bool GetRsaEncryptDecryptParameters()
{
bool ok = true;
if (Parms.Keys.Contains(__data))
{
Data = Parms[__data];
Parms.Remove(__data);
}
else
{
Message += " * Data not specified.\r\n";
ok = false;
}
if (!Parms.Keys.Contains(__keycontainername) && !Parms.Keys.Contains(__keyfile))
{
Message += " * Specify either key container name or key file";
ok = false;
}
if (Parms.Keys.Contains(__keycontainername))
{
KeyContainerName = Parms[__keycontainername];
Parms.Remove(__keycontainername);
}
if (Parms.Keys.Contains(__keyfile))
{
if (!System.IO.File.Exists(Parms[__keyfile]))
{
Message += " * Unable to resolve Key File as path.\r\n";
ok = false;
}
else
{
KeyFile = Parms[__keyfile];
}
Parms.Remove(__keyfile);
}
if (Parms.Keys.Contains(__flags))
{
if (Enum.TryParse <CspProviderFlags>(Parms[__flags], true, out CspProviderFlags f))
{
Flags = f;
}
else
{
Message += " * Unknown CspProviderFlags.\r\n";
ok = false;
}
Parms.Remove(__flags);
}
else
{
Flags = CspProviderFlags.NoFlags;
}
return(ok);
}
static void RsaDecrypt(string data, string keyContainerName, string keyFilePath, CspProviderFlags flags, bool showHelp)
{
if (showHelp)
{
List <Parameter> parms = new List <Parameter>
{
new Parameter {
Key = "data", Type = typeof(string), HelpText = "Text to decrypt"
},
new Parameter {
Key = "[kcn]", Type = typeof(string), HelpText = "Key container name"
},
new Parameter {
Key = "[keyFile]", Type = typeof(string), HelpText = "Path to key file"
}
};
ConsoleColor defaultColor = Console.ForegroundColor;
Console_WriteLine($"Parameter options for Rsa decrypt:\r\n", ConsoleColor.Green);
WriteMethodParametersHelp(parms);
Console.WriteLine("\r\nNote:");
Console.WriteLine("Specify either key container name or path to key file.");
Console.ForegroundColor = defaultColor;
}
else
{
Console.WriteLine("Decrypting data using Rsa algorithm.\r\n");
Console.WriteLine(RsaHelpers.Decrypt(keyContainerName: keyContainerName, filePath: keyFilePath, flags: flags, value: data));
}
}
private static void ValidateProviderParameters(CspProviderFlags flags)
{
// Ели информацию о провайдере нужно взять из текущего ключа
if ((flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags)
{
const CspProviderFlags notExpectedFlags = CspProviderFlags.UseUserProtectedKey
| CspProviderFlags.UseArchivableKey
| CspProviderFlags.UseNonExportableKey;
if ((flags & notExpectedFlags) != CspProviderFlags.NoFlags)
{
throw ExceptionUtility.Argument("flags", Resources.InvalidCspProviderFlags);
}
}
// Если пользователь должен сам выбрать ключ (например, в диалоге)
if ((flags & CspProviderFlags.UseUserProtectedKey) != CspProviderFlags.NoFlags)
{
if (!Environment.UserInteractive)
{
throw ExceptionUtility.CryptographicException(Resources.UserInteractiveNotSupported);
}
new UIPermission(UIPermissionWindow.SafeTopLevelWindows).Demand();
}
}
public RSAKey(int keyLength, CspProviderFlags flags)
{
this.m_rsa = new RSACryptoServiceProvider(keyLength, new CspParameters
{
Flags = flags
});
}
private CspParameters CreateDefaultProviderParameters(CspProviderFlags defaultFlags = CspProviderFlags.UseMachineKeyStore)
{
return(new CspParameters(ProviderType.ToInt())
{
Flags = defaultFlags
});
}
static void Main(string[] args)
{
CspProviderFlags flag = CspProviderFlags.UseMachineKeyStore;
if (args.Length >= 1)
{
if (args[0].EndsWith(".pfx", StringComparison.OrdinalIgnoreCase) == true)
{
Console.WriteLine(GetKeyContainerName(args[0]));
return;
}
flag = (CspProviderFlags)Enum.Parse(typeof(CspProviderFlags), args[0]);
}
foreach (var kc in KeyUtilities.EnumerateKeyContainers("Microsoft Strong Cryptographic Provider"))
{
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = kc;
cspParams.Flags = flag;
using (RSACryptoServiceProvider prov = new RSACryptoServiceProvider(cspParams))
