[System.Security.SecurityCritical] // auto-generated internal static byte[] RsaOaepDecrypt (RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData) { int cb = rsa.KeySize / 8; // 1. Decode the input data // It is important that the Integer to Octet String conversion errors be indistinguishable from the other decoding // errors to protect against chosen cipher text attacks // A lecture given by James Manger during Crypto 2001 explains the issue in details byte[] data = null; try { data = rsa.DecryptValue(encryptedData); } catch (CryptographicException) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } // 2. Create the hash object so we can get its size info. int cbHash = hash.HashSize / 8; // 3. Let maskedSeed be the first hLen octects and maskedDB // be the remaining bytes. int zeros = cb - data.Length; if (zeros < 0 || zeros >= cbHash) throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); byte[] seed = new byte[cbHash]; Buffer.InternalBlockCopy(data, 0, seed, zeros, seed.Length - zeros); byte[] DB = new byte[data.Length - seed.Length + zeros]; Buffer.InternalBlockCopy(data, seed.Length - zeros, DB, 0, DB.Length); // 4. seedMask = MGF(maskedDB, hLen); byte[] mask = mgf.GenerateMask(DB, seed.Length); // 5. seed = seedMask XOR maskedSeed int i = 0; for (i=0; i < seed.Length; i++) { seed[i] ^= mask[i]; } // 6. dbMask = MGF(seed, |EM| - hLen); mask = mgf.GenerateMask(seed, DB.Length); // 7. DB = maskedDB xor dbMask for (i=0; i < DB.Length; i++) { DB[i] = (byte) (DB[i] ^ mask[i]); } // 8. pHash = HASH(P) hash.ComputeHash(EmptyArray<Byte>.Value); // 9. DB = pHash' || PS || 01 || M // 10. Check that pHash = pHash' byte[] hashValue = hash.Hash; for (i=0; i < cbHash; i++) { if (DB[i] != hashValue[i]) throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } // Check that PS is all zeros for (; i<DB.Length; i++) { if (DB[i] == 1) break; else if (DB[i] != 0) throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } if (i == DB.Length) throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); i++; // skip over the one // 11. Output M. byte[] output = new byte[DB.Length - i]; Buffer.InternalBlockCopy(DB, i, output, 0, output.Length); return output; }
[System.Security.SecuritySafeCritical] // auto-generated public override byte[] CreateSignature(byte[] rgbHash) { if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } Contract.EndContractBlock(); if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } // Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider. if (_rsaKey is RSACryptoServiceProvider) { int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm); return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash)); } else { byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash); // Create the signature by applying the private key to the padded buffer we just created. return(_rsaKey.DecryptValue(pad)); } }
/******************* Public Methods *************************/ /// <include file='doc\RSAPKCS1KeyExchangeDeformatter.uex' path='docs/doc[@for="RSAPKCS1KeyExchangeDeformatter.DecryptKeyExchange"]/*' /> public override byte[] DecryptKeyExchange(byte[] rgbIn) { byte[] rgbOut; if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_PKCS1Decoding")); } if (_rsaKey is RSACryptoServiceProvider) { rgbOut = ((RSACryptoServiceProvider)_rsaKey).Decrypt(rgbIn, false); } else { int i; byte[] rgb; rgb = _rsaKey.DecryptValue(rgbIn); // // Expected format is: // 00 || 02 || PS || 00 || D // where PS does not contain any zeros. // for (i = 2; i < rgb.Length; i++) { if (rgb[i] == 0) { break; } } if (i >= rgb.Length) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } i++; // Skip over the zero rgbOut = new byte[rgb.Length - i]; Buffer.InternalBlockCopy(rgb, i, rgbOut, 0, rgbOut.Length); } return(rgbOut); }
