internal static byte[] ToPrivateKeyBlob(this ECParameters parameters) { parameters.Validate(); if (!parameters.Curve.IsNamed) { throw new PlatformNotSupportedException(SR.Cryptography_ECC_NamedCurvesOnly); } byte[] pointBlob = GetPointBlob(ref parameters); // ECPrivateKey{CURVES:IOSet} ::= SEQUENCE { // version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), // privateKey OCTET STRING, // parameters [0] Parameters{{IOSet}} OPTIONAL, // publicKey [1] BIT STRING OPTIONAL // } return(DerEncoder.ConstructSequence( s_encodedVersion1, DerEncoder.SegmentedEncodeOctetString(parameters.D), DerEncoder.ConstructSegmentedContextSpecificValue( 0, DerEncoder.SegmentedEncodeOid(parameters.Curve.Oid)), DerEncoder.ConstructSegmentedContextSpecificValue( 1, DerEncoder.SegmentedEncodeBitString(pointBlob)))); }
/// <summary> /// ImportParameters will replace the existing key that ECDsaOpenSsl is working with by creating a /// new key. If the parameters contains only Q, then only a public key will be imported. /// If the parameters also contains D, then a full key pair will be imported. /// The parameters Curve value specifies the type of the curve to import. /// </summary> /// <param name="parameters">The curve parameters.</param> /// <exception cref="CryptographicException"> /// if <paramref name="parameters" /> does not contain valid values. /// </exception> /// <exception cref="NotSupportedException"> /// if <paramref name="parameters" /> references a curve that cannot be imported. /// </exception> /// <exception cref="PlatformNotSupportedException"> /// if <paramref name="parameters" /> references a curve that is not supported by this platform. /// </exception> public override void ImportParameters(ECParameters parameters) { SafeEcKeyHandle key; parameters.Validate(); if (parameters.Curve.IsPrime) { key = ImportPrimeCurveParameters(parameters); } else if (parameters.Curve.IsCharacteristic2) { key = ImportCharacteristic2CurveParameters(parameters); } else if (parameters.Curve.IsNamed) { key = ImportNamedCurveParameters(parameters); } else { throw new PlatformNotSupportedException(string.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString())); } if (key == null || key.IsInvalid) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } SetKey(key); }
/// <summary> /// ImportParameters will replace the existing key that ECDsaCng is working with by creating a /// new CngKey. If the parameters contains only Q, then only a public key will be imported. /// If the parameters also contains D, then a full key pair will be imported. /// The parameters Curve value specifies the type of the curve to import. /// </summary> /// <exception cref="CryptographicException"> /// if <paramref name="parameters" /> does not contain valid values. /// </exception> /// <exception cref="NotSupportedException"> /// if <paramref name="parameters" /> references a curve that cannot be imported. /// </exception> /// <exception cref="PlatformNotSupportedException"> /// if <paramref name="parameters" /> references a curve that is not supported by this platform. /// </exception> public override void ImportParameters(ECParameters parameters) { parameters.Validate(); ThrowIfDisposed(); ECCurve curve = parameters.Curve; bool includePrivateParameters = (parameters.D != null); if (curve.IsPrime) { byte[] ecExplicitBlob = ECCng.GetPrimeCurveBlob(ref parameters, ecdh: false); ImportFullKeyBlob(ecExplicitBlob, includePrivateParameters); } else if (curve.IsNamed) { // FriendlyName is required; an attempt was already made to default it in ECCurve if (string.IsNullOrEmpty(curve.Oid.FriendlyName)) { throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_InvalidCurveOid, curve.Oid.Value.ToString())); } byte[] ecNamedCurveBlob = ECCng.GetNamedCurveBlob(ref parameters, ecdh: false); ImportKeyBlob(ecNamedCurveBlob, curve.Oid.FriendlyName, includePrivateParameters); } else { throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_CurveNotSupported, curve.CurveType.ToString())); } }
public int ImportParameters(ECParameters parameters) { SafeEcKeyHandle key; parameters.Validate(); if (parameters.Curve.IsPrime) { key = ImportPrimeCurveParameters(parameters); } else if (parameters.Curve.IsCharacteristic2) { key = ImportCharacteristic2CurveParameters(parameters); } else if (parameters.Curve.IsNamed) { key = ImportNamedCurveParameters(parameters); } else { throw new PlatformNotSupportedException( SR.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString())); } if (key == null || key.IsInvalid) { key?.Dispose(); throw new CryptographicException(); } FreeKey(); _key = new Lazy <SafeEcKeyHandle>(key); return(KeySize); }
