Merge pull request #2231 from bartonjs/rsaSigning

Implement RSA Sign/Verify on Unix

Author: bartonjs

src/Common/src/Interop/Unix/libcrypto/Interop.Rsa.cs

@@ -36,6 +36,14 @@ internal static partial class libcrypto
         [DllImport(Libraries.LibCrypto)]
         internal static extern int RSA_generate_key_ex(SafeRsaHandle rsa, int bits, SafeBignumHandle e, IntPtr zero);
 
+        [DllImport(Libraries.LibCrypto)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool RSA_sign(int type, byte[] m, int m_len, byte[] sigret, out int siglen, SafeRsaHandle rsa);
+
+        [DllImport(Libraries.LibCrypto)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool RSA_verify(int type, byte[] m, int m_len, byte[] sigbuf, int siglen, SafeRsaHandle rsa);
+
         internal static unsafe RSAParameters ExportRsaParameters(SafeRsaHandle key, bool includePrivateParameters)
         {
             Debug.Assert(

src/System.Security.Cryptography.RSA/src/Internal/Cryptography/HashAlgorithmName.cs

@@ -0,0 +1,58 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+namespace Internal.Cryptography
+{
+    // Temporarily defining HashAlgorithmName here until it comes online officially with the contract refresh.
+    // (If the contract refresh is happening and this file is causing problems, just delete it)
+    internal struct HashAlgorithmName
+    {
+        public static HashAlgorithmName MD5 { get { return new HashAlgorithmName("MD5"); } }
+        public static HashAlgorithmName SHA1 { get { return new HashAlgorithmName("SHA1"); } }
+        public static HashAlgorithmName SHA256 { get { return new HashAlgorithmName("SHA256"); } }
+        public static HashAlgorithmName SHA384 { get { return new HashAlgorithmName("SHA384"); } }
+        public static HashAlgorithmName SHA512 { get { return new HashAlgorithmName("SHA512"); } }
+
+        private readonly string _name;
+
+        public HashAlgorithmName(string name)
+        {
+            _name = name;
+        }
+
+        public string Name
+        {
+            get { return _name; }
+        }
+
+        public override string ToString()
+        {
+            return _name ?? string.Empty;
+        }
+
+        public override bool Equals(object obj)
+        {
+            return obj is HashAlgorithmName && Equals((HashAlgorithmName)obj);
+        }
+
+        public bool Equals(HashAlgorithmName other)
+        {
+            return _name == other._name;
+        }
+
+        public override int GetHashCode()
+        {
+            return _name == null ? 0 : _name.GetHashCode();
+        }
+
+        public static bool operator ==(HashAlgorithmName left, HashAlgorithmName right)
+        {
+            return left.Equals(right);
+        }
+
+        public static bool operator !=(HashAlgorithmName left, HashAlgorithmName right)
+        {
+            return !(left == right);
+        }
+    }
+}

src/System.Security.Cryptography.RSA/src/Internal/Cryptography/RsaOpenSsl.cs

@@ -2,6 +2,8 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System;
+using System.Diagnostics;
+using System.IO;
 using System.Security.Cryptography;
 using System.Threading;
 