[System.Security.SecuritySafeCritical] // auto-generated public override byte[] CreateSignature(byte[] rgbHash) { if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } Contract.EndContractBlock(); if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } // Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider. if (_rsaKey is RSACryptoServiceProvider) { // This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but // not from OidToHashAlgorithmName. int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm); return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash)); } else if (OverridesSignHash) { HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID); return(_rsaKey.SignHash(rgbHash, hashAlgorithmName, RSASignaturePadding.Pkcs1)); } else { // Fallback compat path for 3rd-party RSA classes that don't override SignHash() byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash); // Create the signature by applying the private key to the padded buffer we just created. return(_rsaKey.DecryptValue(pad)); } }
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData) { int num = rsa.KeySize / 8; byte[] numArray1; try { numArray1 = rsa.DecryptValue(encryptedData); } catch (CryptographicException ex) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } int length = hash.HashSize / 8; int dstOffsetBytes = num - numArray1.Length; if (dstOffsetBytes < 0 || dstOffsetBytes >= length) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } byte[] rgbSeed1 = new byte[length]; Buffer.InternalBlockCopy((Array)numArray1, 0, (Array)rgbSeed1, dstOffsetBytes, rgbSeed1.Length - dstOffsetBytes); byte[] rgbSeed2 = new byte[numArray1.Length - rgbSeed1.Length + dstOffsetBytes]; Buffer.InternalBlockCopy((Array)numArray1, rgbSeed1.Length - dstOffsetBytes, (Array)rgbSeed2, 0, rgbSeed2.Length); byte[] mask1 = mgf.GenerateMask(rgbSeed2, rgbSeed1.Length); for (int index = 0; index < rgbSeed1.Length; ++index) { rgbSeed1[index] ^= mask1[index]; } byte[] mask2 = mgf.GenerateMask(rgbSeed1, rgbSeed2.Length); for (int index = 0; index < rgbSeed2.Length; ++index) { rgbSeed2[index] = (byte)((uint)rgbSeed2[index] ^ (uint)mask2[index]); } hash.ComputeHash(EmptyArray <byte> .Value); byte[] hash1 = hash.Hash; int index1; for (index1 = 0; index1 < length; ++index1) { if ((int)rgbSeed2[index1] != (int)hash1[index1]) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } } for (; index1 < rgbSeed2.Length && (int)rgbSeed2[index1] != 1; ++index1) { if ((int)rgbSeed2[index1] != 0) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } } if (index1 == rgbSeed2.Length) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } int srcOffsetBytes = index1 + 1; byte[] numArray2 = new byte[rgbSeed2.Length - srcOffsetBytes]; Buffer.InternalBlockCopy((Array)rgbSeed2, srcOffsetBytes, (Array)numArray2, 0, numArray2.Length); return(numArray2); }
/************************* PUBLIC METHODS *************************/ /// <include file='doc\RSAOAEPKeyExchangeDeformatter.uex' path='docs/doc[@for="RSAOAEPKeyExchangeDeformatter.DecryptKeyExchange"]/*' /> public override byte[] DecryptKeyExchange(byte[] rgbData) { byte[] rgbOut = null; if (_rsaKey is RSACryptoServiceProvider) { rgbOut = ((RSACryptoServiceProvider)_rsaKey).Decrypt(rgbData, true); } else { int cb = _rsaKey.KeySize / 8; int cbHash; HashAlgorithm hash; int i; MaskGenerationMethod mgf; byte[] rgbDB; byte[] rgbMask; byte[] rgbSeed; byte[] rgbIn; bool bError = false; // 1. Decode the input data // It is important that the Integer to Octet String conversion errors be indistinguishable from the other decoding // errors to protect against chosen cipher text attacks // A lecture given by James Manger during Crypto 2001 explains the issue in details try { rgbIn = _rsaKey.DecryptValue(rgbData); } catch { bError = true; goto error; } // 2. Create the hash object so we can get its size info. hash = (HashAlgorithm)CryptoConfig.CreateFromName(HashNameValue); cbHash = hash.HashSize / 8; if (rgbIn.Length != cb || cb < 2 * cbHash + 2) { bError = true; goto error; } // 3. Let maskedSeed be the first hLen octects and maskedDB // be the remaining bytes. rgbSeed = new byte[cbHash]; Buffer.InternalBlockCopy(rgbIn, 1, rgbSeed, 0, rgbSeed.Length); rgbDB = new byte[rgbIn.Length - rgbSeed.Length - 1]; Buffer.InternalBlockCopy(rgbIn, rgbSeed.Length + 1, rgbDB, 0, rgbDB.Length); // 4. seedMask = MGF(maskedDB, hLen); mgf = new PKCS1MaskGenerationMethod(); rgbMask = mgf.GenerateMask(rgbDB, rgbSeed.Length); // 5. seed = seedMask XOR maskedSeed for (i = 0; i < rgbSeed.Length; i++) { rgbSeed[i] ^= rgbMask[i]; } // 