{
if (prov.CspKeyContainerInfo.Exportable)
{
var blob = prov.ExportCspBlob(true);
StrongNameKeyPair kp = new StrongNameKeyPair(prov.ExportCspBlob(false));
Console.WriteLine(kc + " pk length:" + kp.PublicKey.Length);
}
}
Console.WriteLine();
}
}
public bool VerifySignature(string keyContainerName, string filePath, CspProviderFlags flags)
{
SHA1Managed hash = new SHA1Managed();
RSACryptoServiceProvider rsa = CryptoHelpers.LoadRsaKeys(keyContainerName, filePath, flags);
//the data was signed /without/ Signature having a value, so remove/cache the value
string sig = Signature;
Signature = null;
byte[] signature = CryptoHelpers.DecodeToBytes(sig);
byte[] planBytes = Encoding.UTF8.GetBytes(ToYaml());
bool ok = rsa.VerifyData(planBytes, CryptoConfig.MapNameToOID("SHA1"), signature);
if (ok)
{
byte[] hashedData = hash.ComputeHash(planBytes);
ok = rsa.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signature);
}
//put the Signature back in place.
Signature = sig;
return(ok);
}
public KeyContainerStore(string storeType)
{
flags = "machine".Equals(storeType)
? CspProviderFlags.UseMachineKeyStore
: CspProviderFlags.UseUserProtectedKey;
Log.Verbose($"using key container, flags: {flags}");
}
private CspParameters(int providerType, string providerName, string keyContainerName, CspProviderFlags flags)
{
ProviderType = providerType;
ProviderName = providerName;
KeyContainerName = keyContainerName;
KeyNumber = -1;
Flags = flags;
}
internal CspParameters(int providerType, string providerName, string keyContainerName, CspProviderFlags flags)
{
this.ProviderType = providerType;
this.ProviderName = providerName;
this.KeyContainerName = keyContainerName;
this.KeyNumber = -1;
this.Flags = flags;
}
private CspParameters(int providerType, string providerName, string keyContainerName, CspProviderFlags flags)
{
ProviderType = providerType;
ProviderName = providerName;
KeyContainerName = keyContainerName;
KeyNumber = -1;
Flags = flags;
}
public KeyContainerStore(string storeType)
{
flags = "machine".Equals(storeType)
? CspProviderFlags.UseMachineKeyStore
: CspProviderFlags.UseUserProtectedKey;
Log.Verbose($"using key container, flags: {flags}");
}
//Copy constructor
internal CspParameters(CspParameters parameters)
{
ProviderType = parameters.ProviderType;
ProviderName = parameters.ProviderName;
KeyContainerName = parameters.KeyContainerName;
KeyNumber = parameters.KeyNumber;
Flags = parameters.Flags;
_parentWindowHandle = parameters._parentWindowHandle;
}
//Copy constructor
internal CspParameters(CspParameters parameters)
{
ProviderType = parameters.ProviderType;
ProviderName = parameters.ProviderName;
KeyContainerName = parameters.KeyContainerName;
KeyNumber = parameters.KeyNumber;
Flags = parameters.Flags;
_parentWindowHandle = parameters._parentWindowHandle;
}
public void CreateTest1()
{
CspParameters cspParam = SysKeyManager.Create(1024, "DSA", "Test Key Data");
CspProviderFlags flags = cspParam.Flags;
Assert.AreEqual("UseArchivableKey", flags.ToString());
Assert.AreEqual("Test_Key_Data", cspParam.KeyContainerName);
Assert.AreEqual <int>(13, cspParam.ProviderType);
//CryptoKeySecurity sy = cspParam.CryptoKeySecurity;
}
public void Flags()
{
CspProviderFlags cpf = CspProviderFlags.UseDefaultKeyContainer | CspProviderFlags.UseMachineKeyStore
| CspProviderFlags.NoFlags | CspProviderFlags.NoPrompt
| CspProviderFlags.UseArchivableKey | CspProviderFlags.UseExistingKey
| CspProviderFlags.UseNonExportableKey | CspProviderFlags.UseUserProtectedKey;
int expected = 127;
Assert.AreEqual(expected, (int)cpf, "All");
}
/// <summary>
/// Delete a RSA key from the Windows KeyStore
/// </summary>
/// <param name="ContainerName">Container name</param>
/// <param name="csppf">CspProviderFlags</param>
