upstreams
/
SSH.NET
mirror of https://github.com/sshnet/SSH.NET.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283
							#nullable enable
using System;
using System.Security.Cryptography;

using Renci.SshNet.Common;
using Renci.SshNet.Security.Cryptography;

namespace Renci.SshNet.Security
{
    /// <summary>
    /// Contains the RSA private and public key.
    /// </summary>
    public class RsaKey : Key, IDisposable
    {
        private RsaDigitalSignature? _digitalSignature;

        /// <summary>
        /// Gets the name of the key.
        /// </summary>
        /// <returns>
        /// The name of the key.
        /// </returns>
        public override string ToString()
        {
            return "ssh-rsa";
        }

        internal RSA RSA { get; }

        /// <summary>
        /// Gets the modulus.
        /// </summary>
        /// <value>
        /// The modulus.
        /// </value>
        public BigInteger Modulus { get; }

        /// <summary>
        /// Gets the exponent.
        /// </summary>
        /// <value>
        /// The exponent.
        /// </value>
        public BigInteger Exponent { get; }

        /// <summary>
        /// Gets the D.
        /// </summary>
        /// <value>
        /// The D.
        /// </value>
        public BigInteger D { get; }

        /// <summary>
        /// Gets the P.
        /// </summary>
        /// <value>
        /// The P.
        /// </value>
        public BigInteger P { get; }

        /// <summary>
        /// Gets the Q.
        /// </summary>
        /// <value>
        /// The Q.
        /// </value>
        public BigInteger Q { get; }

        /// <summary>
        /// Gets the DP.
        /// </summary>
        /// <value>
        /// The DP.
        /// </value>
        public BigInteger DP { get; }

        /// <summary>
        /// Gets the DQ.
        /// </summary>
        /// <value>
        /// The DQ.
        /// </value>
        public BigInteger DQ { get; }

        /// <summary>
        /// Gets the inverse Q.
        /// </summary>
        /// <value>
        /// The inverse Q.
        /// </value>
        public BigInteger InverseQ { get; }

        /// <summary>
        /// Gets the length of the key in bits.
        /// </summary>
        /// <value>
        /// The bit-length of the key.
        /// </value>
        public override int KeyLength
        {
            get
            {
                return Modulus.BitLength;
            }
        }

        /// <summary>
        /// Gets the digital signature implementation for this key.
        /// </summary>
        /// <value>
        /// An implementation of an RSA digital signature using the SHA-1 hash algorithm.
        /// </value>
        protected internal override DigitalSignature DigitalSignature
        {
            get
            {
                _digitalSignature ??= new RsaDigitalSignature(this);

                return _digitalSignature;
            }
        }

        /// <summary>
        /// Gets the RSA public key.
        /// </summary>
        /// <value>
        /// An array with <see cref="Exponent"/> at index 0, and <see cref="Modulus"/>
        /// at index 1.
        /// </value>
        public override BigInteger[] Public
        {
            get
            {
                return new[] { Exponent, Modulus };
            }
        }

        /// <summary>
        /// Initializes a new instance of the <see cref="RsaKey"/> class.
        /// </summary>
        /// <param name="publicKeyData">The encoded public key data.</param>
        public RsaKey(SshKeyData publicKeyData)
        {
            if (publicKeyData is null)
            {
                throw new ArgumentNullException(nameof(publicKeyData));
            }

            if (publicKeyData.Name != "ssh-rsa" || publicKeyData.Keys.Length != 2)
            {
                throw new ArgumentException($"Invalid RSA public key data. ({publicKeyData.Name}, {publicKeyData.Keys.Length}).", nameof(publicKeyData));
            }

            Exponent = publicKeyData.Keys[0];
            Modulus = publicKeyData.Keys[1];

            RSA = RSA.Create();
            RSA.ImportParameters(GetRSAParameters());
        }

