[System.Security.SecurityCritical] // auto-generated
internal static byte[] RsaOaepDecrypt (RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData) {
int cb = rsa.KeySize / 8;
// 1. Decode the input data
// It is important that the Integer to Octet String conversion errors be indistinguishable from the other decoding
// errors to protect against chosen cipher text attacks
// A lecture given by James Manger during Crypto 2001 explains the issue in details
byte[] data = null;
try {
data = rsa.DecryptValue(encryptedData);
}
catch (CryptographicException) {
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
// 2. Create the hash object so we can get its size info.
int cbHash = hash.HashSize / 8;
// 3. Let maskedSeed be the first hLen octects and maskedDB
// be the remaining bytes.
int zeros = cb - data.Length;
if (zeros < 0 || zeros >= cbHash)
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
byte[] seed = new byte[cbHash];
Buffer.InternalBlockCopy(data, 0, seed, zeros, seed.Length - zeros);
byte[] DB = new byte[data.Length - seed.Length + zeros];
Buffer.InternalBlockCopy(data, seed.Length - zeros, DB, 0, DB.Length);
// 4. seedMask = MGF(maskedDB, hLen);
byte[] mask = mgf.GenerateMask(DB, seed.Length);
// 5. seed = seedMask XOR maskedSeed
int i = 0;
for (i=0; i < seed.Length; i++) {
seed[i] ^= mask[i];
}
// 6. dbMask = MGF(seed, |EM| - hLen);
mask = mgf.GenerateMask(seed, DB.Length);
// 7. DB = maskedDB xor dbMask
for (i=0; i < DB.Length; i++) {
DB[i] = (byte) (DB[i] ^ mask[i]);
}
// 8. pHash = HASH(P)
hash.ComputeHash(EmptyArray<Byte>.Value);
// 9. DB = pHash' || PS || 01 || M
// 10. Check that pHash = pHash'
byte[] hashValue = hash.Hash;
for (i=0; i < cbHash; i++) {
if (DB[i] != hashValue[i])
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
// Check that PS is all zeros
for (; i<DB.Length; i++) {
if (DB[i] == 1)
break;
else if (DB[i] != 0)
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
if (i == DB.Length)
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
i++; // skip over the one
// 11. Output M.
byte[] output = new byte[DB.Length - i];
Buffer.InternalBlockCopy(DB, i, output, 0, output.Length);
return output;
}
[System.Security.SecuritySafeCritical] // auto-generated
public override byte[] CreateSignature(byte[] rgbHash)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash));
}
else
{
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Create the signature by applying the private key to the padded buffer we just created.
return(_rsaKey.DecryptValue(pad));
}
}
/******************* Public Methods *************************/
/// <include file='doc\RSAPKCS1KeyExchangeDeformatter.uex' path='docs/doc[@for="RSAPKCS1KeyExchangeDeformatter.DecryptKeyExchange"]/*' />
public override byte[] DecryptKeyExchange(byte[] rgbIn)
{
byte[] rgbOut;
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_PKCS1Decoding"));
}
if (_rsaKey is RSACryptoServiceProvider)
{
rgbOut = ((RSACryptoServiceProvider)_rsaKey).Decrypt(rgbIn, false);
}
else
{
int i;
byte[] rgb;
rgb = _rsaKey.DecryptValue(rgbIn);
//
// Expected format is:
// 00 || 02 || PS || 00 || D
// where PS does not contain any zeros.
//
for (i = 2; i < rgb.Length; i++)
{
if (rgb[i] == 0)
{
break;
}
}
if (i >= rgb.Length)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
i++; // Skip over the zero
rgbOut = new byte[rgb.Length - i];
Buffer.InternalBlockCopy(rgb, i, rgbOut, 0, rgbOut.Length);
}
return(rgbOut);
}
[System.Security.SecuritySafeCritical] // auto-generated
public override byte[] CreateSignature(byte[] rgbHash)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
// This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but
// not from OidToHashAlgorithmName.
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash));
}
else if (OverridesSignHash)
{
HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID);
return(_rsaKey.SignHash(rgbHash, hashAlgorithmName, RSASignaturePadding.Pkcs1));
}
else
{
// Fallback compat path for 3rd-party RSA classes that don't override SignHash()
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Create the signature by applying the private key to the padded buffer we just created.
