internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data)
{
int length1 = rsa.KeySize / 8;
int length2 = hash.HashSize / 8;
if (data.Length + 2 + 2 * length2 > length1)
{
throw new CryptographicException(string.Format((IFormatProvider)null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), (object)(length1 - 2 - 2 * length2)));
}
hash.ComputeHash(EmptyArray <byte> .Value);
byte[] rgbSeed = new byte[length1 - length2];
Buffer.InternalBlockCopy((Array)hash.Hash, 0, (Array)rgbSeed, 0, length2);
byte[] numArray1 = rgbSeed;
int index1 = numArray1.Length - data.Length - 1;
int num = 1;
numArray1[index1] = (byte)num;
Buffer.InternalBlockCopy((Array)data, 0, (Array)rgbSeed, rgbSeed.Length - data.Length, data.Length);
byte[] numArray2 = new byte[length2];
rng.GetBytes(numArray2);
byte[] mask1 = mgf.GenerateMask(numArray2, rgbSeed.Length);
for (int index2 = 0; index2 < rgbSeed.Length; ++index2)
{
rgbSeed[index2] = (byte)((uint)rgbSeed[index2] ^ (uint)mask1[index2]);
}
byte[] mask2 = mgf.GenerateMask(rgbSeed, length2);
for (int index2 = 0; index2 < numArray2.Length; ++index2)
{
numArray2[index2] ^= mask2[index2];
}
byte[] rgb = new byte[length1];
Buffer.InternalBlockCopy((Array)numArray2, 0, (Array)rgb, 0, numArray2.Length);
Buffer.InternalBlockCopy((Array)rgbSeed, 0, (Array)rgb, numArray2.Length, rgbSeed.Length);
return(rsa.EncryptValue(rgb));
}
[System.Security.SecuritySafeCritical] // auto-generated
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, calgHash, rgbSignature));
}
else
{
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Apply the public key to the signature data to get back the padded buffer actually signed.
// Compare the two buffers to see if they match; ignoring any leading zeros
return(Utils.CompareBigIntArrays(_rsaKey.EncryptValue(rgbSignature), pad));
}
}
internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data)
{
int num = rsa.KeySize / 8;
int byteCount = hash.HashSize / 8;
if (((data.Length + 2) + (2 * byteCount)) > num)
{
throw new CryptographicException(string.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), new object[] { (num - 2) - (2 * byteCount) }));
}
hash.ComputeHash(new byte[0]);
byte[] dst = new byte[num - byteCount];
Buffer.InternalBlockCopy(hash.Hash, 0, dst, 0, byteCount);
dst[(dst.Length - data.Length) - 1] = 1;
Buffer.InternalBlockCopy(data, 0, dst, dst.Length - data.Length, data.Length);
byte[] buffer2 = new byte[byteCount];
rng.GetBytes(buffer2);
byte[] buffer3 = mgf.GenerateMask(buffer2, dst.Length);
for (int i = 0; i < dst.Length; i++)
{
dst[i] = (byte)(dst[i] ^ buffer3[i]);
}
buffer3 = mgf.GenerateMask(dst, byteCount);
for (int j = 0; j < buffer2.Length; j++)
{
buffer2[j] = (byte)(buffer2[j] ^ buffer3[j]);
}
byte[] buffer4 = new byte[num];
Buffer.InternalBlockCopy(buffer2, 0, buffer4, 0, buffer2.Length);
Buffer.InternalBlockCopy(dst, 0, buffer4, buffer2.Length, dst.Length);
return(rsa.EncryptValue(buffer4));
}
internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data)
{
int num = rsa.KeySize / 8;
int num2 = hash.HashSize / 8;
if (data.Length + 2 + 2 * num2 > num)
{
throw new CryptographicException(string.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), num - 2 - 2 * num2));
}
hash.ComputeHash(EmptyArray <byte> .Value);
byte[] array = new byte[num - num2];
Buffer.InternalBlockCopy(hash.Hash, 0, array, 0, num2);
array[array.Length - data.Length - 1] = 1;
