public CryptoServiceProviderHmac(
String provider,
ProviderType providerType,
AlgorithmId algorithm)
: base(provider, providerType, algorithm)
{
}
internal CryptoServiceProviderHash(
String provider,
ProviderType providerType,
AlgorithmId algorithm)
: base(provider, providerType, algorithm)
{
}
public CryptoServiceProviderHmac(
byte[] key,
String provider,
ProviderType providerType,
AlgorithmId algorithm)
: this(provider, providerType, algorithm)
{
_key = key;
}
/// <summary>
/// Initializes a new instance of the
/// <see cref="AbstractCryptoServiceProviderHash"/> class.
/// </summary>
///
/// <param name="provider">
/// The name of the Capi provider.
/// </param>
///
/// <param name="providerType">
/// Type of the provider.
/// </param>
///
/// <param name="algorithm">
/// The hash algorithm.
/// </param>
internal AbstractCryptoServiceProviderHash(
String provider,
ProviderType providerType,
AlgorithmId algorithm)
{
this._algorithmId = algorithm;
this._provider = provider;
this._providerType = providerType;
}
public override void OnNavigatedTo(INavigationParameters parameters)
{
switch (parameters.GetNavigationMode())
{
case NavigationMode.Back:
break;
case NavigationMode.New:
_algorithmId = parameters.GetValue <AlgorithmId>(LiveAlgorithmPage.Parameters.Id);
RefreshAlgorithm();
// Subscrive to updates for this algorithm
Subscribe();
break;
default:
throw new ArgumentException($"Unsupported NavigationMode: {parameters.GetNavigationMode()}",
nameof(parameters));
}
}
/// <summary>
/// Map an algorithm ID to a string name
/// </summary>
internal static string GetAlgorithmName(AlgorithmId algorithm)
{
Contract.Ensures(!String.IsNullOrEmpty(Contract.Result <string>()));
return(algorithm.ToString().ToUpper(CultureInfo.InvariantCulture));
}
public static extern bool CryptGenKey(SafeCspHandle hProv,
AlgorithmId Algid,
KeyFlags dwFlags,
[Out] out SafeCapiKeyHandle phKey);
public static extern bool CryptCreateHash(SafeCspHandle hProv,
AlgorithmId Algid,
SafeCapiKeyHandle hKey,
int dwFlags,
[Out] out SafeCapiHashHandle phHash);
private static unsafe bool IsValidPublicKeyUnsafe(ImmutableArray<byte> blob)
{
var blobArray = blob.DangerousGetUnderlyingArray();
fixed (byte* blobPtr = blobArray)
{
var pkb = (SnPublicKeyBlob*)blobPtr;
// The number of public key bytes must be the same as the size of the header plus the size of the public key data.
if (blob.Length != s_publicKeyHeaderSize + pkb->PublicKeySize)
{
return false;
}
// Check for the ECMA key, which does not obey the invariants checked below.
if (ByteSequenceComparer.Equals(blob, s_ecmaKey))
{
return true;
}
// The public key must be in the wincrypto PUBLICKEYBLOB format
if (pkb->PublicKey[0] != PublicKeyBlobId)
{
return false;
}
var signatureAlgorithmId = new AlgorithmId(pkb->SigAlgId);
if (signatureAlgorithmId.IsSet && signatureAlgorithmId.Class != AlgorithmClass.Signature)
{
return false;
}
var hashAlgorithmId = new AlgorithmId(pkb->HashAlgId);
if (hashAlgorithmId.IsSet && (hashAlgorithmId.Class != AlgorithmClass.Hash || hashAlgorithmId.SubId < AlgorithmSubId.Sha1Hash))
{
return false;
}
}
return true;
}
/// <summary>Initializes a new instance of <see cref="KeyManagementAlgorithm"/>. </summary>
public KeyManagementAlgorithm(AlgorithmId id, string name, AlgorithmCategory keyType, KeyManagementAlgorithm wrappedAlgorithm, Sha2 sha2)
: this(id, name, keyType, requiredKeySizeInBits : 0, wrappedAlgorithm, sha2 : sha2, produceEncryptedKey : true)
{
}
internal static bool IsValidPublicKey(ImmutableArray <byte> blob)
{
// The number of public key bytes must be at least large enough for the header and one byte of data.
