/// <summary> /// Encrypt dataToEncrypt using the specified encodingParams (RSA only). /// </summary> /// <param name="plainText"></param> /// <param name="label"></param> /// <returns></returns> public byte[] EncryptOaep(byte[] plainText, byte[] label) { if (plainText == null) { plainText = new byte[0]; } if (label == null) { label = new byte[0]; } #if TSS_USE_BCRYPT var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label); byte[] cipherText = Key.Encrypt(plainText, paddingInfo); #elif false var rr = new RawRsa(RsaProvider.ExportParameters(false), RsaProvider.KeySize); byte[] cipherText = rr.OaepEncrypt(plainText, OaepHash, label); #else RSAParameters parms = RsaProvider.ExportParameters(false); var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM); var key = alg.LoadRSAKey(parms.Exponent, parms.Modulus); var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label); byte[] cipherText = key.Encrypt(plainText, paddingInfo); key.Destroy(); alg.Close(); #endif return(cipherText); }
public byte[] Export(string bcryptBlobType) { #if !TSS_USE_BCRYPT if (RsaProvider == null) { return(null); } RSAParameters parms = RsaProvider.ExportParameters(bcryptBlobType == Native.BCRYPT_RSAPRIVATE_BLOB); var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM); var Key = alg.LoadRSAKey(parms.Exponent, parms.Modulus, parms.P, parms.Q); #endif byte[] keyBlob = Key.Export(bcryptBlobType); #if !TSS_USE_BCRYPT Key.Destroy(); alg.Close(); #endif return(keyBlob); }
public byte[] DecryptOaep(byte[] cipherText, byte[] label) { #if TSS_USE_BCRYPT var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label); byte[] plainText = Key.Decrypt(cipherText, paddingInfo); #elif true var rr = new RawRsa(RsaProvider.ExportParameters(true), RsaProvider.KeySize); byte[] plainText = rr.OaepDecrypt(cipherText, OaepHash, label); #else RSAParameters parms = RsaProvider.ExportParameters(true); var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM); var key = alg.LoadRSAKey(parms.Exponent, parms.Modulus, parms.P, parms.Q); var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label); byte[] plainText = key.Decrypt(cipherText, paddingInfo); key.Destroy(); alg.Close(); #endif return(plainText); }
/// <summary> /// Create a new AsymCryptoSystem from TPM public parameter. This can then /// be used to validate TPM signatures or encrypt data destined for a TPM. /// </summary> /// <param name="pubKey"></param> /// <param name="privKey"></param> /// <returns></returns> public static AsymCryptoSystem CreateFrom(TpmPublic pubKey, TpmPrivate privKey = null) { var cs = new AsymCryptoSystem(); TpmAlgId keyAlgId = pubKey.type; cs.PublicParms = pubKey.Copy(); // Create an algorithm provider from the provided PubKey switch (keyAlgId) { case TpmAlgId.Rsa: { RawRsa rr = null; byte[] prime1 = null, prime2 = null; if (privKey != null) { rr = new RawRsa(pubKey, privKey); prime1 = RawRsa.ToBigEndian(rr.P); prime2 = RawRsa.ToBigEndian(rr.Q); } var rsaParams = (RsaParms)pubKey.parameters; var exponent = rsaParams.exponent != 0 ? Globs.HostToNet(rsaParams.exponent) : RsaParms.DefaultExponent; var modulus = (pubKey.unique as Tpm2bPublicKeyRsa).buffer; #if TSS_USE_BCRYPT var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM); cs.Key = alg.LoadRSAKey(exponent, modulus, prime1, prime2); alg.Close(); #else var dotNetPubParms = new RSAParameters() { Exponent = exponent, Modulus = modulus }; if (privKey != null) { dotNetPubParms.P = prime1; dotNetPubParms.Q = prime2; dotNetPubParms.D = RawRsa.ToBigEndian(rr.D); dotNetPubParms.InverseQ = RawRsa.ToBigEndian(rr.InverseQ); dotNetPubParms.DP = RawRsa.ToBigEndian(rr.DP); dotNetPubParms.DQ = RawRsa.ToBigEndian(rr.DQ); } cs.RsaProvider = new RSACryptoServiceProvider(); cs.RsaProvider.ImportParameters(dotNetPubParms); #endif break; } #if !__MonoCS__ case TpmAlgId.Ecc: { var eccParms = (EccParms)pubKey.parameters; var eccPub = (EccPoint)pubKey.unique; var algId = RawEccKey.GetEccAlg(pubKey); if (algId == null) { return(null); } bool isEcdsa = eccParms.scheme.GetUnionSelector() == TpmAlgId.Ecdsa; byte[] keyBlob = RawEccKey.GetKeyBlob(eccPub.x, eccPub.y, keyAlgId, !isEcdsa, eccParms.curveID); #if TSS_USE_BCRYPT var alg = new BCryptAlgorithm(algId); cs.Key = alg.ImportKeyPair(Native.BCRYPT_ECCPUBLIC_BLOB, keyBlob); alg.Close(); if (cs.Key == UIntPtr.Zero) { Globs.Throw("Failed to create new RSA key"); return(null); } #else CngKey eccKey = CngKey.Import(keyBlob, CngKeyBlobFormat.EccPublicBlob); if (pubKey.objectAttributes.HasFlag(ObjectAttr.Sign)) { cs.EcdsaProvider = new ECDsaCng(eccKey); } else { cs.EcDhProvider = new ECDiffieHellmanCng(eccKey); } #endif // !TSS_USE_BCRYPT break; } #endif // !__MonoCS__ default: Globs.Throw <ArgumentException>("Algorithm not supported"); cs = null; break; } return(cs); }