internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data) { int length1 = rsa.KeySize / 8; int length2 = hash.HashSize / 8; if (data.Length + 2 + 2 * length2 > length1) { throw new CryptographicException(string.Format((IFormatProvider)null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), (object)(length1 - 2 - 2 * length2))); } hash.ComputeHash(EmptyArray <byte> .Value); byte[] rgbSeed = new byte[length1 - length2]; Buffer.InternalBlockCopy((Array)hash.Hash, 0, (Array)rgbSeed, 0, length2); byte[] numArray1 = rgbSeed; int index1 = numArray1.Length - data.Length - 1; int num = 1; numArray1[index1] = (byte)num; Buffer.InternalBlockCopy((Array)data, 0, (Array)rgbSeed, rgbSeed.Length - data.Length, data.Length); byte[] numArray2 = new byte[length2]; rng.GetBytes(numArray2); byte[] mask1 = mgf.GenerateMask(numArray2, rgbSeed.Length); for (int index2 = 0; index2 < rgbSeed.Length; ++index2) { rgbSeed[index2] = (byte)((uint)rgbSeed[index2] ^ (uint)mask1[index2]); } byte[] mask2 = mgf.GenerateMask(rgbSeed, length2); for (int index2 = 0; index2 < numArray2.Length; ++index2) { numArray2[index2] ^= mask2[index2]; } byte[] rgb = new byte[length1]; Buffer.InternalBlockCopy((Array)numArray2, 0, (Array)rgb, 0, numArray2.Length); Buffer.InternalBlockCopy((Array)rgbSeed, 0, (Array)rgb, numArray2.Length, rgbSeed.Length); return(rsa.EncryptValue(rgb)); }
[System.Security.SecuritySafeCritical] // auto-generated public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) { if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } if (rgbSignature == null) { throw new ArgumentNullException("rgbSignature"); } Contract.EndContractBlock(); if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } // Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider. if (_rsaKey is RSACryptoServiceProvider) { int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm); return(((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, calgHash, rgbSignature)); } else { byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash); // Apply the public key to the signature data to get back the padded buffer actually signed. // Compare the two buffers to see if they match; ignoring any leading zeros return(Utils.CompareBigIntArrays(_rsaKey.EncryptValue(rgbSignature), pad)); } }
internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data) { int num = rsa.KeySize / 8; int byteCount = hash.HashSize / 8; if (((data.Length + 2) + (2 * byteCount)) > num) { throw new CryptographicException(string.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), new object[] { (num - 2) - (2 * byteCount) })); } hash.ComputeHash(new byte[0]); byte[] dst = new byte[num - byteCount]; Buffer.InternalBlockCopy(hash.Hash, 0, dst, 0, byteCount); dst[(dst.Length - data.Length) - 1] = 1; Buffer.InternalBlockCopy(data, 0, dst, dst.Length - data.Length, data.Length); byte[] buffer2 = new byte[byteCount]; rng.GetBytes(buffer2); byte[] buffer3 = mgf.GenerateMask(buffer2, dst.Length); for (int i = 0; i < dst.Length; i++) { dst[i] = (byte)(dst[i] ^ buffer3[i]); } buffer3 = mgf.GenerateMask(dst, byteCount); for (int j = 0; j < buffer2.Length; j++) { buffer2[j] = (byte)(buffer2[j] ^ buffer3[j]); } byte[] buffer4 = new byte[num]; Buffer.InternalBlockCopy(buffer2, 0, buffer4, 0, buffer2.Length); Buffer.InternalBlockCopy(dst, 0, buffer4, buffer2.Length, dst.Length); return(rsa.EncryptValue(buffer4)); }
internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data) { int num = rsa.KeySize / 8; int num2 = hash.HashSize / 8; if (data.Length + 2 + 2 * num2 > num) { throw new CryptographicException(string.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), num - 2 - 2 * num2)); } hash.ComputeHash(EmptyArray <byte> .Value); byte[] array = new byte[num - num2]; Buffer.InternalBlockCopy(hash.Hash, 0, array, 0, num2); array[array.Length - data.Length - 1] = 1; Buffer.InternalBlockCopy(data, 0, array, array.Length - data.Length, data.Length); byte[] array2 = new byte[num2]; rng.GetBytes(array2); byte[] array3 = mgf.GenerateMask(array2, array.Length); for (int i = 0; i < array.Length; i++) { array[i] ^= array3[i]; } array3 = mgf.GenerateMask(array, num2); for (int j = 0; j < array2.Length; j++) { byte[] array4 = array2; int num3 = j; array4[num3] ^= array3[j]; } byte[] array5 = new byte[num]; Buffer.InternalBlockCopy(array2, 0, array5, 0, array2.Length); Buffer.InternalBlockCopy(array, 0, array5, array2.Length, array.Length); return(rsa.EncryptValue(array5)); }
public override byte[] CreateKeyExchange(byte[] rgbData) { #if MONO if (rgbData == null) { throw new ArgumentNullException("rgbData"); } #endif if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } byte[] rgbKeyEx; if (OverridesEncrypt) { rgbKeyEx = _rsaKey.Encrypt(rgbData, RSAEncryptionPadding.Pkcs1); } else { int cb = _rsaKey.KeySize / 8; if ((rgbData.Length + 11) > cb) { throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_EncDataTooBig", cb - 11)); } byte[] rgbInput = new byte[cb]; // // We want to pad to the following format: // 00 || 02 || PS || 00 || D // // PS - pseudorandom non zero bytes // D - data // if (RngValue == null) { RngValue = RandomNumberGenerator.Create(); } Rng.GetNonZeroBytes(rgbInput); rgbInput[0] = 0; rgbInput[1] = 2; rgbInput[cb - rgbData.Length - 1] = 0; Buffer.InternalBlockCopy(rgbData, 0, rgbInput, cb - rgbData.Length, rgbData.Length); // // Now encrypt the value and return it. (apply public key) // rgbKeyEx = _rsaKey.EncryptValue(rgbInput); } return(rgbKeyEx); }
/// <include file='doc\RSAPKCS1KeyExchangeFormatter.uex' path='docs/doc[@for="RSAPKCS1KeyExchangeFormatter.CreateKeyExchange"]/*' /> public override byte[] CreateKeyExchange(byte[] rgbData) { byte[] rgbKeyEx; if (_rsaKey is RSACryptoServiceProvider) { rgbKeyEx = ((RSACryptoServiceProvider)_rsaKey).Encrypt(rgbData, false); } else { int cb = _rsaKey.KeySize / 8; if ((rgbData.Length + 11) > cb) { throw new CryptographicException(String.Format(Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), cb - 11)); } byte[] rgbInput = new byte[cb]; // // We want to pad to the following format: // 00 || 02 || PS || 00 || D // // PS - pseudorandom non zero bytes // D - data // if (RngValue == null) { RngValue = RandomNumberGenerator.Create(); } Rng.GetNonZeroBytes(rgbInput); rgbInput[0] = 0; rgbInput[1] = 2; rgbInput[cb - rgbData.Length - 1] = 0; Buffer.InternalBlockCopy(rgbData, 0, rgbInput, cb - rgbData.Length, rgbData.Length); // // Now encrypt the value and return it. (apply public key) // rgbKeyEx = _rsaKey.EncryptValue(rgbInput); } return(rgbKeyEx); }
[System.Security.SecuritySafeCritical] // auto-generated public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) { if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } if (rgbSignature == null) { throw new ArgumentNullException("rgbSignature"); } Contract.EndContractBlock(); if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } // Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider. if (_rsaKey is RSACryptoServiceProvider) { // This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but // not from OidToHashAlgorithmName. int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm); return(((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, calgHash, rgbSignature)); } else if (OverridesVerifyHash) { HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID); return(_rsaKey.VerifyHash(rgbHash, rgbSignature, hashAlgorithmName, RSASignaturePadding.Pkcs1)); } else { // Fallback compat path for 3rd-party RSA classes that don't override VerifyHash() byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash); // Apply the public key to the signature data to get back the padded buffer actually signed. // Compare the two buffers to see if they match; ignoring any leading zeros return(Utils.CompareBigIntArrays(_rsaKey.EncryptValue(rgbSignature), pad)); } }
