search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix-38054
[mono-project.git] / mcs / class / corlib / System.Security.Cryptography / RSACryptoServiceProvider.cs
blob16fdfa15e5eb7a9d3b191fa793c83a036e558b7b
1 //
2 // RSACryptoServiceProvider.cs: Handles an RSA implementation.
3 //
4 // Authors:
5 // Sebastien Pouliot <sebastien@ximian.com>
6 // Ben Maurer (bmaurer@users.sf.net)
7 //
8 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
9 // Portions (C) 2003 Ben Maurer
10 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
11 //
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
19 //
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
22 //
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
30 //
31
32 using System.IO;
33 using System.Runtime.InteropServices;
34
35 using Mono.Security.Cryptography;
36
37 namespace System.Security.Cryptography {
38
39 public partial class RSACryptoServiceProvider {
40 private const int PROV_RSA_FULL = 1; // from WinCrypt.h
41 private const int AT_KEYEXCHANGE = 1;
42 private const int AT_SIGNATURE = 2;
43
44 private KeyPairPersistence store;
45 private bool persistKey;
46 private bool persisted;
47
48 private bool privateKeyExportable = true;
49 private bool m_disposed;
50
51 private RSAManaged rsa;
52
53 public RSACryptoServiceProvider ()
54 : this (1024)
55 {
56 // Here it's not clear if we need to generate a keypair
57 // (note: MS implementation generates a keypair in this case).
58 // However we:
59 // (a) often use this constructor to import an existing keypair.
60 // (b) take a LOT of time to generate the RSA keypair
61 // So we'll generate the keypair only when (and if) it's being
62 // used (or exported). This should save us a lot of time (at
63 // least in the unit tests).
64 }
65
66 public RSACryptoServiceProvider (CspParameters parameters)
67 : this (1024, parameters)
68 {
69 // no keypair generation done at this stage
70 }
71
72 public RSACryptoServiceProvider (int dwKeySize)
73 {
74 // Here it's clear that we need to generate a new keypair
75 Common (dwKeySize, false);
76 // no keypair generation done at this stage
77 }
78
79 public RSACryptoServiceProvider (int dwKeySize, CspParameters parameters)
80 {
81 bool has_parameters = parameters != null;
82 Common (dwKeySize, has_parameters);
83 if (has_parameters)
84 Common (parameters);
85 // no keypair generation done at this stage
86 }
87
88 void Common (int dwKeySize, bool parameters)
89 {
90 // Microsoft RSA CSP can do between 384 and 16384 bits keypair
91 LegalKeySizesValue = new KeySizes [1];
92 LegalKeySizesValue [0] = new KeySizes (384, 16384, 8);
93 base.KeySize = dwKeySize;
94
95 rsa = new RSAManaged (KeySize);
96 rsa.KeyGenerated += new RSAManaged.KeyGeneratedEventHandler (OnKeyGenerated);
97
98 persistKey = parameters;
99 if (parameters)
100 return;
101
102 // no need to load - it cannot exists
103 var p = new CspParameters (PROV_RSA_FULL);
104 if (UseMachineKeyStore)
105 p.Flags |= CspProviderFlags.UseMachineKeyStore;
106 store = new KeyPairPersistence (p);
107 }
108
109 void Common (CspParameters p)
110 {
111 store = new KeyPairPersistence (p);
112 bool exists = store.Load ();
113 bool required = (p.Flags & CspProviderFlags.UseExistingKey) != 0;
114 privateKeyExportable = (p.Flags & CspProviderFlags.UseNonExportableKey) == 0;
115
116 if (required && !exists)
117 throw new CryptographicException ("Keyset does not exist");
118
119 if (store.KeyValue != null) {
120 persisted = true;
