private byte[] SignHash(byte[] hash)
{
ValidateHashParameter(hash);
if (IsPublicKeyOnly)
{
throw ExceptionUtility.CryptographicException(Resources.NoPrivateKey);
}
GetKeyPair();
if (!CspKeyContainerInfo.RandomlyGenerated)
{
var keyContainerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
var keyContainerAccessEntry = new KeyContainerPermissionAccessEntry(_providerParameters, KeyContainerPermissionFlags.Sign);
keyContainerPermission.AccessEntries.Add(keyContainerAccessEntry);
keyContainerPermission.Demand();
}
using (var hashAlgorithm = CreateHashAlgorithm())
{
var hashHandleProvider = (ISafeHandleProvider <SafeHashHandleImpl>)hashAlgorithm;
return(CryptoApiHelper.SignValue(_providerHandle, hashHandleProvider.SafeHandle, _providerParameters.KeyNumber, hash));
}
}
public static CngKey Open(string keyName, CngProvider provider, CngKeyOpenOptions openOptions)
{
if (keyName == null)
{
throw new ArgumentNullException("keyName");
}
if (provider == null)
{
throw new ArgumentNullException("provider");
}
if (!NCryptNative.NCryptSupported)
{
throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported"));
}
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(keyName, KeyContainerPermissionFlags.Open)
{
ProviderName = provider.Provider
};
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider);
return(new CngKey(kspHandle, NCryptNative.OpenKey(kspHandle, keyName, openOptions)));
}
public byte[] Decrypt(byte[] rgb, bool fOAEP)
{
if (rgb == null)
{
throw new ArgumentNullException("rgb");
}
this.GetKeyPair();
if (rgb.Length > this.KeySize / 8)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", new object[]
{
this.KeySize / 8
}));
}
if (!this.CspKeyContainerInfo.RandomlyGenerated && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission keyContainerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Decrypt);
keyContainerPermission.AccessEntries.Add(accessEntry);
keyContainerPermission.Demand();
}
byte[] result = null;
RSACryptoServiceProvider.DecryptKey(this._safeKeyHandle, rgb, rgb.Length, fOAEP, JitHelpers.GetObjectHandleOnStack <byte[]>(ref result));
return(result);
}
internal static SafeProvHandle CreateProvHandle(CspParameters parameters, bool randomKeyContainer)
{
SafeProvHandle invalidHandle = SafeProvHandle.InvalidHandle;
int hr = Utils._OpenCSP(parameters, 0U, ref invalidHandle);
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
if (hr != 0)
{
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags || hr != -2146893799 && hr != -2146893802 && hr != -2147024894)
{
throw new CryptographicException(hr);
}
if (!randomKeyContainer && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Create);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
Utils._CreateCSP(parameters, randomKeyContainer, ref invalidHandle);
}
else if (!randomKeyContainer && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
return(invalidHandle);
}
internal static SafeProvHandle CreateProvHandle(CspParameters parameters, bool randomKeyContainer)
{
SafeProvHandle invalidHandle = SafeProvHandle.InvalidHandle;
int hr = _OpenCSP(parameters, 0, ref invalidHandle);
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
if (hr != 0)
{
if (((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags) || (((hr != -2146893799) && (hr != -2146893802)) && (hr != -2147024894)))
{
throw new CryptographicException(hr);
}
if (!randomKeyContainer)
{
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Create);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
}
_CreateCSP(parameters, randomKeyContainer, ref invalidHandle);
return(invalidHandle);
}
if (!randomKeyContainer)
{
KeyContainerPermissionAccessEntry entry2 = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(entry2);
permission.Demand();
}
return(invalidHandle);
}
private byte[] SignHash(byte[] hash)
{
if (hash == null)
{
throw ExceptionUtility.ArgumentNull("hash");
}
if (hash.Length != 32)
{
throw ExceptionUtility.ArgumentOutOfRange("hash", Resources.InvalidHashSize);
}
if (IsPublicKeyOnly)
{
throw ExceptionUtility.CryptographicException(Resources.NoPrivateKey);
}
GetKeyPair();
if (!CspKeyContainerInfo.RandomlyGenerated)
{
var keyContainerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
var keyContainerAccessEntry = new KeyContainerPermissionAccessEntry(_providerParameters, KeyContainerPermissionFlags.Sign);
keyContainerPermission.AccessEntries.Add(keyContainerAccessEntry);
keyContainerPermission.Demand();
}
return(CryptoApiHelper.SignValue(_providerHandle, _providerParameters.KeyNumber, hash));
}
internal static void ImportCspBlobHelper(CspAlgorithmType keyType, byte[] keyBlob, bool publicOnly, ref CspParameters parameters, bool randomKeyContainer, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
if (safeKeyHandle != null && !safeKeyHandle.IsClosed)
{
safeKeyHandle.Dispose();
}
safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (publicOnly)
{
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, keyType == CspAlgorithmType.Dss ? Utils.StaticDssProvHandle : Utils.StaticProvHandle, CspProviderFlags.NoFlags, ref safeKeyHandle);
}
else
{