public static void DeleteFromWinKeyStore(string ContainerName, CspProviderFlags csppf = CspProviderFlags.UseMachineKeyStore)
{
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
cp.Flags = csppf;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp))
{
rsa.PersistKeyInCsp = false;
rsa.Clear();
}
}
/// <summary>
/// Writes a copy of this key into the local Csp store with the given options
/// </summary>
public void WriteToStore(string name, CspProviderFlags flags)
{
CspParameters cp = new CspParameters();
cp.KeyContainerName = name;
cp.Flags = flags;
RSACryptoServiceProvider csp = new RSACryptoServiceProvider(cp);
csp.ImportCspBlob(RSAKey.ExportCspBlob(IsPrivateKey));
csp.PersistKeyInCsp = true;
csp.Clear();
}
internal CspParameters(CspParameters parameters)
: this(parameters.ProviderType, parameters.ProviderName, parameters.KeyContainerName)
{
if (parameters.CryptoKeySecurity != null)
{
CryptoKeySecurity = parameters.CryptoKeySecurity;
}
_Flags = parameters.Flags;
KeyNumber = parameters.KeyNumber;
_password = parameters.KeyPassword;
_windowHandle = parameters.ParentWindowHandle;
}
internal DsaKeyLifetime(CspParameters cspParameters)
{
const CspProviderFlags CopyableFlags =
CspProviderFlags.UseMachineKeyStore;
_cspParameters = new CspParameters(
cspParameters.ProviderType,
cspParameters.ProviderName,
cspParameters.KeyContainerName)
{
// If the test failed before creating the key, don't bother recreating it.
Flags = (cspParameters.Flags & CopyableFlags) | CspProviderFlags.UseExistingKey,
};
}
public void Sign(string keyContainerName, string filePath, CspProviderFlags flags)
{
SHA1Managed hash = new SHA1Managed();
RSACryptoServiceProvider rsa = CryptoHelpers.LoadRsaKeys(keyContainerName, filePath, flags);
//initialize Signature to null so any existing value isn't computed into the hash.
Signature = null;
byte[] planBytes = Encoding.UTF8.GetBytes(ToYaml());
byte[] hashedData = hash.ComputeHash(planBytes);
byte[] signature = rsa.SignHash(hashedData, CryptoConfig.MapNameToOID("SHA1"));
Signature = CryptoHelpers.Encode(signature);
}
private static uint MapCspProviderFlags(CspProviderFlags flags)
{
uint dwFlags = 0;
if ((flags & CspProviderFlags.UseMachineKeyStore) != CspProviderFlags.NoFlags)
{
dwFlags |= Constants.CRYPT_MACHINE_KEYSET;
}
if ((flags & CspProviderFlags.NoPrompt) != CspProviderFlags.NoFlags)
{
dwFlags |= Constants.CRYPT_PREGEN;
}
return(dwFlags);
}
private static void ValidateCspFlags(CspProviderFlags flags)
{
if ((flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags)
{
CspProviderFlags flags2 = CspProviderFlags.UseUserProtectedKey | CspProviderFlags.UseArchivableKey | CspProviderFlags.UseNonExportableKey;
if ((flags & flags2) != CspProviderFlags.NoFlags)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidFlag"));
}
}
if ((flags & CspProviderFlags.UseUserProtectedKey) != CspProviderFlags.NoFlags)
{
if (!Environment.UserInteractive)
{
throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NotInteractive"));
}
new UIPermission(UIPermissionWindow.SafeTopLevelWindows).Demand();
}
}
private static uint MapCspKeyFlags(CspProviderFlags flags)
{
uint dwFlags = 0;
if ((flags & CspProviderFlags.UseNonExportableKey) == CspProviderFlags.NoFlags)
{
dwFlags |= Constants.CRYPT_EXPORTABLE;
}
if ((flags & CspProviderFlags.UseArchivableKey) != CspProviderFlags.NoFlags)
{
dwFlags |= Constants.CRYPT_ARCHIVABLE;
}
if ((flags & CspProviderFlags.UseUserProtectedKey) != CspProviderFlags.NoFlags)
{
dwFlags |= Constants.CRYPT_USER_PROTECTED;
}
return(dwFlags);
}
/// <summary>
/// Validates the CSP flags are expected
/// </summary>
/// <param name="flags">CSP provider flags</param>
private static void ValidateCspFlags(CspProviderFlags flags)
{
// check that the flags are consistent.