if (blob.IsDefault || blob.Length < s_publicKeyHeaderSize + 1)
{
return(false);
}
var blobReader = new LittleEndianReader(blob.AsSpan());
// Signature algorithm ID
var sigAlgId = blobReader.ReadUInt32();
// Hash algorithm ID
var hashAlgId = blobReader.ReadUInt32();
// Size of public key data in bytes, not including the header
var publicKeySize = blobReader.ReadUInt32();
// publicKeySize bytes of public key data
var publicKey = blobReader.ReadByte();
// The number of public key bytes must be the same as the size of the header plus the size of the public key data.
if (blob.Length != s_publicKeyHeaderSize + publicKeySize)
{
return(false);
}
// Check for the ECMA key, which does not obey the invariants checked below.
if (ByteSequenceComparer.Equals(blob, s_ecmaKey))
{
return(true);
}
// The public key must be in the wincrypto PUBLICKEYBLOB format
if (publicKey != PublicKeyBlobId)
{
return(false);
}
var signatureAlgorithmId = new AlgorithmId(sigAlgId);
if (
signatureAlgorithmId.IsSet && signatureAlgorithmId.Class != AlgorithmClass.Signature
)
{
return(false);
}
var hashAlgorithmId = new AlgorithmId(hashAlgId);
if (
hashAlgorithmId.IsSet &&
(
hashAlgorithmId.Class != AlgorithmClass.Hash ||
hashAlgorithmId.SubId < AlgorithmSubId.Sha1Hash
)
)
{
return(false);
}
return(true);
}
internal static Exception CreateNotSupportedException_Algorithm(AlgorithmId algorithm) => new NotSupportedException($"The algorithm '{algorithm}' is not supported.");
internal static void ThrowNotSupportedException_Algorithm(AlgorithmId algorithm) => throw CreateNotSupportedException_Algorithm(algorithm);
internal static Exception CreateNotSupportedException_AlgorithmForKeyWrap(AlgorithmId algorithm) => new NotSupportedException($"Key wrap is not supported for algorithm: '{algorithm}'.");
internal static SafeCapiKeyHandle ImportSymmetricKey(SafeCspHandle provider, AlgorithmId algorithm, byte[] key)
{
Contract.Requires(provider != null);
Contract.Requires(((int)algorithm & (int)AlgorithmClass.DataEncryption) == (int)AlgorithmClass.DataEncryption);
Contract.Requires(key != null);
Contract.Ensures(Contract.Result <SafeCapiKeyHandle>() != null &&
!Contract.Result <SafeCapiKeyHandle>().IsInvalid&&
!Contract.Result <SafeCapiKeyHandle>().IsClosed);
//
// Setup a PLAINTEXTKEYBLOB (v2) which has the following format:
// BLOBHEADER hdr
// DWORD cbKeySize
// BYTE rbgKeyData[]
//
int blobSize = Marshal.SizeOf(typeof(BLOBHEADER)) + Marshal.SizeOf(typeof(int)) + key.Length;
byte[] keyBlob = new byte[blobSize];
unsafe
{
fixed(byte *pBlob = keyBlob)
{
BLOBHEADER *pHeader = (BLOBHEADER *)pBlob;
pHeader->bType = KeyBlobType.PlainText;
pHeader->bVersion = 2;
pHeader->reserved = 0;
pHeader->aiKeyAlg = algorithm;
int *pSize = (int *)(pBlob + Marshal.SizeOf(*pHeader));
*pSize = key.Length;
}
}
Buffer.BlockCopy(key, 0, keyBlob, Marshal.SizeOf(typeof(BLOBHEADER)) + Marshal.SizeOf(typeof(int)), key.Length);
// Import the PLAINTEXTKEYBLOB into the CSP
SafeCapiKeyHandle importedKey = null;