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Import);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
if (safeProvHandle == null)
{
safeProvHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
}
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, safeProvHandle, parameters.Flags, ref safeKeyHandle);
}
}
public byte[] Decrypt(byte[] rgb, bool fOAEP)
{
if (rgb == null)
{
throw new ArgumentNullException("rgb");
}
this.GetKeyPair();
if (rgb.Length > this.KeySize / 8)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", (object)(this.KeySize / 8)));
}
if (!this.CspKeyContainerInfo.RandomlyGenerated && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Decrypt);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
byte[] o = (byte[])null;
SafeKeyHandle pKeyContext = this._safeKeyHandle;
byte[] pbEncryptedKey = rgb;
int length = pbEncryptedKey.Length;
int num = fOAEP ? 1 : 0;
ObjectHandleOnStack objectHandleOnStack = JitHelpers.GetObjectHandleOnStack <byte[]>(ref o);
RSACryptoServiceProvider.DecryptKey(pKeyContext, pbEncryptedKey, length, num != 0, objectHandleOnStack);
return(o);
}
public override void ImportParameters(DSAParameters parameters)
{
DSACspObject cspObject = DSAStructToObject(parameters);
if ((this._safeKeyHandle != null) && !this._safeKeyHandle.IsClosed)
{
this._safeKeyHandle.Dispose();
}
this._safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (IsPublic(parameters))
{
Utils._ImportKey(Utils.StaticDssProvHandle, 0x2200, CspProviderFlags.NoFlags, cspObject, ref this._safeKeyHandle);
}
else
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Import);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
if (this._safeProvHandle == null)
{
this._safeProvHandle = Utils.CreateProvHandle(this._parameters, this._randomKeyContainer);
}
Utils._ImportKey(this._safeProvHandle, 0x2200, this._parameters.Flags, cspObject, ref this._safeKeyHandle);
}
}
public override void ImportParameters(RSAParameters parameters)
{
if (this._safeKeyHandle != null && !this._safeKeyHandle.IsClosed)
{
this._safeKeyHandle.Dispose();
this._safeKeyHandle = (SafeKeyHandle)null;
}
RSACspObject @object = RSACryptoServiceProvider.RSAStructToObject(parameters);
this._safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (RSACryptoServiceProvider.IsPublic(parameters))
{
Utils._ImportKey(Utils.StaticProvHandle, 41984, CspProviderFlags.NoFlags, (object)@object, ref this._safeKeyHandle);
}
else
{
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Import);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
if (this._safeProvHandle == null)
{
this._safeProvHandle = Utils.CreateProvHandle(this._parameters, this._randomKeyContainer);
}
Utils._ImportKey(this._safeProvHandle, 41984, this._parameters.Flags, (object)@object, ref this._safeKeyHandle);
}
}
public byte[] SignHash(byte[] rgbHash, string str)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (this.PublicOnly)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_NoPrivateKey"));
}
int calgHash = X509Utils.OidToAlgId(str);
if (rgbHash.Length != (this._sha1.HashSize / 8))
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidHashSize", new object[] { "SHA1", this._sha1.HashSize / 8 }));
}
this.GetKeyPair();
if (!this.CspKeyContainerInfo.RandomlyGenerated)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Sign);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
}
return(Utils.SignValue(this._safeKeyHandle, this._parameters.KeyNumber, 0x2200, calgHash, rgbHash));
}
[System.Security.SecuritySafeCritical] // auto-generated
public byte[] SignHash(byte[] rgbHash, string str)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
Contract.EndContractBlock();
if (PublicOnly)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_NoPrivateKey"));
}
int calgHash = X509Utils.NameOrOidToAlgId(str, OidGroup.HashAlgorithm);
if (rgbHash.Length != _sha1.HashSize / 8)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidHashSize", "SHA1", _sha1.HashSize / 8));
}
GetKeyPair();
if (!CspKeyContainerInfo.RandomlyGenerated)
{
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Sign);
kp.AccessEntries.Add(entry);
kp.Demand();
}
return(Utils.SignValue(_safeKeyHandle, _parameters.KeyNumber, Constants.CALG_DSS_SIGN, calgHash, rgbHash));
}
[System.Security.SecuritySafeCritical] // auto-generated
public override void ImportParameters(DSAParameters parameters)
{
DSACspObject dsaCspObject = DSAStructToObject(parameters);
// Free the current key handle
if (_safeKeyHandle != null && !_safeKeyHandle.IsClosed)
{
_safeKeyHandle.Dispose();
}
_safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (IsPublic(parameters))
{
// Use our CRYPT_VERIFYCONTEXT handle, CRYPT_EXPORTABLE is not applicable to public only keys, so pass false
Utils._ImportKey(Utils.StaticDssProvHandle, Constants.CALG_DSS_SIGN, (CspProviderFlags)0, dsaCspObject, ref _safeKeyHandle);
}
else
{
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Import);
kp.AccessEntries.Add(entry);
kp.Demand();
if (_safeProvHandle == null)
{
_safeProvHandle = Utils.CreateProvHandle(_parameters, _randomKeyContainer);
}
// Now, import the key into the CSP; _ImportKey will check for failures.
