private CngKey(SafeNCryptProviderHandle providerHandle, SafeNCryptKeyHandle keyHandle)
{
Debug.Assert(keyHandle != null && !keyHandle.IsInvalid && !keyHandle.IsClosed);
Debug.Assert(providerHandle != null && !providerHandle.IsInvalid && !providerHandle.IsClosed);
_providerHandle = providerHandle;
_keyHandle = keyHandle;
}
internal static extern int NCryptImportKey( SafeNCryptProviderHandle hProvider,
IntPtr hImportKey,
[MarshalAs( UnmanagedType.LPWStr )] string pszBlobType,
[In, MarshalAs( UnmanagedType.LPArray )] byte[] pParameterList,
out SafeNCryptKeyHandle phKey,
[In, MarshalAs( UnmanagedType.LPArray )] byte[] pbData,
int cbData,
int dwFlags );
/// <summary>
/// Wrap an existing key handle with a CngKey object
/// </summary>
public static CngKey Open(SafeNCryptKeyHandle keyHandle, CngKeyHandleOpenOptions keyHandleOpenOptions)
{
if (keyHandle == null)
throw new ArgumentNullException("keyHandle");
if (keyHandle.IsClosed || keyHandle.IsInvalid)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, "keyHandle");
SafeNCryptKeyHandle keyHandleCopy = keyHandle.Duplicate();
// Get a handle to the key's provider.
SafeNCryptProviderHandle providerHandle = new SafeNCryptProviderHandle();
IntPtr rawProviderHandle = keyHandle.GetPropertyAsIntPtr(KeyPropertyName.ProviderHandle, CngPropertyOptions.None);
providerHandle.SetHandleValue(rawProviderHandle);
// Set up a key object wrapping the handle
CngKey key = null;
try
{
key = new CngKey(providerHandle, keyHandleCopy);
bool openingEphemeralKey = (keyHandleOpenOptions & CngKeyHandleOpenOptions.EphemeralKey) == CngKeyHandleOpenOptions.EphemeralKey;
//
// If we're wrapping a handle to an ephemeral key, we need to make sure that IsEphemeral is
// set up to return true. In the case that the handle is for an ephemeral key that was created
// by the CLR, then we don't have anything to do as the IsEphemeral CLR property will already
// be setup. However, if the key was created outside of the CLR we will need to setup our
// ephemeral detection property.
//
// This enables consumers of CngKey objects to always be able to rely on the result of
// calling IsEphemeral, and also allows them to safely access the Name property.
//
// Finally, if we detect that this is an ephemeral key that the CLR created but we were not
// told that it was an ephemeral key we'll throw an exception. This prevents us from having
// to decide who to believe -- the key property or the caller of the API. Since other code
// relies on the ephemeral flag being set properly to avoid tripping over bugs in CNG, we
// need to reject the case that we suspect that the flag is incorrect.
//
if (!key.IsEphemeral && openingEphemeralKey)
{
key.IsEphemeral = true;
}
else if (key.IsEphemeral && !openingEphemeralKey)
{
throw new ArgumentException(SR.Cryptography_OpenEphemeralKeyHandleWithoutEphemeralFlag, "keyHandleOpenOptions");
}
}
catch
{
// Make sure that we don't leak the handle the CngKey duplicated
if (key != null)
key.Dispose();
throw;
}
return key;
}
private CngKey(SafeNCryptProviderHandle kspHandle, SafeNCryptKeyHandle keyHandle) {
Contract.Requires(keyHandle != null && !keyHandle.IsInvalid && !keyHandle.IsClosed);
Contract.Requires(kspHandle != null && !kspHandle.IsInvalid && !kspHandle.IsClosed);
Contract.Ensures(m_keyHandle != null && !m_keyHandle.IsInvalid && !m_keyHandle.IsClosed);
Contract.Ensures(kspHandle != null && !kspHandle.IsInvalid && !kspHandle.IsClosed);
m_keyHandle = keyHandle;
m_kspHandle = kspHandle;
}