if (IsFlagBitSet((uint)flags, (uint)CspProviderFlags.UseExistingKey))
{
CspProviderFlags keyFlags = (CspProviderFlags.UseNonExportableKey |
CspProviderFlags.UseArchivableKey |
CspProviderFlags.UseUserProtectedKey);
if ((flags & keyFlags) != CspProviderFlags.NoFlags)
{
throw new ArgumentException(SR.Format(SR.Argument_InvalidValue, Convert.ToString(flags)));
}
}
}
/// <summary>
/// Helper method to save the CSP parameters.
/// </summary>
/// <param name="keyType">CSP algorithm type</param>
/// <param name="userParameters">CSP Parameters passed by user</param>
/// <param name="defaultFlags">flags </param>
/// <param name="randomKeyContainer">identifies if it is random key container</param>
/// <returns></returns>
internal static CspParameters SaveCspParameters(
CspAlgorithmType keyType,
CspParameters userParameters,
CspProviderFlags defaultFlags,
out bool randomKeyContainer)
{
CspParameters parameters;
if (userParameters == null)
{
parameters = new CspParameters(keyType == CspAlgorithmType.Dss ?
(int)ProviderType.PROV_DSS_DH : DefaultRsaProviderType,
null, null, defaultFlags);
}
else
{
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = keyType == CapiHelper.CspAlgorithmType.Dss ? (int)KeyNumber.Signature : (int)KeyNumber.Exchange;
}
else if (parameters.KeyNumber == CALG_DSS_SIGN || parameters.KeyNumber == CALG_RSA_SIGN)
{
parameters.KeyNumber = (int)KeyNumber.Signature;
}
else if (parameters.KeyNumber == CALG_RSA_KEYX)
{
parameters.KeyNumber = (int)KeyNumber.Exchange;
}
// If no key container was specified and UseDefaultKeyContainer is not used, then use CRYPT_VERIFYCONTEXT
// to generate an ephemeral key
randomKeyContainer = IsFlagBitSet((uint)parameters.Flags, (uint)CspProviderFlags.CreateEphemeralKey);
if (parameters.KeyContainerName == null && !IsFlagBitSet((uint)parameters.Flags,
(uint)CspProviderFlags.UseDefaultKeyContainer))
{
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
public static CspParameters GetProvParameters(this SafeProvOrNCryptKeyHandle handle)
{
// A normal key container name is a GUID (~34 bytes ASCII)
// The longest standard provider name is 64 bytes (including the \0),
// but we shouldn't have a CAPI call with a software CSP.
//
// In debug builds use a buffer which will need to be resized, but is big
// enough to hold the DWORD "can't fail" values.
