public Gost28147SymmetricAlgorithm()
{
Mode = CipherMode.CFB;
Padding = PaddingMode.None;
_provHandle = SafeProvHandleImpl.InvalidHandle;
_keyHandle = SafeKeyHandleImpl.InvalidHandle;
}
public Gost3410EphemeralAsymmetricAlgorithm(GostKeyExchangeParameters keyParameters)
{
if (keyParameters == null)
{
throw ExceptionUtility.ArgumentNull("keyParameters");
}
_provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
_keyHandle = CryptoApiHelper.GenerateDhEphemeralKey(_provHandle, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
}
public Gost28147SymmetricAlgorithm(IntPtr provHandle, IntPtr keyHandle)
: this()
{
_provHandle = new SafeProvHandleImpl(provHandle, true);
_keyHandle = CryptoApiHelper.DuplicateKey(keyHandle);
if (CryptoApiHelper.GetKeyParameterInt32(_keyHandle, Constants.KP_ALGID) != Constants.CALG_G28147)
{
throw ExceptionUtility.Argument("keyHandle", Resources.RequiredGost28147);
}
}
internal Gost28147SymmetricAlgorithm(SafeProvHandleImpl provHandle, SafeKeyHandleImpl keyHandle)
: this()
{
_provHandle = provHandle.DangerousAddRef();
_keyHandle = CryptoApiHelper.DuplicateKey(keyHandle);
if (CryptoApiHelper.GetKeyParameterInt32(_keyHandle, Constants.KP_ALGID) != Constants.CALG_G28147)
{
throw ExceptionUtility.Argument("keyHandle", Resources.RequiredGost28147);
}
}
public static void SetProviderParameter(SafeProvHandleImpl providerHandle, int keyNumber, uint keyParamId, IntPtr keyParamValue)
{
if ((keyParamId == Constants.PP_KEYEXCHANGE_PIN) || (keyParamId == Constants.PP_SIGNATURE_PIN))
{
if (keyNumber == Constants.AT_KEYEXCHANGE)
{
keyParamId = Constants.PP_KEYEXCHANGE_PIN;
}
else if (keyNumber == Constants.AT_SIGNATURE)
{
keyParamId = Constants.PP_SIGNATURE_PIN;
}
else
{
throw ExceptionUtility.NotSupported(Resources.KeyAlgorithmNotSupported);
}
}
if (!CryptoApi.CryptSetProvParam(providerHandle, keyParamId, keyParamValue, 0))
{
throw CreateWin32Error();
}
}
public static byte[] SignValue(SafeProvHandleImpl hProv, int keyNumber, byte[] hashValue)
{
using (var hashHandle = SetupHashAlgorithm(hProv, hashValue))
{
uint signatureLength = 0;
// Вычисление размера подписи
if (!CryptoApi.CryptSignHash(hashHandle, (uint)keyNumber, null, 0, null, ref signatureLength))
{
throw CreateWin32Error();
}
var signatureValue = new byte[signatureLength];
// Вычисление значения подписи
if (!CryptoApi.CryptSignHash(hashHandle, (uint)keyNumber, null, 0, signatureValue, ref signatureLength))
{
throw CreateWin32Error();
}
return(signatureValue);
}
}
private static SafeHashHandleImpl SetupHashAlgorithm(SafeProvHandleImpl providerHandle, byte[] hashValue)
{
var hashHandle = CreateHash_3411_94(providerHandle);
uint hashLength = 0;
if (!CryptoApi.CryptGetHashParam(hashHandle, Constants.HP_HASHVAL, null, ref hashLength, 0))
{
throw CreateWin32Error();
}
if (hashValue.Length != hashLength)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_HASH);
}
if (!CryptoApi.CryptSetHashParam(hashHandle, Constants.HP_HASHVAL, hashValue, 0))
{
throw CreateWin32Error();
}
return(hashHandle);
}
private static SafeHashHandleImpl SetupHashAlgorithm(SafeProvHandleImpl providerHandle, byte[] hashValue, GostAlgorithmType alg)
{
SafeHashHandleImpl hashHandle;
if (alg == GostAlgorithmType.Gost2012_256)
{
hashHandle = CreateHash_3411_2012_256(providerHandle);
}
else if (alg == GostAlgorithmType.Gost2012_512)