public byte[] Encode(byte[] buffer, int offset, int lenght) { byte[] buf = new byte[lenght]; Array.Copy(buffer, offset, buf, 0, lenght); return(rsa.EncryptValue(buf)); }
[System.Security.SecurityCritical] // auto-generated internal static byte[] RsaOaepEncrypt (RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data) { int cb = rsa.KeySize / 8; // 1. Hash the parameters to get PHash int cbHash = hash.HashSize / 8; if ((data.Length + 2 + 2*cbHash) > cb) throw new CryptographicException(String.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), cb-2-2*cbHash)); hash.ComputeHash(EmptyArray<Byte>.Value); // Use an empty octet string // 2. Create DB object byte[] DB = new byte[cb - cbHash]; // Structure is as follows: // pHash || PS || 01 || M // PS consists of all zeros Buffer.InternalBlockCopy(hash.Hash, 0, DB, 0, cbHash); DB[DB.Length - data.Length - 1] = 1; Buffer.InternalBlockCopy(data, 0, DB, DB.Length-data.Length, data.Length); // 3. Create a random value of size hLen byte[] seed = new byte[cbHash]; rng.GetBytes(seed); // 4. Compute the mask value byte[] mask = mgf.GenerateMask(seed, DB.Length); // 5. Xor maskDB into DB for (int i=0; i < DB.Length; i++) { DB[i] = (byte) (DB[i] ^ mask[i]); } // 6. Compute seed mask value mask = mgf.GenerateMask(DB, cbHash); // 7. Xor mask into seed for (int i=0; i < seed.Length; i++) { seed[i] ^= mask[i]; } // 8. Concatenate seed and DB to form value to encrypt byte[] pad = new byte[cb]; Buffer.InternalBlockCopy(seed, 0, pad, 0, seed.Length); Buffer.InternalBlockCopy(DB, 0, pad, seed.Length, DB.Length); return rsa.EncryptValue(pad); }
// PKCS #1 v.2.1, Section 5.2.2 public static byte[] RSAVP1 (RSA rsa, byte[] s) { // m = s^e mod n return rsa.EncryptValue (s); }
// PKCS #1 v.2.1, Section 5.1.1 public static byte[] RSAEP (RSA rsa, byte[] m) { // c = m^e mod n return rsa.EncryptValue (m); }
/// <include file='doc\RSAPKCS1SignatureDeformatter.uex' path='docs/doc[@for="RSAPKCS1SignatureDeformatter.VerifySignature"]/*' /> public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature) { bool f; if (_strOID == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID")); } if (_rsaKey == null) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey")); } if (rgbHash == null) { throw new ArgumentNullException("rgbHash"); } if (rgbSignature == null) { throw new ArgumentNullException("rgbSignature"); } // // Two cases here -- if we are talking to the CSP version or // if we are talking to some other RSA provider. // if (_rsaKey is RSACryptoServiceProvider) { f = ((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, _strOID, rgbSignature); } else { int cb = _rsaKey.KeySize / 8; int cb1; int i; byte[] rgbInput = new byte[cb]; byte[] rgbOid = CryptoConfig.EncodeOID(_strOID); int lenOid = rgbOid.Length; byte[] rgbOut; // // We want to pad this to the following format: // // 00 || 01 || FF ... FF || 00 || prefix || Data // // We want basically to ASN 1 encode the OID + hash: // STRUCTURE { // STRUCTURE { // OID <hash algorithm OID> // NULL (0x05 0x00) // this is actually an ANY and contains the parameters of the algorithm specified by the OID, I think // } // OCTET STRING <hashvalue> // } // // Get the correct prefix byte[] rgbPrefix = new byte[lenOid + 8 + rgbHash.Length]; rgbPrefix[0] = 0x30; // a structure follows int tmp = rgbPrefix.Length - 2; rgbPrefix[1] = (byte)tmp; rgbPrefix[2] = 0x30; tmp = rgbOid.Length + 2; rgbPrefix[3] = (byte)tmp; Buffer.InternalBlockCopy(rgbOid, 0, rgbPrefix, 4, lenOid); rgbPrefix[4 + lenOid] = 0x05; rgbPrefix[4 + lenOid + 1] = 0x00; rgbPrefix[4 + lenOid + 2] = 0x04; // an octet string follows rgbPrefix[4 + lenOid + 3] = (byte)rgbHash.Length; Buffer.InternalBlockCopy(rgbHash, 0, rgbPrefix, lenOid + 8, rgbHash.Length); // Construct the whole array cb1 = cb - rgbHash.Length - rgbPrefix.Length; if (cb1 <= 2) { throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_InvalidOID")); } rgbInput[0] = 0; rgbInput[1] = 1; for (i = 2; i < cb1 - 1; i++) { rgbInput[i] = 0xff; } rgbInput[cb1 - 1] = 0; Buffer.InternalBlockCopy(rgbPrefix, 0, rgbInput, cb1, rgbPrefix.Length); Buffer.InternalBlockCopy(rgbHash, 0, rgbInput, cb1 + rgbPrefix.Length, rgbHash.Length); // // Apply the public key to the signature data to get back // the padded buffer actually signed. // rgbOut = _rsaKey.EncryptValue(rgbSignature); // // Compare the two buffers to see if they match // f = rgbOut.Equals(rgbInput); } return(f); }