RuntimeHelpers.PrepareConstrainedRegions();
try {
if (!UnsafeNativeMethods.CryptImportKey(provider,
keyBlob,
keyBlob.Length,
SafeCapiKeyHandle.InvalidHandle,
KeyFlags.Exportable,
out importedKey))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally {
if (importedKey != null && !importedKey.IsInvalid)
{
importedKey.SetParentCsp(provider);
}
}
return(importedKey);
}
internal static unsafe SafeCapiKeyHandle ImportSymmetricKey(SafeCspHandle provider, AlgorithmId algorithm, byte[] key)
{
int num = (Marshal.SizeOf(typeof(BLOBHEADER)) + Marshal.SizeOf(typeof(int))) + key.Length;
byte[] dst = new byte[num];
fixed(byte *numRef = dst)
{
BLOBHEADER *blobheaderPtr = (BLOBHEADER *)numRef;
blobheaderPtr->bType = KeyBlobType.PlainText;
blobheaderPtr->bVersion = 2;
blobheaderPtr->reserved = 0;
blobheaderPtr->aiKeyAlg = algorithm;
int *numPtr = (int *)(numRef + Marshal.SizeOf(blobheaderPtr[0]));
numPtr[0] = key.Length;
}
Buffer.BlockCopy(key, 0, dst, Marshal.SizeOf(typeof(BLOBHEADER)) + Marshal.SizeOf(typeof(int)), key.Length);
SafeCapiKeyHandle phKey = null;
if (!UnsafeNativeMethods.CryptImportKey(provider, dst, dst.Length, SafeCapiKeyHandle.InvalidHandle, KeyFlags.Exportable, out phKey))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
return(phKey);
}
// From StrongNameInternal.cpp
public static bool TryDecode(ImmutableArray<byte> bytes)
{
// The number of public key bytes must be at least large enough for the header and one byte of data.
if (bytes.IsDefault || bytes.Length < HeaderSize + 1)
{
return false;
}
// The number of public key bytes must be the same as the size of the header plus the size of the public key data.
var dataSize = ToUInt32(bytes, PublicKeySizeOffset);
if (bytes.Length != HeaderSize + dataSize)
{
return false;
}
// Check for the ECMA key, which does not obey the invariants checked below.
if (ByteSequenceComparer.Equals(bytes, s_ecmaKey))
{
return true;
}
var signatureAlgorithmId = new AlgorithmId(ToUInt32(bytes, 0));
if (signatureAlgorithmId.IsSet && signatureAlgorithmId.Class != AlgorithmClass.Signature)
{
return false;
}
var hashAlgorithmId = new AlgorithmId(ToUInt32(bytes, 4));
if (hashAlgorithmId.IsSet && (hashAlgorithmId.Class != AlgorithmClass.Hash || hashAlgorithmId.SubId < AlgorithmSubId.Sha1Hash))
{
return false;
}
if (bytes[PublicKeyDataOffset] != PublicKeyBlob)
{
return false;
}
return true;
}
internal static string GetAlgorithmName(AlgorithmId algorithm)
{
return(algorithm.ToString().ToUpper(CultureInfo.InvariantCulture));
}
/// <summary>Initializes a new instance of <see cref="KeyManagementAlgorithm"/>. </summary>
public KeyManagementAlgorithm(AlgorithmId id, string name, AlgorithmCategory keyType, bool produceEncryptedKey)
: this(id, name, keyType, requiredKeySizeInBits : 0, wrappedAlgorithm : null, sha2 : null, produceEncryptedKey)
{
}
internal static extern bool CryptCreateHash(
SafeCryptoContextHandle cryptoContext,
AlgorithmId algorithmId,
SafeCryptoKeyHandle key,
int flags,
out SafeCryptoHashHandle hash);