Buffer.InternalBlockCopy(data, 0, array, array.Length - data.Length, data.Length);
byte[] array2 = new byte[num2];
rng.GetBytes(array2);
byte[] array3 = mgf.GenerateMask(array2, array.Length);
for (int i = 0; i < array.Length; i++)
{
array[i] ^= array3[i];
}
array3 = mgf.GenerateMask(array, num2);
for (int j = 0; j < array2.Length; j++)
{
byte[] array4 = array2;
int num3 = j;
array4[num3] ^= array3[j];
}
byte[] array5 = new byte[num];
Buffer.InternalBlockCopy(array2, 0, array5, 0, array2.Length);
Buffer.InternalBlockCopy(array, 0, array5, array2.Length, array.Length);
return(rsa.EncryptValue(array5));
}
public override byte[] CreateKeyExchange(byte[] rgbData)
{
#if MONO
if (rgbData == null)
{
throw new ArgumentNullException("rgbData");
}
#endif
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
byte[] rgbKeyEx;
if (OverridesEncrypt)
{
rgbKeyEx = _rsaKey.Encrypt(rgbData, RSAEncryptionPadding.Pkcs1);
}
else
{
int cb = _rsaKey.KeySize / 8;
if ((rgbData.Length + 11) > cb)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_EncDataTooBig", cb - 11));
}
byte[] rgbInput = new byte[cb];
//
// We want to pad to the following format:
// 00 || 02 || PS || 00 || D
//
// PS - pseudorandom non zero bytes
// D - data
//
if (RngValue == null)
{
RngValue = RandomNumberGenerator.Create();
}
Rng.GetNonZeroBytes(rgbInput);
rgbInput[0] = 0;
rgbInput[1] = 2;
rgbInput[cb - rgbData.Length - 1] = 0;
Buffer.InternalBlockCopy(rgbData, 0, rgbInput, cb - rgbData.Length, rgbData.Length);
//
// Now encrypt the value and return it. (apply public key)
//
rgbKeyEx = _rsaKey.EncryptValue(rgbInput);
}
return(rgbKeyEx);
}
/// <include file='doc\RSAPKCS1KeyExchangeFormatter.uex' path='docs/doc[@for="RSAPKCS1KeyExchangeFormatter.CreateKeyExchange"]/*' />
public override byte[] CreateKeyExchange(byte[] rgbData)
{
byte[] rgbKeyEx;
if (_rsaKey is RSACryptoServiceProvider)
{
rgbKeyEx = ((RSACryptoServiceProvider)_rsaKey).Encrypt(rgbData, false);
}
else
{
int cb = _rsaKey.KeySize / 8;
if ((rgbData.Length + 11) > cb)
{
throw new CryptographicException(String.Format(Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), cb - 11));
}
byte[] rgbInput = new byte[cb];
//
// We want to pad to the following format:
// 00 || 02 || PS || 00 || D
//
// PS - pseudorandom non zero bytes
// D - data
//
if (RngValue == null)
{
RngValue = RandomNumberGenerator.Create();
}
Rng.GetNonZeroBytes(rgbInput);
rgbInput[0] = 0;
rgbInput[1] = 2;
rgbInput[cb - rgbData.Length - 1] = 0;
Buffer.InternalBlockCopy(rgbData, 0, rgbInput, cb - rgbData.Length, rgbData.Length);
//
// Now encrypt the value and return it. (apply public key)
//
rgbKeyEx = _rsaKey.EncryptValue(rgbInput);
}
return(rgbKeyEx);
}
[System.Security.SecuritySafeCritical] // auto-generated
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
// This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but
// not from OidToHashAlgorithmName.
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, calgHash, rgbSignature));
}
else if (OverridesVerifyHash)
{
HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID);
return(_rsaKey.VerifyHash(rgbHash, rgbSignature, hashAlgorithmName, RSASignaturePadding.Pkcs1));
}
else
{
// Fallback compat path for 3rd-party RSA classes that don't override VerifyHash()
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Apply the public key to the signature data to get back the padded buffer actually signed.