return(_rsaKey.DecryptValue(pad));
}
}
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData)
{
int num = rsa.KeySize / 8;
byte[] numArray1;
try
{
numArray1 = rsa.DecryptValue(encryptedData);
}
catch (CryptographicException ex)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
int length = hash.HashSize / 8;
int dstOffsetBytes = num - numArray1.Length;
if (dstOffsetBytes < 0 || dstOffsetBytes >= length)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
byte[] rgbSeed1 = new byte[length];
Buffer.InternalBlockCopy((Array)numArray1, 0, (Array)rgbSeed1, dstOffsetBytes, rgbSeed1.Length - dstOffsetBytes);
byte[] rgbSeed2 = new byte[numArray1.Length - rgbSeed1.Length + dstOffsetBytes];
Buffer.InternalBlockCopy((Array)numArray1, rgbSeed1.Length - dstOffsetBytes, (Array)rgbSeed2, 0, rgbSeed2.Length);
byte[] mask1 = mgf.GenerateMask(rgbSeed2, rgbSeed1.Length);
for (int index = 0; index < rgbSeed1.Length; ++index)
{
rgbSeed1[index] ^= mask1[index];
}
byte[] mask2 = mgf.GenerateMask(rgbSeed1, rgbSeed2.Length);
for (int index = 0; index < rgbSeed2.Length; ++index)
{
rgbSeed2[index] = (byte)((uint)rgbSeed2[index] ^ (uint)mask2[index]);
}
hash.ComputeHash(EmptyArray <byte> .Value);
byte[] hash1 = hash.Hash;
int index1;
for (index1 = 0; index1 < length; ++index1)
{
if ((int)rgbSeed2[index1] != (int)hash1[index1])
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
}
for (; index1 < rgbSeed2.Length && (int)rgbSeed2[index1] != 1; ++index1)
{
if ((int)rgbSeed2[index1] != 0)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
}
if (index1 == rgbSeed2.Length)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
int srcOffsetBytes = index1 + 1;
byte[] numArray2 = new byte[rgbSeed2.Length - srcOffsetBytes];
Buffer.InternalBlockCopy((Array)rgbSeed2, srcOffsetBytes, (Array)numArray2, 0, numArray2.Length);
return(numArray2);
}
/************************* PUBLIC METHODS *************************/
/// <include file='doc\RSAOAEPKeyExchangeDeformatter.uex' path='docs/doc[@for="RSAOAEPKeyExchangeDeformatter.DecryptKeyExchange"]/*' />
public override byte[] DecryptKeyExchange(byte[] rgbData)
{
byte[] rgbOut = null;
if (_rsaKey is RSACryptoServiceProvider)
{
rgbOut = ((RSACryptoServiceProvider)_rsaKey).Decrypt(rgbData, true);
}
else
{
int cb = _rsaKey.KeySize / 8;
int cbHash;
HashAlgorithm hash;
int i;
MaskGenerationMethod mgf;
byte[] rgbDB;
byte[] rgbMask;
byte[] rgbSeed;
byte[] rgbIn;
bool bError = false;
// 1. Decode the input data
// It is important that the Integer to Octet String conversion errors be indistinguishable from the other decoding
// errors to protect against chosen cipher text attacks
// A lecture given by James Manger during Crypto 2001 explains the issue in details
try {
rgbIn = _rsaKey.DecryptValue(rgbData);
} catch {
bError = true;
goto error;
}
// 2. Create the hash object so we can get its size info.
hash = (HashAlgorithm)CryptoConfig.CreateFromName(HashNameValue);
cbHash = hash.HashSize / 8;
if (rgbIn.Length != cb || cb < 2 * cbHash + 2)
{
bError = true;
goto error;
}
// 3. Let maskedSeed be the first hLen octects and maskedDB
// be the remaining bytes.
rgbSeed = new byte[cbHash];
Buffer.InternalBlockCopy(rgbIn, 1, rgbSeed, 0, rgbSeed.Length);
rgbDB = new byte[rgbIn.Length - rgbSeed.Length - 1];
Buffer.InternalBlockCopy(rgbIn, rgbSeed.Length + 1, rgbDB, 0, rgbDB.Length);
// 4. seedMask = MGF(maskedDB, hLen);
mgf = new PKCS1MaskGenerationMethod();
rgbMask = mgf.GenerateMask(rgbDB, rgbSeed.Length);
// 5. seed = seedMask XOR maskedSeed
for (i = 0; i < rgbSeed.Length; i++)
{
rgbSeed[i] ^= rgbMask[i];
}
// 6. dbMask = MGF(seed, |EM| - hLen);
rgbMask = mgf.GenerateMask(rgbSeed, rgbDB.Length);
// 7. DB = maskedDB xor dbMask
for (i = 0; i < rgbDB.Length; i++)
{
rgbDB[i] ^= rgbMask[i];
}
// 8. pHash = HASH(P)
hash.ComputeHash(ParameterValue);
// 9. DB = pHash' || PS || 01 || M
//
// 10. Check that pHash = pHash'
for (i = 0; i < cbHash; i++)
{
if (rgbDB[i] != hash.Hash[i])
{
bError = true;
goto error;
}
}
// Check that PS is all zeros
for (; i < rgbDB.Length; i++)
{
if (rgbDB[i] == 01)
{
break;
}
else if (rgbDB[i] != 0)
{
bError = true;
goto error;
}
}
if (i == rgbDB.Length)
{
bError = true;
goto error;
}
i++; // Skip over the one
rgbOut = new byte[rgbDB.Length - i];
// 11. Output M.
