private void ImportKeyBlob(byte[] rsaBlob, bool includePrivate)
{
string blobType = includePrivate ?
Interop.BCrypt.KeyBlobType.BCRYPT_RSAPRIVATE_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_PUBLIC_KEY_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, rsaBlob);
Debug.Assert(!keyHandle.IsInvalid);
_keyHandle = keyHandle;
int newKeySize = CngKeyLite.GetKeyLength(keyHandle);
// Our LegalKeySizes value stores the values that we encoded as being the correct
// legal key size limitations for this algorithm, as documented on MSDN.
//
// But on a new OS version we might not question if our limit is accurate, or MSDN
// could have been inaccurate to start with.
//
// Since the key is already loaded, we know that Windows thought it to be valid;
// therefore we should set KeySizeValue directly to bypass the LegalKeySizes conformance
// check.
//
// For RSA there are known cases where this change matters. RSACryptoServiceProvider can
// create a 384-bit RSA key, which we consider too small to be legal. It can also create
// a 1032-bit RSA key, which we consider illegal because it doesn't match our 64-bit
// alignment requirement. (In both cases Windows loads it just fine)
ForceSetKeySize(newKeySize);
_lastKeySize = newKeySize;
}
private void ImportKeyBlob(byte[] rsaBlob, bool includePrivate)
{
// Use generic blob type for multiple version support
string blobType = includePrivate ?
Interop.BCrypt.KeyBlobType.BCRYPT_PRIVATE_KEY_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_PUBLIC_KEY_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, rsaBlob);
Debug.Assert(!keyHandle.IsInvalid);
_keyHandle = keyHandle;
int newKeySize = CngKeyLite.GetKeyLength(keyHandle);
// Our LegalKeySizes value stores the values that we encoded as being the correct
// legal key size limitations for this algorithm, as documented on MSDN.
//
// But on a new OS version we might not question if our limit is accurate, or MSDN
// could have been inaccurate to start with.
//
// Since the key is already loaded, we know that Windows thought it to be valid;
// therefore we should set KeySizeValue directly to bypass the LegalKeySizes conformance
// check.
ForceSetKeySize(newKeySize);
_lastKeySize = newKeySize;
}
private void ImportKeyBlob(byte[] rsaBlob, bool includePrivate)
{
string blobType = includePrivate
? Interop.BCrypt.KeyBlobType.BCRYPT_RSAPRIVATE_BLOB
: Interop.BCrypt.KeyBlobType.BCRYPT_RSAPUBLIC_KEY_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, rsaBlob);
SetKeyHandle(keyHandle);
}
private static Pkcs8Response ImportPkcs8(ReadOnlySpan <byte> keyBlob)
{
SafeNCryptKeyHandle handle = CngKeyLite.ImportKeyBlob(
Interop.NCrypt.NCRYPT_PKCS8_PRIVATE_KEY_BLOB,
keyBlob);
return(new Pkcs8Response
{
KeyHandle = handle,
});
}
private void ImportKeyBlob(byte[] dsaBlob, bool includePrivate)
{
// Use generic blob type for multiple version support
string blobType = includePrivate ?
Interop.BCrypt.KeyBlobType.BCRYPT_PRIVATE_KEY_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_PUBLIC_KEY_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, dsaBlob);
SetKeyHandle(keyHandle);
}
private void ImportKeyBlob(byte[] ecKeyBlob, string curveName, bool includePrivateParameters)
{
string blobType = includePrivateParameters ?
Interop.BCrypt.KeyBlobType.BCRYPT_ECCPRIVATE_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_ECCPUBLIC_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, ecKeyBlob, curveName);
Debug.Assert(!keyHandle.IsInvalid);
_key.SetHandle(keyHandle, ECCng.EcdhCurveNameToAlgorithm(curveName));
ForceSetKeySize(_key.KeySize);
}
private void ImportFullKeyBlob(byte[] ecfullKeyBlob, bool includePrivateParameters)
{
string blobType = includePrivateParameters ?
Interop.BCrypt.KeyBlobType.BCRYPT_ECCFULLPRIVATE_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_ECCFULLPUBLIC_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, ecfullKeyBlob);
Debug.Assert(!keyHandle.IsInvalid);
_key.SetHandle(keyHandle, AlgorithmName.ECDH);
ForceSetKeySize(_key.KeySize);
}
private void ImportKeyBlob(byte[] rsaBlob, bool includePrivate)
{
string blobType = includePrivate ?
Interop.BCrypt.KeyBlobType.BCRYPT_RSAPRIVATE_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_PUBLIC_KEY_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, rsaBlob);
Debug.Assert(!keyHandle.IsInvalid);
_keyHandle = keyHandle;
int newKeySize = CngKeyLite.GetKeyLength(keyHandle);
KeySize = _lastKeySize = newKeySize;
}
private void ImportKeyBlob(byte[] ecKeyBlob, string curveName, bool includePrivateParameters)
{
string blobType = includePrivateParameters ?
Interop.BCrypt.KeyBlobType.BCRYPT_ECCPRIVATE_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_ECCPUBLIC_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, ecKeyBlob, curveName);
Debug.Assert(!keyHandle.IsInvalid);
_keyHandle = keyHandle;
_lastAlgorithm = ECCng.EcdsaCurveNameToAlgorithm(curveName);
int newKeySize = CngKeyLite.GetKeyLength(keyHandle);
ForceSetKeySize(newKeySize);
_lastKeySize = newKeySize;
}
private void ImportFullKeyBlob(byte[] ecfullKeyBlob, bool includePrivateParameters)
{
string blobType = includePrivateParameters ?
Interop.BCrypt.KeyBlobType.BCRYPT_ECCFULLPRIVATE_BLOB :
Interop.BCrypt.KeyBlobType.BCRYPT_ECCFULLPUBLIC_BLOB;
SafeNCryptKeyHandle keyHandle = CngKeyLite.ImportKeyBlob(blobType, ecfullKeyBlob);
Debug.Assert(!keyHandle.IsInvalid);
_keyHandle = keyHandle;
_lastAlgorithm = AlgorithmName.ECDsa;
int newKeySize = CngKeyLite.GetKeyLength(keyHandle);
ForceSetKeySize(newKeySize);
_lastKeySize = newKeySize;
}