internal static void ImportCspBlobHelper(CspAlgorithmType keyType, byte[] keyBlob, bool publicOnly, ref CspParameters parameters, bool randomKeyContainer, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
if (safeKeyHandle != null && !safeKeyHandle.IsClosed)
{
safeKeyHandle.Dispose();
}
safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (publicOnly)
{
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, keyType == CspAlgorithmType.Dss ? Utils.StaticDssProvHandle : Utils.StaticProvHandle, CspProviderFlags.NoFlags, ref safeKeyHandle);
}
else
{
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Import);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
}
if (safeProvHandle == null)
{
safeProvHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
}
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, safeProvHandle, parameters.Flags, ref safeKeyHandle);
}
}
/// <summary>
/// Создание распределенного секрета по HANDLE ключа в CSP
/// </summary>
/// <param name="key">HANDLE секретного ключа в CSP.</param>
/// <param name="prov">HANDLE провайдера (CSP), внутри которого
/// существует ключ.</param>
/// <param name="publicObject">Открытый ключ.</param>
/// <param name="algType"></param>
///
/// <argnull name="key" />
/// <argnull name="prov" />
/// <argnull name="publicObject" />
/// <exception cref="CryptographicException">При ошибках на native
/// уровне.</exception>
///
/// <unmanagedperm action="LinkDemand" />
internal GostSharedSecretCryptoServiceProvider(SafeKeyHandle key,
SafeProvHandle prov, Gost3410CspObject publicObject, CspAlgorithmType algType)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
if (prov == null)
{
throw new ArgumentNullException("prov");
}
if (publicObject == null)
{
throw new ArgumentNullException("publicObject");
}
// В связи с отсутствием DuplicateKey, используем грязный хак
_safeKeyHandle = key;
bool isinc = false;
_safeKeyHandle.DangerousAddRef(ref isinc);
_safeProvHandle = prov;
_safeProvHandle.DangerousAddRef(ref isinc);
_publicObject = publicObject;
_algType = algType;
}
internal static CspParameters SaveCspParameters(CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer)
{
CspParameters parameters;
if (userParameters == null)
{
parameters = new CspParameters((keyType == CspAlgorithmType.Dss) ? 13 : DefaultRsaProviderType, null, null, defaultFlags);
}
else
{
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = (keyType == CspAlgorithmType.Dss) ? 2 : 1;
}
else if ((parameters.KeyNumber == 0x2200) || (parameters.KeyNumber == 0x2400))
{
parameters.KeyNumber = 2;
}
else if (parameters.KeyNumber == 0xa400)
{
parameters.KeyNumber = 1;
}
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if ((parameters.KeyContainerName == null) && ((parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags))
{
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return(parameters);
}
/// <summary>
/// Устанавливает секретный ключ.
/// </summary>
///
/// <param name="key">Объект класса AsymmetricAlgorithm,
/// содержащий секретный ключ.</param>
///
/// <remarks><para>Ключ должен быть установлен до вызова
/// функций восстановления ключа.</para>
/// </remarks>
///
/// <argnull name="key" />
/// <exception cref="CryptographicException">
/// <paramref name="key"/> не поддерживает алгоритм
/// <see cref="Gost3410"/>.</exception>
public override void SetKey(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (key is Gost3410 gost3410)
{
_gostAlgorithmType = CspAlgorithmType.Gost2001;
_gostKey = gost3410;
}
else if (key is Gost3410_2012_256 gost3410_2012_256)
{
_gostAlgorithmType = CspAlgorithmType.Gost2012_256;
_gostKey = gost3410_2012_256;
}
else if (key is Gost3410_2012_512 gost3410_2012_512)
{
_gostAlgorithmType = CspAlgorithmType.Gost2012_512;
