public override unsafe void ImportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> password,
ReadOnlySpan <byte> source,
out int bytesRead)
{
DSAKeyFormatHelper.ReadEncryptedPkcs8(
source,
password,
out int localRead,
out DSAParameters ret);
fixed(byte *privPin = ret.X)
{
try
{
ImportParameters(ret);
}
finally
{
CryptographicOperations.ZeroMemory(ret.X);
}
}
bytesRead = localRead;
}
private static SafeSecKeyRefHandle ImportKey(DSAParameters parameters)
{
if (parameters.X != null)
{
// DSAPrivateKey ::= SEQUENCE(
// version INTEGER,
// p INTEGER,
// q INTEGER,
// g INTEGER,
// y INTEGER,
// x INTEGER,
// )
using (AsnWriter privateKeyWriter = new AsnWriter(AsnEncodingRules.DER))
{
privateKeyWriter.PushSequence();
privateKeyWriter.WriteInteger(0);
privateKeyWriter.WriteKeyParameterInteger(parameters.P);
privateKeyWriter.WriteKeyParameterInteger(parameters.Q);
privateKeyWriter.WriteKeyParameterInteger(parameters.G);
privateKeyWriter.WriteKeyParameterInteger(parameters.Y);
privateKeyWriter.WriteKeyParameterInteger(parameters.X);
privateKeyWriter.PopSequence();
return(Interop.AppleCrypto.ImportEphemeralKey(privateKeyWriter.EncodeAsSpan(), true));
}
}
else
{
using (AsnWriter writer = DSAKeyFormatHelper.WriteSubjectPublicKeyInfo(parameters))
{
return(Interop.AppleCrypto.ImportEphemeralKey(writer.EncodeAsSpan(), false));
}
}
}
private static SafeSecKeyRefHandle ImportKey(DSAParameters parameters)
{
AsnWriter keyWriter;
bool hasPrivateKey;
if (parameters.X != null)
{
// DSAPrivateKey ::= SEQUENCE(
// version INTEGER,
// p INTEGER,
// q INTEGER,
// g INTEGER,
// y INTEGER,
// x INTEGER,
// )
keyWriter = new AsnWriter(AsnEncodingRules.DER);
using (keyWriter.PushSequence())
{
keyWriter.WriteInteger(0);
keyWriter.WriteKeyParameterInteger(parameters.P);
keyWriter.WriteKeyParameterInteger(parameters.Q);
keyWriter.WriteKeyParameterInteger(parameters.G);
keyWriter.WriteKeyParameterInteger(parameters.Y);
keyWriter.WriteKeyParameterInteger(parameters.X);
}
hasPrivateKey = true;
}
else
{
keyWriter = DSAKeyFormatHelper.WriteSubjectPublicKeyInfo(parameters);
hasPrivateKey = false;
}
byte[] rented = CryptoPool.Rent(keyWriter.GetEncodedLength());
if (!keyWriter.TryEncode(rented, out int written))
{
Debug.Fail("TryEncode failed with a pre-allocated buffer");
throw new InvalidOperationException();
}
// Explicitly clear the inner buffer
keyWriter.Reset();
try
{
return(Interop.AppleCrypto.ImportEphemeralKey(rented.AsSpan(0, written), hasPrivateKey));
}
finally
{
CryptoPool.Return(rented, written);
}
}
public override void ImportSubjectPublicKeyInfo(
ReadOnlySpan <byte> source,
out int bytesRead)
{
DSAKeyFormatHelper.ReadSubjectPublicKeyInfo(
source,
out int localRead,
out DSAParameters key);
ImportParameters(key);
bytesRead = localRead;
}
private unsafe AsnWriter WritePkcs8()
{
DSAParameters dsaParameters = ExportParameters(true);
fixed(byte *privPin = dsaParameters.X)
{
try
{
return(DSAKeyFormatHelper.WritePkcs8(dsaParameters));
}
finally
{
CryptographicOperations.ZeroMemory(dsaParameters.X);
}
}
}
public override DSAParameters ExportParameters(bool includePrivateParameters)
{
// Apple requires all private keys to be exported encrypted, but since we're trying to export
// as parsed structures we will need to decrypt it for the user.