Span <byte> stackSpan = stackalloc byte[
#if DEBUG
sizeof(int)
#else
64
#endif
];
stackSpan.Clear();
int size = stackSpan.Length;
if (!Interop.Advapi32.CryptGetProvParam(handle, CryptProvParam.PP_PROVTYPE, stackSpan, ref size))
{
throw Interop.CPError.GetLastWin32Error().ToCryptographicException();
}
if (size != sizeof(int))
{
Debug.Fail("PP_PROVTYPE writes a DWORD - enum misalignment?");
throw new CryptographicException();
}
int provType = MemoryMarshal.Read <int>(stackSpan.Slice(0, size));
size = stackSpan.Length;
if (!Interop.Advapi32.CryptGetProvParam(handle, CryptProvParam.PP_KEYSET_TYPE, stackSpan, ref size))
{
throw Interop.CPError.GetLastWin32Error().ToCryptographicException();
}
if (size != sizeof(int))
{
Debug.Fail("PP_KEYSET_TYPE writes a DWORD - enum misalignment?");
throw new CryptographicException();
}
int keysetType = MemoryMarshal.Read <int>(stackSpan.Slice(0, size));
// Only CRYPT_MACHINE_KEYSET is described as coming back, but be defensive.
CspProviderFlags provFlags =
((CspProviderFlags)keysetType & CspProviderFlags.UseMachineKeyStore) |
CspProviderFlags.UseExistingKey;
byte[] rented = null;
Span <byte> asciiStringBuf = stackSpan;
string provName = GetStringProvParam(handle, CryptProvParam.PP_NAME, ref asciiStringBuf, ref rented, 0);
int maxClear = provName.Length;
string keyName = GetStringProvParam(handle, CryptProvParam.PP_CONTAINER, ref asciiStringBuf, ref rented, maxClear);
maxClear = Math.Max(maxClear, keyName.Length);
if (rented != null)
{
CryptoPool.Return(rented, maxClear);
}
return(new CspParameters(provType)
{
Flags = provFlags,
KeyContainerName = keyName,
ProviderName = provName,
});
}
private static void ValidateCspFlags(CspProviderFlags flags)
{
if ((flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags)
{
CspProviderFlags flags2 = CspProviderFlags.UseUserProtectedKey | CspProviderFlags.UseArchivableKey | CspProviderFlags.UseNonExportableKey;
if ((flags & flags2) != CspProviderFlags.NoFlags)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidFlag"));
}
}
if ((flags & CspProviderFlags.UseUserProtectedKey) != CspProviderFlags.NoFlags)
{
if (!Environment.UserInteractive)
{
throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NotInteractive"));
}
new UIPermission(UIPermissionWindow.SafeTopLevelWindows).Demand();
}
}
internal static extern void _GenerateKey(SafeProvHandle hProv, int algid, CspProviderFlags flags, int keySize, ref SafeKeyHandle hKey);
internal static extern void _ImportKey(SafeProvHandle hCSP, int keyNumber, CspProviderFlags flags, object cspObject, ref SafeKeyHandle hKey);
public KeyContainerStore(string storeType)
{
flags = storeType == "machine"
? CspProviderFlags.UseMachineKeyStore
: CspProviderFlags.UseUserProtectedKey;
}
private static void ValidateProviderParameters(CspProviderFlags flags)
{
// Ели информацию о провайдере нужно взять из текущего ключа
if ((flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags)
{
const CspProviderFlags notExpectedFlags = CspProviderFlags.UseUserProtectedKey
| CspProviderFlags.UseArchivableKey
| CspProviderFlags.UseNonExportableKey;
if ((flags & notExpectedFlags) != CspProviderFlags.NoFlags)
{
throw ExceptionUtility.Argument("flags", Resources.InvalidCspProviderFlags);
}
}
// Если пользователь должен сам выбрать ключ (например, в диалоге)
if ((flags & CspProviderFlags.UseUserProtectedKey) != CspProviderFlags.NoFlags)
{
if (!Environment.UserInteractive)
{
throw ExceptionUtility.CryptographicException(Resources.UserInteractiveNotSupported);
}
new UIPermission(UIPermissionWindow.SafeTopLevelWindows).Demand();
}
}
internal static extern void _GenerateKey(SafeProvHandle hProv, int algid, CspProviderFlags flags, int keySize, ref SafeKeyHandle hKey);
internal static CspParameters SaveCspParameters (CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer) {
#if SILVERLIGHT
Contract.Assert(keyType == CspAlgorithmType.Rsa, "Only RSA is supported in Silverlight");
#endif // SILVERLIGHT
CspParameters parameters;
if (userParameters == null) {
#if !SILVERLIGHT
parameters = new CspParameters(keyType == CspAlgorithmType.Dss ? Constants.PROV_DSS_DH : DefaultRsaProviderType, null, null, defaultFlags);