_gostKey = gost3410_2012_512;
}
else
{
throw new NotSupportedException();
}
}
internal static CspParameters SaveCspParameters(CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer)
{
CspParameters cspParameters;
if (userParameters == null)
{
cspParameters = new CspParameters(keyType == CspAlgorithmType.Dss ? 13 : 24, (string)null, (string)null, defaultFlags);
}
else
{
Utils.ValidateCspFlags(userParameters.Flags);
cspParameters = new CspParameters(userParameters);
}
if (cspParameters.KeyNumber == -1)
{
cspParameters.KeyNumber = keyType == CspAlgorithmType.Dss ? 2 : 1;
}
else if (cspParameters.KeyNumber == 8704 || cspParameters.KeyNumber == 9216)
{
cspParameters.KeyNumber = 2;
}
else if (cspParameters.KeyNumber == 41984)
{
cspParameters.KeyNumber = 1;
}
randomKeyContainer = (cspParameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if (cspParameters.KeyContainerName == null && (cspParameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags)
{
cspParameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return(cspParameters);
}
internal unsafe static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle safeProvHandle2 = Utils.CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission keyContainerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
keyContainerPermission.AccessEntries.Add(accessEntry);
keyContainerPermission.Demand();
Utils.SetKeySetSecurityInfo(safeProvHandle2, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
IntPtr parentWindowHandle = parameters.ParentWindowHandle;
IntPtr pbData = parentWindowHandle;
if (!AppContextSwitches.DoNotAddrOfCspParentWindowHandle)
{
pbData = new IntPtr((void *)(&parentWindowHandle));
}
Utils.SetProviderParameter(safeProvHandle2, parameters.KeyNumber, 10U, pbData);
}
else if (parameters.KeyPassword != null)
{
IntPtr intPtr = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
Utils.SetProviderParameter(safeProvHandle2, parameters.KeyNumber, 11U, intPtr);
}
finally
{
if (intPtr != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(intPtr);
}
}
}
safeProvHandle = safeProvHandle2;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int num = Utils._GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (num != 0)
{
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags || num != -2146893811)
{
throw new CryptographicException(num);
}
Utils._GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] array = Utils._GetKeyParameter(invalidHandle, 9U);
int num2 = (int)array[0] | (int)array[1] << 8 | (int)array[2] << 16 | (int)array[3] << 24;
if ((keyType == CspAlgorithmType.Rsa && num2 != 41984 && num2 != 9216) || (keyType == CspAlgorithmType.Dss && num2 != 8704))
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
/// <summary>
/// Кодирование Public ключа ГОСТ 34.10 в BLOB для импорта.
/// </summary>
///
/// <param name="cspObject">Открытый ключ с параметрами.</param>
/// <param name="alg">Тип алгоритма</param>
///
/// <returns>BLOB для импорта.</returns>
///
/// <exception cref="CryptographicException">При ошибках
/// кодирования структуры.</exception>
/// <argnull name="cspObject" />
///
/// <intdoc><para>Аналог в MS отсутствует, часть реализации
/// присутствует в ImportKey. У нас функция используется еще
/// и при разборе открытого клуча в обходе
/// CryptoPro.Sharpei.NetDetours.CPPublicKey.</para></intdoc>
///
/// <unmanagedperm action="LinkDemand" />
internal static byte[] EncodePublicBlob(Gost3410CspObject cspObject, CspAlgorithmType alg)
{
int keySize;
int algId;
switch (alg)
{
case CspAlgorithmType.PROV_GOST_2001_DH:
keySize = GostConstants.GOST_3410EL_SIZE;
algId = GostConstants.CALG_GR3410EL;
break;
case CspAlgorithmType.PROV_GOST_2012_256:
