.FromOid (_algorithm));
188 privateKeyAlgorithm.Add (new ASN1 (0x05)); // ASN.1 NULL
189
190 ASN1 pki = new ASN1 (0x30);
191 pki.Add (new ASN1 (0x02, new byte [1] { (byte) _version }));
192 pki.Add (privateKeyAlgorithm);
193 pki.Add (new ASN1 (0x04, _key));
194
195 if (_list.Count > 0) {
196 ASN1 attributes = new ASN1 (0xA0);
197 foreach (ASN1 attribute in _list) {
198 attributes.Add (attribute);
199 }
200 pki.Add (attributes);
201 }
202
203 return pki.GetBytes ();
204 }
205
206 // static methods
207
208 static private byte[] RemoveLeadingZero (byte[] bigInt)
209 {
210 int start = 0;
211 int length = bigInt.Length;
212 if (bigInt [0] == 0x00) {
213 start = 1;
214 length--;
215 }
216 byte[] bi = new byte [length];
217 Buffer.BlockCopy (bigInt, start, bi, 0, length);
218 return bi;
219 }
220
221 static private byte[] Normalize (byte[] bigInt, int length)
222 {
223 if (bigInt.Length == length)
224 return bigInt;
225 else if (bigInt.Length > length)
226 return RemoveLeadingZero (bigInt);
227 else {
228 // pad with 0
229 byte[] bi = new byte [length];
230 Buffer.BlockCopy (bigInt, 0, bi, (length - bigInt.Length), bigInt.Length);
231 return bi;
232 }
233 }
234
235 /*
236 * RSAPrivateKey ::= SEQUENCE {
237 * version Version,
238 * modulus INTEGER, -- n
239 * publicExponent INTEGER, -- e
240 * privateExponent INTEGER, -- d
241 * prime1 INTEGER, -- p
242 * prime2 INTEGER, -- q
243 * exponent1 INTEGER, -- d mod (p-1)
244 * exponent2 INTEGER, -- d mod (q-1)
245 * coefficient INTEGER, -- (inverse of q) mod p
246 * otherPrimeInfos OtherPrimeInfos OPTIONAL
247 * }
248 */
249 static public RSA DecodeRSA (byte[] keypair)
250 {
251 ASN1 privateKey = new ASN1 (keypair);
252 if (privateKey.Tag != 0x30)
253 throw new CryptographicException ("invalid private key format");
254
255 ASN1 version = privateKey [0];
256 if (version.Tag != 0x02)
257 throw new CryptographicException ("missing version");
258
259 if (privateKey.Count < 9)
260 throw new CryptographicException ("not enough key parameters");
261
262 RSAParameters param = new RSAParameters ();
263 // note: MUST remove leading 0 - else MS wont import the key
264 param.Modulus = RemoveLeadingZero (privateKey [1].Value);
265 int keysize = param.Modulus.Length;
266 int keysize2 = (keysize >> 1); // half-size
267 // size must be normalized - else MS wont import the key
268 param.D = Normalize (privateKey [3].Value, keysize);
269 param.DP = Normalize (privateKey [6].Value, keysize2);
270 param.DQ = Normalize (privateKey [7].Value, keysize2);
271 param.Exponent = RemoveLeadingZero (privateKey [2].Value);
272 param.InverseQ = Normalize (privateKey [8].Value, keysize2);
273 param.P = Normalize (privateKey [4].Value, keysize2);
274 param.Q = Normalize (privateKey [5].Value, keysize2);
275 #if MOONLIGHT
276 RSA rsa = RSA.Create ();
277 rsa.ImportParameters (param);
278 #else
279 RSA rsa = null;
280 try {
281 rsa = RSA.Create ();
282 rsa.ImportParameters (param);
283 }
284 catch (CryptographicException) {
285 // this may cause problem when this code is run under
286 // the SYSTEM identity on Windows (e.g. ASP.NET). See
287 // http://bugzilla.ximian.com/show_bug.cgi?id=77559
288 CspParameters csp = new CspParameters ();
289 csp.Flags = CspProviderFlags.UseMachineKeyStore;
290 rsa = new RSACryptoServiceProvider (csp);
291 rsa.ImportParameters (param);
292 }
293 #endif
294 return rsa;
295 }
296
297 /*