6. dbMask = MGF(seed, |EM| - hLen); rgbMask = mgf.GenerateMask(rgbSeed, rgbDB.Length); // 7. DB = maskedDB xor dbMask for (i = 0; i < rgbDB.Length; i++) { rgbDB[i] ^= rgbMask[i]; } // 8. pHash = HASH(P) hash.ComputeHash(ParameterValue); // 9. DB = pHash' || PS || 01 || M // // 10. Check that pHash = pHash' for (i = 0; i < cbHash; i++) { if (rgbDB[i] != hash.Hash[i]) { bError = true; goto error; } } // Check that PS is all zeros for (; i < rgbDB.Length; i++) { if (rgbDB[i] == 01) { break; } else if (rgbDB[i] != 0) { bError = true; goto error; } } if (i == rgbDB.Length) { bError = true; goto error; } i++; // Skip over the one rgbOut = new byte[rgbDB.Length - i]; // 11. Output M. Buffer.InternalBlockCopy(rgbDB, i, rgbOut, 0, rgbOut.Length); error : if (bError) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } } return(rgbOut); }
public byte[] Decode(byte[] buffer, int offset, int lenght) { byte[] buf = new byte[lenght]; Array.Copy(buffer, offset, buf, 0, lenght); return(rsa.DecryptValue(buf)); }
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData) { int num = rsa.KeySize / 8; byte[] src = null; try { src = rsa.DecryptValue(encryptedData); } catch (CryptographicException) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } int num2 = hash.HashSize / 8; int dstOffsetBytes = num - src.Length; if ((dstOffsetBytes < 0) || (dstOffsetBytes >= num2)) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } byte[] dst = new byte[num2]; Buffer.InternalBlockCopy(src, 0, dst, dstOffsetBytes, dst.Length - dstOffsetBytes); byte[] buffer3 = new byte[(src.Length - dst.Length) + dstOffsetBytes]; Buffer.InternalBlockCopy(src, dst.Length - dstOffsetBytes, buffer3, 0, buffer3.Length); byte[] buffer4 = mgf.GenerateMask(buffer3, dst.Length); int index = 0; for (index = 0; index < dst.Length; index++) { dst[index] = (byte)(dst[index] ^ buffer4[index]); } buffer4 = mgf.GenerateMask(dst, buffer3.Length); for (index = 0; index < buffer3.Length; index++) { buffer3[index] = (byte)(buffer3[index] ^ buffer4[index]); } hash.ComputeHash(new byte[0]); byte[] buffer5 = hash.Hash; index = 0; while (index < num2) { if (buffer3[index] != buffer5[index]) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } index++; } while (index < buffer3.Length) { if (buffer3[index] == 1) { break; } if (buffer3[index] != 0) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } index++; } if (index == buffer3.Length) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } index++; byte[] buffer6 = new byte[buffer3.Length - index]; Buffer.InternalBlockCopy(buffer3, index, buffer6, 0, buffer6.Length); return(buffer6); }
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData) { int num = rsa.KeySize / 8; byte[] array = null; try { array = rsa.DecryptValue(encryptedData); } catch (CryptographicException) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } int num2 = hash.HashSize / 8; int num3 = num - array.Length; if (num3 < 0 || num3 >= num2) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } byte[] array2 = new byte[num2]; Buffer.InternalBlockCopy(array, 0, array2, num3, array2.Length - num3); byte[] array3 = new byte[array.Length - array2.Length + num3]; Buffer.InternalBlockCopy(array, array2.Length - num3, array3, 0, array3.Length); byte[] array4 = mgf.GenerateMask(array3, array2.Length); int i; for (i = 0; i < array2.Length; i++) { byte[] array5 = array2; int num4 = i; array5[num4] ^= array4[i]; } array4 = mgf.GenerateMask(array2, array3.Length); for (i = 0; i < array3.Length; i++) { array3[i] ^= array4[i]; } hash.ComputeHash(EmptyArray <byte> .Value); byte[] hash2 = hash.Hash; for (i = 0; i < num2; i++) { if (array3[i] != hash2[i]) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } } while (i < array3.Length && array3[i] != 1) { if (array3[i] != 0) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } i++; } if (i == array3.Length) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } i++; byte[] array6 = new byte[array3.Length - i]; Buffer.InternalBlockCopy(array3, i, array6, 0, array6.Length); return(array6); }