keySize = GostConstants.GOST3410_2012_256KEY_SIZE;
algId = GostConstants.CALG_GR3410_2012_256;
break;
case CspAlgorithmType.PROV_GOST_2012_512:
keySize = GostConstants.GOST3410_2012_512KEY_SIZE;
algId = GostConstants.CALG_GR3410_2012_512;
break;
default:
throw new CryptographicException(SR.Cryptography_CSP_WrongKeySpec);
}
if (cspObject == null)
{
throw new ArgumentNullException("cspObject");
}
byte[] encodedParameters = cspObject.EncodeParameters();
byte[] data = new byte[16 + encodedParameters.Length
+ cspObject._publicKey.Length];
data[0] = GostConstants.PUBLICKEYBLOB;
data[1] = GostConstants.CSP_CUR_BLOB_VERSION;
byte[] algid = BitConverter.GetBytes(algId);
Array.Copy(algid, 0, data, 4, 4);
byte[] magic = BitConverter.GetBytes(GostConstants.GR3410_1_MAGIC);
Array.Copy(magic, 0, data, 8, 4);
byte[] bitlen = BitConverter.GetBytes(keySize);
Array.Copy(bitlen, 0, data, 12, 4);
Array.Copy(encodedParameters, 0, data, 16,
encodedParameters.Length);
Array.Copy(cspObject._publicKey, 0, data,
16 + encodedParameters.Length,
cspObject._publicKey.Length);
return(data);
}
internal static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle provHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
Utils.SetKeySetSecurityInfo(provHandle, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
Utils.SetProviderParameter(provHandle, parameters.KeyNumber, 10U, parameters.ParentWindowHandle);
}
else if (parameters.KeyPassword != null)
{
IntPtr coTaskMemAnsi = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
Utils.SetProviderParameter(provHandle, parameters.KeyNumber, 11U, coTaskMemAnsi);
}
finally
{
if (coTaskMemAnsi != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(coTaskMemAnsi);
}
}
}
safeProvHandle = provHandle;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int userKey = Utils._GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (userKey != 0)
{
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags || userKey != -2146893811)
{
throw new CryptographicException(userKey);
}
Utils._GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] keyParameter = Utils._GetKeyParameter(invalidHandle, 9U);
int num = (int)keyParameter[0] | (int)keyParameter[1] << 8 | (int)keyParameter[2] << 16 | (int)keyParameter[3] << 24;
if (keyType == CspAlgorithmType.Rsa && num != 41984 && num != 9216 || keyType == CspAlgorithmType.Dss && num != 8704)
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
internal static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle hProv = CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
SetKeySetSecurityInfo(hProv, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
SetProviderParameter(hProv, parameters.KeyNumber, 10, parameters.ParentWindowHandle);
}
else if (parameters.KeyPassword != null)
{
IntPtr pbData = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
SetProviderParameter(hProv, parameters.KeyNumber, 11, pbData);
}
finally
{
if (pbData != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(pbData);
}
}
}
safeProvHandle = hProv;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int hr = _GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (hr != 0)
{
if (((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags) || (hr != -2146893811))
{
throw new CryptographicException(hr);
}
_GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] buffer = _GetKeyParameter(invalidHandle, 9);
int num2 = ((buffer[0] | (buffer[1] << 8)) | (buffer[2] << 0x10)) | (buffer[3] << 0x18);
if ((((keyType == CspAlgorithmType.Rsa) && (num2 != 0xa400)) && (num2 != 0x2400)) || ((keyType == CspAlgorithmType.Dss) && (num2 != 0x2200)))
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
/// <summary>
/// Кодирование Public ключа ГОСТ 34.10 в BLOB для импорта.