{
hashHandle = CreateHash_3411_2012_512(providerHandle);
}
else
{
hashHandle = CreateHash_3411_94(providerHandle);
}
//uint hashLength = 0;
//if (!CryptoApi.CryptGetHashParam(hashHandle, Constants.HP_HASHVAL, null, ref hashLength, 0))
//{
// throw CreateWin32Error();
//}
//if (hashValue.Length != hashLength)
//{
// throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_HASH);
//}
if (!CryptoApi.CryptSetHashParam(hashHandle, Constants.HP_HASHVAL, hashValue, 0))
{
throw CreateWin32Error();
}
return(hashHandle);
}
public static SafeKeyHandleImpl GenerateDhEphemeralKey(ProviderType providerType, SafeProvHandleImpl providerHandle, int algId, string digestParamSet, string publicKeyParamSet)
{
var keyHandle = SafeKeyHandleImpl.InvalidHandle;
var dwFlags = MapCspKeyFlags(CspProviderFlags.NoFlags) | Constants.CRYPT_PREGEN;
if (!CryptoApi.CryptGenKey(providerHandle, (uint)algId, dwFlags, ref keyHandle))
{
throw CreateWin32Error();
}
if (!providerType.IsVipNet())
{
SetKeyParameterString(keyHandle, Constants.KP_HASHOID, digestParamSet);
}
SetKeyParameterString(keyHandle, Constants.KP_DHOID, publicKeyParamSet);
SetKeyParameter(keyHandle, Constants.KP_X, null);
return(keyHandle);
}
public static SafeHashHandleImpl CreateHashHMAC_2012_512(ProviderType providerType, SafeProvHandleImpl providerHandle, SafeKeyHandleImpl symKeyHandle)
{
var hmacAlgId = providerType.IsVipNet() ? Constants.CALG_GR3411_2012_512 : Constants.CALG_GR3411_2012_512_HMAC;
return(CreateHashHMAC(providerHandle, symKeyHandle, hmacAlgId));
}
private static void GetKeyPairValue(CspParameters providerParams, bool randomKeyContainer, out SafeProvHandleImpl providerHandle, out SafeKeyHandleImpl keyHandle)
{
SafeProvHandleImpl resultProviderHandle = null;
SafeKeyHandleImpl resultKeyHandle = null;
try
{
resultProviderHandle = CreateProviderHandle(providerParams, randomKeyContainer);
if (providerParams.ParentWindowHandle != IntPtr.Zero)
{
CryptoApiHelper.SetProviderParameter(resultProviderHandle, providerParams.KeyNumber, Constants.PP_CLIENT_HWND, providerParams.ParentWindowHandle);
}
else if (providerParams.KeyPassword != null)
{
SetSignatureKeyPassword(resultProviderHandle, providerParams.KeyPassword, providerParams.KeyNumber);
}
try
{
resultKeyHandle = CryptoApiHelper.GetUserKey(resultProviderHandle, providerParams.KeyNumber);
}
catch (Exception exception)
{
var errorCode = Marshal.GetHRForException(exception);
if (errorCode != 0)
{
if (((providerParams.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags) || (errorCode != Constants.NTE_NO_KEY))
{
throw;
}
resultKeyHandle = CryptoApiHelper.GenerateKey(resultProviderHandle, providerParams.KeyNumber, providerParams.Flags);
}
}
var keyAlgIdInverted = CryptoApiHelper.GetKeyParameter(resultKeyHandle, Constants.KP_ALGID);
var keyAlgId = keyAlgIdInverted[0] | (keyAlgIdInverted[1] << 8) | (keyAlgIdInverted[2] << 16) | (keyAlgIdInverted[3] << 24);
if ((keyAlgId != Constants.CALG_DH_EL_SF) && (keyAlgId != Constants.CALG_GR3410EL))
{
throw ExceptionUtility.NotSupported(Resources.KeyAlgorithmNotSupported);
}
}
catch (Exception)
{
if (resultProviderHandle != null)
{
resultProviderHandle.Close();
}
if (resultKeyHandle != null)
{
resultKeyHandle.Close();
}
throw;
}
providerHandle = resultProviderHandle;
keyHandle = resultKeyHandle;
}