// Compare the two buffers to see if they match; ignoring any leading zeros
return(Utils.CompareBigIntArrays(_rsaKey.EncryptValue(rgbSignature), pad));
}
}
public byte[] Encode(byte[] buffer, int offset, int lenght)
{
byte[] buf = new byte[lenght];
Array.Copy(buffer, offset, buf, 0, lenght);
return(rsa.EncryptValue(buf));
}
[System.Security.SecurityCritical] // auto-generated
internal static byte[] RsaOaepEncrypt (RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data) {
int cb = rsa.KeySize / 8;
// 1. Hash the parameters to get PHash
int cbHash = hash.HashSize / 8;
if ((data.Length + 2 + 2*cbHash) > cb)
throw new CryptographicException(String.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), cb-2-2*cbHash));
hash.ComputeHash(EmptyArray<Byte>.Value); // Use an empty octet string
// 2. Create DB object
byte[] DB = new byte[cb - cbHash];
// Structure is as follows:
// pHash || PS || 01 || M
// PS consists of all zeros
Buffer.InternalBlockCopy(hash.Hash, 0, DB, 0, cbHash);
DB[DB.Length - data.Length - 1] = 1;
Buffer.InternalBlockCopy(data, 0, DB, DB.Length-data.Length, data.Length);
// 3. Create a random value of size hLen
byte[] seed = new byte[cbHash];
rng.GetBytes(seed);
// 4. Compute the mask value
byte[] mask = mgf.GenerateMask(seed, DB.Length);
// 5. Xor maskDB into DB
for (int i=0; i < DB.Length; i++) {
DB[i] = (byte) (DB[i] ^ mask[i]);
}
// 6. Compute seed mask value
mask = mgf.GenerateMask(DB, cbHash);
// 7. Xor mask into seed
for (int i=0; i < seed.Length; i++) {
seed[i] ^= mask[i];
}
// 8. Concatenate seed and DB to form value to encrypt
byte[] pad = new byte[cb];
Buffer.InternalBlockCopy(seed, 0, pad, 0, seed.Length);
Buffer.InternalBlockCopy(DB, 0, pad, seed.Length, DB.Length);
return rsa.EncryptValue(pad);
}
// PKCS #1 v.2.1, Section 5.2.2
public static byte[] RSAVP1 (RSA rsa, byte[] s)
{
// m = s^e mod n
return rsa.EncryptValue (s);
}
// PKCS #1 v.2.1, Section 5.1.1
public static byte[] RSAEP (RSA rsa, byte[] m)
{
// c = m^e mod n
return rsa.EncryptValue (m);
}
/// <include file='doc\RSAPKCS1SignatureDeformatter.uex' path='docs/doc[@for="RSAPKCS1SignatureDeformatter.VerifySignature"]/*' />
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
bool f;
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
//
// Two cases here -- if we are talking to the CSP version or
// if we are talking to some other RSA provider.
//
if (_rsaKey is RSACryptoServiceProvider)
{
f = ((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, _strOID, rgbSignature);
}
else
{
int cb = _rsaKey.KeySize / 8;
int cb1;
int i;
byte[] rgbInput = new byte[cb];
byte[] rgbOid = CryptoConfig.EncodeOID(_strOID);
int lenOid = rgbOid.Length;
byte[] rgbOut;
//
// We want to pad this to the following format:
//
// 00 || 01 || FF ... FF || 00 || prefix || Data
//
// We want basically to ASN 1 encode the OID + hash:
// STRUCTURE {
// STRUCTURE {
// OID <hash algorithm OID>
// NULL (0x05 0x00) // this is actually an ANY and contains the parameters of the algorithm specified by the OID, I think
// }
// OCTET STRING <hashvalue>
// }
//
// Get the correct prefix
byte[] rgbPrefix = new byte[lenOid + 8 + rgbHash.Length];
rgbPrefix[0] = 0x30; // a structure follows
int tmp = rgbPrefix.Length - 2;
rgbPrefix[1] = (byte)tmp;
rgbPrefix[2] = 0x30;
tmp = rgbOid.Length + 2;
rgbPrefix[3] = (byte)tmp;
Buffer.InternalBlockCopy(rgbOid, 0, rgbPrefix, 4, lenOid);
rgbPrefix[4 + lenOid] = 0x05;
rgbPrefix[4 + lenOid + 1] = 0x00;
rgbPrefix[4 + lenOid + 2] = 0x04; // an octet string follows
rgbPrefix[4 + lenOid + 3] = (byte)rgbHash.Length;
Buffer.InternalBlockCopy(rgbHash, 0, rgbPrefix, lenOid + 8, rgbHash.Length);
// Construct the whole array
cb1 = cb - rgbHash.Length - rgbPrefix.Length;
if (cb1 <= 2)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_InvalidOID"));
}
rgbInput[0] = 0;
rgbInput[1] = 1;
for (i = 2; i < cb1 - 1; i++)
{
rgbInput[i] = 0xff;
}
rgbInput[cb1 - 1] = 0;
Buffer.InternalBlockCopy(rgbPrefix, 0, rgbInput, cb1, rgbPrefix.Length);
Buffer.InternalBlockCopy(rgbHash, 0, rgbInput, cb1 + rgbPrefix.Length, rgbHash.Length);
//
// Apply the public key to the signature data to get back
// the padded buffer actually signed.