/// </summary>
///
/// <param name="keyBlob">Откытый ключ без параметров.</param>
/// <param name="paramBlob">Параметры откытого ключа</param>
/// <param name="alg">Тип алгоритма</param>
///
/// <returns>BLOB для импорта.</returns>
///
/// <exception cref="CryptographicException">При ошибках
/// кодирования структуры.</exception>
/// <argnull name="cspObject" />
///
/// <intdoc><para>Аналог в MS отсутствует, часть реализации
/// присутствует в ImportKey. У нас функция используется еще
/// и при разборе открытого клуча в обходе
/// CryptoPro.Sharpei.NetDetours.CPPublicKey.</para></intdoc>
///
/// <unmanagedperm action="LinkDemand" />
internal static byte[] EncodePublicBlob(byte[] keyBlob, byte[] paramBlob, CspAlgorithmType alg)
{
int keySize;
int algId;
switch (alg)
{
case CspAlgorithmType.PROV_GOST_2001_DH:
keySize = GostConstants.GOST_3410EL_SIZE;
algId = GostConstants.CALG_GR3410EL;
break;
case CspAlgorithmType.PROV_GOST_2012_256:
keySize = GostConstants.GOST3410_2012_256KEY_SIZE;
algId = GostConstants.CALG_GR3410_2012_256;
break;
case CspAlgorithmType.PROV_GOST_2012_512:
keySize = GostConstants.GOST3410_2012_512KEY_SIZE;
algId = GostConstants.CALG_GR3410_2012_512;
break;
default:
throw new CryptographicException(SR.Cryptography_CSP_WrongKeySpec);
}
byte[] data = new byte[16 + paramBlob.Length
+ keyBlob.Length];
data[0] = GostConstants.PUBLICKEYBLOB;
data[1] = GostConstants.CSP_CUR_BLOB_VERSION;
byte[] algid = BitConverter.GetBytes(algId);
Array.Copy(algid, 0, data, 4, 4);
byte[] magic = BitConverter.GetBytes(GostConstants.GR3410_1_MAGIC);
Array.Copy(magic, 0, data, 8, 4);
byte[] bitlen = BitConverter.GetBytes(keySize);
Array.Copy(bitlen, 0, data, 12, 4);
Array.Copy(paramBlob, 0, data, 16,
paramBlob.Length);
Array.Copy(keyBlob, 0, data,
16 + paramBlob.Length,
keyBlob.Length);
return(data);
}
/// <summary>
/// Разбор декодированной ASN1c структуры ГОСТ 34.10 <c>SubjectPublicKeyInfo</c>.
/// </summary>
///
/// <param name="spki">ASN1c структура <c>SubjectPublicKeyInfo</c>.
/// </param>
/// <param name="alg"></param>
///
/// <returns>Параметры открытого ключа.</returns>
/// <argnull name="spki" />
/// <exception cref="ArgumentException">Если вложенная структура
/// не приводится к <c>GostR3410_2001_PublicKeyParameters</c>
/// </exception>
private static Gost3410CspObject UnpackPublicKeyInfo(
SubjectPublicKeyInfo spki, CspAlgorithmType alg)
{
switch (alg)
{
case CspAlgorithmType.Gost2001:
return(UnpackPublicKeyInfo2001(spki));
case CspAlgorithmType.Gost2012_256:
case CspAlgorithmType.Gost2012_512:
return(UnpackPublicKeyInfo2012(spki));
default:
throw new CryptographicException(
"Cryptography_CSP_WrongKeySpec");
}
}
/// <summary>
/// Упаковка открытого ключа ГОСТ 34.10 и его параметров в Asn1c структуру.
/// </summary>
///
/// <param name="pub">Открытый ключ.</param>
/// <param name="alg"></param>
///
/// <returns>Asn1c структура <c>SubjectPublicKeyInfo</c> открытого
/// ключа.</returns>
///
private static SubjectPublicKeyInfo PackPublicKeyInfo(
Gost3410CspObject pub, CspAlgorithmType alg)
{
switch (alg)
{
case CspAlgorithmType.Gost2001:
return(PackPublicKeyInfo2001(pub));
case CspAlgorithmType.Gost2012_256:
return(PackPublicKeyInfo2012_256(pub));
case CspAlgorithmType.Gost2012_512:
return(PackPublicKeyInfo2012_512(pub));
default:
throw new CryptographicException(
"Cryptography_CSP_WrongKeySpec");
}
}
internal static void ImportCspBlobHelper(CspAlgorithmType keyType, byte[] keyBlob, bool publicOnly, ref CspParameters parameters, bool randomKeyContainer, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
if ((safeKeyHandle != null) && !safeKeyHandle.IsClosed)
{
safeKeyHandle.Dispose();
}
safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (publicOnly)
{
parameters.KeyNumber = _ImportCspBlob(keyBlob, (keyType == CspAlgorithmType.Dss) ? StaticDssProvHandle : StaticProvHandle, CspProviderFlags.NoFlags, ref safeKeyHandle);
}
else
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Import);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