Utils._ImportKey(_safeProvHandle, Constants.CALG_DSS_SIGN, _parameters.Flags, dsaCspObject, ref _safeKeyHandle);
}
}
private unsafe void CounterSign(CmsSigner signer)
{
// Sanity check.
Debug.Assert(signer != null);
//
CspParameters parameters = new CspParameters();
if (X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters) == false)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
kp.AccessEntries.Add(entry);
kp.Demand();
// Get the signer's index.
uint index = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0);
// Create CMSG_SIGNER_ENCODE_INFO structure.
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try {
// Marshal to unmanaged memory.
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
// Counter sign.
if (!CAPI.CryptMsgCountersign(m_signedCms.GetCryptMsgHandle(),
index,
1,
pSignerEncodeInfo.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
// CAPI requires that the messge be re-encoded if any unauthenticated
// attribute has been added. So, let's re-open it to decode to work
// around this limitation.
m_signedCms.ReopenToDecode();
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
// and don't forget to dispose of resources allocated for the structure.
signerEncodeInfo.Dispose();
}
// Finally, add certs to bag of certs.
PkcsUtils.AddCertsToMessage(m_signedCms.GetCryptMsgHandle(), m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
return;
}
private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
public static CngKey Open(string keyName, CngProvider provider, CngKeyOpenOptions openOptions)
{
Contract.Ensures(Contract.Result <CngKey>() != null);
if (keyName == null)
{
throw new ArgumentNullException("keyName");
}
if (provider == null)
{
throw new ArgumentNullException("provider");
}
// Make sure that NCrypt is supported on this platform
if (!NCryptNative.NCryptSupported)
{
throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported));
}
// Ensure the user has access to the key name
KeyContainerPermissionAccessEntry access = new KeyContainerPermissionAccessEntry(keyName, KeyContainerPermissionFlags.Open);
access.ProviderName = provider.Provider;
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
permission.AccessEntries.Add(access);
permission.Demand();
// Open the key
SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider);
SafeNCryptKeyHandle keyHandle = NCryptNative.OpenKey(kspHandle, keyName, openOptions);
return(new CngKey(kspHandle, keyHandle));
}
[System.Security.SecuritySafeCritical] // auto-generated
public byte [] Decrypt(byte[] rgb, bool fOAEP)
{
if (rgb == null)
{
throw new ArgumentNullException("rgb");
}
Contract.EndContractBlock();
GetKeyPair();
// size check -- must be at most the modulus size
if (rgb.Length > (KeySize / 8))
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", KeySize / 8));
}
if (!CspKeyContainerInfo.RandomlyGenerated)
{
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Decrypt);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
byte[] decryptedKey = null;
DecryptKey(_safeKeyHandle, rgb, rgb.Length, fOAEP, JitHelpers.GetObjectHandleOnStack(ref decryptedKey));
return(decryptedKey);
}
internal KeyContainerPermission BuildKeyContainerPermission(KeyContainerPermissionFlags flags)
{
KeyContainerPermission permission = null;
if (this.IsEphemeral)
{
return(permission);
}
string keyContainerName = null;
string str2 = null;
try
{
keyContainerName = this.KeyName;
str2 = NCryptNative.GetPropertyAsString(this.m_kspHandle, "Name", CngPropertyOptions.None);
}
catch (CryptographicException)
{
}
if (keyContainerName != null)
{
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(keyContainerName, flags)
{
ProviderName = str2
};
permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
permission.AccessEntries.Add(accessEntry);
return(permission);
}
return(new KeyContainerPermission(flags));
}
internal unsafe static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle safeProvHandle2 = Utils.CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission keyContainerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
keyContainerPermission.AccessEntries.Add(accessEntry);
keyContainerPermission.Demand();
Utils.SetKeySetSecurityInfo(safeProvHandle2, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
IntPtr parentWindowHandle = parameters.ParentWindowHandle;
IntPtr pbData = parentWindowHandle;
if (!AppContextSwitches.DoNotAddrOfCspParentWindowHandle)
{
pbData = new IntPtr((void *)(&parentWindowHandle));
}
Utils.SetProviderParameter(safeProvHandle2, parameters.KeyNumber, 10U, pbData);
}
else if (parameters.KeyPassword != null)
{
IntPtr intPtr = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