121 FromXmlString (store.KeyValue);
122 }
123 }
124
125 ~RSACryptoServiceProvider ()
126 {
127 // Zeroize private key
128 Dispose (false);
129 }
130
131 public override string KeyExchangeAlgorithm {
132 get { return "RSA-PKCS1-KeyEx"; }
133 }
134
135 public override int KeySize {
136 get {
137 if (rsa == null)
138 return KeySizeValue;
139 else
140 return rsa.KeySize;
141 }
142 }
143
144 public bool PersistKeyInCsp {
145 get { return persistKey; }
146 set {
147 persistKey = value;
148 if (persistKey)
149 OnKeyGenerated (rsa, null);
150 }
151 }
152
153 [ComVisible (false)]
154 public bool PublicOnly {
155 get { return rsa.PublicOnly; }
156 }
157
158 public byte[] Decrypt (byte[] rgb, bool fOAEP)
159 {
160 if (rgb == null)
161 throw new ArgumentNullException("rgb");
162
163 // size check -- must be at most the modulus size
164 if (rgb.Length > (KeySize / 8))
165 throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", KeySize / 8));
166
167 if (m_disposed)
168 throw new ObjectDisposedException ("rsa");
169 // choose between OAEP or PKCS#1 v.1.5 padding
170 AsymmetricKeyExchangeDeformatter def = null;
171 if (fOAEP)
172 def = new RSAOAEPKeyExchangeDeformatter (rsa);
173 else
174 def = new RSAPKCS1KeyExchangeDeformatter (rsa);
175
176 return def.DecryptKeyExchange (rgb);
177 }
178
179 // NOTE: Unlike MS we need this method
180 // LAMESPEC: Not available from MS .NET framework but MS don't tell
181 // why! DON'T USE IT UNLESS YOU KNOW WHAT YOU ARE DOING!!! You should
182 // only encrypt/decrypt session (secret) key using asymmetric keys.
183 // Using this method to decrypt data IS dangerous (and very slow).
184 public override byte[] DecryptValue (byte[] rgb)
185 {
186 if (!rsa.IsCrtPossible)
187 throw new CryptographicException ("Incomplete private key - missing CRT.");
188
189 return rsa.DecryptValue (rgb);
190 }
191
192 public byte[] Encrypt (byte[] rgb, bool fOAEP)
193 {
194 // choose between OAEP or PKCS#1 v.1.5 padding
195 AsymmetricKeyExchangeFormatter fmt = null;
196 if (fOAEP)
197 fmt = new RSAOAEPKeyExchangeFormatter (rsa);
198 else
199 fmt = new RSAPKCS1KeyExchangeFormatter (rsa);
200
201 return fmt.CreateKeyExchange (rgb);
202 }
203
204 // NOTE: Unlike MS we need this method
205 // LAMESPEC: Not available from MS .NET framework but MS don't tell
206 // why! DON'T USE IT UNLESS YOU KNOW WHAT YOU ARE DOING!!! You should
207 // only encrypt/decrypt session (secret) key using asymmetric keys.
208 // Using this method to encrypt data IS dangerous (and very slow).
209 public override byte[] EncryptValue (byte[] rgb)
210 {
211 return rsa.EncryptValue (rgb);
212 }
213
214 public override RSAParameters ExportParameters (bool includePrivateParameters)
215 {
216 if ((includePrivateParameters) && (!privateKeyExportable))
217 throw new CryptographicException ("cannot export private key");
218
219 var rsaParams = rsa.ExportParameters (includePrivateParameters);
220 if (includePrivateParameters) {
221 // we want an ArgumentNullException is only the D is missing, but a
222 // CryptographicException if other parameters (CRT) are missings
223 if (rsaParams.D == null) {
224 throw new ArgumentNullException ("Missing D parameter for the private key.");
225 } else if ((rsaParams.P == null) || (rsaParams.Q == null) || (rsaParams.DP == null) ||
226 (rsaParams.DQ == null) || (rsaParams.InverseQ == null)) {
227 // note: we can import a private key, using FromXmlString,
228 // without the CRT parameters but we export it using ToXmlString!
