/// <summary>
/// Encrypt dataToEncrypt using the specified encodingParams (RSA only).
/// </summary>
/// <param name="plainText"></param>
/// <param name="label"></param>
/// <returns></returns>
public byte[] EncryptOaep(byte[] plainText, byte[] label)
{
if (plainText == null)
{
plainText = new byte[0];
}
if (label == null)
{
label = new byte[0];
}
#if TSS_USE_BCRYPT
var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label);
byte[] cipherText = Key.Encrypt(plainText, paddingInfo);
#elif false
var rr = new RawRsa(RsaProvider.ExportParameters(false), RsaProvider.KeySize);
byte[] cipherText = rr.OaepEncrypt(plainText, OaepHash, label);
#else
RSAParameters parms = RsaProvider.ExportParameters(false);
var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM);
var key = alg.LoadRSAKey(parms.Exponent, parms.Modulus);
var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label);
byte[] cipherText = key.Encrypt(plainText, paddingInfo);
key.Destroy();
alg.Close();
#endif
return(cipherText);
}
public byte[] Export(string bcryptBlobType)
{
#if !TSS_USE_BCRYPT
if (RsaProvider == null)
{
return(null);
}
RSAParameters parms = RsaProvider.ExportParameters(bcryptBlobType == Native.BCRYPT_RSAPRIVATE_BLOB);
var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM);
var Key = alg.LoadRSAKey(parms.Exponent, parms.Modulus, parms.P, parms.Q);
#endif
byte[] keyBlob = Key.Export(bcryptBlobType);
#if !TSS_USE_BCRYPT
Key.Destroy();
alg.Close();
#endif
return(keyBlob);
}
public byte[] DecryptOaep(byte[] cipherText, byte[] label)
{
#if TSS_USE_BCRYPT
var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label);
byte[] plainText = Key.Decrypt(cipherText, paddingInfo);
#elif true
var rr = new RawRsa(RsaProvider.ExportParameters(true), RsaProvider.KeySize);
byte[] plainText = rr.OaepDecrypt(cipherText, OaepHash, label);
#else
RSAParameters parms = RsaProvider.ExportParameters(true);
var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM);
var key = alg.LoadRSAKey(parms.Exponent, parms.Modulus, parms.P, parms.Q);
var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label);
byte[] plainText = key.Decrypt(cipherText, paddingInfo);
key.Destroy();
alg.Close();
#endif
return(plainText);
}
/// <summary>
/// Create a new AsymCryptoSystem from TPM public parameter. This can then
/// be used to validate TPM signatures or encrypt data destined for a TPM.
/// </summary>
/// <param name="pubKey"></param>
/// <param name="privKey"></param>
/// <returns></returns>
public static AsymCryptoSystem CreateFrom(TpmPublic pubKey, TpmPrivate privKey = null)
{
var cs = new AsymCryptoSystem();
TpmAlgId keyAlgId = pubKey.type;
cs.PublicParms = pubKey.Copy();
// Create an algorithm provider from the provided PubKey
switch (keyAlgId)
{
case TpmAlgId.Rsa:
{
RawRsa rr = null;
byte[] prime1 = null,
prime2 = null;
if (privKey != null)
{
rr = new RawRsa(pubKey, privKey);
prime1 = RawRsa.ToBigEndian(rr.P);
prime2 = RawRsa.ToBigEndian(rr.Q);
}
var rsaParams = (RsaParms)pubKey.parameters;
var exponent = rsaParams.exponent != 0
? Globs.HostToNet(rsaParams.exponent)
: RsaParms.DefaultExponent;
var modulus = (pubKey.unique as Tpm2bPublicKeyRsa).buffer;
#if TSS_USE_BCRYPT
var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM);
cs.Key = alg.LoadRSAKey(exponent, modulus, prime1, prime2);
alg.Close();
#else
var dotNetPubParms = new RSAParameters()
{
Exponent = exponent, Modulus = modulus
};
if (privKey != null)
{
dotNetPubParms.P = prime1;
dotNetPubParms.Q = prime2;
dotNetPubParms.D = RawRsa.ToBigEndian(rr.D);
dotNetPubParms.InverseQ = RawRsa.ToBigEndian(rr.InverseQ);
dotNetPubParms.DP = RawRsa.ToBigEndian(rr.DP);
dotNetPubParms.DQ = RawRsa.ToBigEndian(rr.DQ);
}
cs.RsaProvider = new RSACryptoServiceProvider();
cs.RsaProvider.ImportParameters(dotNetPubParms);
#endif
break;
}
#if !__MonoCS__
case TpmAlgId.Ecc:
{
var eccParms = (EccParms)pubKey.parameters;
var eccPub = (EccPoint)pubKey.unique;
var algId = RawEccKey.GetEccAlg(pubKey);
if (algId == null)
{
return(null);
}
bool isEcdsa = eccParms.scheme.GetUnionSelector() == TpmAlgId.Ecdsa;
byte[] keyBlob = RawEccKey.GetKeyBlob(eccPub.x, eccPub.y, keyAlgId,
!isEcdsa, eccParms.curveID);
#if TSS_USE_BCRYPT
var alg = new BCryptAlgorithm(algId);
cs.Key = alg.ImportKeyPair(Native.BCRYPT_ECCPUBLIC_BLOB, keyBlob);
alg.Close();
if (cs.Key == UIntPtr.Zero)
{
Globs.Throw("Failed to create new RSA key");
return(null);
}
#else
CngKey eccKey = CngKey.Import(keyBlob, CngKeyBlobFormat.EccPublicBlob);
if (pubKey.objectAttributes.HasFlag(ObjectAttr.Sign))
{
cs.EcdsaProvider = new ECDsaCng(eccKey);
}
else
{
cs.EcDhProvider = new ECDiffieHellmanCng(eccKey);
}
#endif // !TSS_USE_BCRYPT
break;
}
#endif // !__MonoCS__
default:
Globs.Throw <ArgumentException>("Algorithm not supported");
cs = null;
break;
}
return(cs);
}