Merge pull request #2615 from AtsushiKan/cngkey

Implement System.Security.Cryptography.CngKey

Author: atsushikan

src/System.Security.Cryptography.Cng/System.Security.Cryptography.Cng.sln

@@ -0,0 +1,28 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.23107.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "System.Security.Cryptography.Cng", "src\System.Security.Cryptography.Cng.csproj", "{4C1BD451-6A99-45E7-9339-79C77C42EE9E}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "System.Security.Cryptography.Cng.Tests", "tests\System.Security.Cryptography.Cng.Tests.csproj", "{FF53459F-66F7-4F00-8D36-DF440CE18419}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{4C1BD451-6A99-45E7-9339-79C77C42EE9E}.Windows_Debug|Any CPU.ActiveCfg = Windows_Debug|Any CPU
+		{4C1BD451-6A99-45E7-9339-79C77C42EE9E}.Windows_Debug|Any CPU.Build.0 = Windows_Debug|Any CPU
+		{4C1BD451-6A99-45E7-9339-79C77C42EE9E}.Windows_Release|Any CPU.ActiveCfg = Windows_Release|Any CPU
+		{4C1BD451-6A99-45E7-9339-79C77C42EE9E}.Windows_Release|Any CPU.Build.0 = Windows_Release|Any CPU
+		{FF53459F-66F7-4F00-8D36-DF440CE18419}.Windows_Debug|Any CPU.ActiveCfg = Windows_Debug|Any CPU
+		{FF53459F-66F7-4F00-8D36-DF440CE18419}.Windows_Debug|Any CPU.Build.0 = Windows_Debug|Any CPU
+		{FF53459F-66F7-4F00-8D36-DF440CE18419}.Windows_Release|Any CPU.ActiveCfg = Windows_Release|Any CPU
+		{FF53459F-66F7-4F00-8D36-DF440CE18419}.Windows_Release|Any CPU.Build.0 = Windows_Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