Utils.SetProviderParameter(safeProvHandle2, parameters.KeyNumber, 11U, intPtr);
}
finally
{
if (intPtr != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(intPtr);
}
}
}
safeProvHandle = safeProvHandle2;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int num = Utils._GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (num != 0)
{
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags || num != -2146893811)
{
throw new CryptographicException(num);
}
Utils._GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] array = Utils._GetKeyParameter(invalidHandle, 9U);
int num2 = (int)array[0] | (int)array[1] << 8 | (int)array[2] << 16 | (int)array[3] << 24;
if ((keyType == CspAlgorithmType.Rsa && num2 != 41984 && num2 != 9216) || (keyType == CspAlgorithmType.Dss && num2 != 8704))
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
public static CngKey Create(CngAlgorithm algorithm, string keyName, CngKeyCreationParameters creationParameters)
{
Contract.Ensures(Contract.Result <CngKey>() != null);
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
if (creationParameters == null)
{
creationParameters = new CngKeyCreationParameters();
}
// Make sure that NCrypt is supported on this platform
if (!NCryptNative.NCryptSupported)
{
throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported));
}
// If we're not creating an ephemeral key, then we need to ensure the user has access to the key name
if (keyName != null)
{
KeyContainerPermissionAccessEntry access = new KeyContainerPermissionAccessEntry(keyName, KeyContainerPermissionFlags.Create);
access.ProviderName = creationParameters.Provider.Provider;
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
permission.AccessEntries.Add(access);
permission.Demand();
}
//
// Create the native handles representing the new key, setup the creation parameters on it, and
// finalize it for use.
//
SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(creationParameters.Provider.Provider);
SafeNCryptKeyHandle keyHandle = NCryptNative.CreatePersistedKey(kspHandle,
algorithm.Algorithm,
keyName,
creationParameters.KeyCreationOptions);
SetKeyProperties(keyHandle, creationParameters);
NCryptNative.FinalizeKey(keyHandle);
CngKey key = new CngKey(kspHandle, keyHandle);
// No name translates to an ephemeral key
if (keyName == null)
{
key.IsEphemeral = true;
}
return(key);
}
internal static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle provHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
Utils.SetKeySetSecurityInfo(provHandle, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
Utils.SetProviderParameter(provHandle, parameters.KeyNumber, 10U, parameters.ParentWindowHandle);
}
else if (parameters.KeyPassword != null)
{
IntPtr coTaskMemAnsi = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
Utils.SetProviderParameter(provHandle, parameters.KeyNumber, 11U, coTaskMemAnsi);
}
finally
{
if (coTaskMemAnsi != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(coTaskMemAnsi);
}
}
}
safeProvHandle = provHandle;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int userKey = Utils._GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (userKey != 0)
{
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags || userKey != -2146893811)
{
throw new CryptographicException(userKey);
}
Utils._GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] keyParameter = Utils._GetKeyParameter(invalidHandle, 9U);
int num = (int)keyParameter[0] | (int)keyParameter[1] << 8 | (int)keyParameter[2] << 16 | (int)keyParameter[3] << 24;
if (keyType == CspAlgorithmType.Rsa && num != 41984 && num != 9216 || keyType == CspAlgorithmType.Dss && num != 8704)
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
internal byte[] SignHash(byte[] rgbHash, int calgHash)
{
this.GetKeyPair();
if (!this.CspKeyContainerInfo.RandomlyGenerated && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
return(Utils.SignValue(this._safeKeyHandle, this._parameters.KeyNumber, 9216, calgHash, rgbHash));
}
internal static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle hProv = CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
SetKeySetSecurityInfo(hProv, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
SetProviderParameter(hProv, parameters.KeyNumber, 10, parameters.ParentWindowHandle);
}
else if (parameters.KeyPassword != null)
{
IntPtr pbData = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
SetProviderParameter(hProv, parameters.KeyNumber, 11, pbData);
}
finally
{
if (pbData != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(pbData);
}
}
}
