public RSACryptoServiceProvider(KeySpec keySpec, bool genKey)
{
IntPtr prov = IntPtr.Zero;
IntPtr rsaKey = IntPtr.Zero;
try
{
this.keySpec = keySpec;
if(genKey == false) //faster
{
prov = Context.AcquireContext("rSaContainer");
rsaKey = Key.GetUserKey(prov, keySpec);
}
else //new key
{
prov = Context.AcquireContext("rSaContainerImp");
Calg calg = Calg.RSA_KEYX;
if(keySpec == KeySpec.SIGNATURE)
{calg = Calg.RSA_SIGN;}
rsaKey = Key.GenKey(prov, calg, GenKeyParam.EXPORTABLE);
}
byte [] baPrivKey = Key.ExportKey(rsaKey, IntPtr.Zero, KeyBlob.PRIVATEKEYBLOB);
_rsa = new Rsa(baPrivKey);
}
finally
{
Key.DestroyKey(rsaKey);
Context.ReleaseContext(prov);
}
}
public override PrivateKey GeneratePrivate (KeySpec key)
{
DSAPrivateKeySpec spec = (DSAPrivateKeySpec) key;
DSAParameters dsp = new DSAParameters ();
dsp.G = spec.GetG ().GetBytes ();
dsp.P = spec.GetP ().GetBytes ();
dsp.Q = spec.GetQ ().GetBytes ();
dsp.X = spec.GetX ().GetBytes ();
return new DSAPrivateKey (dsp);
}
internal override NCryptKeyOrCryptProviderSafeHandle CreateKey(string keyName, int keySize, Algorithm algorithm, bool overwrite, KeyUsage keyUsage, out KeySpec keySpec)
{
const int ALREADY_EXISTS = unchecked((int)0x8009000f);
if (algorithm != Algorithm.RSA)
{
throw new ArgumentException("CAPI does not support algorithms other than RSA.", nameof(algorithm));
}
NCryptKeyOrCryptProviderSafeHandle provider;
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, CryptAcquireContextFlags.CRYPT_NEWKEYSET))
{
var lastError = Marshal.GetLastWin32Error();
if (lastError == ALREADY_EXISTS && overwrite)
{
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, CryptAcquireContextFlags.CRYPT_DELETEKEYSET))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, CryptAcquireContextFlags.CRYPT_NEWKEYSET))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
var flags = CryptGenKeyFlags.CRYPT_EXPORTABLE;
var keySizeFlags = ((uint)keySize & 0xFFFFU) << 16;
var genKeyFlags = ((ushort)flags) | keySizeFlags;
CryptKeySafeHandle key;
KeySpec algorithmKeySpec;
switch (keyUsage)
{
case KeyUsage.KeyExchange:
algorithmKeySpec = KeySpec.AT_KEYEXCHANGE;
break;
case KeyUsage.Signature:
algorithmKeySpec = KeySpec.AT_SIGNATURE;
break;
default:
throw new ArgumentException(nameof(keyUsage));
}
if (!AdvApi32.CryptGenKey(provider, algorithmKeySpec, genKeyFlags, out key))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
key.Close();
keySpec = algorithmKeySpec;
return provider;
}
internal override NCryptKeyOrCryptProviderSafeHandle OpenExisting(string keyName, out KeySpec keySpec)
{
keySpec = KeySpec.NONE;
NCryptKeyOrCryptProviderSafeHandle keyHandle;
var result = NCrypt.NCryptOpenKey(_storageProvider.Handle, out keyHandle, keyName, KeySpec.NONE, 0u);
if (result == SECURITY_STATUS.ERROR_SUCCESS)
{
return keyHandle;
}
if (result == SECURITY_STATUS.NTE_BAD_KEYSET)
{
return null;
}
throw new InvalidOperationException("Failed to open key.");
}
public virtual object Get(KeySpec spec)
{
lock (this)
{
var value = _delegate.Get(spec);
if (value == null)
{
value = spec.DefaultValue();
if (value != null)
{
_delegate.Put(spec, value);
}
}
