public byte[] EncryptSessionInfo(ReadOnlySpan <byte> sessionInfo)
{
var publicKeyParams = ecdh.PublicKey.ExportParameters();
// Generate the ephemeral key pair
var ephemeralEcDh = CreateECDiffieHellman(publicKeyParams.Curve);
var derivedKey = ephemeralEcDh.DeriveKeyFromHash(
ecdh.PublicKey,
PgpUtilities.GetHashAlgorithmName(this.hashAlgorithm),
new byte[] { 0, 0, 0, 1 },
CreateUserKeyingMaterial(publicKeyParams.Curve.Oid));
derivedKey = derivedKey.AsSpan(0, PgpUtilities.GetKeySize(symmetricAlgorithm) / 8).ToArray();
byte[] paddedSessionData = PadSessionData(sessionInfo);
byte[] C = SymmetricKeyWrap.AESKeyWrapEncrypt(derivedKey, paddedSessionData);
var ep = ephemeralEcDh.PublicKey.ExportParameters();
byte[] VB = EncodePoint(ep.Q, publicKeyParams.Curve.Oid);
byte[] rv = new byte[VB.Length + 2 + 1 + C.Length];
MPInteger.TryWriteInteger(VB, rv, out _);
//Array.Copy(VB, 0, rv, 0, VB.Length);
rv[VB.Length + 2] = (byte)C.Length;
Array.Copy(C, 0, rv, VB.Length + 3, C.Length);
return(rv);
}
private static void WriteOpenPgpPublicKey(DSAParameters dsaParameters, Span <byte> destination)
{
MPInteger.TryWriteInteger(dsaParameters.P, destination, out int pWritten);
MPInteger.TryWriteInteger(dsaParameters.Q, destination.Slice(pWritten), out int qWritten);
MPInteger.TryWriteInteger(dsaParameters.G, destination.Slice(pWritten + qWritten), out int gWritten);
MPInteger.TryWriteInteger(dsaParameters.Y, destination.Slice(pWritten + qWritten + gWritten), out int yWritten);
}
public byte[] ExportPrivateKey(
ReadOnlySpan <byte> passwordBytes,
S2kParameters s2kParameters)
{
DSAParameters dsaParameters = new DSAParameters();
byte[] secretPart = Array.Empty <byte>();
try
{
dsaParameters = dsa.ExportParameters(true);
secretPart = CryptoPool.Rent(MPInteger.GetMPEncodedLength(dsaParameters.X !));
MPInteger.TryWriteInteger(dsaParameters.X, secretPart, out var secretSize);
int publicKeySize = MPInteger.GetMPEncodedLength(dsaParameters.P !, dsaParameters.Q !, dsaParameters.G !, dsaParameters.Y !);
int encryptedSecretSize = S2kBasedEncryption.GetEncryptedLength(s2kParameters, secretSize);
int expectedLength = publicKeySize + encryptedSecretSize;
var destination = new byte[expectedLength];
WriteOpenPgpPublicKey(dsaParameters, destination);
S2kBasedEncryption.EncryptSecretKey(passwordBytes, s2kParameters, secretPart.AsSpan(0, secretSize), destination.AsSpan(publicKeySize));
return(destination);
}
finally
{
CryptoPool.Return(secretPart);
CryptographicOperations.ZeroMemory(dsaParameters.X);
}
}
public byte[] EncryptSessionInfo(ReadOnlySpan <byte> sessionInfo)
{
var encryptedSessionInfo = rsa.Encrypt(sessionInfo.ToArray(), RSAEncryptionPadding.Pkcs1);
var mp = new byte[MPInteger.GetMPEncodedLength(encryptedSessionInfo)];
MPInteger.TryWriteInteger(encryptedSessionInfo, mp, out var _);
return(mp);
}
public byte[] CreateSignature(ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm)
{
byte[] ieeeSignature = ecdsa.SignHash(rgbHash.ToArray(), DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
byte[] pgpSignature = new byte[ieeeSignature.Length + 4]; // Maximum possible length
MPInteger.TryWriteInteger(ieeeSignature.AsSpan(0, ieeeSignature.Length / 2), pgpSignature, out int rWritten);