Buffer.InternalBlockCopy(rgbDB, i, rgbOut, 0, rgbOut.Length);
error : if (bError)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
}
return(rgbOut);
}
public byte[] Decode(byte[] buffer, int offset, int lenght)
{
byte[] buf = new byte[lenght];
Array.Copy(buffer, offset, buf, 0, lenght);
return(rsa.DecryptValue(buf));
}
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData)
{
int num = rsa.KeySize / 8;
byte[] src = null;
try
{
src = rsa.DecryptValue(encryptedData);
}
catch (CryptographicException)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
int num2 = hash.HashSize / 8;
int dstOffsetBytes = num - src.Length;
if ((dstOffsetBytes < 0) || (dstOffsetBytes >= num2))
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
byte[] dst = new byte[num2];
Buffer.InternalBlockCopy(src, 0, dst, dstOffsetBytes, dst.Length - dstOffsetBytes);
byte[] buffer3 = new byte[(src.Length - dst.Length) + dstOffsetBytes];
Buffer.InternalBlockCopy(src, dst.Length - dstOffsetBytes, buffer3, 0, buffer3.Length);
byte[] buffer4 = mgf.GenerateMask(buffer3, dst.Length);
int index = 0;
for (index = 0; index < dst.Length; index++)
{
dst[index] = (byte)(dst[index] ^ buffer4[index]);
}
buffer4 = mgf.GenerateMask(dst, buffer3.Length);
for (index = 0; index < buffer3.Length; index++)
{
buffer3[index] = (byte)(buffer3[index] ^ buffer4[index]);
}
hash.ComputeHash(new byte[0]);
byte[] buffer5 = hash.Hash;
index = 0;
while (index < num2)
{
if (buffer3[index] != buffer5[index])
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
index++;
}
while (index < buffer3.Length)
{
if (buffer3[index] == 1)
{
break;
}
if (buffer3[index] != 0)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
index++;
}
if (index == buffer3.Length)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
index++;
byte[] buffer6 = new byte[buffer3.Length - index];
Buffer.InternalBlockCopy(buffer3, index, buffer6, 0, buffer6.Length);
return(buffer6);
}
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData)
{
int num = rsa.KeySize / 8;
byte[] array = null;
try
{
array = rsa.DecryptValue(encryptedData);
}
catch (CryptographicException)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
int num2 = hash.HashSize / 8;
int num3 = num - array.Length;
if (num3 < 0 || num3 >= num2)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
byte[] array2 = new byte[num2];
Buffer.InternalBlockCopy(array, 0, array2, num3, array2.Length - num3);
byte[] array3 = new byte[array.Length - array2.Length + num3];
Buffer.InternalBlockCopy(array, array2.Length - num3, array3, 0, array3.Length);
byte[] array4 = mgf.GenerateMask(array3, array2.Length);
int i;
for (i = 0; i < array2.Length; i++)
{
byte[] array5 = array2;
int num4 = i;
array5[num4] ^= array4[i];
}
array4 = mgf.GenerateMask(array2, array3.Length);
for (i = 0; i < array3.Length; i++)
{
array3[i] ^= array4[i];
}
hash.ComputeHash(EmptyArray <byte> .Value);
byte[] hash2 = hash.Hash;
for (i = 0; i < num2; i++)
{
if (array3[i] != hash2[i])
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
}
while (i < array3.Length && array3[i] != 1)
{
if (array3[i] != 0)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
i++;
}
if (i == array3.Length)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
i++;
byte[] array6 = new byte[array3.Length - i];
Buffer.InternalBlockCopy(array3, i, array6, 0, array6.Length);
return(array6);
}
// PKCS #1 v.2.1, Section 5.2.1
public static byte[] RSASP1 (RSA rsa, byte[] m)
{
// first form: s = m^d mod n
// Decrypt value may apply CRT optimizations
return rsa.DecryptValue (m);
}
// PKCS #1 v.2.1, Section 5.1.2
public static byte[] RSADP (RSA rsa, byte[] c)
{
// m = c^d mod n
// Decrypt value may apply CRT optimizations
return rsa.DecryptValue (c);
}
/// <include file='doc\RSAPKCS1SignatureFormatter.uex' path='docs/doc[@for="RSAPKCS1SignatureFormatter.CreateSignature"]/*' />
public override byte[] CreateSignature(byte[] rgbHash)
{
byte[] rgbSig;
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
//
// Two cases here -- if we are talking to the CSP version or
// if we are talking to some other RSA provider.