public static extern bool CryptSetProvParam([In] SafeProvHandleImpl hProv, [In] uint dwParam, [In] IntPtr pbData, [In] uint dwFlags);
public static extern bool CryptGetProvParam([In] SafeProvHandleImpl hProv, [In] uint dwParam, [MarshalAs(UnmanagedType.LPStr)] StringBuilder pbData, ref uint dwDataLen, uint dwFlags);
public static extern bool CryptAcquireContext([In][Out] ref SafeProvHandleImpl hProv, [In] string pszContainer, [In] string pszProvider, [In] uint dwProvType, [In] uint dwFlags);
public static extern bool CryptDeriveKey([In] SafeProvHandleImpl hProv, [In] uint Algid, [In] SafeHashHandleImpl hBaseData, [In] uint dwFlags, [In][Out] ref SafeKeyHandleImpl phKey);
public override void GenerateKey()
{
_provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
_keyHandle = CryptoApiHelper.GenerateKey(_provHandle, Constants.CALG_G28147, CspProviderFlags.NoFlags);
KeyValue = null;
KeySizeValue = DefaultKeySize;
}
public void DeriveFromPassword(byte[] password)
{
var provider = CreateFromPassword(password);
_keyHandle.TryDispose();
_provHandle.TryDispose();
_keyHandle = provider._keyHandle;
_provHandle = provider._provHandle;
provider._keyHandle = SafeKeyHandleImpl.InvalidHandle;
provider._provHandle = SafeProvHandleImpl.InvalidHandle;
}
public void ImportCspBlob(byte[] importedKeyBytes)
{
if (importedKeyBytes == null)
{
throw ExceptionUtility.ArgumentNull("importedKeyBytes");
}
if (!IsPublicKeyBlob(importedKeyBytes))
{
throw ExceptionUtility.Argument("importedKeyBytes", Resources.UserImportBulkBlob);
}
var hProv = CryptoApiHelper.ProviderHandle;
SafeKeyHandleImpl hKey;
_providerParameters.KeyNumber = CryptoApiHelper.ImportCspBlob(importedKeyBytes, hProv, SafeKeyHandleImpl.InvalidHandle, out hKey);
_providerHandle = hProv;
_keyHandle = hKey;
_isPublicKeyOnly = true;
}
private void GetKeyPair()
{
if (_keyHandle == null)
{
lock (this)
{
if (_keyHandle == null)
{
SafeProvHandleImpl providerHandle;
SafeKeyHandleImpl keyHandle;
GetKeyPairValue(_providerParameters, _isRandomKeyContainer, out providerHandle, out keyHandle);
_providerHandle = providerHandle;
_keyHandle = keyHandle;
_isPersistentKey = true;
}
}
}
}
private static void SetSignatureKeyPassword(SafeProvHandleImpl hProv, SecureString keyPassword, int keyNumber)
{
if (keyPassword == null)
{
throw ExceptionUtility.ArgumentNull("keyPassword");
}
var keyPasswordData = Marshal.SecureStringToCoTaskMemAnsi(keyPassword);
try
{
CryptoApiHelper.SetProviderParameter(hProv, keyNumber, Constants.PP_SIGNATURE_PIN, keyPasswordData);
}
finally
{
if (keyPasswordData != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(keyPasswordData);
}
}
}
public static extern bool CryptGenKey([In] SafeProvHandleImpl hProv, [In] uint Algid, [In] uint dwFlags, [In][Out] ref SafeKeyHandleImpl phKey);
public static extern bool CryptGetUserKey([In] SafeProvHandleImpl hProv, [In] uint dwKeySpec, [In][Out] ref SafeKeyHandleImpl phUserKey);
public Gost3410EphemeralAsymmetricAlgorithm()
{
_provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
_keyHandle = CryptoApiHelper.GenerateKey(_provHandle, Constants.CALG_DH_EL_EPHEM, CspProviderFlags.NoFlags);
}
public static extern bool CryptImportKey([In] SafeProvHandleImpl hCryptProv, [In] byte[] pbData, [In] uint dwDataLen, [In] SafeKeyHandleImpl hPubKey, [In] uint dwFlags, [In][Out] ref SafeKeyHandleImpl phKey);