229 throw new CryptographicException ("Missing some CRT parameters for the private key.");
230 }
231 }
232
233 return rsaParams;
234 }
235
236 public override void ImportParameters (RSAParameters parameters)
237 {
238 rsa.ImportParameters (parameters);
239 }
240
241 private HashAlgorithm GetHash (object halg)
242 {
243 if (halg == null)
244 throw new ArgumentNullException ("halg");
245
246 HashAlgorithm hash = null;
247 if (halg is String)
248 hash = GetHashFromString ((string) halg);
249 else if (halg is HashAlgorithm)
250 hash = (HashAlgorithm) halg;
251 else if (halg is Type)
252 hash = (HashAlgorithm) Activator.CreateInstance ((Type)halg);
253 else
254 throw new ArgumentException ("halg");
255
256 if (hash == null)
257 throw new ArgumentException (
258 "Could not find provider for halg='" + halg + "'.",
259 "halg");
260
261 return hash;
262 }
263
264 private HashAlgorithm GetHashFromString (string name)
265 {
266 HashAlgorithm hash = HashAlgorithm.Create (name);
267 if (hash != null)
268 return hash;
269 try {
270 return HashAlgorithm.Create (GetHashNameFromOID (name));
271 } catch (CryptographicException e) {
272 throw new ArgumentException (e.Message, "halg", e);
273 }
274 }
275
276 // NOTE: this method can work with ANY configured (OID in machine.config)
277 // HashAlgorithm descendant
278 public byte[] SignData (byte[] buffer, object halg)
279 {
280 if (buffer == null)
281 throw new ArgumentNullException ("buffer");
282 return SignData (buffer, 0, buffer.Length, halg);
283 }
284
285 // NOTE: this method can work with ANY configured (OID in machine.config)
286 // HashAlgorithm descendant
287 public byte[] SignData (Stream inputStream, object halg)
288 {
289 HashAlgorithm hash = GetHash (halg);
290 byte[] toBeSigned = hash.ComputeHash (inputStream);
291 return PKCS1.Sign_v15 (this, hash, toBeSigned);
292 }
293
294 // NOTE: this method can work with ANY configured (OID in machine.config)
295 // HashAlgorithm descendant
296 public byte[] SignData (byte[] buffer, int offset, int count, object halg)
297 {
298 HashAlgorithm hash = GetHash (halg);
299 byte[] toBeSigned = hash.ComputeHash (buffer, offset, count);
300 return PKCS1.Sign_v15 (this, hash, toBeSigned);
301 }
302
303 private string GetHashNameFromOID (string oid)
304 {
305 switch (oid) {
306 case "1.3.14.3.2.26":
307 return "SHA1";
308 case "1.2.840.113549.2.5":
309 return "MD5";
310 case "2.16.840.1.101.3.4.2.1":
311 return "SHA256";
312 case "2.16.840.1.101.3.4.2.2":
313 return "SHA384";
314 case "2.16.840.1.101.3.4.2.3":
315 return "SHA512";
316 default:
317 throw new CryptographicException (oid + " is an unsupported hash algorithm for RSA signing");
318 }
319 }
320
321 public byte[] SignHash (byte[] rgbHash, string str)
322 {
323 if (rgbHash == null)
324 throw new ArgumentNullException ("rgbHash");
325 // Fx 2.0 defaults to the SHA-1
326 string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
327 HashAlgorithm hash = HashAlgorithm.Create (hashName);
328 return PKCS1.Sign_v15 (this, hash, rgbHash);
329 }
330
331 byte[] SignHash(byte[] rgbHash, int calgHash)
332 {
333 return PKCS1.Sign_v15 (this, InternalHashToHashAlgorithm (calgHash), rgbHash);
334 }
335
336 static HashAlgorithm InternalHashToHashAlgorithm (int calgHash)
337 {
338 switch (calgHash) {
339 case Constants.CALG_MD5:
340 return MD5.Create ();
341 case Constants.CALG_SHA1:
342 return SHA1.Create ();
343 case Constants.CALG_SHA_256:
344 return SHA256.Create ();
345 case Constants.CALG_SHA_384:
346 return SHA384.Create ();
347 case Constants.CALG_SHA_512:
348 return SHA512.Create ();
349 }
350
351 throw new NotImplementedException (calgHash.ToString ());
352 }
353