return value;
}
}
internal override NCryptKeyOrCryptProviderSafeHandle CreateKey(string keyName, int keySize, Algorithm algorithm, bool overwrite, KeyUsage keyUsage, out KeySpec keySpec)
{
NCryptKeyOrCryptProviderSafeHandle keyHandle;
var flags = overwrite ? NCryptCreatePersistedKeyFlags.NCRYPT_OVERWRITE_KEY_FLAG : NCryptCreatePersistedKeyFlags.NONE;
var result = NCrypt.NCryptCreatePersistedKey(_storageProvider.Handle, out keyHandle, algorithm.Name, keyName, KeySpec.NONE, flags);
if (result != SECURITY_STATUS.ERROR_SUCCESS)
{
throw new InvalidOperationException("Failed to generate a key.");
}
if (algorithm == Algorithm.RSA)
{
NCryptPropertyWriter.WriteUInt32(keyHandle, CngProperties.NCRYPT_LENGTH_PROPERTY, (uint) keySize);
}
NCryptPropertyWriter.WriteEnum(keyHandle, CngProperties.NCRYPT_EXPORT_POLICY_PROPERTY, CngExportPolicy.NCRYPT_ALLOW_EXPORT_FLAG);
var finalizeResult = NCrypt.NCryptFinalizeKey(keyHandle, 0u);
if (finalizeResult != SECURITY_STATUS.ERROR_SUCCESS)
{
throw new InvalidOperationException("Failed to finalize key.");
}
keySpec = KeySpec.NONE;
return keyHandle;
}
public virtual byte GetAsByte(KeySpec spec)
{
return((byte)Get(spec));
}
public virtual void Put(KeySpec spec, bool value)
{
_delegate.Put(spec, value);
}
internal abstract NCryptKeyOrCryptProviderSafeHandle OpenExisting(string keyName, out KeySpec keySpec);
public override PrivateKey GeneratePrivate(KeySpec key)
{
throw new NotSupportedException();
}
public PublicKey generatePublic(KeySpec keySpec)
{
return default(PublicKey);
}
public static extern bool CryptAcquireCertificatePrivateKey([In] SafeHandle pCert, [In] uint dwFlags, [In] IntPtr pvReserved, [In, Out] ref IntPtr phCryptProv, [In, Out] ref KeySpec pdwKeySpec, [In, Out] ref bool pfCallerFreeProv);
internal abstract NCryptKeyOrCryptProviderSafeHandle CreateKey(string keyName, int keySize, Algorithm algorithm, bool overwrite, KeyUsage keyUsage, out KeySpec keySpec);
internal PrivateKey(NCryptKeyOrCryptProviderSafeHandle handle, KeyProviderBase keyProvider, KeySpec keySpec)
{
_handle = handle;
_keyProvider = keyProvider;
_keySpec = keySpec;
}
public void Init(KeySpec key)
{
SecretKeySpec k = (SecretKeySpec)key;
mac.Key = k.Key;
}
public override PublicKey GeneratePublic(KeySpec key)
{
DSAPublicKeySpec spec = (DSAPublicKeySpec) key;
DSAParameters dsp = new DSAParameters ();
dsp.G = spec.GetG ().ToByteArray();
dsp.P = spec.GetP().ToByteArray();
dsp.Q = spec.GetQ().ToByteArray();
dsp.Y = spec.GetY().ToByteArray();
return new DSAPublicKey (dsp);
}
public override PrivateKey GeneratePrivate(KeySpec key)
{
RSAPrivateKeySpec spec = (RSAPrivateKeySpec) key;
RSAParameters dparams = new RSAParameters ();
dparams.Modulus = spec.GetModulus().ToByteArray();
dparams.D = spec.GetPrivateExponent().ToByteArray();
dparams.Exponent = spec.GetPublicExponent().ToByteArray();
return new RSAPrivateKey (dparams);
}
public void Init (KeySpec key)
{
SecretKeySpec k = (SecretKeySpec) key;
mac.Key = k.Key;
}
public virtual int GetAsInt(KeySpec spec)
{
return((int)Get(spec));
}
internal override unsafe NCryptKeyOrCryptProviderSafeHandle OpenExisting(string keyName, out KeySpec keySpec)