//
if (_rsaKey is RSACryptoServiceProvider)
{
rgbSig = ((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, _strOID);
}
else
{
int cb = _rsaKey.KeySize / 8;
int cb1;
int i;
byte[] rgbInput = new byte[cb];
byte[] rgbOid = CryptoConfig.EncodeOID(_strOID);
int lenOid = rgbOid.Length;
//
// We want to pad this to the following format:
//
// 00 || 01 || FF ... FF || 00 || prefix || Data
//
// We want basically to ASN 1 encode the OID + hash:
// STRUCTURE {
// STRUCTURE {
// OID <hash algorithm OID>
// NULL (0x05 0x00) // this is actually an ANY and contains the parameters of the algorithm specified by the OID, I think
// }
// OCTET STRING <hashvalue>
// }
//
// Get the correct prefix
byte[] rgbPrefix = new byte[lenOid + 8 + rgbHash.Length];
rgbPrefix[0] = 0x30; // a structure follows
int tmp = rgbPrefix.Length - 2;
rgbPrefix[1] = (byte)tmp;
rgbPrefix[2] = 0x30;
tmp = rgbOid.Length + 2;
rgbPrefix[3] = (byte)tmp;
Buffer.InternalBlockCopy(rgbOid, 0, rgbPrefix, 4, lenOid);
rgbPrefix[4 + lenOid] = 0x05;
rgbPrefix[4 + lenOid + 1] = 0x00;
rgbPrefix[4 + lenOid + 2] = 0x04; // an octet string follows
rgbPrefix[4 + lenOid + 3] = (byte)rgbHash.Length;
Buffer.InternalBlockCopy(rgbHash, 0, rgbPrefix, lenOid + 8, rgbHash.Length);
// Construct the whole array
cb1 = cb - rgbHash.Length - rgbPrefix.Length;
if (cb1 <= 2)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_InvalidOID"));
}
rgbInput[0] = 0;
rgbInput[1] = 1;
for (i = 2; i < cb1 - 1; i++)
{
rgbInput[i] = 0xff;
}
rgbInput[cb1 - 1] = 0;
Buffer.InternalBlockCopy(rgbPrefix, 0, rgbInput, cb1, rgbPrefix.Length);
Buffer.InternalBlockCopy(rgbHash, 0, rgbInput, cb1 + rgbPrefix.Length, rgbHash.Length);
//
// Create the signature by applying the private key to
// the padded buffer we just created.
//
rgbSig = _rsaKey.DecryptValue(rgbInput);
}
return(rgbSig);
}
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData)
{
int num = rsa.KeySize / 8;
byte[] src = null;
try
{
src = rsa.DecryptValue(encryptedData);
}
catch (CryptographicException)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
int num2 = hash.HashSize / 8;
int dstOffsetBytes = num - src.Length;
if ((dstOffsetBytes < 0) || (dstOffsetBytes >= num2))
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
byte[] dst = new byte[num2];
Buffer.InternalBlockCopy(src, 0, dst, dstOffsetBytes, dst.Length - dstOffsetBytes);
byte[] buffer3 = new byte[(src.Length - dst.Length) + dstOffsetBytes];
Buffer.InternalBlockCopy(src, dst.Length - dstOffsetBytes, buffer3, 0, buffer3.Length);
byte[] buffer4 = mgf.GenerateMask(buffer3, dst.Length);
int index = 0;
for (index = 0; index < dst.Length; index++)
{
dst[index] = (byte) (dst[index] ^ buffer4[index]);
}
buffer4 = mgf.GenerateMask(dst, buffer3.Length);
for (index = 0; index < buffer3.Length; index++)
{
buffer3[index] = (byte) (buffer3[index] ^ buffer4[index]);
}
hash.ComputeHash(new byte[0]);
byte[] buffer5 = hash.Hash;
index = 0;
while (index < num2)
{
if (buffer3[index] != buffer5[index])
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
index++;
}
while (index < buffer3.Length)
{
if (buffer3[index] == 1)
{
break;
}
if (buffer3[index] != 0)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
index++;
}
if (index == buffer3.Length)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding"));
}
index++;
byte[] buffer6 = new byte[buffer3.Length - index];
Buffer.InternalBlockCopy(buffer3, index, buffer6, 0, buffer6.Length);
return buffer6;
}