if (safeProvHandle == null)
{
safeProvHandle = CreateProvHandle(parameters, randomKeyContainer);
}
parameters.KeyNumber = _ImportCspBlob(keyBlob, safeProvHandle, parameters.Flags, ref safeKeyHandle);
}
}
[System.Security.SecurityCritical] // auto-generated
internal static void ImportCspBlobHelper (CspAlgorithmType keyType, byte[] keyBlob, bool publicOnly, ref CspParameters parameters, bool randomKeyContainer, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle) {
// Free the current key handle
if (safeKeyHandle != null && !safeKeyHandle.IsClosed)
safeKeyHandle.Dispose();
safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (publicOnly) {
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, keyType == CspAlgorithmType.Dss ? Utils.StaticDssProvHandle : Utils.StaticProvHandle, (CspProviderFlags) 0, ref safeKeyHandle);
} else {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Import);
kp.AccessEntries.Add(entry);
kp.Demand();
}
if (safeProvHandle == null)
safeProvHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, safeProvHandle, parameters.Flags, ref safeKeyHandle);
}
}
/// <summary>
/// Helper function to get the key pair
/// </summary>
internal static SafeKeyHandle GetKeyPairHelper(
CspAlgorithmType keyType,
CspParameters parameters,
int keySize,
SafeProvHandle safeProvHandle)
{
// If the key already exists, use it, else generate a new one
SafeKeyHandle hKey;
int hr = CapiHelper.GetUserKey(safeProvHandle, parameters.KeyNumber, out hKey);
if (hr != S_OK)
{
hKey.Dispose();
if (IsFlagBitSet((uint)parameters.Flags, (uint)CspProviderFlags.UseExistingKey) ||
(uint)hr != (uint)CryptKeyError.NTE_NO_KEY)
{
throw new CryptographicException(SR.Format(SR.CryptGetUserKey_Failed, Convert.ToString(hr)));
}
// GenerateKey will check for failures and throw an exception
CapiHelper.GenerateKey(safeProvHandle, parameters.KeyNumber, (int)parameters.Flags,
(uint)keySize, out hKey);
}
// check that this is indeed an RSA/DSS key.
byte[] algid = CapiHelper.GetKeyParameter(hKey, Constants.CLR_ALGID);
int dwAlgId = (algid[0] | (algid[1] << 8) | (algid[2] << 16) | (algid[3] << 24));
if ((keyType == CspAlgorithmType.Rsa && dwAlgId != CALG_RSA_KEYX && dwAlgId != CALG_RSA_SIGN) ||
(keyType == CspAlgorithmType.Dss && dwAlgId != CALG_DSS_SIGN))
{
hKey.Dispose();
throw new CryptographicException(SR.Format(SR.Cryptography_CSP_WrongKeySpec, Convert.ToString(keyType)));
}
return hKey;
}
/// <summary>
/// Helper method to save the CSP parameters.
/// </summary>
/// <param name="keyType">CSP algorithm type</param>
/// <param name="userParameters">CSP Parameters passed by user</param>
/// <param name="defaultFlags">flags </param>
/// <param name="randomKeyContainer">identifies if it is random key container</param>
/// <returns></returns>
internal static CspParameters SaveCspParameters(
CspAlgorithmType keyType,
CspParameters userParameters,
CspProviderFlags defaultFlags,
out bool randomKeyContainer)
{
CspParameters parameters;
if (userParameters == null)
{
parameters = new CspParameters(keyType == CspAlgorithmType.Dss ?
(int)ProviderType.PROV_DSS_DH : DefaultRsaProviderType,
null, null, defaultFlags);
}
else
{
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = keyType == CapiHelper.CspAlgorithmType.Dss ? (int)KeyNumber.Signature : (int)KeyNumber.Exchange;
}
else if (parameters.KeyNumber == CALG_DSS_SIGN || parameters.KeyNumber == CALG_RSA_SIGN)
{
parameters.KeyNumber = (int)KeyNumber.Signature;
}
else if (parameters.KeyNumber == CALG_RSA_KEYX)
{
parameters.KeyNumber = (int)KeyNumber.Exchange;
}
// If no key container was specified and UseDefaultKeyContainer is not used, then use CRYPT_VERIFYCONTEXT
// to generate an ephemeral key
randomKeyContainer = IsFlagBitSet((uint)parameters.Flags, (uint)CspProviderFlags.CreateEphemeralKey);
if (parameters.KeyContainerName == null && !IsFlagBitSet((uint)parameters.Flags,
(uint)CspProviderFlags.UseDefaultKeyContainer))
{
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
/// <summary>
/// Разбор BLOB открытого ключа ГОСТ 34.10.