internal static extern ErrorCode NCryptCreatePersistedKey(SafeNCryptProviderHandle hProvider, out SafeNCryptKeyHandle phKey, string pszAlgId, string pszKeyName, int dwLegacyKeySpec, CngKeyCreationOptions dwFlags);
internal static extern ErrorCode NCryptImportKey(SafeNCryptProviderHandle hProvider, IntPtr hImportKey, string pszBlobType, IntPtr pParameterList, [Out] out SafeNCryptKeyHandle phKey, [In] byte[] pbData, int cbData, int dwFlags);
internal static extern ErrorCode NCryptOpenKey(SafeNCryptProviderHandle hProvider, out SafeNCryptKeyHandle phKey, string pszKeyName, int dwLegacyKeySpec, CngKeyOpenOptions dwFlags);
internal static extern ErrorCode NCryptOpenStorageProvider(out SafeNCryptProviderHandle phProvider, string pszProviderName, int dwFlags);
internal static SafeNCryptKeyHandle ImportKeyBlob(string blobType, byte[] keyBlob, string curveName, SafeNCryptProviderHandle provider)
{
ErrorCode errorCode;
SafeNCryptKeyHandle keyHandle;
using (SafeUnicodeStringHandle safeCurveName = new SafeUnicodeStringHandle(curveName))
{
var desc = new Interop.BCrypt.BCryptBufferDesc();
var buff = new Interop.BCrypt.BCryptBuffer();
IntPtr descPtr = IntPtr.Zero;
IntPtr buffPtr = IntPtr.Zero;
try
{
descPtr = Marshal.AllocHGlobal(Marshal.SizeOf(desc));
buffPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buff));
buff.cbBuffer = (curveName.Length + 1) * 2; // Add 1 for null terminator
buff.BufferType = Interop.BCrypt.NCryptBufferDescriptors.NCRYPTBUFFER_ECC_CURVE_NAME;
buff.pvBuffer = safeCurveName.DangerousGetHandle();
Marshal.StructureToPtr(buff, buffPtr, false);
desc.cBuffers = 1;
desc.pBuffers = buffPtr;
desc.ulVersion = Interop.BCrypt.BCRYPTBUFFER_VERSION;
Marshal.StructureToPtr(desc, descPtr, false);
errorCode = Interop.NCrypt.NCryptImportKey(provider, IntPtr.Zero, blobType, descPtr, out keyHandle, keyBlob, keyBlob.Length, 0);
}
finally
{
Marshal.FreeHGlobal(descPtr);
Marshal.FreeHGlobal(buffPtr);
}
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
{
Exception e = errorCode.ToCryptographicException();
if (errorCode == ErrorCode.NTE_INVALID_PARAMETER)
{
throw new PlatformNotSupportedException(string.Format(SR.Cryptography_CurveNotSupported, curveName), e);
}
throw e;
}
return keyHandle;
}
public static CngKey Open(SafeNCryptKeyHandle keyHandle, CngKeyHandleOpenOptions keyHandleOpenOptions)
{
if (keyHandle == null)
{
throw new ArgumentNullException("keyHandle");
}
if (keyHandle.IsClosed || keyHandle.IsInvalid)
{
throw new ArgumentException(System.SR.GetString("Cryptography_OpenInvalidHandle"), "keyHandle");
}
SafeNCryptKeyHandle handle = keyHandle.Duplicate();
SafeNCryptProviderHandle kspHandle = new SafeNCryptProviderHandle();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
}
finally
{
IntPtr newHandleValue = NCryptNative.GetPropertyAsIntPtr(keyHandle, "Provider Handle", CngPropertyOptions.None);
kspHandle.SetHandleValue(newHandleValue);
}
CngKey key = null;
bool flag = false;
try
{
key = new CngKey(kspHandle, handle);
bool flag2 = (keyHandleOpenOptions & CngKeyHandleOpenOptions.EphemeralKey) == CngKeyHandleOpenOptions.EphemeralKey;
if (!key.IsEphemeral && flag2)
{
key.IsEphemeral = true;
}
else if (key.IsEphemeral && !flag2)
{
throw new ArgumentException(System.SR.GetString("Cryptography_OpenEphemeralKeyHandleWithoutEphemeralFlag"), "keyHandleOpenOptions");
}
flag = true;
}
finally
{
if (!flag && (key != null))
{
key.Dispose();
}
}
return key;
}
private CngKey(SafeNCryptProviderHandle kspHandle, SafeNCryptKeyHandle keyHandle)
{
this.m_keyHandle = keyHandle;
this.m_kspHandle = kspHandle;
}
