internal static byte[] ToPrivateKeyBlob(this ECParameters parameters)
{
parameters.Validate();
if (!parameters.Curve.IsNamed)
{
throw new PlatformNotSupportedException(SR.Cryptography_ECC_NamedCurvesOnly);
}
byte[] pointBlob = GetPointBlob(ref parameters);
// ECPrivateKey{CURVES:IOSet} ::= SEQUENCE {
// version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
// privateKey OCTET STRING,
// parameters [0] Parameters{{IOSet}} OPTIONAL,
// publicKey [1] BIT STRING OPTIONAL
// }
return(DerEncoder.ConstructSequence(
s_encodedVersion1,
DerEncoder.SegmentedEncodeOctetString(parameters.D),
DerEncoder.ConstructSegmentedContextSpecificValue(
0,
DerEncoder.SegmentedEncodeOid(parameters.Curve.Oid)),
DerEncoder.ConstructSegmentedContextSpecificValue(
1,
DerEncoder.SegmentedEncodeBitString(pointBlob))));
}
/// <summary>
/// ImportParameters will replace the existing key that ECDsaOpenSsl is working with by creating a
/// new key. If the parameters contains only Q, then only a public key will be imported.
/// If the parameters also contains D, then a full key pair will be imported.
/// The parameters Curve value specifies the type of the curve to import.
/// </summary>
/// <param name="parameters">The curve parameters.</param>
/// <exception cref="CryptographicException">
/// if <paramref name="parameters" /> does not contain valid values.
/// </exception>
/// <exception cref="NotSupportedException">
/// if <paramref name="parameters" /> references a curve that cannot be imported.
/// </exception>
/// <exception cref="PlatformNotSupportedException">
/// if <paramref name="parameters" /> references a curve that is not supported by this platform.
/// </exception>
public override void ImportParameters(ECParameters parameters)
{
SafeEcKeyHandle key;
parameters.Validate();
if (parameters.Curve.IsPrime)
{
key = ImportPrimeCurveParameters(parameters);
}
else if (parameters.Curve.IsCharacteristic2)
{
key = ImportCharacteristic2CurveParameters(parameters);
}
else if (parameters.Curve.IsNamed)
{
key = ImportNamedCurveParameters(parameters);
}
else
{
throw new PlatformNotSupportedException(string.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString()));
}
if (key == null || key.IsInvalid)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
SetKey(key);
}
/// <summary>
/// ImportParameters will replace the existing key that ECDsaCng is working with by creating a
/// new CngKey. If the parameters contains only Q, then only a public key will be imported.
/// If the parameters also contains D, then a full key pair will be imported.
/// The parameters Curve value specifies the type of the curve to import.
/// </summary>
/// <exception cref="CryptographicException">
/// if <paramref name="parameters" /> does not contain valid values.
/// </exception>
/// <exception cref="NotSupportedException">
/// if <paramref name="parameters" /> references a curve that cannot be imported.
/// </exception>
/// <exception cref="PlatformNotSupportedException">
/// if <paramref name="parameters" /> references a curve that is not supported by this platform.
/// </exception>
public override void ImportParameters(ECParameters parameters)
{
parameters.Validate();
ThrowIfDisposed();
ECCurve curve = parameters.Curve;
bool includePrivateParameters = (parameters.D != null);
if (curve.IsPrime)
{
byte[] ecExplicitBlob = ECCng.GetPrimeCurveBlob(ref parameters, ecdh: false);
ImportFullKeyBlob(ecExplicitBlob, includePrivateParameters);
}
else if (curve.IsNamed)
{
// FriendlyName is required; an attempt was already made to default it in ECCurve
if (string.IsNullOrEmpty(curve.Oid.FriendlyName))
{
throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_InvalidCurveOid, curve.Oid.Value.ToString()));
}
byte[] ecNamedCurveBlob = ECCng.GetNamedCurveBlob(ref parameters, ecdh: false);
ImportKeyBlob(ecNamedCurveBlob, curve.Oid.FriendlyName, includePrivateParameters);
}
else
{
throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_CurveNotSupported, curve.CurveType.ToString()));
}
}
public int ImportParameters(ECParameters parameters)
{
SafeEcKeyHandle key;
parameters.Validate();
if (parameters.Curve.IsPrime)
{
key = ImportPrimeCurveParameters(parameters);
}
else if (parameters.Curve.IsCharacteristic2)
{
key = ImportCharacteristic2CurveParameters(parameters);
}
else if (parameters.Curve.IsNamed)
{
key = ImportNamedCurveParameters(parameters);
}
else
{
throw new PlatformNotSupportedException(
SR.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString()));
}
if (key == null || key.IsInvalid)
{
key?.Dispose();
throw new CryptographicException();
}
FreeKey();
_key = new Lazy <SafeEcKeyHandle>(key);
return(KeySize);
}
/// <summary>
/// ImportParameters will replace the existing key that ECDsaOpenSsl is working with by creating a
/// new key. If the parameters contains only Q, then only a public key will be imported.