298 * RSAPrivateKey ::= SEQUENCE {
299 * version Version,
300 * modulus INTEGER, -- n
301 * publicExponent INTEGER, -- e
302 * privateExponent INTEGER, -- d
303 * prime1 INTEGER, -- p
304 * prime2 INTEGER, -- q
305 * exponent1 INTEGER, -- d mod (p-1)
306 * exponent2 INTEGER, -- d mod (q-1)
307 * coefficient INTEGER, -- (inverse of q) mod p
308 * otherPrimeInfos OtherPrimeInfos OPTIONAL
309 * }
310 */
311 static public byte[] Encode (RSA rsa)
312 {
313 RSAParameters param = rsa.ExportParameters (true);
314
315 ASN1 rsaPrivateKey = new ASN1 (0x30);
316 rsaPrivateKey.Add (new ASN1 (0x02, new byte [1] { 0x00 }));
317 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Modulus));
318 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Exponent));
319 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.D));
320 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.P));
321 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Q));
322 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DP));
323 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DQ));
324 rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.InverseQ));
325
326 return rsaPrivateKey.GetBytes ();
327 }
328
329 // DSA only encode it's X private key inside an ASN.1 INTEGER (Hint: Tag == 0x02)
330 // which isn't enough for rebuilding the keypair. The other parameters
331 // can be found (98% of the time) in the X.509 certificate associated
332 // with the private key or (2% of the time) the parameters are in it's
333 // issuer X.509 certificate (not supported in the .NET framework).
334 static public DSA DecodeDSA (byte[] privateKey, DSAParameters dsaParameters)
335 {
336 ASN1 pvk = new ASN1 (privateKey);
337 if (pvk.Tag != 0x02)
338 throw new CryptographicException ("invalid private key format");
339
340 // X is ALWAYS 20 bytes (no matter if the key length is 512 or 1024 bits)
341 dsaParameters.X = Normalize (pvk.Value, 20);
342 DSA dsa = DSA.Create ();
343 dsa.ImportParameters (dsaParameters);
344 return dsa;
345 }
346
347 static public byte[] Encode (DSA dsa)
348 {
349 DSAParameters param = dsa.ExportParameters (true);
350 return ASN1Convert.FromUnsignedBigInteger (param.X).GetBytes ();
351 }
352
353 static public byte[] Encode (AsymmetricAlgorithm aa)
354 {
355 if (aa is RSA)
356 return Encode ((RSA)aa);
357 else if (aa is DSA)
358 return Encode ((DSA)aa);
359 else
360 throw new CryptographicException ("Unknown asymmetric algorithm {0}", aa.ToString ());
361 }
362 }
363
364 /*
365 * EncryptedPrivateKeyInfo ::= SEQUENCE {
366 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
367 * encryptedData EncryptedData
368 * }
369 *
370 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
371 *
372 * EncryptedData ::= OCTET STRING
373 *
374 * --
375 * AlgorithmIdentifier ::= SEQUENCE {
376 * algorithm OBJECT IDENTIFIER,
377 * parameters ANY DEFINED BY algorithm OPTIONAL
378 * }
379 *
380 * -- from PKCS#5
381 * PBEParameter ::= SEQUENCE {
382 * salt OCTET STRING SIZE(8),
383 * iterationCount INTEGER
384 * }
385 */
386 public class EncryptedPrivateKeyInfo {
387
388 private string _algorithm;
389 private byte[] _salt;
390 private int _iterations;
391 private byte[] _data;
392
393 public EncryptedPrivateKeyInfo () {}
394
395 public EncryptedPrivateKeyInfo (byte[] data) : this ()
396 {
397 Decode (data);
398 }
399
400 // properties
401
402 public string Algorithm {