/// <summary> /// ImportParameters will replace the existing key that ECDsaOpenSsl is working with by creating a /// new key. If the parameters contains only Q, then only a public key will be imported. /// If the parameters also contains D, then a full key pair will be imported. /// The parameters Curve value specifies the type of the curve to import. /// </summary> /// <param name="parameters">The curve parameters.</param> /// <exception cref="CryptographicException"> /// if <paramref name="parameters" /> does not contain valid values. /// </exception> /// <exception cref="NotSupportedException"> /// if <paramref name="parameters" /> references a curve that cannot be imported. /// </exception> /// <exception cref="PlatformNotSupportedException"> /// if <paramref name="parameters" /> references a curve that is not supported by this platform. /// </exception> public override void ImportParameters(ECParameters parameters) { SafeEcKeyHandle key; parameters.Validate(); if (parameters.Curve.IsPrime) { key = ImportPrimeCurveParameters(parameters); } else if (parameters.Curve.IsCharacteristic2) { key = ImportCharacteristic2CurveParameters(parameters); } else if (parameters.Curve.IsNamed) { key = ImportNamedCurveParameters(parameters); } else { throw new PlatformNotSupportedException(string.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString())); } if (key == null || key.IsInvalid) throw Interop.Crypto.CreateOpenSslCryptographicException(); SetKey(key); }
/// <summary> /// Convert a key to XML /// </summary> internal static string ToXml(ECParameters parameters, bool isEcdh) { Contract.Ensures(Contract.Result <String>() != null); parameters.Validate(); StringBuilder keyXml = new StringBuilder(); XmlWriterSettings settings = new XmlWriterSettings(); settings.Indent = true; settings.IndentChars = " "; settings.OmitXmlDeclaration = true; using (XmlWriter writer = XmlWriter.Create(keyXml, settings)) { // The root element depends upon the type of key string rootElement = isEcdh ? ECDHRoot : ECDsaRoot; writer.WriteStartElement(rootElement, Namespace); WriteDomainParameters(writer, ref parameters); WritePublicKeyValue(writer, ref parameters); writer.WriteEndElement(); // root element } return(keyXml.ToString()); }
internal int ImportParameters(ECParameters parameters) { parameters.Validate(); ThrowIfDisposed(); bool isPrivateKey = parameters.D != null; bool hasPublicParameters = parameters.Q.X != null && parameters.Q.Y != null; SecKeyPair newKeys; if (isPrivateKey) { // Start with the private key, in case some of the private key fields don't // match the public key fields and the system determines an integrity failure. // // Public import should go off without a hitch. SafeSecKeyRefHandle privateKey = ImportKey(parameters); ECParameters publicOnly; if (hasPublicParameters) { publicOnly = parameters; publicOnly.D = null; } else { publicOnly = ExportPublicParametersFromPrivateKey(privateKey); } SafeSecKeyRefHandle publicKey; try { publicKey = ImportKey(publicOnly); } catch { privateKey.Dispose(); throw; } newKeys = SecKeyPair.PublicPrivatePair(publicKey, privateKey); } else { SafeSecKeyRefHandle publicKey = ImportKey(parameters); newKeys = SecKeyPair.PublicOnly(publicKey); } int size = GetKeySize(newKeys); SetKey(newKeys); return(size); }
internal int ImportParameters(ECParameters parameters) { parameters.Validate(); ThrowIfDisposed(); if (!parameters.Curve.IsNamed) { throw new PlatformNotSupportedException(SR.Cryptography_ECC_NamedCurvesOnly); } switch (parameters.Curve.Oid.Value) { case Oids.secp256r1: case Oids.secp384r1: case Oids.secp521r1: break; default: throw new PlatformNotSupportedException( SR.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.Oid.Value ?? parameters.Curve.Oid.FriendlyName)); } if (parameters.Q.X == null || parameters.Q.Y == null) { ExtractPublicKeyFromPrivateKey(ref parameters); } bool isPrivateKey = parameters.D != null; SecKeyPair newKeys; if (isPrivateKey) { // Start with the private key, in case some of the private key fields don't // match the public key fields and the system determines an integrity failure. // // Public import should go off without a hitch. SafeSecKeyRefHandle privateKey = ImportKey(parameters); SafeSecKeyRefHandle publicKey = Interop.AppleCrypto.CopyPublicKey(privateKey); newKeys = SecKeyPair.PublicPrivatePair(publicKey, privateKey); } else { SafeSecKeyRefHandle publicKey = ImportKey(parameters); newKeys = SecKeyPair.PublicOnly(publicKey); } int size = GetKeySize(newKeys); SetKey(newKeys); return(size); }