/// </summary>
///
/// <param name="obj">Gost3410CspObject</param>
/// <param name="data">BLOB</param>
/// <param name="alg">Тип алгоритма</param>
///
/// <argnull name="obj" />
/// <exception cref="CryptographicException">Если
/// <paramref name="obj"/> не объект типа
/// <see cref="Gost3410CspObject"/></exception>
///
/// <intdoc><para>Аналог в MS отсутствует, часть реализации
/// присутствует в ImportKey. </para></intdoc>
///
/// <unmanagedperm action="LinkDemand" />
internal static void DecodePublicBlob(Object obj, byte[] data, CspAlgorithmType alg)
{
int keySize;
switch (alg)
{
case CspAlgorithmType.PROV_GOST_2001_DH:
keySize = GostConstants.GOST_3410EL_SIZE;
break;
case CspAlgorithmType.PROV_GOST_2012_256:
keySize = GostConstants.GOST3410_2012_256KEY_SIZE;
break;
case CspAlgorithmType.PROV_GOST_2012_512:
keySize = GostConstants.GOST3410_2012_512KEY_SIZE;
break;
default:
throw new CryptographicException(SR.Cryptography_CSP_WrongKeySpec);
}
if (obj == null)
{
throw new ArgumentNullException("obj");
}
Gost3410CspObject cspObject = obj as Gost3410CspObject;
if (cspObject == null)
{
throw new CryptographicException(GostConstants.NTE_BAD_ALGID);
}
if (data.Length < 16 + keySize / 8)
{
throw new CryptographicException(GostConstants.NTE_BAD_DATA);
}
// CRYPT_PUBKEYPARAM -> 8 { Magic, BitLen )
uint magic = BitConverter.ToUInt32(data, 8);
uint bitlen = BitConverter.ToUInt32(data, 12);
if (magic != GostConstants.GR3410_1_MAGIC)
{
throw new CryptographicException(GostConstants.NTE_BAD_DATA);
}
if (bitlen != keySize)
{
throw new CryptographicException(GostConstants.NTE_BAD_DATA);
}
byte[] tmp = new byte[data.Length - 16 - keySize / 8];
Array.Copy(data, 16, tmp, 0, data.Length - 16 - keySize / 8);
var publicKeyParameters = new GostKeyExchangeParameters();
var encodeKeyParameters = new byte[(data.Length - 16) - keySize / 8];
Array.Copy(data, 16, encodeKeyParameters, 0, (data.Length - 16) - keySize / 8);
publicKeyParameters.DecodeParameters(encodeKeyParameters);
var publicKey = new byte[keySize / 8];
Array.Copy(data, data.Length - keySize / 8, publicKey, 0, keySize / 8);
publicKeyParameters.PublicKey = publicKey;
cspObject._publicKey = publicKeyParameters.PublicKey;
cspObject._publicKeyParamSet = publicKeyParameters.PublicKeyParamSet;
cspObject._digestParamSet = publicKeyParameters.DigestParamSet;
}
internal static CspParameters SaveCspParameters(CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer)
{
CspParameters parameters;
if (userParameters == null)
{
parameters = new CspParameters((keyType == CspAlgorithmType.Dss) ? 13 : DefaultRsaProviderType, null, null, defaultFlags);
}
else
{
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
{
parameters.KeyNumber = (keyType == CspAlgorithmType.Dss) ? 2 : 1;
}
else if ((parameters.KeyNumber == 0x2200) || (parameters.KeyNumber == 0x2400))
{
parameters.KeyNumber = 2;
}
else if (parameters.KeyNumber == 0xa400)
{
parameters.KeyNumber = 1;
}
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if ((parameters.KeyContainerName == null) && ((parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == CspProviderFlags.NoFlags))
{
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
internal static void ImportCspBlobHelper(CspAlgorithmType keyType, byte[] keyBlob, bool publicOnly, ref CspParameters parameters, bool randomKeyContainer, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
if ((safeKeyHandle != null) && !safeKeyHandle.IsClosed)
{
safeKeyHandle.Dispose();
}
safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (publicOnly)
{
parameters.KeyNumber = _ImportCspBlob(keyBlob, (keyType == CspAlgorithmType.Dss) ? StaticDssProvHandle : StaticProvHandle, CspProviderFlags.NoFlags, ref safeKeyHandle);
}
else
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Import);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
if (safeProvHandle == null)
{
safeProvHandle = CreateProvHandle(parameters, randomKeyContainer);
}
parameters.KeyNumber = _ImportCspBlob(keyBlob, safeProvHandle, parameters.Flags, ref safeKeyHandle);
}
}
internal static void GetKeyPairHelper (CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle) {
SafeProvHandle TempFetchedProvHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
#if FEATURE_MACL
// If the user wanted to set the security descriptor on the provider context, apply it now.
