internal override bool TryImportKey(
ReadOnlySpan <byte> blob,
KeyBlobFormat format,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
if (format != KeyBlobFormat.RawSymmetricKey)
{
throw Error.Argument_FormatNotSupported(nameof(format), format.ToString());
}
if (blob.Length < MinKeySize)
{
keyHandle = null;
publicKeyBytes = null;
return(false);
}
if (blob.Length > SHA256MessageBlockSize)
{
publicKeyBytes = null;
SecureMemoryHandle.Alloc(crypto_hash_sha256_BYTES, out keyHandle);
crypto_hash_sha256_init(out crypto_hash_sha256_state state);
crypto_hash_sha256_update(ref state, ref blob.DangerousGetPinnableReference(), (ulong)blob.Length);
crypto_hash_sha256_final(ref state, keyHandle);
}
else
{
publicKeyBytes = null;
SecureMemoryHandle.Alloc(blob.Length, out keyHandle);
keyHandle.Import(blob);
}
return(true);
}
public static SharedSecret Import(
ReadOnlySpan <byte> sharedSecret)
{
if (sharedSecret.Length > 128)
{
throw Error.Argument_SharedSecretLength(nameof(sharedSecret), 128.ToString());
}
Sodium.Initialize();
SecureMemoryHandle sharedSecretHandle = null;
bool success = false;
try
{
SecureMemoryHandle.Alloc(sharedSecret.Length, out sharedSecretHandle);
sharedSecretHandle.Import(sharedSecret);
success = true;
}
finally
{
if (!success && sharedSecretHandle != null)
{
sharedSecretHandle.Dispose();
}
}
return(new SharedSecret(sharedSecretHandle));
}
internal override void CreateKey(
ReadOnlySpan <byte> seed,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
publicKeyBytes = null;
SecureMemoryHandle.Alloc(seed.Length, out keyHandle);
keyHandle.Import(seed);
}
protected virtual void Deserialize(
ReadOnlySpan <byte> span,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(span.Length == _keySize);
publicKeyBytes = null;
SecureMemoryHandle.Alloc(span.Length, out keyHandle);
keyHandle.Import(span);
}
protected override void Deserialize(
ReadOnlySpan <byte> span,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(span.Length == crypto_sign_ed25519_SEEDBYTES);
publicKeyBytes = new byte[crypto_sign_ed25519_PUBLICKEYBYTES];
SecureMemoryHandle.Alloc(crypto_sign_ed25519_SECRETKEYBYTES, out keyHandle);
crypto_sign_ed25519_seed_keypair(publicKeyBytes, keyHandle, ref span.DangerousGetPinnableReference());
}
internal override void CreateKey(
ReadOnlySpan <byte> seed,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(seed.Length == crypto_aead_aes256gcm_KEYBYTES);
publicKeyBytes = null;
SecureMemoryHandle.Alloc(seed.Length, out keyHandle);
keyHandle.Import(seed);
}
internal override void CreateKey(
ReadOnlySpan <byte> seed,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(seed.Length == crypto_sign_ed25519_SEEDBYTES);
publicKeyBytes = new byte[crypto_sign_ed25519_PUBLICKEYBYTES];
SecureMemoryHandle.Alloc(crypto_sign_ed25519_SECRETKEYBYTES, out keyHandle);
crypto_sign_ed25519_seed_keypair(publicKeyBytes, keyHandle, in MemoryMarshal.GetReference(seed));
}
protected override void Deserialize(
ReadOnlySpan <byte> span,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(span.Length == crypto_scalarmult_curve25519_SCALARBYTES);
publicKeyBytes = new byte[crypto_scalarmult_curve25519_SCALARBYTES];
SecureMemoryHandle.Alloc(span.Length, out keyHandle);
keyHandle.Import(span);
crypto_scalarmult_curve25519_base(publicKeyBytes, keyHandle);
}
internal override void CreateKey(
ReadOnlySpan <byte> seed,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(seed.Length >= crypto_generichash_blake2b_KEYBYTES_MIN);
Debug.Assert(seed.Length <= crypto_generichash_blake2b_KEYBYTES_MAX);
publicKeyBytes = null;
SecureMemoryHandle.Alloc(seed.Length, out keyHandle);
keyHandle.Import(seed);
}
internal override void CreateKey(
ReadOnlySpan <byte> seed,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
Debug.Assert(seed.Length == crypto_scalarmult_curve25519_SCALARBYTES);
publicKeyBytes = new byte[crypto_scalarmult_curve25519_SCALARBYTES];