{
keySpec = KeySpec.NONE;
const int DOES_NOT_EXIST = unchecked ((int)0x80090016);
NCryptKeyOrCryptProviderSafeHandle provider;
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, 0u))
{
var result = Marshal.GetLastWin32Error();
if (result == DOES_NOT_EXIST)
{
return(null);
}
throw new Win32Exception(Marshal.GetLastWin32Error());
}
const uint PP_KEYSPEC = 0x27;
uint * keySpecBuffer = stackalloc uint[1];
var dataLength = (uint)Marshal.SizeOf(typeof(uint));
if (!AdvApi32.CryptGetProvParam(provider, PP_KEYSPEC, keySpecBuffer, ref dataLength, 0u))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
keySpec = (KeySpec)(*keySpecBuffer);
return(provider);
}
public virtual string GetAsString(KeySpec spec)
{
return((string)Get(spec));
}
internal override NCryptKeyOrCryptProviderSafeHandle CreateKey(string keyName, int keySize, Algorithm algorithm, bool overwrite, KeyUsage keyUsage, out KeySpec keySpec)
{
const int ALREADY_EXISTS = unchecked ((int)0x8009000f);
if (algorithm != Algorithm.RSA)
{
throw new ArgumentException("CAPI does not support algorithms other than RSA.", nameof(algorithm));
}
NCryptKeyOrCryptProviderSafeHandle provider;
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, CryptAcquireContextFlags.CRYPT_NEWKEYSET))
{
var lastError = Marshal.GetLastWin32Error();
if (lastError == ALREADY_EXISTS && overwrite)
{
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, CryptAcquireContextFlags.CRYPT_DELETEKEYSET))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, CryptAcquireContextFlags.CRYPT_NEWKEYSET))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
var flags = CryptGenKeyFlags.CRYPT_EXPORTABLE;
var keySizeFlags = ((uint)keySize & 0xFFFFU) << 16;
var genKeyFlags = ((ushort)flags) | keySizeFlags;
CryptKeySafeHandle key;
KeySpec algorithmKeySpec;
switch (keyUsage)
{
case KeyUsage.KeyExchange:
algorithmKeySpec = KeySpec.AT_KEYEXCHANGE;
break;
case KeyUsage.Signature:
algorithmKeySpec = KeySpec.AT_SIGNATURE;
break;
default:
throw new ArgumentException(nameof(keyUsage));
}
if (!AdvApi32.CryptGenKey(provider, algorithmKeySpec, genKeyFlags, out key))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
key.Close();
keySpec = algorithmKeySpec;
return(provider);
}
public override SecretKey GenerateSecret(KeySpec key)
{
DESedeKeySpec ks = (DESedeKeySpec)key;
return(new SecretKey(ks.Key));
}
protected virtual void PutThreeValued(KeySpec spec, bool flag)
{
_config.Put(spec, TernaryBool.ForBoolean(flag));
}
public static byte[] SignHash(IntPtr hash, KeySpec keySpec)
{
string desc = null; //String.Empty
uint flags = 0;
byte [] sig = new byte[0];
uint sigLen = 0;
//length
bool retVal = Crypto.CryptSignHash(hash, (uint) keySpec, desc, flags, sig, ref sigLen);
ErrCode ec = Error.HandleRetVal(retVal, ErrCode.MORE_DATA);
if(ec == ErrCode.MORE_DATA)
{
//sign
sig = new byte[sigLen];
retVal = Crypto.CryptSignHash(hash, (uint) keySpec, desc, flags, sig, ref sigLen);
ec = Error.HandleRetVal(retVal);
}
return sig;
}
protected virtual void PutThreeValuedInt(KeySpec spec, bool flag)
{
_config.Put(spec, flag ? 1 : -1);
}