#else // !SILVERLIGHT
parameters = new CspParameters();
#endif // !SILVERLIGHT
} else {
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
#if !SILVERLIGHT
if (parameters.KeyNumber == -1)
parameters.KeyNumber = keyType == CspAlgorithmType.Dss ? Constants.AT_SIGNATURE : Constants.AT_KEYEXCHANGE;
else if (parameters.KeyNumber == Constants.CALG_DSS_SIGN || parameters.KeyNumber == Constants.CALG_RSA_SIGN)
parameters.KeyNumber = Constants.AT_SIGNATURE;
else if (parameters.KeyNumber == Constants.CALG_RSA_KEYX)
parameters.KeyNumber = Constants.AT_KEYEXCHANGE;
#else // !SILVERLIGHT
if (parameters.KeyNumber == -1) {
parameters.KeyNumber = (int)CapiNative.KeySpec.Signature;
}
#endif // !SILVERLIGHT
// If no key container was specified and UseDefaultKeyContainer is not used, then use CRYPT_VERIFYCONTEXT
// to generate an ephemeral key
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if (parameters.KeyContainerName == null && (parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == 0) {
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
extern public static byte[] GetKey(int algorithm, String name, CspProviderFlags flag, out int result);
public static SafeKeyHandleImpl GenerateKey(SafeProvHandleImpl providerHandle, int algId, CspProviderFlags flags)
{
var keyHandle = SafeKeyHandleImpl.InvalidHandle;
var dwFlags = MapCspKeyFlags(flags);
if (!CryptoApi.CryptGenKey(providerHandle, (uint)algId, dwFlags, ref keyHandle))
{
throw CreateWin32Error();
}
return(keyHandle);
}
internal static extern int _ImportCspBlob(byte[] keyBlob, SafeProvHandle hProv, CspProviderFlags flags, ref SafeKeyHandle hKey);
/// <summary>
/// Validates the CSP flags are expected
/// </summary>
/// <param name="flags">CSP provider flags</param>
private static void ValidateCspFlags(CspProviderFlags flags)
{
// check that the flags are consistent.
if (IsFlagBitSet((uint)flags, (uint)CspProviderFlags.UseExistingKey))
{
CspProviderFlags keyFlags = (CspProviderFlags.UseNonExportableKey |
CspProviderFlags.UseArchivableKey |
CspProviderFlags.UseUserProtectedKey);
if ((flags & keyFlags) != CspProviderFlags.NoFlags)
{
throw new ArgumentException(SR.Format(SR.Argument_InvalidValue, Convert.ToString(flags)));
}
}
//TODO : I don't think we need following commented code. Leaving it now for confirming the same
// during code review. Reviewers please let me kn know?
// make sure we are allowed to display the key protection UI if a user protected key is requested.
//if ((flags & CspProviderFlags.UseUserProtectedKey) != 0)
//{
// // UI only allowed in interactive session.
// if (!System.Environment.UserInteractive)
// {
// throw new InvalidOperationException(("Cryptography_NotInteractive"));
// }
// // we need to demand UI permission here.
// UIPermission uiPermission = new UIPermission(UIPermissionWindow.SafeTopLevelWindows);
// uiPermission.Demand();
//}
}
internal static CspParameters SaveCspParameters(CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer)
{
CspParameters parameters;
if (userParameters == null)
{
parameters = new CspParameters((keyType == CspAlgorithmType.Dss) ? 13 : DefaultRsaProviderType, null, null, defaultFlags);
}
else
{
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = (keyType == CspAlgorithmType.Dss) ? 2 : 1;
}
else if ((parameters.KeyNumber == 0x2200) || (parameters.KeyNumber == 0x2400))
{
parameters.KeyNumber = 2;
}
else if (parameters.KeyNumber == 0xa400)
{
parameters.KeyNumber = 1;
}
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if ((parameters.KeyContainerName == null) && ((parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags))
{
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return(parameters);
}
/// <summary>
/// Helper for Import CSP
/// </summary>
internal static void ImportKeyBlob(SafeProvHandle saveProvHandle, CspProviderFlags flags, byte[] keyBlob, out SafeKeyHandle safeKeyHandle)
{
// Compat note: This isn't the same check as the one done by the CLR _ImportCspBlob QCall,
// but this does match the desktop CLR behavior and the only scenarios it
// affects are cases where a corrupt blob is passed in.