/// If the parameters also contains D, then a full key pair will be imported.
/// The parameters Curve value specifies the type of the curve to import.
/// </summary>
/// <param name="parameters">The curve parameters.</param>
/// <exception cref="CryptographicException">
/// if <paramref name="parameters" /> does not contain valid values.
/// </exception>
/// <exception cref="NotSupportedException">
/// if <paramref name="parameters" /> references a curve that cannot be imported.
/// </exception>
/// <exception cref="PlatformNotSupportedException">
/// if <paramref name="parameters" /> references a curve that is not supported by this platform.
/// </exception>
public override void ImportParameters(ECParameters parameters)
{
SafeEcKeyHandle key;
parameters.Validate();
if (parameters.Curve.IsPrime)
{
key = ImportPrimeCurveParameters(parameters);
}
else if (parameters.Curve.IsCharacteristic2)
{
key = ImportCharacteristic2CurveParameters(parameters);
}
else if (parameters.Curve.IsNamed)
{
key = ImportNamedCurveParameters(parameters);
}
else
{
throw new PlatformNotSupportedException(string.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString()));
}
if (key == null || key.IsInvalid)
throw Interop.Crypto.CreateOpenSslCryptographicException();
SetKey(key);
}
/// <summary>
/// Convert a key to XML
/// </summary>
internal static string ToXml(ECParameters parameters, bool isEcdh)
{
Contract.Ensures(Contract.Result <String>() != null);
parameters.Validate();
StringBuilder keyXml = new StringBuilder();
XmlWriterSettings settings = new XmlWriterSettings();
settings.Indent = true;
settings.IndentChars = " ";
settings.OmitXmlDeclaration = true;
using (XmlWriter writer = XmlWriter.Create(keyXml, settings)) {
// The root element depends upon the type of key
string rootElement = isEcdh ? ECDHRoot : ECDsaRoot;
writer.WriteStartElement(rootElement, Namespace);
WriteDomainParameters(writer, ref parameters);
WritePublicKeyValue(writer, ref parameters);
writer.WriteEndElement(); // root element
}
return(keyXml.ToString());
}
internal int ImportParameters(ECParameters parameters)
{
parameters.Validate();
ThrowIfDisposed();
bool isPrivateKey = parameters.D != null;
bool hasPublicParameters = parameters.Q.X != null && parameters.Q.Y != null;
SecKeyPair newKeys;
if (isPrivateKey)
{
// Start with the private key, in case some of the private key fields don't
// match the public key fields and the system determines an integrity failure.
//
// Public import should go off without a hitch.
SafeSecKeyRefHandle privateKey = ImportKey(parameters);
ECParameters publicOnly;
if (hasPublicParameters)
{
publicOnly = parameters;
publicOnly.D = null;
}
else
{
publicOnly = ExportPublicParametersFromPrivateKey(privateKey);
}
SafeSecKeyRefHandle publicKey;
try
{
publicKey = ImportKey(publicOnly);
}
catch
{
privateKey.Dispose();
throw;
}
newKeys = SecKeyPair.PublicPrivatePair(publicKey, privateKey);
}
else
{
SafeSecKeyRefHandle publicKey = ImportKey(parameters);
newKeys = SecKeyPair.PublicOnly(publicKey);
}
int size = GetKeySize(newKeys);
SetKey(newKeys);
return(size);
}
internal int ImportParameters(ECParameters parameters)
{
parameters.Validate();
ThrowIfDisposed();
if (!parameters.Curve.IsNamed)
{
throw new PlatformNotSupportedException(SR.Cryptography_ECC_NamedCurvesOnly);
}
switch (parameters.Curve.Oid.Value)
{
case Oids.secp256r1:
case Oids.secp384r1:
case Oids.secp521r1:
break;
default:
throw new PlatformNotSupportedException(
SR.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.Oid.Value ?? parameters.Curve.Oid.FriendlyName));
}
if (parameters.Q.X == null || parameters.Q.Y == null)
{
ExtractPublicKeyFromPrivateKey(ref parameters);
}
bool isPrivateKey = parameters.D != null;
SecKeyPair newKeys;
if (isPrivateKey)
{
// Start with the private key, in case some of the private key fields don't
// match the public key fields and the system determines an integrity failure.
//
// Public import should go off without a hitch.
SafeSecKeyRefHandle privateKey = ImportKey(parameters);
SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.CopyPublicKey(privateKey);
newKeys = SecKeyPair.PublicPrivatePair(publicKey, privateKey);
}
else
{
SafeSecKeyRefHandle publicKey = ImportKey(parameters);
newKeys = SecKeyPair.PublicOnly(publicKey);
}
int size = GetKeySize(newKeys);
SetKey(newKeys);
return(size);
}
/// <summary>
/// ImportParameters will replace the existing key that ECDsaCng is working with by creating a
/// new CngKey. If the parameters contains only Q, then only a public key will be imported.