src/System.Security.Cryptography.Cng/src/ContractStubs.cs

@@ -0,0 +1,145 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Globalization;
+using System.Security.Cryptography;
+using System.Runtime.InteropServices;
+
+using Microsoft.Win32.SafeHandles;
+
+using ErrorCode = Interop.NCrypt.ErrorCode;
+
+namespace Internal.Cryptography
+{
+    internal static class Helpers
+    {
+        public static byte[] CloneByteArray(this byte[] src)
+        {
+            return (byte[])(src.Clone());
+        }
+
+        //
+        // The C# construct
+        //   
+        //    fixed (byte* p = new byte[0])
+        //
+        // sets "p" to 0 rather than a valid address. Sometimes, we actually want a non-NULL pointer instead. (Some CNG apis actually care whether the buffer pointer is
+        // NULL or not, even if the accompanying size argument is 0.)
+        //
+        // This helper enables the syntax:
+        //
+        //    fixed (byte* p = new byte[0].MapZeroLengthArrayToNonNullPointer())
+        //
+        // which always sets "p" to a non-NULL pointer for a non-null byte array. 
+        //
+        public static byte[] MapZeroLengthArrayToNonNullPointer(this byte[] src)
+        {
+            if (src != null && src.Length == 0)
+                return new byte[1];
+            return src;
+        }
+
+        public static CryptographicException ToCryptographicException(this ErrorCode errorCode)
+        {
+            return new CryptographicException((int)errorCode);
+        }
+
+        public static SafeNCryptProviderHandle OpenStorageProvider(this CngProvider provider)
+        {
+            string providerName = provider.Provider;
+            SafeNCryptProviderHandle providerHandle;
+            ErrorCode errorCode = Interop.NCrypt.NCryptOpenStorageProvider(out providerHandle, providerName, 0);
+            if (errorCode != ErrorCode.ERROR_SUCCESS)
+                throw errorCode.ToCryptographicException();
+            return providerHandle;
+        }
+
+        /// <summary>
+        /// Returns a CNG key property.
+        /// </summary>
+        /// <returns>
+        /// null - if property not defined on key.
+        /// throws - for any other type of error.
+        /// </returns>
+        public static byte[] GetProperty(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
+        {
+            unsafe
+            {
+                int numBytesNeeded;
+                ErrorCode errorCode = Interop.NCrypt.NCryptGetProperty(ncryptHandle, propertyName, null, 0, out numBytesNeeded, options);
+                if (errorCode == ErrorCode.NTE_NOT_FOUND)
+                    return null;
+                if (errorCode != ErrorCode.ERROR_SUCCESS)
+                    throw errorCode.ToCryptographicException();
+
+                byte[] propertyValue = new byte[numBytesNeeded];
+                fixed (byte* pPropertyValue = propertyValue)
+                {
+                    errorCode = Interop.NCrypt.NCryptGetProperty(ncryptHandle, propertyName, pPropertyValue, numBytesNeeded, out numBytesNeeded, options);
+                }
+                if (errorCode == ErrorCode.NTE_NOT_FOUND)
+                    return null;
+                if (errorCode != ErrorCode.ERROR_SUCCESS)
+                    throw errorCode.ToCryptographicException();
+
+                return propertyValue;
+            }
+        } 
+
+        /// <summary>
+        /// Retrieve a well-known CNG string property. (Note: desktop compat: this helper likes to return special values rather than throw exceptions for missing
+        /// or ill-formatted property values. Only use it for well-known properties that are unlikely to be ill-formatted.) 
+        /// </summary>
+        public static string GetPropertyAsString(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
+        {
+            byte[] value = ncryptHandle.GetProperty(propertyName, options);
+            if (value == null)
+                return null;   // Desktop compat: return null if key not present.
+            if (value.Length == 0)
+                return string.Empty; // Desktop compat: return empty if property value is 0-length.
+            unsafe
+            {
+                fixed (byte* pValue = value)
+                {
+                    string valueAsString = Marshal.PtrToStringUni((IntPtr)pValue);
+                    return valueAsString;
+                }
+            }
+        }
+
+        /// <summary>
+        /// Retrieve a well-known CNG dword property. (Note: desktop compat: this helper likes to return special values rather than throw exceptions for missing
+        /// or ill-formatted property values. Only use it for well-known properties that are unlikely to be ill-formatted.) 
+        /// </summary>
+        public static int GetPropertyAsDword(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
+        {
+            byte[] value = ncryptHandle.GetProperty(propertyName, options);
+            if (value == null)
+                return 0;   // Desktop compat: return 0 if key not present.
+            return BitConverter.ToInt32(value, 0);
+        }
+
+        /// <summary>
+        /// Retrieve a well-known CNG pointer property. (Note: desktop compat: this helper likes to return special values rather than throw exceptions for missing
+        /// or ill-formatted property values. Only use it for well-known properties that are unlikely to be ill-formatted.) 
+        /// </summary>
+        public static IntPtr GetPropertyAsIntPtr(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
+        {
+            unsafe
+            {
+                int numBytesRequired;
+                IntPtr value;
+                ErrorCode errorCode = Interop.NCrypt.NCryptGetProperty(ncryptHandle, propertyName, &value, IntPtr.Size, out numBytesRequired, options);
+                if (errorCode == ErrorCode.NTE_NOT_FOUND)
+                    return IntPtr.Zero;
+                if (errorCode != ErrorCode.ERROR_SUCCESS)
+                    throw errorCode.ToCryptographicException();
+                return value;
+            }
+        }
+    }
+}
+
+

src/System.Security.Cryptography.Cng/src/Internal/Cryptography/Helpers.cs

@@ -0,0 +1,38 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+
+namespace Internal.Cryptography
+{
+    /// <summary>
+    ///     Well known names of key properties
+    /// </summary>
+    internal static class KeyPropertyName
+    {
+        internal const string Algorithm = "Algorithm Name";                 // NCRYPT_ALGORITHM_PROPERTY
+        internal const string AlgorithmGroup = "Algorithm Group";           // NCRYPT_ALGORITHM_GROUP_PROPERTY
+        internal const string ExportPolicy = "Export Policy";               // NCRYPT_EXPORT_POLICY_PROPERTY
+        internal const string KeyType = "Key Type";                         // NCRYPT_KEY_TYPE_PROPERTY
+        internal const string KeyUsage = "Key Usage";                       // NCRYPT_KEY_USAGE_PROPERTY
+        internal const string Length = "Length";                            // NCRYPT_LENGTH_PROPERTY
+        internal const string Name = "Name";                                // NCRYPT_NAME_PROPERTY
+        internal const string ParentWindowHandle = "HWND Handle";           // NCRYPT_WINDOW_HANDLE_PROPERTY
+        internal const string ProviderHandle = "Provider Handle";           // NCRYPT_PROVIDER_HANDLE_PROPERTY
+        internal const string UIPolicy = "UI Policy";                       // NCRYPT_UI_POLICY_PROPERTY
+        internal const string UniqueName = "Unique Name";                   // NCRYPT_UNIQUE_NAME_PROPERTY
+        internal const string UseContext = "Use Context";                   // NCRYPT_USE_CONTEXT_PROPERTY
+
+        //
+        // Properties defined by the CLR
+        //
+
+        /// <summary>
+        ///     Is the key a CLR created ephemeral key, it will contain a single byte with value 1 if the
+        ///     key was created by the CLR as an ephemeral key.
+        /// </summary>
+        internal const string ClrIsEphemeral = "CLR IsEphemeral";
+    }
+}
+