//
rgbOut = _rsaKey.EncryptValue(rgbSignature);
//
// Compare the two buffers to see if they match
//
f = rgbOut.Equals(rgbInput);
}
return(f);
}
/// <include file='doc\RSAOAEPKeyExchangeFormatter.uex' path='docs/doc[@for="RSAOAEPKeyExchangeFormatter.CreateKeyExchange"]/*' />
public override byte[] CreateKeyExchange(byte[] rgbData)
{
byte[] rgbKeyEx;
if (_rsaKey is RSACryptoServiceProvider)
{
rgbKeyEx = ((RSACryptoServiceProvider)_rsaKey).Encrypt(rgbData, true);
}
else
{
int cb = _rsaKey.KeySize / 8;
int cbHash;
HashAlgorithm hash;
int i;
MaskGenerationMethod mgf;
byte[] rgbDB;
byte[] rgbIn;
byte[] rgbMask;
byte[] rgbSeed;
// Create the OAEP padding object.
// 1. Hash the parameters to get rgbPHash
hash = (HashAlgorithm)CryptoConfig.CreateFromName("SHA1"); // Create the default SHA1 object
cbHash = hash.HashSize / 8;
if ((rgbData.Length + 2 + 2 * cbHash) > cb)
{
throw new CryptographicException(String.Format(Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), cb - 2 - 2 * cbHash));
}
hash.ComputeHash(new byte[0]); // Use an empty octet string
// 2. Create DB object
rgbDB = new byte[cb - cbHash - 1];
// Structure is as follows:
// pHash || PS || 01 || M
// PS consists of all zeros
Buffer.InternalBlockCopy(hash.Hash, 0, rgbDB, 0, cbHash);
rgbDB[rgbDB.Length - rgbData.Length - 1] = 1;
Buffer.InternalBlockCopy(rgbData, 0, rgbDB, rgbDB.Length - rgbData.Length, rgbData.Length);
// 3. Create a random value of size hLen
if (RngValue == null)
{
RngValue = RandomNumberGenerator.Create();
}
rgbSeed = new byte[cbHash];
RngValue.GetBytes(rgbSeed);
// 4. Compute the mask value
mgf = new PKCS1MaskGenerationMethod();
rgbMask = mgf.GenerateMask(rgbSeed, rgbDB.Length);
// 5. Xor rgbMaskDB into rgbDB
for (i = 0; i < rgbDB.Length; i++)
{
rgbDB[i] = (byte)(rgbDB[i] ^ rgbMask[i]);
}
// 6. Compute seed mask value
rgbMask = mgf.GenerateMask(rgbDB, cbHash);
// 7. Xor rgbMask into rgbSeed
for (i = 0; i < rgbSeed.Length; i++)
{
rgbSeed[i] ^= rgbMask[i];
}
// 8. Concatenate rgbSeed and rgbDB to form value to encrypt
rgbIn = new byte[cb];
Buffer.InternalBlockCopy(rgbSeed, 0, rgbIn, 1, rgbSeed.Length);
Buffer.InternalBlockCopy(rgbDB, 0, rgbIn, rgbSeed.Length + 1, rgbDB.Length);
// 9. Now Encrypt it
rgbKeyEx = _rsaKey.EncryptValue(rgbIn);
}
return(rgbKeyEx);
}
internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data)
{
int num = rsa.KeySize / 8;
int byteCount = hash.HashSize / 8;
if (((data.Length + 2) + (2 * byteCount)) > num)
{
throw new CryptographicException(string.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), new object[] { (num - 2) - (2 * byteCount) }));
}
hash.ComputeHash(new byte[0]);
byte[] dst = new byte[num - byteCount];
Buffer.InternalBlockCopy(hash.Hash, 0, dst, 0, byteCount);
dst[(dst.Length - data.Length) - 1] = 1;
Buffer.InternalBlockCopy(data, 0, dst, dst.Length - data.Length, data.Length);
byte[] buffer2 = new byte[byteCount];
rng.GetBytes(buffer2);
byte[] buffer3 = mgf.GenerateMask(buffer2, dst.Length);
for (int i = 0; i < dst.Length; i++)
{
dst[i] = (byte) (dst[i] ^ buffer3[i]);
}
buffer3 = mgf.GenerateMask(dst, byteCount);
for (int j = 0; j < buffer2.Length; j++)
{
buffer2[j] = (byte) (buffer2[j] ^ buffer3[j]);
}
byte[] buffer4 = new byte[num];
Buffer.InternalBlockCopy(buffer2, 0, buffer4, 0, buffer2.Length);
Buffer.InternalBlockCopy(dst, 0, buffer4, buffer2.Length, dst.Length);
return rsa.EncryptValue(buffer4);
}