MPInteger.TryWriteInteger(ieeeSignature.AsSpan(ieeeSignature.Length / 2), pgpSignature.AsSpan(rWritten), out int sWritten);
return(pgpSignature.AsSpan(0, rWritten + sWritten).ToArray());
}
public byte[] CreateSignature(
ReadOnlySpan <byte> rgbHash,
PgpHashAlgorithm hashAlgorithm)
{
var signature = rsa.SignHash(rgbHash.ToArray(), PgpUtilities.GetHashAlgorithmName(hashAlgorithm), RSASignaturePadding.Pkcs1);
var signatureBytes = new byte[MPInteger.GetMPEncodedLength(signature)];
MPInteger.TryWriteInteger(signature, signatureBytes, out var _);
return(signatureBytes);
}
public byte[] ExportPublicKey()
{
var rsaParameters = rsa.ExportParameters(false);
int expectedLength = MPInteger.GetMPEncodedLength(rsaParameters.Modulus !, rsaParameters.Exponent !);
var destination = new byte[expectedLength];
MPInteger.TryWriteInteger(rsaParameters.Modulus, destination, out int modulusWritten);
MPInteger.TryWriteInteger(rsaParameters.Exponent, destination.AsSpan(modulusWritten), out int exponentWritten);
return(destination.AsSpan(0, modulusWritten + exponentWritten).ToArray());
}
public byte[] CreateSignature(ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm)
{
byte[] ieeeSignature = dsa.CreateSignature(rgbHash.ToArray(), DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
var r = ieeeSignature.AsSpan(0, ieeeSignature.Length / 2);
var s = ieeeSignature.AsSpan(ieeeSignature.Length / 2);
byte[] pgpSignature = new byte[MPInteger.GetMPEncodedLength(r) + MPInteger.GetMPEncodedLength(s)];
MPInteger.TryWriteInteger(r, pgpSignature, out int rWritten);
MPInteger.TryWriteInteger(s, pgpSignature.AsSpan(rWritten), out int _);
return(pgpSignature);
}
public byte[] EncryptSessionInfo(ReadOnlySpan <byte> sessionInfo)
{
var encryptedData = elGamal.Encrypt(sessionInfo, RSAEncryptionPadding.Pkcs1);
var g = encryptedData.Slice(0, encryptedData.Length / 2);
var p = encryptedData.Slice(encryptedData.Length / 2);
var mp = new byte[MPInteger.GetMPEncodedLength(g) + MPInteger.GetMPEncodedLength(p)];
MPInteger.TryWriteInteger(g, mp, out var gWritten);
MPInteger.TryWriteInteger(p, mp.AsSpan(gWritten), out var _);
return(mp);
}
protected void WriteOpenPgpECParameters(ECParameters ecParameters, Span <byte> destination, out int bytesWritten)
{
var writer = new AsnWriter(AsnEncodingRules.DER);
writer.WriteObjectIdentifier(ecParameters.Curve.Oid.Value !);
var encodedPoint = EncodePoint(ecParameters.Q, ecParameters.Curve.Oid);
var encodedOid = writer.Encode();
encodedOid.AsSpan(1).CopyTo(destination);
MPInteger.TryWriteInteger(encodedPoint, destination.Slice(encodedOid.Length - 1), out bytesWritten);
bytesWritten += encodedOid.Length - 1;
}
public byte[] ExportPrivateKey(
ReadOnlySpan <byte> passwordBytes,
S2kParameters s2kParameters)
{
RSAParameters rsaParameters = new RSAParameters();
byte[] secretPart = Array.Empty <byte>();
try
{
rsaParameters = rsa.ExportParameters(true);
secretPart = CryptoPool.Rent(MPInteger.GetMPEncodedLength(rsaParameters.D !, rsaParameters.P !, rsaParameters.Q !, rsaParameters.InverseQ !));
MPInteger.TryWriteInteger(rsaParameters.D, secretPart, out var dBytesWritten);
