private static unsafe byte[] ExtractBignum(SafeBignumHandle bignum, int targetSize)
{
if (bignum == null || bignum.IsInvalid)
{
return null;
}
int compactSize = GetBigNumBytes(bignum);
if (targetSize < compactSize)
{
targetSize = compactSize;
}
// OpenSSL BIGNUM values do not record leading zeroes.
// Windows Crypt32 does.
//
// Since RSACryptoServiceProvider already checks that RSAParameters.DP.Length is
// exactly half of RSAParameters.Modulus.Length, we need to left-pad (big-endian)
// the array with zeroes.
int offset = targetSize - compactSize;
byte[] buf = new byte[targetSize];
fixed (byte* to = buf)
{
byte* start = to + offset;
BigNumToBinary(bignum, start);
}
return buf;
}
internal static byte[] ExtractBignum(IntPtr bignum, int targetSize)
{
// Given that the only reference held to bignum is an IntPtr, create an unowned SafeHandle
// to ensure that we don't destroy the key after extraction.
using (SafeBignumHandle handle = new SafeBignumHandle(bignum, ownsHandle: false))
{
return ExtractBignum(handle, targetSize);
}
}
internal static extern int RSA_generate_key_ex(SafeRsaHandle rsa, int bits, SafeBignumHandle e, IntPtr zero);
internal static extern int RsaGenerateKeyEx(SafeRsaHandle rsa, int bits, SafeBignumHandle e);
private static extern unsafe int BigNumToBinary(SafeBignumHandle a, byte* to);
private static extern int GetBigNumBytes(SafeBignumHandle a);
internal static ECParameters GetECCurveParameters(
SafeEcKeyHandle key,
bool includePrivate)
{
ECCurve.ECCurveType curveType;
SafeBignumHandle qx_bn, qy_bn, p_bn, a_bn, b_bn, gx_bn, gy_bn, order_bn, cofactor_bn, seed_bn;
IntPtr d_bn_not_owned;
int qx_cb, qy_cb, p_cb, a_cb, b_cb, gx_cb, gy_cb, order_cb, cofactor_cb, seed_cb, d_cb;
bool refAdded = false;
try
{
key.DangerousAddRef(ref refAdded); // Protect access to d_bn_not_owned
if (!CryptoNative_GetECCurveParameters(
key,
includePrivate,
out curveType,
out qx_bn, out qx_cb,
out qy_bn, out qy_cb,
out d_bn_not_owned, out d_cb,
out p_bn, out p_cb,
out a_bn, out a_cb,
out b_bn, out b_cb,
out gx_bn, out gx_cb,
out gy_bn, out gy_cb,
out order_bn, out order_cb,
out cofactor_bn, out cofactor_cb,
out seed_bn, out seed_cb))
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
using (qx_bn)
using (qy_bn)
using (p_bn)
using (a_bn)
using (b_bn)
using (gx_bn)
using (gy_bn)
using (order_bn)
using (cofactor_bn)
using (seed_bn)
using (var d_h = new SafeBignumHandle(d_bn_not_owned, false))
{
int cbFieldLength;
int pFieldLength;
if (curveType == ECCurve.ECCurveType.Characteristic2)
{
// Match Windows semantics where a,b,gx,gy,qx,qy have same length
// Treat length of m separately as it is not tied to other fields for Char2 (Char2 not supported by Windows)
cbFieldLength = GetMax(new[] { a_cb, b_cb, gx_cb, gy_cb, qx_cb, qy_cb });
pFieldLength = p_cb;
}
else
{
// Match Windows semantics where p,a,b,gx,gy,qx,qy have same length
cbFieldLength = GetMax(new[] { p_cb, a_cb, b_cb, gx_cb, gy_cb, qx_cb, qy_cb });
pFieldLength = cbFieldLength;
}
// Match Windows semantics where order and d have same length
int cbSubgroupOrder = GetMax(order_cb, d_cb);
// Copy values to ECParameters
ECParameters parameters = new ECParameters();