public abstract PrivateKey GeneratePrivate(KeySpec key);
private TernaryBool Cascade(KeySpec spec)
{
return(_config.GetAsTernaryBool(spec));
}
public virtual string GetAsString(KeySpec spec)
{
return (string) Get(spec);
}
public PublicKey generatePublic(KeySpec keySpec)
{
return(default(PublicKey));
}
internal override NCryptKeyOrCryptProviderSafeHandle OpenExisting(string keyName, out KeySpec keySpec)
{
keySpec = KeySpec.NONE;
NCryptKeyOrCryptProviderSafeHandle keyHandle;
var result = NCrypt.NCryptOpenKey(_storageProvider.Handle, out keyHandle, keyName, KeySpec.NONE, 0u);
if (result == SECURITY_STATUS.ERROR_SUCCESS)
{
return(keyHandle);
}
if (result == SECURITY_STATUS.NTE_BAD_KEYSET)
{
return(null);
}
throw new InvalidOperationException("Failed to open key.");
}
internal override unsafe NCryptKeyOrCryptProviderSafeHandle OpenExisting(string keyName, out KeySpec keySpec)
{
keySpec = KeySpec.NONE;
const int DOES_NOT_EXIST = unchecked((int)0x80090016);
NCryptKeyOrCryptProviderSafeHandle provider;
if (!AdvApi32.CryptAcquireContext(out provider, keyName, _providerName, ProviderType.PROV_RSA_AES, 0u))
{
var result = Marshal.GetLastWin32Error();
if (result == DOES_NOT_EXIST)
{
return null;
}
throw new Win32Exception(Marshal.GetLastWin32Error());
}
const uint PP_KEYSPEC = 0x27;
uint* keySpecBuffer = stackalloc uint[1];
var dataLength = (uint)Marshal.SizeOf(typeof(uint));
if (!AdvApi32.CryptGetProvParam(provider, PP_KEYSPEC, keySpecBuffer, ref dataLength, 0u))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
keySpec = (KeySpec)(*keySpecBuffer);
return provider;
}
public virtual void Put(KeySpec spec, object value)
{
_delegate.Put(spec, value);
}
internal abstract NCryptKeyOrCryptProviderSafeHandle CreateKey(string keyName, int keySize, Algorithm algorithm, bool overwrite, KeyUsage keyUsage, out KeySpec keySpec);
public virtual bool GetAsBoolean(KeySpec spec)
{
return((bool)Get(spec));
}
generatePrivate(KeySpec keySpec);
public virtual TernaryBool GetAsTernaryBool(KeySpec spec)
{
return((TernaryBool)Get(spec));
}
generatePublic(KeySpec keySpec);
internal abstract NCryptKeyOrCryptProviderSafeHandle OpenExisting(string keyName, out KeySpec keySpec);
public GenerateDataKeyRequest(string keyId, KeySpec keySpec, JsonObject encryptionContext)
{
KeyId = keyId ?? throw new ArgumentNullException(nameof(keyId));
KeySpec = keySpec;
EncryptionContext = encryptionContext;
}
public abstract SecretKey GenerateSecret(KeySpec key);
public abstract PublicKey GeneratePublic (KeySpec key);
public override PublicKey GeneratePublic(KeySpec key)
{
DHPublicKeySpec spec = (DHPublicKeySpec)key;
return(new DHPublicKey(spec.Y));
}
public abstract PrivateKey GeneratePrivate (KeySpec key);
public static IntPtr GetUserKey(IntPtr prov, KeySpec keySpec)
{
IntPtr key;
bool retVal = Crypto.CryptGetUserKey(prov, (uint) keySpec, out key);
ErrCode ec = Error.HandleRetVal(retVal, ErrCode.NTE_NO_KEY);
if(ec == ErrCode.NTE_NO_KEY) //2148073485
{
retVal = Crypto.CryptGenKey(prov, (uint)keySpec, (uint)GenKeyParam.EXPORTABLE, out key);
ec = Error.HandleRetVal(retVal);
//is this necessary? why not just use key from GenKey?