if (parameters.CryptoKeySecurity != null) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
kp.AccessEntries.Add(entry);
kp.Demand();
SetKeySetSecurityInfo(TempFetchedProvHandle, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
#endif //FEATURE_MACL
#if FEATURE_X509_SECURESTRINGS
// If the user wanted to specify a PIN or HWND for a smart card CSP, apply those settings now.
if (parameters.ParentWindowHandle != IntPtr.Zero)
SetProviderParameter(TempFetchedProvHandle, parameters.KeyNumber, Constants.CLR_PP_CLIENT_HWND, parameters.ParentWindowHandle);
else if (parameters.KeyPassword != null) {
IntPtr szPassword = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try {
SetProviderParameter(TempFetchedProvHandle, parameters.KeyNumber, Constants.CLR_PP_PIN, szPassword);
}
finally {
if (szPassword != IntPtr.Zero)
Marshal.ZeroFreeCoTaskMemAnsi(szPassword);
}
}
#endif //FEATURE_X509_SECURESTRINGS
safeProvHandle = TempFetchedProvHandle;
// If the key already exists, use it, else generate a new one
SafeKeyHandle TempFetchedKeyHandle = SafeKeyHandle.InvalidHandle;
int hr = Utils._GetUserKey(safeProvHandle, parameters.KeyNumber, ref TempFetchedKeyHandle);
if (hr != Constants.S_OK) {
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != 0 || hr != Constants.NTE_NO_KEY)
throw new CryptographicException(hr);
// _GenerateKey will check for failures and throw an exception
Utils._GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref TempFetchedKeyHandle);
}
// check that this is indeed an RSA/DSS key.
byte[] algid = (byte[]) Utils._GetKeyParameter(TempFetchedKeyHandle, Constants.CLR_ALGID);
int dwAlgId = (algid[0] | (algid[1] << 8) | (algid[2] << 16) | (algid[3] << 24));
if ((keyType == CspAlgorithmType.Rsa && dwAlgId != Constants.CALG_RSA_KEYX && dwAlgId != Constants.CALG_RSA_SIGN) ||
(keyType == CspAlgorithmType.Dss && dwAlgId != Constants.CALG_DSS_SIGN)) {
TempFetchedKeyHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = TempFetchedKeyHandle;
}
internal static CspParameters SaveCspParameters (CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer) {
#if SILVERLIGHT
Contract.Assert(keyType == CspAlgorithmType.Rsa, "Only RSA is supported in Silverlight");
#endif // SILVERLIGHT
CspParameters parameters;
if (userParameters == null) {
#if !SILVERLIGHT
parameters = new CspParameters(keyType == CspAlgorithmType.Dss ? Constants.PROV_DSS_DH : DefaultRsaProviderType, null, null, defaultFlags);
#else // !SILVERLIGHT
parameters = new CspParameters();
#endif // !SILVERLIGHT
} else {
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
#if !SILVERLIGHT
if (parameters.KeyNumber == -1)
parameters.KeyNumber = keyType == CspAlgorithmType.Dss ? Constants.AT_SIGNATURE : Constants.AT_KEYEXCHANGE;
else if (parameters.KeyNumber == Constants.CALG_DSS_SIGN || parameters.KeyNumber == Constants.CALG_RSA_SIGN)
parameters.KeyNumber = Constants.AT_SIGNATURE;
else if (parameters.KeyNumber == Constants.CALG_RSA_KEYX)
parameters.KeyNumber = Constants.AT_KEYEXCHANGE;
#else // !SILVERLIGHT
if (parameters.KeyNumber == -1) {
parameters.KeyNumber = (int)CapiNative.KeySpec.Signature;
}
#endif // !SILVERLIGHT