src/System.Security.Cryptography.Cng/src/Internal/Cryptography/KeyPropertyName.cs

@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+
+namespace Internal.Cryptography
+{
+    /// <summary>
+    ///     Well known names of provider properties
+    /// </summary>
+    internal static class ProviderPropertyName
+    {
+        internal const string Name = "Name";        // NCRYPT_NAME_PROPERTY
+    }
+}
+

src/System.Security.Cryptography.Cng/src/Internal/Cryptography/ProviderPropertyName.cs

@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+internal static partial class Interop
+{
+    internal static class Libraries
+    {
+        internal const string NCrypt = "ncrypt.dll";
+    }
+}

src/System.Security.Cryptography.Cng/src/Interop/Interop.Libraries.cs

@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Diagnostics.Contracts;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class NCrypt
+    {
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptOpenStorageProvider(out SafeNCryptProviderHandle phProvider, string pszProviderName, int dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptOpenKey(SafeNCryptProviderHandle hProvider, out SafeNCryptKeyHandle phKey, string pszKeyName, int dwLegacyKeySpec, CngKeyOpenOptions dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptImportKey(SafeNCryptProviderHandle hProvider, IntPtr hImportKey, string pszBlobType, IntPtr pParameterList, [Out] out SafeNCryptKeyHandle phKey, [In] byte[] pbData, int cbData, int dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptExportKey(SafeNCryptKeyHandle hKey, IntPtr hExportKey, string pszBlobType, IntPtr pParameterList, [Out] byte[] pbOutput, int cbOutput, [Out] out int pcbResult, int dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptDeleteKey(SafeNCryptKeyHandle hKey, int dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptFreeObject(IntPtr hObject);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern unsafe ErrorCode NCryptGetProperty(SafeNCryptHandle hObject, string pszProperty, [Out] void* pbOutput, int cbOutput, out int pcbResult, CngPropertyOptions dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern unsafe ErrorCode NCryptSetProperty(SafeNCryptHandle hObject, string pszProperty, [In] void* pbInput, int cbInput, CngPropertyOptions dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptCreatePersistedKey(SafeNCryptProviderHandle hProvider, out SafeNCryptKeyHandle phKey, string pszAlgId, string pszKeyName, int dwLegacyKeySpec, CngKeyCreationOptions dwFlags);
+
+        [DllImport(Interop.Libraries.NCrypt, CharSet = CharSet.Unicode)]
+        internal static extern ErrorCode NCryptFinalizeKey(SafeNCryptKeyHandle hKey, int dwFlags);
+
+        /// <summary>
+        ///     Result codes from NCrypt APIs
+        /// </summary>
+        internal enum ErrorCode : int
+        {
+            ERROR_SUCCESS = 0,                                          
+            NTE_BAD_SIGNATURE = unchecked((int)0x80090006),             
+            NTE_NOT_FOUND = unchecked((int)0x80090011),                 
+            NTE_BAD_KEYSET = unchecked((int)0x80090016),
+            NTE_INVALID_PARAMETER = unchecked((int)0x80090027),
+            NTE_BUFFER_TOO_SMALL = unchecked((int)0x80090028),      
+            NTE_NO_MORE_ITEMS = unchecked((int)0x8009002a),
+            E_FAIL = unchecked((int)0x80004005),
+        } 
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct NCRYPT_UI_POLICY
+        {
+            public int dwVersion;
+            public CngUIProtectionLevels dwFlags;
+            public IntPtr pszCreationTitle;
+            public IntPtr pszFriendlyName;
+            public IntPtr pszDescription;
+        }
+    }
+}