internal EcdsaCertificate(EVP_PKEY privateKey, X509 certificate, byte[] derCertData, string altNameString, byte[][] chain) { _certData = derCertData; _key = privateKey; _certificate = certificate; _altNameString = altNameString; _chain = chain ?? new byte[0][]; _ecKey = EVP_PKEY_get0_EC_KEY(_key); var group = EC_KEY_get0_group(_ecKey); var curveName = EC_GROUP_get_curve_name(group); _curveName = OBJ_nid2ln(curveName); switch (_curveName) { case "secp256r1": _scheme = SignatureScheme.ecdsa_secp256r1_sha256; _hashType = HashType.SHA256; break; case "secp384r1": _scheme = SignatureScheme.ecdsa_secp384r1_sha384; _hashType = HashType.SHA384; break; case "secp521r1": _scheme = SignatureScheme.ecdsa_secp521r1_sha512; _hashType = HashType.SHA512; break; default: ExceptionHelper.ThrowException(new ArgumentException()); break; } }
private void InternalSetPeerKey(Span <byte> peerKey) { GenerateKeyPair(); //Get0 methods mean that we do not own the object, and therefore should not free //as they belong to another structure so we only need to free the point var group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(_keyPair)); var point = EC_POINT_new(group); try { EC_POINT_oct2point(group, point, peerKey); var ecKey = EC_KEY_new_by_curve_name(_curveNid); try { EC_KEY_set_public_key(ecKey, point); _peerKey = EVP_PKEY_new(); EVP_PKEY_assign_EC_KEY(_peerKey, ecKey); } catch { //If the ec key was correctly assigned to the EVP_KEY //then it will be freed when we free the EVP_KEY //which now has ownship so we only release if there was an //exception trying to transfer the ownership ecKey.Free(); throw; } } finally { point.Free(); } }
public static unsafe int EVP_PKEY_derive(EVP_PKEY keyPair, EVP_PKEY peerKey, Span <byte> output) { var ctx = EVP_PKEY_CTX_new(keyPair, IntPtr.Zero); try { var result = EVP_PKEY_derive_init(ctx); ThrowOnErrorReturnCode(result); result = EVP_PKEY_derive_set_peer(ctx, peerKey); ThrowOnErrorReturnCode(result); var size = IntPtr.Zero; result = EVP_PKEY_derive(ctx, null, ref size); ThrowOnErrorReturnCode(result); if (size.ToInt32() > output.Length) { throw new ArgumentOutOfRangeException(nameof(output)); } fixed(void *outputPtr = &output.DangerousGetPinnableReference()) { size = (IntPtr)output.Length; result = EVP_PKEY_derive(ctx, outputPtr, ref size); ThrowOnErrorReturnCode(result); return(size.ToInt32()); } } finally { ctx.Free(); } }
public unsafe void SetPeerKey(ReadableBuffer buffer) { if (buffer.Length != _keyExchangeSize) { Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.illegal_parameter, $"The peer key is not the length of the keyexchange size {buffer.Length} - {_keyExchangeSize}"); } GCHandle handle; void * ptr; if (buffer.IsSingleSpan) { ptr = buffer.First.GetPointer(out handle); } else { var tmpBuffer = stackalloc byte[buffer.Length]; var span = new Span <byte>(tmpBuffer, buffer.Length); buffer.CopyTo(span); ptr = tmpBuffer; } _peerKey = EVP_PKEY_new(); ThrowOnError(EVP_PKEY_set_type(_peerKey, _nid)); ThrowOnError(EVP_PKEY_set1_tls_encodedpoint(_peerKey, ptr, (UIntPtr)buffer.Length)); if (!_publicPrivateKey.IsValid()) { GenerateKeyset(); } _hasPeerKey = true; }
private void InternalSetPeerKey(Span <byte> peerKey) { _peerKey = EVP_PKEY_new(); EVP_PKEY_set_type(_peerKey, _nid); EVP_PKEY_set1_tls_encodedpoint(_peerKey, peerKey); GenerateKeyPair(); }
public static unsafe void EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY pkey, Span <byte> point) { fixed(void *ptr = &point.DangerousGetPinnableReference()) { var result = EVP_PKEY_set1_tls_encodedpoint(pkey, ptr, (UIntPtr)point.Length); ThrowOnErrorReturnCode(result); } }
private void GenerateKeyset() { var keyGenCtx = EVP_PKEY_CTX_new_id((EVP_PKEY_type)_nid, IntPtr.Zero); try { ThrowOnError(EVP_PKEY_keygen_init(keyGenCtx)); EVP_PKEY keyPair; ThrowOnError(EVP_PKEY_keygen(keyGenCtx, out keyPair)); _publicPrivateKey = keyPair; } finally { keyGenCtx.Free(); } }
public static void EVP_PKEY_keygen(EVP_PKEY keyParameters, out EVP_PKEY generatedKey) { var keyGenCtx = EVP_PKEY_CTX_new(keyParameters, IntPtr.Zero); try { var result = EVP_PKEY_keygen_init(keyGenCtx); ThrowOnErrorReturnCode(result); result = EVP_PKEY_keygen(keyGenCtx, out generatedKey); ThrowOnErrorReturnCode(result); } finally { keyGenCtx.Free(); } }
private static ICertificate GetCertificate(EVP_PKEY key, X509 x509, byte[] derCertificateData, string altName, byte[][] certChain) { var name = OBJ_nid2ln(EVP_PKEY_base_id(key)); switch (name) { case "id-ecPublicKey": return(new EcdsaCertificate(key, x509, derCertificateData, altName, certChain)); case "rsaEncryption": return(new RsaCertificate(key, x509, derCertificateData, altName)); default: throw new NotImplementedException(); } }