safeProvHandle = hProv;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int hr = _GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (hr != 0)
{
if (((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags) || (hr != -2146893811))
{
throw new CryptographicException(hr);
}
_GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] buffer = _GetKeyParameter(invalidHandle, 9);
int num2 = ((buffer[0] | (buffer[1] << 8)) | (buffer[2] << 0x10)) | (buffer[3] << 0x18);
if ((((keyType == CspAlgorithmType.Rsa) && (num2 != 0xa400)) && (num2 != 0x2400)) || ((keyType == CspAlgorithmType.Dss) && (num2 != 0x2200)))
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
internal static byte[] ExportCspBlobHelper(bool includePrivateParameters, CspParameters parameters, SafeKeyHandle safeKeyHandle)
{
if (includePrivateParameters && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Export);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
byte[] o = (byte[])null;
Utils.ExportCspBlob(safeKeyHandle, includePrivateParameters ? 7 : 6, JitHelpers.GetObjectHandleOnStack <byte[]>(ref o));
return(o);
}
internal static byte[] ExportCspBlobHelper(bool includePrivateParameters, CspParameters parameters, SafeKeyHandle safeKeyHandle)
{
if (includePrivateParameters)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Export);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
}
byte[] o = null;
ExportCspBlob(safeKeyHandle, includePrivateParameters ? 7 : 6, JitHelpers.GetObjectHandleOnStack <byte[]>(ref o));
return(o);
}
public void ComputeSignature(CmsSigner signer, bool silent)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (this.ContentInfo.Content.Length == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content"));
}
if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType)
{
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer"));
}
this.Sign(signer, silent);
}
else
{
if (signer.Certificate == null)
{
if (silent)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound"));
}
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
{
throw new CryptographicException(-2146893811);
}
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(SignedCms.SafeGetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
{
this.Sign(signer, silent);
}
else
{
this.CoSign(signer, silent);
}
}
}
public override DSAParameters ExportParameters(bool includePrivateParameters)
{
this.GetKeyPair();
if (includePrivateParameters)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Export);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
DSACspObject dsaCspObject = new DSACspObject();
Utils._ExportKey(this._safeKeyHandle, includePrivateParameters ? 7 : 6, (object)dsaCspObject);
return(DSACryptoServiceProvider.DSAObjectToStruct(dsaCspObject));
}
public override RSAParameters ExportParameters(bool includePrivateParameters)
{
this.GetKeyPair();
if (includePrivateParameters && !CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Export);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
RSACspObject rsaCspObject = new RSACspObject();
Utils._ExportKey(this._safeKeyHandle, includePrivateParameters ? 7 : 6, (object)rsaCspObject);
return(RSACryptoServiceProvider.RSAObjectToStruct(rsaCspObject));
}
public override RSAParameters ExportParameters(bool includePrivateParameters)
{
this.GetKeyPair();
if (includePrivateParameters)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Export);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
}
RSACspObject cspObject = new RSACspObject();
int blobType = includePrivateParameters ? 7 : 6;
Utils._ExportKey(this._safeKeyHandle, blobType, cspObject);
return RSAObjectToStruct(cspObject);
}
[System.Security.SecuritySafeCritical] // auto-generated
public override DSAParameters ExportParameters(bool includePrivateParameters)
{
GetKeyPair();
if (includePrivateParameters)
{
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Export);
kp.AccessEntries.Add(entry);
kp.Demand();
}
DSACspObject dsaCspObject = new DSACspObject();
int blobType = includePrivateParameters ? Constants.PRIVATEKEYBLOB : Constants.PUBLICKEYBLOB;
// _ExportKey will check for failures and throw an exception
Utils._ExportKey(_safeKeyHandle, blobType, dsaCspObject);
return(DSAObjectToStruct(dsaCspObject));
}
public void CopyTo(KeyContainerPermissionAccessEntry[] array, int index) {}
public void Remove(KeyContainerPermissionAccessEntry accessEntry) {}
public int IndexOf(KeyContainerPermissionAccessEntry accessEntry) {}
// Methods
public int Add(KeyContainerPermissionAccessEntry accessEntry) {}
public KeyContainerPermission(KeyContainerPermissionFlags flags, KeyContainerPermissionAccessEntry[] accessList) {}