/// <include file='doc\RSAOAEPKeyExchangeFormatter.uex' path='docs/doc[@for="RSAOAEPKeyExchangeFormatter.CreateKeyExchange"]/*' /> public override byte[] CreateKeyExchange(byte[] rgbData) { byte[] rgbKeyEx; if (_rsaKey is RSACryptoServiceProvider) { rgbKeyEx = ((RSACryptoServiceProvider)_rsaKey).Encrypt(rgbData, true); } else { int cb = _rsaKey.KeySize / 8; int cbHash; HashAlgorithm hash; int i; MaskGenerationMethod mgf; byte[] rgbDB; byte[] rgbIn; byte[] rgbMask; byte[] rgbSeed; // Create the OAEP padding object. // 1. Hash the parameters to get rgbPHash hash = (HashAlgorithm)CryptoConfig.CreateFromName("SHA1"); // Create the default SHA1 object cbHash = hash.HashSize / 8; if ((rgbData.Length + 2 + 2 * cbHash) > cb) { throw new CryptographicException(String.Format(Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), cb - 2 - 2 * cbHash)); } hash.ComputeHash(new byte[0]); // Use an empty octet string // 2. Create DB object rgbDB = new byte[cb - cbHash - 1]; // Structure is as follows: // pHash || PS || 01 || M // PS consists of all zeros Buffer.InternalBlockCopy(hash.Hash, 0, rgbDB, 0, cbHash); rgbDB[rgbDB.Length - rgbData.Length - 1] = 1; Buffer.InternalBlockCopy(rgbData, 0, rgbDB, rgbDB.Length - rgbData.Length, rgbData.Length); // 3. Create a random value of size hLen if (RngValue == null) { RngValue = RandomNumberGenerator.Create(); } rgbSeed = new byte[cbHash]; RngValue.GetBytes(rgbSeed); // 4. Compute the mask value mgf = new PKCS1MaskGenerationMethod(); rgbMask = mgf.GenerateMask(rgbSeed, rgbDB.Length); // 5. Xor rgbMaskDB into rgbDB for (i = 0; i < rgbDB.Length; i++) { rgbDB[i] = (byte)(rgbDB[i] ^ rgbMask[i]); } // 6. Compute seed mask value rgbMask = mgf.GenerateMask(rgbDB, cbHash); // 7. Xor rgbMask into rgbSeed for (i = 0; i < rgbSeed.Length; i++) { rgbSeed[i] ^= rgbMask[i]; } // 8. Concatenate rgbSeed and rgbDB to form value to encrypt rgbIn = new byte[cb]; Buffer.InternalBlockCopy(rgbSeed, 0, rgbIn, 1, rgbSeed.Length); Buffer.InternalBlockCopy(rgbDB, 0, rgbIn, rgbSeed.Length + 1, rgbDB.Length); // 9. Now Encrypt it rgbKeyEx = _rsaKey.EncryptValue(rgbIn); } return(rgbKeyEx); }
internal static byte[] RsaOaepEncrypt(RSA rsa, HashAlgorithm hash, PKCS1MaskGenerationMethod mgf, RandomNumberGenerator rng, byte[] data) { int num = rsa.KeySize / 8; int byteCount = hash.HashSize / 8; if (((data.Length + 2) + (2 * byteCount)) > num) { throw new CryptographicException(string.Format(null, Environment.GetResourceString("Cryptography_Padding_EncDataTooBig"), new object[] { (num - 2) - (2 * byteCount) })); } hash.ComputeHash(new byte[0]); byte[] dst = new byte[num - byteCount]; Buffer.InternalBlockCopy(hash.Hash, 0, dst, 0, byteCount); dst[(dst.Length - data.Length) - 1] = 1; Buffer.InternalBlockCopy(data, 0, dst, dst.Length - data.Length, data.Length); byte[] buffer2 = new byte[byteCount]; rng.GetBytes(buffer2); byte[] buffer3 = mgf.GenerateMask(buffer2, dst.Length); for (int i = 0; i < dst.Length; i++) { dst[i] = (byte) (dst[i] ^ buffer3[i]); } buffer3 = mgf.GenerateMask(dst, byteCount); for (int j = 0; j < buffer2.Length; j++) { buffer2[j] = (byte) (buffer2[j] ^ buffer3[j]); } byte[] buffer4 = new byte[num]; Buffer.InternalBlockCopy(buffer2, 0, buffer4, 0, buffer2.Length); Buffer.InternalBlockCopy(dst, 0, buffer4, buffer2.Length, dst.Length); return rsa.EncryptValue(buffer4); }