private static unsafe int DecodeSubjectPublicKeyInfo(
ReadOnlySpan <byte> source,
out Oid oid,
out AsnEncodedData parameters,
out AsnEncodedData keyValue)
{
fixed(byte *ptr = &MemoryMarshal.GetReference(source))
using (MemoryManager <byte> manager = new PointerMemoryManager <byte>(ptr, source.Length))
{
AsnValueReader reader = new AsnValueReader(source, AsnEncodingRules.DER);
int read;
SubjectPublicKeyInfoAsn spki;
try
{
read = reader.PeekEncodedValue().Length;
SubjectPublicKeyInfoAsn.Decode(ref reader, manager.Memory, out spki);
}
catch (AsnContentException e)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
}
oid = new Oid(spki.Algorithm.Algorithm, null);
parameters = new AsnEncodedData(spki.Algorithm.Parameters?.ToArray() ?? Array.Empty <byte>());
keyValue = new AsnEncodedData(spki.SubjectPublicKey.ToArray());
return(read);
}
}
public override unsafe void ImportRSAPublicKey(ReadOnlySpan <byte> source, out int bytesRead)
{
ThrowIfDisposed();
fixed(byte *ptr = &MemoryMarshal.GetReference(source))
{
using (MemoryManager <byte> manager = new PointerMemoryManager <byte>(ptr, source.Length))
{
AsnReader reader = new AsnReader(manager.Memory, AsnEncodingRules.BER);
ReadOnlyMemory <byte> firstElement = reader.PeekEncodedValue();
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn
{
Algorithm = new Oid(Oids.Rsa),
Parameters = AlgorithmIdentifierAsn.ExplicitDerNull,
},
SubjectPublicKey = firstElement,
};
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
spki.Encode(writer);
ImportSubjectPublicKeyInfo(writer.EncodeAsSpan(), out _);
}
bytesRead = firstElement.Length;
}
}
}
private static AsymmetricAlgorithm DecodeDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = new Oid(Oids.Dsa, null), Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
spki.Encode(writer);
DSA dsa = DSA.Create();
try
{
dsa.ImportSubjectPublicKeyInfo(writer.EncodeAsSpan(), out _);
return(dsa);
}
catch (Exception)
{
dsa.Dispose();
throw;
}
}
}
public virtual byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
// The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive
// of the DER structural bytes.
SubjectPublicKeyInfoAsn spki = default;
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = key.Oid !.Value !, Parameters = key.EncodedParameters.RawData
};
spki.SubjectPublicKey = key.EncodedKeyValue.RawData;
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
try
{
if (!writer.TryEncode(rented, out int bytesWritten))
{
Debug.Fail("TryEncode failed with a pre-allocated buffer");
throw new CryptographicException();
}
return(SHA1.HashData(rented.AsSpan(0, bytesWritten)));
}
finally
{
CryptoPool.Return(rented, clearSize: 0); // SubjectPublicKeyInfo is not sensitive.
}
}
private static DSA BuildDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = Oids.Dsa, Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
DSA dsa = new DSAOpenSsl();
try
{
dsa.ImportSubjectPublicKeyInfo(writer.Encode(), out _);
return(dsa);
}
catch (Exception)
{
dsa.Dispose();
throw;
}
}
private static DSA DecodeDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = Oids.Dsa, Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
int written = writer.Encode(rented);
DSA dsa = DSA.Create();
IDisposable?toDispose = dsa;
try
{
dsa.ImportSubjectPublicKeyInfo(rented.AsSpan(0, written), out _);
toDispose = null;
return(dsa);
}
finally
{
toDispose?.Dispose();
CryptoPool.Return(rented, written);
}
}
internal byte[] ToPkcs10Request(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm)
{
// State validation should be runtime checks if/when this becomes public API
Debug.Assert(signatureGenerator != null);
Debug.Assert(Subject != null);
Debug.Assert(PublicKey != null);
byte[] signatureAlgorithm = signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm);
AlgorithmIdentifierAsn signatureAlgorithmAsn;
// Deserialization also does validation of the value (except for Parameters, which have to be validated separately).
signatureAlgorithmAsn = AlgorithmIdentifierAsn.Decode(signatureAlgorithm, AsnEncodingRules.DER);
if (signatureAlgorithmAsn.Parameters.HasValue)
{
Helpers.ValidateDer(signatureAlgorithmAsn.Parameters.Value.Span);
}
SubjectPublicKeyInfoAsn spki = default;
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = PublicKey.Oid !.Value !, Parameters = PublicKey.EncodedParameters.RawData
};
spki.SubjectPublicKey = PublicKey.EncodedKeyValue.RawData;
var attributes = new AttributeAsn[Attributes.Count];
for (int i = 0; i < attributes.Length; i++)
{
attributes[i] = new AttributeAsn(Attributes[i]);
}
CertificationRequestInfoAsn requestInfo = new CertificationRequestInfoAsn
{
Version = 0,
Subject = this.Subject.RawData,
SubjectPublicKeyInfo = spki,
Attributes = attributes
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
requestInfo.Encode(writer);
byte[] encodedRequestInfo = writer.Encode();
writer.Reset();
CertificationRequestAsn certificationRequest = new CertificationRequestAsn
{
CertificationRequestInfo = requestInfo,
SignatureAlgorithm = signatureAlgorithmAsn,
SignatureValue = signatureGenerator.SignData(encodedRequestInfo, hashAlgorithm),
};
certificationRequest.Encode(writer);
return(writer.Encode());
}
}
private static void DecodeSubjectPublicKeyInfo(
ref SubjectPublicKeyInfoAsn spki,
out Oid oid,
out AsnEncodedData parameters,
out AsnEncodedData keyValue)
{
oid = new Oid(spki.Algorithm.Algorithm, null);
parameters = new AsnEncodedData(spki.Algorithm.Parameters.GetValueOrDefault().Span);
keyValue = new AsnEncodedData(spki.SubjectPublicKey.Span);
}
internal static PublicKey DecodeSubjectPublicKeyInfo(ref SubjectPublicKeyInfoAsn spki)
{
DecodeSubjectPublicKeyInfo(
ref spki,
out Oid oid,
out AsnEncodedData parameters,
out AsnEncodedData keyValue);
return(new PublicKey(oid, parameters, keyValue));
}
internal byte[] ToPkcs10Request(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm)
{
// State validation should be runtime checks if/when this becomes public API
Debug.Assert(signatureGenerator != null);
Debug.Assert(Subject != null);
Debug.Assert(PublicKey != null);
byte[] signatureAlgorithm = signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm);
AlgorithmIdentifierAsn signatureAlgorithmAsn;
// Deserialization also does validation of the value (except for Parameters, which have to be validated separately).