SecureMemoryHandle.Alloc(crypto_scalarmult_curve25519_SCALARBYTES, out keyHandle);
keyHandle.Import(seed);
crypto_scalarmult_curve25519_base(publicKeyBytes, keyHandle);
Debug.Assert((publicKeyBytes[crypto_scalarmult_curve25519_SCALARBYTES - 1] & 0x80) == 0);
}
public Key DeriveKey(
SharedSecret sharedSecret,
ReadOnlySpan <byte> salt,
ReadOnlySpan <byte> info,
Algorithm algorithm,
KeyFlags flags = KeyFlags.None)
{
if (sharedSecret == null)
{
throw Error.ArgumentNull_SharedSecret(nameof(sharedSecret));
}
if (!_supportsSalt && !salt.IsEmpty)
{
throw Error.Argument_SaltNotSupported(nameof(salt));
}
if (algorithm == null)
{
throw Error.ArgumentNull_Algorithm(nameof(algorithm));
}
int keySize = algorithm.GetDefaultKeySize();
if (keySize > MaxOutputSize)
{
throw Error.NotSupported_CreateKey();
}
SecureMemoryHandle keyHandle = null;
byte[] publicKeyBytes = null;
bool success = false;
try
{
SecureMemoryHandle.Alloc(keySize, out keyHandle);
DeriveKeyCore(sharedSecret.Handle, salt, info, keyHandle);
algorithm.CreateKey(keyHandle, out publicKeyBytes);
success = true;
}
finally
{
if (!success && keyHandle != null)
{
keyHandle.Dispose();
}
}
return(new Key(algorithm, flags, keyHandle, publicKeyBytes));
}
private protected override bool TryAgreeCore(
SecureMemoryHandle keyHandle,
ReadOnlySpan <byte> otherPartyPublicKey,
out SecureMemoryHandle sharedSecretHandle)
{
Debug.Assert(keyHandle != null);
Debug.Assert(keyHandle.Length == crypto_scalarmult_curve25519_SCALARBYTES);
Debug.Assert(otherPartyPublicKey.Length == crypto_scalarmult_curve25519_SCALARBYTES);
SecureMemoryHandle.Alloc(crypto_scalarmult_curve25519_BYTES, out sharedSecretHandle);
int error = crypto_scalarmult_curve25519(
sharedSecretHandle,
keyHandle,
ref otherPartyPublicKey.DangerousGetPinnableReference());
return(error == 0);
}
public bool TryImport(
ReadOnlySpan <byte> blob,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
int keySize = blob.Length;
if (keySize < _minKeySize || keySize > _maxKeySize)
{
keyHandle = null;
publicKeyBytes = null;
return(false);
}
publicKeyBytes = null;
SecureMemoryHandle.Alloc(keySize, out keyHandle);
keyHandle.Import(blob);
return(true);
}
public bool TryImport(
ReadOnlySpan <byte> blob,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
int keySize = blob.Length - (_blobHeader.Length + sizeof(uint));
if (keySize < _minKeySize ||
keySize > _maxKeySize ||
!blob.Slice(0, _blobHeader.Length).SequenceEqual(_blobHeader) ||
blob.Slice(_blobHeader.Length).ReadLittleEndian() != (uint)keySize)
{
keyHandle = null;
publicKeyBytes = null;
return(false);
}
publicKeyBytes = null;
SecureMemoryHandle.Alloc(keySize, out keyHandle);
keyHandle.Import(blob.Slice(_blobHeader.Length + sizeof(uint)));
return(true);
}
public Key(
Algorithm algorithm,
KeyFlags flags = KeyFlags.None)
{
if (algorithm == null)
{
throw Error.ArgumentNull_Algorithm(nameof(algorithm));
}
int keySize = algorithm.GetDefaultKeySize();
SecureMemoryHandle keyHandle = null;
byte[] publicKeyBytes = null;
bool success = false;
try
{
SecureMemoryHandle.Alloc(keySize, out keyHandle);
SecureRandom.GenerateKeyCore(keyHandle);
algorithm.CreateKey(keyHandle, out publicKeyBytes);
success = true;
}
finally
{
if (!success && keyHandle != null)
{
keyHandle.Dispose();
}
}
keyHandle.MakeReadOnly();
_algorithm = algorithm;
_flags = flags;
_handle = keyHandle;
_publicKey = (publicKeyBytes) != null ? new PublicKey(algorithm, publicKeyBytes) : null;
}
internal override bool TryImportKey(
ReadOnlySpan <byte> blob,
KeyBlobFormat format,
out SecureMemoryHandle keyHandle,
out byte[] publicKeyBytes)
{
if (format != KeyBlobFormat.RawSymmetricKey)
{
throw Error.Argument_FormatNotSupported(nameof(format), format.ToString());
}
if (blob.Length < MinKeySize || blob.Length > MaxKeySize)
{
keyHandle = null;
publicKeyBytes = null;
return(false);
}
publicKeyBytes = null;
SecureMemoryHandle.Alloc(blob.Length, out keyHandle);
keyHandle.Import(blob);
return(true);
}