bool isPublic = keyBlob.Length > 0 && keyBlob[0] == CapiHelper.PUBLICKEYBLOB;
int dwCapiFlags = MapCspKeyFlags((int)flags);
if (isPublic)
{
dwCapiFlags &= ~(int)(CryptGenKeyFlags.CRYPT_EXPORTABLE);
}
SafeKeyHandle hKey;
if (!Interop.CryptImportKey(saveProvHandle, keyBlob, keyBlob.Length, SafeKeyHandle.InvalidHandle, dwCapiFlags, out hKey))
{
int hr = Marshal.GetHRForLastWin32Error();
hKey.Dispose();
throw hr.ToCryptographicException();
}
hKey.PublicOnly = isPublic;
safeKeyHandle = hKey;
return;
}
internal CspParameters(int providerType, string providerName, string keyContainerName, CspProviderFlags flags)
{
this.ProviderType = providerType;
this.ProviderName = providerName;
this.KeyContainerName = keyContainerName;
this.KeyNumber = -1;
this.Flags = flags;
}
private static CspParameters CreateProviderParameters(CspParameters providerParameters, CspProviderFlags defaultFlags, out bool randomKeyContainer)
{
CspParameters parameters;
if (providerParameters == null)
{
parameters = new CspParameters(GostCryptoConfig.ProviderType) { Flags = defaultFlags };
}
else
{
ValidateProviderParameters(providerParameters.Flags);
parameters = new CspParameters(providerParameters.ProviderType, providerParameters.ProviderName, providerParameters.KeyContainerName) { Flags = providerParameters.Flags, KeyNumber = providerParameters.KeyNumber };
}
// Установка типа ключа
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = (int)KeyNumber.Exchange;
}
else if (parameters.KeyNumber == Constants.CALG_GR3410EL)
{
parameters.KeyNumber = (int)KeyNumber.Signature;
}
else if (parameters.KeyNumber == Constants.CALG_DH_EL_SF)
{
parameters.KeyNumber = (int)KeyNumber.Exchange;
}
// Использовать автогенерированный контейнер
randomKeyContainer = ((parameters.KeyContainerName == null) && ((parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags));
if (randomKeyContainer)
{
parameters.KeyContainerName = Guid.NewGuid().ToString();
}
return parameters;
}
/// <summary>
/// Writes a copy of this key into the local Csp store with the given options
/// </summary>
public void WriteToStore(string name, CspProviderFlags flags)
{
CspParameters cp = new CspParameters();
cp.KeyContainerName = name;
cp.Flags = flags;
RSACryptoServiceProvider csp = new RSACryptoServiceProvider(cp);
csp.ImportCspBlob(RSAKey.ExportCspBlob(IsPrivateKey));
csp.PersistKeyInCsp = true;
csp.Clear();
}
internal static extern int _ImportCspBlob(byte[] keyBlob, SafeProvHandle hProv, CspProviderFlags flags, ref SafeKeyHandle hKey);
public static RSACryptoServiceProvider LoadRsaKeys(string keyContainerName = null, string filePath = null, CspProviderFlags flags = CspProviderFlags.NoFlags)
{
CspParameters cspParams = new CspParameters
{
KeyContainerName = keyContainerName,
Flags = flags
};
return(LoadRsaKeys(cspParams, !string.IsNullOrWhiteSpace(keyContainerName) ? null : filePath));
}
internal static CspParameters SaveCspParameters(CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer)
{
CspParameters cspParameters;
if (userParameters == null)
{
cspParameters = new CspParameters(keyType == CspAlgorithmType.Dss ? 13 : 24, (string)null, (string)null, defaultFlags);
}
else
{
Utils.ValidateCspFlags(userParameters.Flags);
cspParameters = new CspParameters(userParameters);
}
if (cspParameters.KeyNumber == -1)
{
cspParameters.KeyNumber = keyType == CspAlgorithmType.Dss ? 2 : 1;
}
else if (cspParameters.KeyNumber == 8704 || cspParameters.KeyNumber == 9216)
{
cspParameters.KeyNumber = 2;
}
else if (cspParameters.KeyNumber == 41984)
{
cspParameters.KeyNumber = 1;
}