signatureAlgorithmAsn = AlgorithmIdentifierAsn.Decode(signatureAlgorithm, AsnEncodingRules.DER);
if (signatureAlgorithmAsn.Parameters.HasValue)
{
Helpers.ValidateDer(signatureAlgorithmAsn.Parameters.Value);
}
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn();
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = PublicKey.Oid, Parameters = PublicKey.EncodedParameters.RawData
};
spki.SubjectPublicKey = PublicKey.EncodedKeyValue.RawData;
CertificationRequestInfoAsn requestInfo = new CertificationRequestInfoAsn
{
Version = 0,
Subject = this.Subject.RawData,
SubjectPublicKeyInfo = spki,
Attributes = Attributes.Select(a => new AttributeAsn(a)).ToArray(),
};
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
using (AsnWriter signedWriter = new AsnWriter(AsnEncodingRules.DER))
{
requestInfo.Encode(writer);
byte[] encodedRequestInfo = writer.Encode();
CertificationRequestAsn certificationRequest = new CertificationRequestAsn
{
CertificationRequestInfo = requestInfo,
SignatureAlgorithm = signatureAlgorithmAsn,
SignatureValue = signatureGenerator.SignData(encodedRequestInfo, hashAlgorithm),
};
certificationRequest.Encode(signedWriter);
return(signedWriter.Encode());
}
}
public override unsafe void ImportRSAPublicKey(ReadOnlySpan <byte> source, out int bytesRead)
{
ThrowIfDisposed();
fixed(byte *ptr = &MemoryMarshal.GetReference(source))
{
using (MemoryManager <byte> manager = new PointerMemoryManager <byte>(ptr, source.Length))
{
ReadOnlyMemory <byte> subjectPublicKey;
try
{
AsnReader reader = new AsnReader(manager.Memory, AsnEncodingRules.BER);
subjectPublicKey = reader.PeekEncodedValue();
}
catch (AsnContentException e)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
}
// Decoding the key on Android requires the encoded SubjectPublicKeyInfo,
// not just the SubjectPublicKey, so we construct one.
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn
{
Algorithm = Oids.Rsa,
Parameters = AlgorithmIdentifierAsn.ExplicitDerNull,
},
SubjectPublicKey = subjectPublicKey,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
SafeRsaHandle key = Interop.AndroidCrypto.DecodeRsaSubjectPublicKeyInfo(writer.Encode());
if (key is null || key.IsInvalid)
{
key?.Dispose();
throw new CryptographicException();
}
FreeKey();
_key = new Lazy <SafeRsaHandle>(key);
SetKeySizeFromHandle(key);
bytesRead = subjectPublicKey.Length;
}
}
}
private AsnWriter EncodeSubjectPublicKeyInfo()
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn
{
Algorithm = _oid.Value ?? string.Empty,
Parameters = EncodedParameters.RawData,
},
SubjectPublicKey = EncodedKeyValue.RawData,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
return(writer);
}
private static DSA BuildDsaPublicKey(byte[] encodedKey, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = new Oid(Oids.Dsa), Parameters = encodedParameters
},
SubjectPublicKey = encodedKey,
};
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
DSA dsa = new DSAOpenSsl();
spki.Encode(writer);
dsa.ImportSubjectPublicKeyInfo(writer.EncodeAsSpan(), out _);
return(dsa);
}
}
public virtual byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
// The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive
// of the DER structural bytes.
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn();
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = key.Oid, Parameters = key.EncodedParameters.RawData
};
spki.SubjectPublicKey = key.EncodedKeyValue.RawData;
using (AsnWriter writer = AsnSerializer.Serialize(spki, AsnEncodingRules.DER))
using (SHA1 hash = SHA1.Create())
{
return(hash.ComputeHash(writer.Encode()));
}
}
private static AsymmetricAlgorithm DecodeDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = Oids.Dsa, Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
if (!writer.TryEncode(rented, out int written))
{
Debug.Fail("TryEncode failed with a pre-allocated buffer");
throw new InvalidOperationException();
}
DSA dsa = DSA.Create();
IDisposable?toDispose = dsa;
try
{
dsa.ImportSubjectPublicKeyInfo(rented.AsSpan(0, written), out _);
toDispose = null;
return(dsa);
}
finally
{
toDispose?.Dispose();
CryptoPool.Return(rented, written);
}
}