// If no key container was specified and UseDefaultKeyContainer is not used, then use CRYPT_VERIFYCONTEXT
// to generate an ephemeral key
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if (parameters.KeyContainerName == null && (parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == 0) {
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
internal static CspParameters SaveCspParameters (CspAlgorithmType keyType, CspParameters userParameters, CspProviderFlags defaultFlags, ref bool randomKeyContainer) {
CspParameters parameters;
if (userParameters == null) {
parameters = new CspParameters(keyType == CspAlgorithmType.Dss ? Constants.PROV_DSS_DH : DefaultRsaProviderType, null, null, defaultFlags);
} else {
ValidateCspFlags(userParameters.Flags);
parameters = new CspParameters(userParameters);
}
if (parameters.KeyNumber == -1)
parameters.KeyNumber = keyType == CspAlgorithmType.Dss ? Constants.AT_SIGNATURE : Constants.AT_KEYEXCHANGE;
else if (parameters.KeyNumber == Constants.CALG_DSS_SIGN || parameters.KeyNumber == Constants.CALG_RSA_SIGN)
parameters.KeyNumber = Constants.AT_SIGNATURE;
else if (parameters.KeyNumber == Constants.CALG_RSA_KEYX)
parameters.KeyNumber = Constants.AT_KEYEXCHANGE;
// If no key container was specified and UseDefaultKeyContainer is not used, then use CRYPT_VERIFYCONTEXT
// to generate an ephemeral key
randomKeyContainer = (parameters.Flags & CspProviderFlags.CreateEphemeralKey) == CspProviderFlags.CreateEphemeralKey;
if (parameters.KeyContainerName == null && (parameters.Flags & CspProviderFlags.UseDefaultKeyContainer) == 0) {
parameters.Flags |= CspProviderFlags.CreateEphemeralKey;
randomKeyContainer = true;
}
return parameters;
}
internal static void GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle)
{
SafeProvHandle hProv = CreateProvHandle(parameters, randomKeyContainer);
if (parameters.CryptoKeySecurity != null)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
SetKeySetSecurityInfo(hProv, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
if (parameters.ParentWindowHandle != IntPtr.Zero)
{
SetProviderParameter(hProv, parameters.KeyNumber, 10, parameters.ParentWindowHandle);
}
else if (parameters.KeyPassword != null)
{
IntPtr pbData = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try
{
SetProviderParameter(hProv, parameters.KeyNumber, 11, pbData);
}
finally
{
if (pbData != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemAnsi(pbData);
}
}
}
safeProvHandle = hProv;
SafeKeyHandle invalidHandle = SafeKeyHandle.InvalidHandle;
int hr = _GetUserKey(safeProvHandle, parameters.KeyNumber, ref invalidHandle);
if (hr != 0)
{
if (((parameters.Flags & CspProviderFlags.UseExistingKey) != CspProviderFlags.NoFlags) || (hr != -2146893811))
{
throw new CryptographicException(hr);
}
_GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref invalidHandle);
}
byte[] buffer = _GetKeyParameter(invalidHandle, 9);
int num2 = ((buffer[0] | (buffer[1] << 8)) | (buffer[2] << 0x10)) | (buffer[3] << 0x18);
if ((((keyType == CspAlgorithmType.Rsa) && (num2 != 0xa400)) && (num2 != 0x2400)) || ((keyType == CspAlgorithmType.Dss) && (num2 != 0x2200)))
{
invalidHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = invalidHandle;
}