MPInteger.TryWriteInteger(rsaParameters.P, secretPart.AsSpan(dBytesWritten), out var pBytesWritten);
MPInteger.TryWriteInteger(rsaParameters.Q, secretPart.AsSpan(dBytesWritten + pBytesWritten), out var qBytesWritten);
MPInteger.TryWriteInteger(rsaParameters.InverseQ, secretPart.AsSpan(dBytesWritten + pBytesWritten + qBytesWritten), out var iqBytesWritten);
int secretSize = dBytesWritten + pBytesWritten + qBytesWritten + iqBytesWritten;
int encryptedSecretSize = S2kBasedEncryption.GetEncryptedLength(s2kParameters, secretSize);
int expectedLength =
MPInteger.GetMPEncodedLength(rsaParameters.Modulus !, rsaParameters.Exponent !) +
encryptedSecretSize;
var destination = new byte[expectedLength];
MPInteger.TryWriteInteger(rsaParameters.Modulus, destination, out int modulusWritten);
MPInteger.TryWriteInteger(rsaParameters.Exponent, destination.AsSpan(modulusWritten), out int exponentWritten);
S2kBasedEncryption.EncryptSecretKey(passwordBytes, s2kParameters, secretPart.AsSpan(0, secretSize), destination.AsSpan(modulusWritten + exponentWritten));
return(destination.AsSpan(0, modulusWritten + exponentWritten + encryptedSecretSize).ToArray());
}
finally
{
CryptoPool.Return(secretPart);
CryptographicOperations.ZeroMemory(rsaParameters.D);
CryptographicOperations.ZeroMemory(rsaParameters.P);
CryptographicOperations.ZeroMemory(rsaParameters.Q);
CryptographicOperations.ZeroMemory(rsaParameters.InverseQ);
CryptographicOperations.ZeroMemory(rsaParameters.DP);
CryptographicOperations.ZeroMemory(rsaParameters.DQ);
}
}
public byte[] ExportPrivateKey(
ReadOnlySpan <byte> passwordBytes,
S2kParameters s2kParameters)
{
ECParameters ecParameters = new ECParameters();
byte[] secretPart = Array.Empty <byte>();
try
{
ecParameters = ecdh.ExportParameters(true);
if (ecdh is X25519)
{
Array.Reverse(ecParameters.D !);
}
int secretSize = MPInteger.GetMPEncodedLength(ecParameters.D !);
secretPart = CryptoPool.Rent(secretSize);
MPInteger.TryWriteInteger(ecParameters.D, secretPart, out var _);
int encryptedSecretLength = S2kBasedEncryption.GetEncryptedLength(s2kParameters, secretSize);
int estimatedLength =
32 /* OID */ +
MPInteger.GetMPEncodedLength(ecParameters.Q.X !, ecParameters.Q.Y !) + 1 /* EC Point type */ +
4 /* KDF Parameters */ +
encryptedSecretLength;
var destination = new byte[estimatedLength];
WriteOpenPgpECParameters(ecParameters, destination, out int bytesWritten);
WriteKDFParameters(destination.AsSpan(bytesWritten));
S2kBasedEncryption.EncryptSecretKey(passwordBytes, s2kParameters, secretPart.AsSpan(0, secretSize), destination.AsSpan(bytesWritten + 4));
return(destination.AsSpan(0, bytesWritten + 4 + encryptedSecretLength).ToArray());
}
finally
{
CryptoPool.Return(secretPart);
if (ecParameters.D != null)
{
CryptographicOperations.ZeroMemory(ecParameters.D);
}
}
}
private static void WriteOpenPgpPublicKey(ElGamalParameters elgamalParameters, Span <byte> destination)
{
MPInteger.TryWriteInteger(elgamalParameters.P, destination, out int pWritten);
MPInteger.TryWriteInteger(elgamalParameters.G, destination.Slice(pWritten), out int gWritten);
MPInteger.TryWriteInteger(elgamalParameters.Y, destination.Slice(pWritten + gWritten), out int yWritten);
}