// PKCS #1 v.2.1, Section 5.2.1 public static byte[] RSASP1 (RSA rsa, byte[] m) { // first form: s = m^d mod n // Decrypt value may apply CRT optimizations return rsa.DecryptValue (m); }
// PKCS #1 v.2.1, Section 5.1.2 public static byte[] RSADP (RSA rsa, byte[] c) { // m = c^d mod n // Decrypt value may apply CRT optimizations return rsa.DecryptValue (c); }
/// <include file='doc\RSAPKCS1SignatureFormatter.uex' path='docs/doc[@for="RSAPKCS1SignatureFormatter.CreateSignature"]/*' /> public override byte[] CreateSignature(byte[] rgbHash) { byte[] rgbSig; if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } // // Two cases here -- if we are talking to the CSP version or // if we are talking to some other RSA provider. // if (_rsaKey is RSACryptoServiceProvider) { rgbSig = ((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, _strOID); } else { int cb = _rsaKey.KeySize / 8; int cb1; int i; byte[] rgbInput = new byte[cb]; byte[] rgbOid = CryptoConfig.EncodeOID(_strOID); int lenOid = rgbOid.Length; // // We want to pad this to the following format: // // 00 || 01 || FF ... FF || 00 || prefix || Data // // We want basically to ASN 1 encode the OID + hash: // STRUCTURE { // STRUCTURE { // OID <hash algorithm OID> // NULL (0x05 0x00) // this is actually an ANY and contains the parameters of the algorithm specified by the OID, I think // } // OCTET STRING <hashvalue> // } // // Get the correct prefix byte[] rgbPrefix = new byte[lenOid + 8 + rgbHash.Length]; rgbPrefix[0] = 0x30; // a structure follows int tmp = rgbPrefix.Length - 2; rgbPrefix[1] = (byte)tmp; rgbPrefix[2] = 0x30; tmp = rgbOid.Length + 2; rgbPrefix[3] = (byte)tmp; Buffer.InternalBlockCopy(rgbOid, 0, rgbPrefix, 4, lenOid); rgbPrefix[4 + lenOid] = 0x05; rgbPrefix[4 + lenOid + 1] = 0x00; rgbPrefix[4 + lenOid + 2] = 0x04; // an octet string follows rgbPrefix[4 + lenOid + 3] = (byte)rgbHash.Length; Buffer.InternalBlockCopy(rgbHash, 0, rgbPrefix, lenOid + 8, rgbHash.Length); // Construct the whole array cb1 = cb - rgbHash.Length - rgbPrefix.Length; if (cb1 <= 2) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_InvalidOID")); } rgbInput[0] = 0; rgbInput[1] = 1; for (i = 2; i < cb1 - 1; i++) { rgbInput[i] = 0xff; } rgbInput[cb1 - 1] = 0; Buffer.InternalBlockCopy(rgbPrefix, 0, rgbInput, cb1, rgbPrefix.Length); Buffer.InternalBlockCopy(rgbHash, 0, rgbInput, cb1 + rgbPrefix.Length, rgbHash.Length); // // Create the signature by applying the private key to // the padded buffer we just created. // rgbSig = _rsaKey.DecryptValue(rgbInput); } return(rgbSig); }
internal static byte[] RsaOaepDecrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, byte[] encryptedData) { int num = rsa.KeySize / 8; byte[] src = null; try { src = rsa.DecryptValue(encryptedData); } catch (CryptographicException) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } int num2 = hash.HashSize / 8; int dstOffsetBytes = num - src.Length; if ((dstOffsetBytes < 0) || (dstOffsetBytes >= num2)) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } byte[] dst = new byte[num2]; Buffer.InternalBlockCopy(src, 0, dst, dstOffsetBytes, dst.Length - dstOffsetBytes); byte[] buffer3 = new byte[(src.Length - dst.Length) + dstOffsetBytes]; Buffer.InternalBlockCopy(src, dst.Length - dstOffsetBytes, buffer3, 0, buffer3.Length); byte[] buffer4 = mgf.GenerateMask(buffer3, dst.Length); int index = 0; for (index = 0; index < dst.Length; index++) { dst[index] = (byte) (dst[index] ^ buffer4[index]); } buffer4 = mgf.GenerateMask(dst, buffer3.Length); for (index = 0; index < buffer3.Length; index++) { buffer3[index] = (byte) (buffer3[index] ^ buffer4[index]); } hash.ComputeHash(new byte[0]); byte[] buffer5 = hash.Hash; index = 0; while (index < num2) { if (buffer3[index] != buffer5[index]) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } index++; } while (index < buffer3.Length) { if (buffer3[index] == 1) { break; } if (buffer3[index] != 0) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } index++; } if (index == buffer3.Length) { throw new CryptographicException(Environment.GetResourceString("Cryptography_OAEPDecoding")); } index++; byte[] buffer6 = new byte[buffer3.Length - index]; Buffer.InternalBlockCopy(buffer3, index, buffer6, 0, buffer6.Length); return buffer6; }