//retVal = Crypto.CryptGetUserKey(prov, (uint) keySpec, out key);
}
if(key == IntPtr.Zero)
throw new Exception(ec.ToString());
return key;
}
public virtual void Put(KeySpec spec, bool value)
{
_delegate.Put(spec, value);
}
public PrivateKey generatePrivate(KeySpec keySpec)
{
throw null;
}
public virtual byte GetAsByte(KeySpec spec)
{
return ((byte) Get(spec));
}
public abstract PublicKey GeneratePublic(KeySpec key);
public virtual int GetAsInt(KeySpec spec)
{
return ((int) Get(spec));
}
public static extern bool CryptSignHash(SafeHashHandle hHash, KeySpec dwKeySpec, String sDescription, CryptSignAndVerifyHashFlags dwFlags, [Out] byte[] pbSignature, [In, Out] ref int pdwSigLen);
public override PrivateKey GeneratePrivate (KeySpec key)
{
RSAPrivateKeySpec spec = (RSAPrivateKeySpec) key;
RSAParameters dparams = new RSAParameters ();
dparams.Modulus = spec.GetModulus ().GetBytes ();
dparams.D = spec.GetPrivateExponent ().GetBytes ();
dparams.Exponent = new BigInteger (35).GetBytes ();
return new RSAPrivateKey (dparams);
}
public virtual void Put(KeySpec spec, object value)
{
_delegate.Put(spec, value);
}
public override PublicKey GeneratePublic (KeySpec key)
{
DHPublicKeySpec spec = (DHPublicKeySpec) key;
return new DHPublicKey (spec.Y);
}
public virtual bool GetAsBoolean(KeySpec spec)
{
return ((bool) Get(spec));
}
public override PrivateKey GeneratePrivate (KeySpec key)
{
throw new NotSupportedException ();
}
public virtual TernaryBool GetAsTernaryBool(KeySpec spec)
{
return (TernaryBool) Get(spec);
}
public override PublicKey GeneratePublic (KeySpec key)
{
RSAPublicKeySpec spec = (RSAPublicKeySpec) key;
RSAParameters dparams = new RSAParameters ();
dparams.Modulus = spec.GetModulus ().GetBytes ();
dparams.Exponent = spec.GetPublicExponent ().GetBytes ();
return new RSAPublicKey (dparams);
}
internal override NCryptKeyOrCryptProviderSafeHandle CreateKey(string keyName, int keySize, Algorithm algorithm, bool overwrite, KeyUsage keyUsage, out KeySpec keySpec)
{
NCryptKeyOrCryptProviderSafeHandle keyHandle;
var flags = overwrite ? NCryptCreatePersistedKeyFlags.NCRYPT_OVERWRITE_KEY_FLAG : NCryptCreatePersistedKeyFlags.NONE;
var result = NCrypt.NCryptCreatePersistedKey(_storageProvider.Handle, out keyHandle, algorithm.Name, keyName, KeySpec.NONE, flags);
if (result != SECURITY_STATUS.ERROR_SUCCESS)
{
throw new InvalidOperationException("Failed to generate a key.");
}
if (algorithm == Algorithm.RSA)
{
NCryptPropertyWriter.WriteUInt32(keyHandle, CngProperties.NCRYPT_LENGTH_PROPERTY, (uint)keySize);
}
NCryptPropertyWriter.WriteEnum(keyHandle, CngProperties.NCRYPT_EXPORT_POLICY_PROPERTY, CngExportPolicy.NCRYPT_ALLOW_EXPORT_FLAG);
var finalizeResult = NCrypt.NCryptFinalizeKey(keyHandle, 0u);
if (finalizeResult != SECURITY_STATUS.ERROR_SUCCESS)
{
throw new InvalidOperationException("Failed to finalize key.");
}
keySpec = KeySpec.NONE;
return(keyHandle);
}
internal static extern bool CryptGetUserKey([In] IntPtr CryptProv, [In] KeySpec KeySpec, [In, Out] ref IntPtr Key);