/// <summary> /// ImportParameters will replace the existing key that ECDsaCng is working with by creating a /// new CngKey. If the parameters contains only Q, then only a public key will be imported. /// If the parameters also contains D, then a full key pair will be imported. /// The parameters Curve value specifies the type of the curve to import. /// </summary> /// <exception cref="CryptographicException"> /// if <paramref name="parameters" /> does not contain valid values. /// </exception> /// <exception cref="NotSupportedException"> /// if <paramref name="parameters" /> references a curve that cannot be imported. /// </exception> /// <exception cref="PlatformNotSupportedException"> /// if <paramref name="parameters" /> references a curve that is not supported by this platform. /// </exception> public override void ImportParameters(ECParameters parameters) { parameters.Validate(); ThrowIfDisposed(); ECCurve curve = parameters.Curve; bool includePrivateParameters = parameters.D != null; bool hasPublicParameters = parameters.Q.X != null && parameters.Q.Y != null; if (curve.IsPrime) { if (!hasPublicParameters && includePrivateParameters) { byte[] zero = new byte[parameters.D !.Length];
internal static byte[] ToSubjectPublicKeyInfo(this ECParameters parameters) { parameters.Validate(); if (!parameters.Curve.IsNamed) { throw new PlatformNotSupportedException(SR.Cryptography_ECC_NamedCurvesOnly); } byte[] pointBlob = GetPointBlob(ref parameters); return(DerEncoder.ConstructSequence( DerEncoder.ConstructSegmentedSequence( s_encodedIdEcPublicKey, DerEncoder.SegmentedEncodeOid(parameters.Curve.Oid)), DerEncoder.SegmentedEncodeBitString(pointBlob))); }
private static byte[] ParametersToBlob( ref ECParameters parameters, Func <string, bool, KeyBlobMagicNumber> namedCurveResolver, Func <bool, KeyBlobMagicNumber> explicitCurveResolver, out CngKeyBlobFormat format, out string curveName) { parameters.Validate(); ECCurve curve = parameters.Curve; bool includePrivateParameters = (parameters.D != null); if (curve.IsPrime) { curveName = null; format = includePrivateParameters ? CngKeyBlobFormat.EccFullPrivateBlob : CngKeyBlobFormat.EccFullPublicBlob; return(GetPrimeCurveBlob(ref parameters, explicitCurveResolver)); } else if (curve.IsNamed) { // FriendlyName is required; an attempt was already made to default it in ECCurve curveName = curve.Oid.FriendlyName; if (string.IsNullOrEmpty(curveName)) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_InvalidCurveOid, curve.Oid.Value.ToString())); } format = includePrivateParameters ? CngKeyBlobFormat.EccPrivateBlob : CngKeyBlobFormat.EccPublicBlob; return(GetNamedCurveBlob(ref parameters, namedCurveResolver)); } else { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_CurveNotSupported, curve.CurveType.ToString())); } }
internal const string ECDSA_P521_OID_VALUE = "1.3.132.0.35"; // Also called nistP521or secP521r1 public int ImportParameters(ECParameters parameters) { SafeEcKeyHandle key; parameters.Validate(); if (parameters.Curve.IsPrime) { key = ImportPrimeCurveParameters(parameters); } else if (parameters.Curve.IsCharacteristic2) { key = ImportCharacteristic2CurveParameters(parameters); } else if (parameters.Curve.IsNamed) { key = ImportNamedCurveParameters(parameters); } else { throw new PlatformNotSupportedException( SR.Format(SR.Cryptography_CurveNotSupported, parameters.Curve.CurveType.ToString())); } if (key == null || key.IsInvalid) { Exception e = Interop.Crypto.CreateOpenSslCryptographicException(); key?.Dispose(); throw e; } // The Import* methods above may have polluted the error queue even if in the end they succeeded. // Clean up the error queue. Interop.Crypto.ErrClearError(); FreeKey(); _key = new Lazy <SafeEcKeyHandle>(key); return(KeySize); }
public override void ImportParameters(ECParameters parameters) { parameters.Validate(); bool isPrivateKey = parameters.D != null; if (isPrivateKey) { // Start with the private key, in case some of the private key fields don't // match the public key fields and the system determines an integrity failure. // // Public import should go off without a hitch. SafeSecKeyRefHandle privateKey = ImportKey(parameters); ECParameters publicOnly = parameters; publicOnly.D = null; SafeSecKeyRefHandle publicKey; try { publicKey = ImportKey(publicOnly); } catch { privateKey.Dispose(); throw; } SetKey(SecKeyPair.PublicPrivatePair(publicKey, privateKey)); } else { SafeSecKeyRefHandle publicKey = ImportKey(parameters); SetKey(SecKeyPair.PublicOnly(publicKey)); } }