403 get { return _algorithm; }
404 set { _algorithm = value; }
405 }
406
407 public byte[] EncryptedData {
408 get { return (_data == null) ? null : (byte[]) _data.Clone (); }
409 set { _data = (value == null) ? null : (byte[]) value.Clone (); }
410 }
411
412 public byte[] Salt {
413 get {
414 if (_salt == null) {
415 RandomNumberGenerator rng = RandomNumberGenerator.Create ();
416 _salt = new byte [8];
417 rng.GetBytes (_salt);
418 }
419 return (byte[]) _salt.Clone ();
420 }
421 set { _salt = (byte[]) value.Clone (); }
422 }
423
424 public int IterationCount {
425 get { return _iterations; }
426 set {
427 if (value < 0)
428 throw new ArgumentOutOfRangeException ("IterationCount", "Negative");
429 _iterations = value;
430 }
431 }
432
433 // methods
434
435 private void Decode (byte[] data)
436 {
437 ASN1 encryptedPrivateKeyInfo = new ASN1 (data);
438 if (encryptedPrivateKeyInfo.Tag != 0x30)
439 throw new CryptographicException ("invalid EncryptedPrivateKeyInfo");
440
441 ASN1 encryptionAlgorithm = encryptedPrivateKeyInfo [0];
442 if (encryptionAlgorithm.Tag != 0x30)
443 throw new CryptographicException ("invalid encryptionAlgorithm");
444 ASN1 algorithm = encryptionAlgorithm [0];
445 if (algorithm.Tag != 0x06)
446 throw new CryptographicException ("invalid algorithm");
447 _algorithm = ASN1Convert.ToOid (algorithm);
448 // parameters ANY DEFINED BY algorithm OPTIONAL
449 if (encryptionAlgorithm.Count > 1) {
450 ASN1 parameters = encryptionAlgorithm [1];
451 if (parameters.Tag != 0x30)
452 throw new CryptographicException ("invalid parameters");
453
454 ASN1 salt = parameters [0];
455 if (salt.Tag != 0x04)
456 throw new CryptographicException ("invalid salt");
457 _salt = salt.Value;
458
459 ASN1 iterationCount = parameters [1];
460 if (iterationCount.Tag != 0x02)
461 throw new CryptographicException ("invalid iterationCount");
462 _iterations = ASN1Convert.ToInt32 (iterationCount);
463 }
464
465 ASN1 encryptedData = encryptedPrivateKeyInfo [1];
466 if (encryptedData.Tag != 0x04)
467 throw new CryptographicException ("invalid EncryptedData");
468 _data = encryptedData.Value;
469 }
470
471 // Note: PKCS#8 doesn't define how to generate the key required for encryption
472 // so you're on your own. Just don't try to copy the big guys too much ;)
473 // Netscape: http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt
474 // Microsoft: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
475 public byte[] GetBytes ()
476 {
477 if (_algorithm == null)
478 throw new CryptographicException ("No algorithm OID specified");
479
480 ASN1 encryptionAlgorithm = new ASN1 (0x30);
481 encryptionAlgorithm.Add (ASN1Convert.FromOid (_algorithm));
482
483 // parameters ANY DEFINED BY algorithm OPTIONAL
484 if ((_iterations > 0) || (_salt != null)) {
485 ASN1 salt = new ASN1 (0x04, _salt);
486 ASN1 iterations = ASN1Convert.FromInt32 (_iterations);
487
488 ASN1 parameters = new ASN1 (0x30);
489 parameters.Add (salt);
490 parameters.Add (iterations);
491 encryptionAlgorithm.Add (parameters);
492 }
493
494 // encapsulates EncryptedData into an OCTET STRING
495 ASN1 encryptedData = new ASN1 (0x04, _data);
496
497 ASN1 encryptedPrivateKeyInfo = new ASN1 (0x30);
498 encryptedPrivateKeyInfo.Add (encryptionAlgorithm);
499 encryptedPrivateKeyInfo.Add (encryptedData);
500
501 return encryptedPrivateKeyInfo.GetBytes ();
502 }
503 }
504 }
505 }
git-svn mirror of mcs