public static void EVP_PKEY_keygen_function(int functionNid, out EVP_PKEY generatedKey) { var keyGenCtx = EVP_PKEY_CTX_new_id((EVP_PKEY_type)functionNid, IntPtr.Zero); try { var result = EVP_PKEY_keygen_init(keyGenCtx); ThrowOnErrorReturnCode(result); result = EVP_PKEY_keygen(keyGenCtx, out generatedKey); ThrowOnErrorReturnCode(result); } finally { keyGenCtx.Free(); } }
public unsafe void SetPeerKey(ReadableBuffer peerKey) { GenerateECKeySet(); var group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(_eKey)); var point = EC_POINT_new(group); try { var handle = default(GCHandle); try { void *ptr; if (peerKey.IsSingleSpan) { ptr = peerKey.First.GetPointer(out handle); } else { var tmpBuffer = stackalloc byte[peerKey.Length]; var span = new Span <byte>(tmpBuffer, peerKey.Length); peerKey.CopyTo(span); ptr = tmpBuffer; } ThrowOnError(EC_POINT_oct2point(group, point, ptr, (IntPtr)peerKey.Length, null)); } finally { if (handle.IsAllocated) { handle.Free(); } } var ecClientKey = EC_KEY_new_by_curve_name(_curveNid); ThrowOnError(EC_KEY_set_public_key(ecClientKey, point)); _clientKey = EVP_PKEY_new(); ThrowOnError(EVP_PKEY_assign_EC_KEY(_clientKey, ecClientKey)); _hasPeerKey = true; } finally { point.Free(); } }
public static unsafe int EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY pkey, Span <byte> output) { var buffSize = (int)ThrowOnError(EVP_PKEY_get1_tls_encodedpoint(pkey, out IntPtr ptr)); try { if (buffSize > output.Length) { throw new InvalidOperationException(); } var span = new Span <byte>((byte *)ptr, buffSize); span.CopyTo(output); } finally { CRYPTO_clear_free(ptr, (UIntPtr)buffSize, $"OpenSslFunction.cs", 97); } return(buffSize); }
public static void EVP_PKEY_paramgen_ECCurve(int curveNid, out EVP_PKEY curveParameters) { const EVP_PKEY_Ctrl_OP op = EVP_PKEY_Ctrl_OP.EVP_PKEY_OP_PARAMGEN | EVP_PKEY_Ctrl_OP.EVP_PKEY_OP_KEYGEN; const EVP_PKEY_Ctrl_Command cmd = EVP_PKEY_Ctrl_Command.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID; var ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_type.EVP_PKEY_EC, IntPtr.Zero); try { var result = EVP_PKEY_paramgen_init(ctx); ThrowOnErrorReturnCode(result); result = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_type.EVP_PKEY_EC, op, cmd, curveNid, IntPtr.Zero); ThrowOnErrorReturnCode(result); result = EVP_PKEY_paramgen(ctx, out curveParameters); } finally { ctx.Free(); } }
private void GenerateECKeySet() { if (_eKey.IsValid()) { return; } var param = CreateParams(); var keyGenCtx = default(EVP_PKEY_CTX); try { keyGenCtx = EVP_PKEY_CTX_new(param, IntPtr.Zero); ThrowOnError(EVP_PKEY_keygen_init(keyGenCtx)); EVP_PKEY keyPair; ThrowOnError(EVP_PKEY_keygen(keyGenCtx, out keyPair)); _eKey = keyPair; } finally { keyGenCtx.Free(); param.Free(); } }
private unsafe extern static int Internal_SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey);
public static void SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY key) { var result = Internal_SSL_CTX_use_PrivateKey(ctx, key); ThrowOnErrorReturnCode(result); }
internal static extern EVP_PKEY_CTX EVP_PKEY_CTX_new(EVP_PKEY pkey, IntPtr e);
private static extern EVP_PKEY_CTX EVP_PKEY_CTX_new(EVP_PKEY pkey, IntPtr e);
private static extern int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX ctx, EVP_PKEY peer);
public static void EVP_PKEY_assign_EC_KEY(EVP_PKEY pkey, EC_KEY key) { var result = EVP_PKEY_assign(pkey, EVP_PKEY_type.EVP_PKEY_EC, key); ThrowOnErrorReturnCode(result); }
private extern static int PKCS12_parse(PKCS12 p12, string pass, out EVP_PKEY pkey, out X509 cert, IntPtr ca);
internal static extern unsafe int EVP_PKEY_set_type(EVP_PKEY key, int nid);
internal RsaCertificate(EVP_PKEY privateKey, X509 certificate, byte[] derCertData, string altNameString) { _key = privateKey; _altNameString = altNameString; _derCertData = derCertData; }
internal static extern unsafe int EVP_SignFinal(EVP_MD_CTX ctx, void *sig, ref int s, EVP_PKEY pkey);
public static extern EC_KEY EVP_PKEY_get0_EC_KEY(EVP_PKEY key);
internal static extern int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, out EVP_PKEY ppkey);
internal static extern unsafe int EVP_PKEY_paramgen(EVP_PKEY_CTX ctx, out EVP_PKEY ppkey);
internal static extern unsafe int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY pkey, void *pt, UIntPtr ptlen);
internal static extern unsafe int EVP_DigestSignInit(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx, IntPtr type, IntPtr engine, EVP_PKEY pkey);
private static extern int EVP_PKEY_assign(EVP_PKEY pkey, EVP_PKEY_type keyType, EC_KEY key);