/// If the parameters also contains D, then a full key pair will be imported.
/// The parameters Curve value specifies the type of the curve to import.
/// </summary>
/// <exception cref="CryptographicException">
/// if <paramref name="parameters" /> does not contain valid values.
/// </exception>
/// <exception cref="NotSupportedException">
/// if <paramref name="parameters" /> references a curve that cannot be imported.
/// </exception>
/// <exception cref="PlatformNotSupportedException">
/// if <paramref name="parameters" /> references a curve that is not supported by this platform.
/// </exception>
public override void ImportParameters(ECParameters parameters)
{
parameters.Validate();
ThrowIfDisposed();
ECCurve curve = parameters.Curve;
bool includePrivateParameters = parameters.D != null;
bool hasPublicParameters = parameters.Q.X != null && parameters.Q.Y != null;
if (curve.IsPrime)
{
if (!hasPublicParameters && includePrivateParameters)
{
byte[] zero = new byte[parameters.D !.Length];
internal static byte[] ToSubjectPublicKeyInfo(this ECParameters parameters)
{
parameters.Validate();
if (!parameters.Curve.IsNamed)
{
throw new PlatformNotSupportedException(SR.Cryptography_ECC_NamedCurvesOnly);
}
byte[] pointBlob = GetPointBlob(ref parameters);
return(DerEncoder.ConstructSequence(
DerEncoder.ConstructSegmentedSequence(
s_encodedIdEcPublicKey,
DerEncoder.SegmentedEncodeOid(parameters.Curve.Oid)),
DerEncoder.SegmentedEncodeBitString(pointBlob)));
}
private static byte[] ParametersToBlob(
ref ECParameters parameters,
Func <string, bool, KeyBlobMagicNumber> namedCurveResolver,
Func <bool, KeyBlobMagicNumber> explicitCurveResolver,
out CngKeyBlobFormat format,
out string curveName)
{
parameters.Validate();
ECCurve curve = parameters.Curve;
bool includePrivateParameters = (parameters.D != null);
if (curve.IsPrime)
{
curveName = null;
format = includePrivateParameters ?
CngKeyBlobFormat.EccFullPrivateBlob :
CngKeyBlobFormat.EccFullPublicBlob;
return(GetPrimeCurveBlob(ref parameters, explicitCurveResolver));
}
else if (curve.IsNamed)
{
// FriendlyName is required; an attempt was already made to default it in ECCurve
curveName = curve.Oid.FriendlyName;
if (string.IsNullOrEmpty(curveName))
{
throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_InvalidCurveOid, curve.Oid.Value.ToString()));
}
format = includePrivateParameters ?
CngKeyBlobFormat.EccPrivateBlob :
CngKeyBlobFormat.EccPublicBlob;
return(GetNamedCurveBlob(ref parameters, namedCurveResolver));
}
else
{
throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_CurveNotSupported, curve.CurveType.ToString()));
}
}
internal const string ECDSA_P521_OID_VALUE = "1.3.132.0.35"; // Also called nistP521or secP521r1
public int ImportParameters(ECParameters parameters)
{
SafeEcKeyHandle key;
parameters.Validate();
if (parameters.Curve.IsPrime)
{
key = ImportPrimeCurveParameters(parameters);
}
else if (parameters.Curve.IsCharacteristic2)
{
key = ImportCharacteristic2CurveParameters(parameters);
}
else if (parameters.Curve.IsNamed)
{
key = ImportNamedCurveParameters(parameters);
}
else
{
throw new PlatformNotSupportedException(
SR.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString()));
}
if (key == null || key.IsInvalid)
{
Exception e = Interop.Crypto.CreateOpenSslCryptographicException();
key?.Dispose();
throw e;
}
// The Import* methods above may have polluted the error queue even if in the end they succeeded.
// Clean up the error queue.
Interop.Crypto.ErrClearError();
FreeKey();
_key = new Lazy <SafeEcKeyHandle>(key);
return(KeySize);
}
public override void ImportParameters(ECParameters parameters)
{
parameters.Validate();
bool isPrivateKey = parameters.D != null;
if (isPrivateKey)
{
// Start with the private key, in case some of the private key fields don't
// match the public key fields and the system determines an integrity failure.
//
// Public import should go off without a hitch.
SafeSecKeyRefHandle privateKey = ImportKey(parameters);
ECParameters publicOnly = parameters;
publicOnly.D = null;
SafeSecKeyRefHandle publicKey;
try
{
publicKey = ImportKey(publicOnly);
}
catch
{
privateKey.Dispose();
throw;
}
SetKey(SecKeyPair.PublicPrivatePair(publicKey, privateKey));
}
else
{
SafeSecKeyRefHandle publicKey = ImportKey(parameters);
SetKey(SecKeyPair.PublicOnly(publicKey));
}
}
