RsaCipher.cs 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. using System;
  2. using Renci.SshNet.Common;
  3. namespace Renci.SshNet.Security.Cryptography.Ciphers
  4. {
  5. /// <summary>
  6. /// Implements RSA cipher algorithm.
  7. /// </summary>
  8. public class RsaCipher : AsymmetricCipher
  9. {
  10. private readonly RsaKey _key;
  11. /// <summary>
  12. /// Initializes a new instance of the <see cref="RsaCipher"/> class.
  13. /// </summary>
  14. /// <param name="key">The RSA key.</param>
  15. public RsaCipher(RsaKey key)
  16. {
  17. if (key is null)
  18. {
  19. throw new ArgumentNullException(nameof(key));
  20. }
  21. _key = key;
  22. }
  23. /// <summary>
  24. /// Encrypts the specified data.
  25. /// </summary>
  26. /// <param name="input">The data.</param>
  27. /// <param name="offset">The zero-based offset in <paramref name="input"/> at which to begin encrypting.</param>
  28. /// <param name="length">The number of bytes to encrypt from <paramref name="input"/>.</param>
  29. /// <returns>Encrypted data.</returns>
  30. public override byte[] Encrypt(byte[] input, int offset, int length)
  31. {
  32. // Calculate signature
  33. var bitLength = _key.Modulus.BitLength;
  34. var paddedBlock = new byte[(bitLength / 8) + (bitLength % 8 > 0 ? 1 : 0) - 1];
  35. paddedBlock[0] = 0x01;
  36. for (var i = 1; i < paddedBlock.Length - length - 1; i++)
  37. {
  38. paddedBlock[i] = 0xFF;
  39. }
  40. Buffer.BlockCopy(input, offset, paddedBlock, paddedBlock.Length - length, length);
  41. return Transform(paddedBlock);
  42. }
  43. /// <summary>
  44. /// Decrypts the specified input.
  45. /// </summary>
  46. /// <param name="input">The input.</param>
  47. /// <param name="offset">The zero-based offset in <paramref name="input"/> at which to begin decrypting.</param>
  48. /// <param name="length">The number of bytes to decrypt from <paramref name="input"/>.</param>
  49. /// <returns>
  50. /// The decrypted data.
  51. /// </returns>
  52. /// <exception cref="NotSupportedException">Only block type 01 or 02 are supported.</exception>
  53. /// <exception cref="NotSupportedException">Thrown when decrypted block type is not supported.</exception>
  54. public override byte[] Decrypt(byte[] input, int offset, int length)
  55. {
  56. var paddedBlock = Transform(input, offset, length);
  57. if (paddedBlock[0] is not 1 and not 2)
  58. {
  59. throw new NotSupportedException("Only block type 01 or 02 are supported.");
  60. }
  61. var position = 1;
  62. while (position < paddedBlock.Length && paddedBlock[position] != 0)
  63. {
  64. position++;
  65. }
  66. position++;
  67. var result = new byte[paddedBlock.Length - position];
  68. Buffer.BlockCopy(paddedBlock, position, result, 0, result.Length);
  69. return result;
  70. }
  71. private byte[] Transform(byte[] data)
  72. {
  73. return Transform(data, 0, data.Length);
  74. }
  75. private byte[] Transform(byte[] data, int offset, int length)
  76. {
  77. Array.Reverse(data, offset, length);
  78. var inputBytes = new byte[length + 1];
  79. Buffer.BlockCopy(data, offset, inputBytes, 0, length);
  80. var input = new BigInteger(inputBytes);
  81. BigInteger result;
  82. var isPrivate = !_key.D.IsZero;
  83. if (isPrivate)
  84. {
  85. var random = BigInteger.One;
  86. var max = _key.Modulus - 1;
  87. var bitLength = _key.Modulus.BitLength;
  88. if (max < BigInteger.One)
  89. {
  90. throw new SshException("Invalid RSA key.");
  91. }
  92. while (random <= BigInteger.One || random >= max)
  93. {
  94. random = BigInteger.Random(bitLength);
  95. }
  96. var blindedInput = BigInteger.PositiveMod(BigInteger.ModPow(random, _key.Exponent, _key.Modulus) * input, _key.Modulus);
  97. // mP = ((input Mod p) ^ dP)) Mod p
  98. var mP = BigInteger.ModPow(blindedInput % _key.P, _key.DP, _key.P);
  99. // mQ = ((input Mod q) ^ dQ)) Mod q
  100. var mQ = BigInteger.ModPow(blindedInput % _key.Q, _key.DQ, _key.Q);
  101. var h = BigInteger.PositiveMod((mP - mQ) * _key.InverseQ, _key.P);
  102. var m = (h * _key.Q) + mQ;
  103. var rInv = BigInteger.ModInverse(random, _key.Modulus);
  104. result = BigInteger.PositiveMod(m * rInv, _key.Modulus);
  105. }
  106. else
  107. {
  108. result = BigInteger.ModPow(input, _key.Exponent, _key.Modulus);
  109. }
  110. return result.ToByteArray().Reverse();
  111. }
  112. }
  113. }