const string ExportPassword = "******";
SecKeyPair keys = GetKeys();
if (keys.PublicKey == null ||
(includePrivateParameters && keys.PrivateKey == null))
{
throw new CryptographicException(SR.Cryptography_OpenInvalidHandle);
}
byte[] keyBlob = Interop.AppleCrypto.SecKeyExport(
includePrivateParameters ? keys.PrivateKey : keys.PublicKey,
exportPrivate: includePrivateParameters,
password: ExportPassword);
try
{
if (!includePrivateParameters)
{
DSAKeyFormatHelper.ReadSubjectPublicKeyInfo(
keyBlob,
out int localRead,
out DSAParameters key);
Debug.Assert(localRead == keyBlob.Length);
return(key);
}
else
{
DSAKeyFormatHelper.ReadEncryptedPkcs8(
keyBlob,
ExportPassword,
out int localRead,
out DSAParameters key);
Debug.Assert(localRead == keyBlob.Length);
return(key);
}
}
finally
{
CryptographicOperations.ZeroMemory(keyBlob);
}
}
private static SafeSecKeyRefHandle ImportKey(DSAParameters parameters)
{
bool hasPrivateKey = parameters.X != null;
byte[] blob;
if (hasPrivateKey)
{
Debug.Assert(parameters.X != null);
// DSAPrivateKey ::= SEQUENCE(
// version INTEGER,
// p INTEGER,
// q INTEGER,
// g INTEGER,
// y INTEGER,
// x INTEGER,
// )
using (AsnWriter privateKeyWriter = new AsnWriter(AsnEncodingRules.DER))
{
privateKeyWriter.PushSequence();
privateKeyWriter.WriteInteger(0);
privateKeyWriter.WriteKeyParameterInteger(parameters.P);
privateKeyWriter.WriteKeyParameterInteger(parameters.Q);
privateKeyWriter.WriteKeyParameterInteger(parameters.G);
privateKeyWriter.WriteKeyParameterInteger(parameters.Y);
privateKeyWriter.WriteKeyParameterInteger(parameters.X);
privateKeyWriter.PopSequence();
blob = privateKeyWriter.Encode();
}
}
else
{
using (AsnWriter writer = DSAKeyFormatHelper.WriteSubjectPublicKeyInfo(parameters))
{
blob = writer.Encode();
}
}
return(Interop.AppleCrypto.ImportEphemeralKey(blob, hasPrivateKey));
}
public override unsafe void ImportSubjectPublicKeyInfo(
ReadOnlySpan <byte> source,
out int bytesRead)
{
fixed(byte *ptr = &MemoryMarshal.GetReference(source))
{
using (MemoryManager <byte> manager = new PointerMemoryManager <byte>(ptr, source.Length))
{
// Validate the DER value and get the number of bytes.
DSAKeyFormatHelper.ReadSubjectPublicKeyInfo(
manager.Memory,
out int localRead);
SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.ImportEphemeralKey(source.Slice(0, localRead), false);
SetKey(SecKeyPair.PublicOnly(publicKey));
bytesRead = localRead;
}
}
}
public override unsafe void ImportPkcs8PrivateKey(
ReadOnlySpan <byte> source,
out int bytesRead)
{
DSAKeyFormatHelper.ReadPkcs8(
source,
out int localRead,
out DSAParameters key);
fixed(byte *privPin = key.X)
{
try
{
ImportParameters(key);
}
finally
{
CryptographicOperations.ZeroMemory(key.X);
}
}
bytesRead = localRead;
}
private AsnWriter WriteSubjectPublicKeyInfo()
{
DSAParameters dsaParameters = ExportParameters(false);
return(DSAKeyFormatHelper.WriteSubjectPublicKeyInfo(dsaParameters));
}