        /// <summary>
        /// Initializes a new instance of the <see cref="RsaKey"/> class.
        /// </summary>
        /// <param name="privateKeyData">DER encoded private key data.</param>
        public RsaKey(byte[] privateKeyData)
        {
            if (privateKeyData is null)
            {
                throw new ArgumentNullException(nameof(privateKeyData));
            }

            var der = new DerData(privateKeyData);
            _ = der.ReadBigInteger(); // skip version

            Modulus = der.ReadBigInteger();
            Exponent = der.ReadBigInteger();
            D = der.ReadBigInteger();
            P = der.ReadBigInteger();
            Q = der.ReadBigInteger();
            DP = der.ReadBigInteger();
            DQ = der.ReadBigInteger();
            InverseQ = der.ReadBigInteger();

            if (!der.IsEndOfData)
            {
                throw new InvalidOperationException("Invalid private key (expected EOF).");
            }

            RSA = RSA.Create();
            RSA.ImportParameters(GetRSAParameters());
        }

        /// <summary>
        /// Initializes a new instance of the <see cref="RsaKey"/> class.
        /// </summary>
        /// <param name="modulus">The modulus.</param>
        /// <param name="exponent">The exponent.</param>
        /// <param name="d">The d.</param>
        /// <param name="p">The p.</param>
        /// <param name="q">The q.</param>
        /// <param name="inverseQ">The inverse Q.</param>
        public RsaKey(BigInteger modulus, BigInteger exponent, BigInteger d, BigInteger p, BigInteger q, BigInteger inverseQ)
        {
            Modulus = modulus;
            Exponent = exponent;
            D = d;
            P = p;
            Q = q;
            DP = PrimeExponent(d, p);
            DQ = PrimeExponent(d, q);
            InverseQ = inverseQ;

            RSA = RSA.Create();
            RSA.ImportParameters(GetRSAParameters());
        }

        internal RSAParameters GetRSAParameters()
        {
            // Specification of the RSAParameters fields (taken from the CryptographicException
            // thrown when not done correctly):

            // Exponent and Modulus are required. If D is present, it must have the same length
            // as Modulus. If D is present, P, Q, DP, DQ, and InverseQ are required and must
            // have half the length of Modulus, rounded up, otherwise they must be omitted.

            // See also https://github.com/dotnet/runtime/blob/9b57a265c7efd3732b035bade005561a04767128/src/libraries/Common/src/System/Security/Cryptography/RSAKeyFormatHelper.cs#L42

            if (D.IsZero)
            {
                // Public key
                return new RSAParameters()
                {
                    Modulus = Modulus.ToByteArray(isUnsigned: true, isBigEndian: true),
                    Exponent = Exponent.ToByteArray(isUnsigned: true, isBigEndian: true),
                };
            }

            var n = Modulus.ToByteArray(isUnsigned: true, isBigEndian: true);
            var halfModulusLength = (n.Length + 1) / 2;

            return new RSAParameters()
            {
                Modulus = n,
                Exponent = Exponent.ToByteArray(isUnsigned: true, isBigEndian: true),
                D = D.ExportKeyParameter(n.Length),
                P = P.ExportKeyParameter(halfModulusLength),
                Q = Q.ExportKeyParameter(halfModulusLength),
                DP = DP.ExportKeyParameter(halfModulusLength),
                DQ = DQ.ExportKeyParameter(halfModulusLength),
                InverseQ = InverseQ.ExportKeyParameter(halfModulusLength),
            };
        }

        private static BigInteger PrimeExponent(BigInteger privateExponent, BigInteger prime)
        {
            var pe = prime - BigInteger.One;
            return privateExponent % pe;
        }

        /// <summary>
        /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
        /// </summary>
        public void Dispose()
        {
            Dispose(disposing: true);
            GC.SuppressFinalize(this);
        }

        /// <summary>
        /// Releases unmanaged and - optionally - managed resources.
        /// </summary>
        /// <param name="disposing"><see langword="true"/> to release both managed and unmanaged resources; <see langword="false"/> to release only unmanaged resources.</param>
        protected virtual void Dispose(bool disposing)
        {
            if (disposing)
            {
                _digitalSignature?.Dispose();
                RSA.Dispose();
            }
        }
    }
}