parameters.Q = new ECPoint
{
X = Crypto.ExtractBignum(qx_bn, cbFieldLength),
Y = Crypto.ExtractBignum(qy_bn, cbFieldLength)
};
parameters.D = d_cb == 0 ? null : Crypto.ExtractBignum(d_h, cbSubgroupOrder);
var curve = parameters.Curve;
curve.CurveType = curveType;
curve.A = Crypto.ExtractBignum(a_bn, cbFieldLength);
curve.B = Crypto.ExtractBignum(b_bn, cbFieldLength);
curve.G = new ECPoint
{
X = Crypto.ExtractBignum(gx_bn, cbFieldLength),
Y = Crypto.ExtractBignum(gy_bn, cbFieldLength)
};
curve.Order = Crypto.ExtractBignum(order_bn, cbSubgroupOrder);
if (curveType == ECCurve.ECCurveType.Characteristic2)
{
curve.Polynomial = Crypto.ExtractBignum(p_bn, pFieldLength);
}
else
{
curve.Prime = Crypto.ExtractBignum(p_bn, pFieldLength);
}
// Optional parameters
curve.Cofactor = cofactor_cb == 0 ? null : Crypto.ExtractBignum(cofactor_bn, cofactor_cb);
curve.Seed = seed_cb == 0 ? null : Crypto.ExtractBignum(seed_bn, seed_cb);
parameters.Curve = curve;
return parameters;
}
}
finally
{
if (refAdded)
key.DangerousRelease();
}
}
private static extern bool CryptoNative_GetECKeyParameters(
SafeEcKeyHandle key,
bool includePrivate,
out SafeBignumHandle qx_bn, out int x_cb,
out SafeBignumHandle qy_bn, out int y_cb,
out IntPtr d_bn_not_owned, out int d_cb);
private static extern bool CryptoNative_GetECCurveParameters(
SafeEcKeyHandle key,
bool includePrivate,
out ECCurve.ECCurveType curveType,
out SafeBignumHandle qx, out int x_cb,
out SafeBignumHandle qy, out int y_cb,
out IntPtr d_bn_not_owned, out int d_cb,
out SafeBignumHandle p, out int P_cb,
out SafeBignumHandle a, out int A_cb,
out SafeBignumHandle b, out int B_cb,
out SafeBignumHandle gx, out int Gx_cb,
out SafeBignumHandle gy, out int Gy_cb,
out SafeBignumHandle order, out int order_cb,
out SafeBignumHandle cofactor, out int cofactor_cb,
out SafeBignumHandle seed, out int seed_cb);
internal static ECParameters GetECKeyParameters(
SafeEcKeyHandle key,
bool includePrivate)
{
SafeBignumHandle qx_bn, qy_bn, d_bn;
IntPtr d_bn_not_owned;
int qx_cb, qy_cb, d_cb;
ECParameters parameters = new ECParameters();
bool refAdded = false;
try
{
key.DangerousAddRef(ref refAdded); // Protect access to d_bn_not_owned
if (!CryptoNative_GetECKeyParameters(
key,
includePrivate,
out qx_bn, out qx_cb,
out qy_bn, out qy_cb,
out d_bn_not_owned, out d_cb))
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
using (qx_bn)
using (qy_bn)
using (d_bn = new SafeBignumHandle(d_bn_not_owned, false))
{
// Match Windows semantics where qx, qy, and d have same length
int cbKey = GetMax(qx_cb, qy_cb, d_cb);
parameters.Q = new ECPoint
{
X = Crypto.ExtractBignum(qx_bn, cbKey),
Y = Crypto.ExtractBignum(qy_bn, cbKey)
};
parameters.D = d_cb == 0 ? null : Crypto.ExtractBignum(d_bn, cbKey);
}
}
finally
{
if (refAdded)
key.DangerousRelease();
}
return parameters;
}
/// <summary>
/// Returns the number of bytes needed to export a BIGNUM.
/// </summary>
/// <remarks>This is a macro in bn.h, expanded here.</remarks>
private static int BN_num_bytes(SafeBignumHandle a)
{
return (BN_num_bits(a) + 7) / 8;
}
private static extern int BN_num_bits(SafeBignumHandle a);
private static extern unsafe int BN_bn2bin(SafeBignumHandle a, byte* to);