354 // NOTE: this method can work with ANY configured (OID in machine.config)
355 // HashAlgorithm descendant
356 public bool VerifyData (byte[] buffer, object halg, byte[] signature)
357 {
358 if (buffer == null)
359 throw new ArgumentNullException ("buffer");
360 if (signature == null)
361 throw new ArgumentNullException ("signature");
362
363 HashAlgorithm hash = GetHash (halg);
364 byte[] toBeVerified = hash.ComputeHash (buffer);
365 return PKCS1.Verify_v15 (this, hash, toBeVerified, signature);
366 }
367
368 public bool VerifyHash (byte[] rgbHash, string str, byte[] rgbSignature)
369 {
370 if (rgbHash == null)
371 throw new ArgumentNullException ("rgbHash");
372 if (rgbSignature == null)
373 throw new ArgumentNullException ("rgbSignature");
374 // Fx 2.0 defaults to the SHA-1
375 string hashName = (str == null) ? "SHA1" : GetHashNameFromOID (str);
376 HashAlgorithm hash = HashAlgorithm.Create (hashName);
377 return PKCS1.Verify_v15 (this, hash, rgbHash, rgbSignature);
378 }
379
380 bool VerifyHash(byte[] rgbHash, int calgHash, byte[] rgbSignature)
381 {
382 return PKCS1.Verify_v15 (this, InternalHashToHashAlgorithm (calgHash), rgbHash, rgbSignature);
383 }
384
385 protected override void Dispose (bool disposing)
386 {
387 if (!m_disposed) {
388 // the key is persisted and we do not want it persisted
389 if ((persisted) && (!persistKey)) {
390 store.Remove (); // delete the container
391 }
392 if (rsa != null)
393 rsa.Clear ();
394 // call base class
395 // no need as they all are abstract before us
396 m_disposed = true;
397 }
398 }
399
400 // private stuff
401
402 private void OnKeyGenerated (object sender, EventArgs e)
403 {
404 // the key isn't persisted and we want it persisted
405 if ((persistKey) && (!persisted)) {
406 // save the current keypair
407 store.KeyValue = this.ToXmlString (!rsa.PublicOnly);
408 store.Save ();
409 persisted = true;
410 }
411 }
412 // ICspAsymmetricAlgorithm
413
414 [ComVisible (false)]
415 public CspKeyContainerInfo CspKeyContainerInfo {
416 get {
417 return new CspKeyContainerInfo(store.Parameters);
418 }
419 }
420
421 [ComVisible (false)]
422 public byte[] ExportCspBlob (bool includePrivateParameters)
423 {
424 byte[] blob = null;
425 if (includePrivateParameters)
426 blob = CryptoConvert.ToCapiPrivateKeyBlob (this);
427 else
428 blob = CryptoConvert.ToCapiPublicKeyBlob (this);
429
430 // ALGID (bytes 4-7) - default is KEYX
431 // 00 24 00 00 (for CALG_RSA_SIGN)
432 // 00 A4 00 00 (for CALG_RSA_KEYX)
433 blob [5] = (byte) (((store != null) && (store.Parameters.KeyNumber == AT_SIGNATURE)) ? 0x24 : 0xA4);
434 return blob;
435 }
436
437 [ComVisible (false)]
438 public void ImportCspBlob (byte[] keyBlob)
439 {
440 if (keyBlob == null)
441 throw new ArgumentNullException ("keyBlob");
442
443 RSA rsa = CryptoConvert.FromCapiKeyBlob (keyBlob);
444 if (rsa is RSACryptoServiceProvider) {
445 // default (if no change are present in machine.config)
446 RSAParameters rsap = rsa.ExportParameters (!(rsa as RSACryptoServiceProvider).PublicOnly);
447 ImportParameters (rsap);
448 } else {
449 // we can't know from RSA if the private key is available
450 try {
451 // so we try it...
452 RSAParameters rsap = rsa.ExportParameters (true);
453 ImportParameters (rsap);
454 }
455 catch {
456 // and fall back
457 RSAParameters rsap = rsa.ExportParameters (false);
458 ImportParameters (rsap);
459 }
460 }
461
462 var p = new CspParameters (PROV_RSA_FULL);
463 p.KeyNumber = keyBlob [5] == 0x24 ? AT_SIGNATURE : AT_KEYEXCHANGE;
464 if (UseMachineKeyStore)
465 p.Flags |= CspProviderFlags.UseMachineKeyStore;
466 store = new KeyPairPersistence (p);
467 }
468 }
469 }
Mirror of the official Mono project git repository