public static SafeKeyHandleImpl ImportBulkSessionKey(ProviderType providerType, SafeProvHandleImpl providerHandle, byte[] bulkSessionKey, RNGCryptoServiceProvider randomNumberGenerator)
{
if (bulkSessionKey == null)
{
throw ExceptionUtility.ArgumentNull(nameof(bulkSessionKey));
}
if (randomNumberGenerator == null)
{
throw ExceptionUtility.ArgumentNull(nameof(randomNumberGenerator));
}
var hSessionKey = SafeKeyHandleImpl.InvalidHandle;
if (!CryptoApi.CryptGenKey(providerHandle, Constants.CALG_G28147, 0, ref hSessionKey))
{
throw CreateWin32Error();
}
var keyWrap = new Gost_28147_89_KeyExchangeInfo {
EncryptedKey = new byte[32]
};
Array.Copy(bulkSessionKey, keyWrap.EncryptedKey, 32);
SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_ECB);
SetKeyParameterInt32(hSessionKey, Constants.KP_ALGID, Constants.CALG_G28147);
SetKeyParameterInt32(hSessionKey, Constants.KP_PADDING, Constants.ZERO_PADDING);
uint sessionKeySize = 32;
if (!CryptoApi.CryptEncrypt(hSessionKey, SafeHashHandleImpl.InvalidHandle, true, 0, keyWrap.EncryptedKey, ref sessionKeySize, sessionKeySize))
{
throw CreateWin32Error();
}
SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_CFB);
var hashHandle = CreateHashImit(providerHandle, hSessionKey);
keyWrap.Ukm = new byte[8];
randomNumberGenerator.GetBytes(keyWrap.Ukm);
if (!CryptoApi.CryptSetHashParam(hashHandle, Constants.HP_HASHSTARTVECT, keyWrap.Ukm, 0))
{
throw CreateWin32Error();
}
if (!CryptoApi.CryptHashData(hashHandle, bulkSessionKey, 32, 0))
{
throw CreateWin32Error();
}
keyWrap.Mac = EndHashData(hashHandle);
keyWrap.EncryptionParamSet = GetKeyParameterString(hSessionKey, Constants.KP_CIPHEROID);
SetKeyExchangeExportAlgId(providerType, hSessionKey, Constants.CALG_SIMPLE_EXPORT);
SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_ECB);
SetKeyParameterInt32(hSessionKey, Constants.KP_PADDING, Constants.ZERO_PADDING);
return(ImportKeyExchange(providerHandle, keyWrap, hSessionKey));
}
public static extern bool CryptGetProvParam([In] SafeProvHandleImpl hProv, [In] uint dwParam, [In][Out] byte[] pbData, ref uint dwDataLen, [In] uint dwFlags);
public static bool VerifySign(SafeProvHandleImpl providerHandle, SafeHashHandleImpl hashHandle, SafeKeyHandleImpl keyHandle, byte[] hashValue, byte[] signatureValue)
{
SetHashValue(hashHandle, hashValue);
return(CryptoApi.CryptVerifySignature(hashHandle, signatureValue, (uint)signatureValue.Length, keyHandle, null, 0));
}
public static extern bool CryptGetProvParam([In] SafeProvHandleImpl hProv, [In] uint dwParam, [MarshalAs(UnmanagedType.U8)] long pbData, ref uint dwDataLen, uint dwFlags);
public static SafeHashHandleImpl CreateHash_3411_2012_512(SafeProvHandleImpl providerHandle)
{
return(CreateHash_3411(providerHandle, Constants.CALG_GR3411_2012_512));
}
public static extern bool CryptCreateHash([In] SafeProvHandleImpl hProv, [In] uint Algid, [In] SafeKeyHandleImpl hKey, [In] uint dwFlags, [In][Out] ref SafeHashHandleImpl phHash);
public override void ImportParameters(GostKeyExchangeParameters keyParameters)
{
if (keyParameters.PrivateKey != null)
{
throw ExceptionUtility.NotSupported(Resources.UserImportBulkKeyNotSupported);
}
_keyHandle.TryDispose();
_providerHandle = CryptoApiHelper.ProviderHandle;
_keyHandle = CryptoApiHelper.ImportPublicKey(_providerHandle, new GostKeyExchangeParameters(keyParameters));
_isPublicKeyOnly = true;
}