randomKeyContainer = (cspParameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if (cspParameters.KeyContainerName == null && (cspParameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags)
{
cspParameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return(cspParameters);
}
internal CspParameters(CspParameters parameters)
: this(parameters.ProviderType, parameters.ProviderName, parameters.KeyContainerName)
{
if (parameters.CryptoKeySecurity != null)
CryptoKeySecurity = parameters.CryptoKeySecurity;
_Flags = parameters.Flags;
KeyNumber = parameters.KeyNumber;
_password = parameters.KeyPassword;
_windowHandle = parameters.ParentWindowHandle;
}
internal static CspParameters SaveCspParameters (CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer) {
CspParameters parameters;
if (userParameters == null) {
parameters = new CspParameters(keyType == CspAlgorithmType.Dss ? Constants.PROV_DSS_DH : DefaultRsaProviderType, null, null, defaultFlags);
} else {
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
parameters.KeyNumber = keyType == CspAlgorithmType.Dss ? Constants.AT_SIGNATURE : Constants.AT_KEYEXCHANGE;
else if (parameters.KeyNumber == Constants.CALG_DSS_SIGN || parameters.KeyNumber == Constants.CALG_RSA_SIGN)
parameters.KeyNumber = Constants.AT_SIGNATURE;
else if (parameters.KeyNumber == Constants.CALG_RSA_KEYX)
parameters.KeyNumber = Constants.AT_KEYEXCHANGE;
// If no key container was specified and UseDefaultKeyContainer is not used, then use CRYPT_VERIFYCONTEXT
// to generate an ephemeral key
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if (parameters.KeyContainerName == null && (parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == 0) {
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
internal static extern void _ImportKey(SafeProvHandle hCSP, int keyNumber, CspProviderFlags flags, object cspObject, ref SafeKeyHandle hKey);
[System.Security.SecurityCritical] // auto-generated
private static void ValidateCspFlags (CspProviderFlags flags) {
// check that the flags are consistent.
if ((flags & CspProviderFlags.UseExistingKey) != 0) {
CspProviderFlags keyFlags = (CspProviderFlags.UseNonExportableKey | CspProviderFlags.UseArchivableKey | CspProviderFlags.UseUserProtectedKey);
if ((flags & keyFlags) != CspProviderFlags.NoFlags)
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidFlag"));
}
// make sure we are allowed to display the key protection UI if a user protected key is requested.
if ((flags & CspProviderFlags.UseUserProtectedKey) != 0) {
// UI only allowed in interactive session.
if (!System.Environment.UserInteractive)
throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NotInteractive"));
// we need to demand UI permission here.
UIPermission uiPermission = new UIPermission(UIPermissionWindow.SafeTopLevelWindows);
uiPermission.Demand();
}
}
internal static CspParameters SaveCspParameters(CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer)
{
CspParameters parameters;
if (userParameters == null)
{
parameters = new CspParameters((keyType == CspAlgorithmType.Dss) ? 13 : DefaultRsaProviderType, null, null, defaultFlags);
}
else
{
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = (keyType == CspAlgorithmType.Dss) ? 2 : 1;
}
else if ((parameters.KeyNumber == 0x2200) || (parameters.KeyNumber == 0x2400))
{
parameters.KeyNumber = 2;
}
else if (parameters.KeyNumber == 0xa400)
{
parameters.KeyNumber = 1;
}
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if ((parameters.KeyContainerName == null) && ((parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags))
{
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