@@ -313,5 +315,113 @@ private static Exception CreateOpenSslException()
         {
             return new CryptographicException(Interop.libcrypto.GetOpenSslErrorString());
         }
+
+        internal byte[] HashData(byte[] buffer, int offset, int count, HashAlgorithmName hashAlgorithmName)
+        {
+            using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithmName))
+            {
+                return hasher.ComputeHash(buffer, offset, count);
+            }
+        }
+
+        internal byte[] HashData(Stream stream, HashAlgorithmName hashAlgorithmName)
+        {
+            using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithmName))
+            {
+                return hasher.ComputeHash(stream);
+            }
+        }
+
+        internal byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithmName)
+        {
+            int algorithmNid = GetAlgorithmNid(hashAlgorithmName);
+            SafeRsaHandle rsa = _key.Value;
+            byte[] signature = new byte[Interop.libcrypto.RSA_size(rsa)];
+            int signatureSize;
+
+            bool success = Interop.libcrypto.RSA_sign(
+                algorithmNid,
+                hash,
+                hash.Length,
+                signature,
+                out signatureSize,
+                rsa);
+
+            if (!success)
+            {
+                throw CreateOpenSslException();
+            }
+
+            Debug.Assert(
+                signatureSize == signature.Length,
+                "RSA_sign reported an unexpected signature size",
+                "RSA_sign reported signatureSize was {0}, when {1} was expected",
+                signatureSize,
+                signature.Length);
+
+            return signature;
+        }
+
+        internal bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithmName)
+        {
+            int algorithmNid = GetAlgorithmNid(hashAlgorithmName);
+            SafeRsaHandle rsa = _key.Value;
+
+            return Interop.libcrypto.RSA_verify(
+                algorithmNid,
+                hash,
+                hash.Length,
+                signature,
+                signature.Length,
+                rsa);
+        }
+
+        private static int GetAlgorithmNid(HashAlgorithmName hashAlgorithmName)
+        {
+            // All of the current HashAlgorithmName values correspond to the SN values in OpenSSL 0.9.8.
+            // If there's ever a new one that doesn't, translate it here.
+            string sn = hashAlgorithmName.Name;
+
+            int nid = Interop.libcrypto.OBJ_sn2nid(sn);
+
+            if (nid == Interop.libcrypto.NID_undef)
+            {
+                throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmName.Name);
+            }
+
+            return nid;
+        }
+
+        private static HashAlgorithm GetHashAlgorithm(HashAlgorithmName hashAlgorithmName)
+        {
+            HashAlgorithm hasher;
+
+            if (hashAlgorithmName == HashAlgorithmName.MD5)
+            {
+                hasher = MD5.Create();
+            }
+            else if (hashAlgorithmName == HashAlgorithmName.SHA1)
+            {
+                hasher = SHA1.Create();
+            }
+            else if (hashAlgorithmName == HashAlgorithmName.SHA256)
+            {
+                hasher = SHA256.Create();
+            }
+            else if (hashAlgorithmName == HashAlgorithmName.SHA384)
+            {
+                hasher = SHA384.Create();
+            }
+            else if (hashAlgorithmName == HashAlgorithmName.SHA512)
+            {
+                hasher = SHA512.Create();
+            }
+            else
+            {
+                throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmName.Name);
+            }
+
+            return hasher;
+        }
     }
 }

src/System.Security.Cryptography.RSA/src/Resources/Strings.resx

@@ -216,4 +216,7 @@
   <data name="OpenCSP_Failed" xml:space="preserve">
     <value>OpenCSP failed with Error code </value>
   </data>
+  <data name="Cryptography_UnknownHashAlgorithm" xml:space="preserve">
+    <value>'{0}' is not a known hash algorithm.</value>
+  </data>
 </root>

src/System.Security.Cryptography.RSA/src/System.Security.Cryptography.RSA.csproj

@@ -31,6 +31,7 @@
     <Reference Include="System.Threading" />
   </ItemGroup>-->
   <ItemGroup>
+    <Compile Include="Internal\Cryptography\HashAlgorithmName.cs" />
     <Compile Include="System\Security\Cryptography\CspProviderFlags.cs" />
     <Compile Include="System\Security\Cryptography\ICspAsymmetricAlgorithm.cs" />
     <Compile Include="System\Security\Cryptography\KeyNumber.cs" />
@@ -56,6 +57,9 @@
     <Compile Include="$(CommonPath)\Interop\Unix\libcoreclr\Interop.EnsureOpenSslInitialized.cs">
       <Link>Common\Interop\Unix\libcoreclr\Interop.EnsureOpenSslInitialized.cs</Link>
     </Compile>
+    <Compile Include="$(CommonPath)\Interop\Unix\libcrypto\Interop.ASN1.cs">
+      <Link>Common\Interop\Unix\libcrypto\Interop.ASN1.cs</Link>
+    </Compile>
     <Compile Include="$(CommonPath)\Interop\Unix\libcrypto\Interop.Bignum.cs">
       <Link>Common\Interop\Unix\libcrypto\Interop.Bignum.cs</Link>
     </Compile>
@@ -68,6 +72,9 @@
     <Compile Include="$(CommonPath)\Interop\Unix\libcrypto\Interop.Rsa.cs">
       <Link>Common\Interop\Unix\libcrypto\Interop.Rsa.cs</Link>
     </Compile>
+    <Compile Include="$(CommonPath)\Microsoft\Win32\SafeHandles\Asn1SafeHandles.Unix.cs">
+      <Link>Common\Microsoft\Win32\SafeHandles\Asn1SafeHandles.Unix.cs</Link>
+    </Compile>
     <Compile Include="$(CommonPath)\Microsoft\Win32\SafeHandles\SafeBignumHandle.Unix.cs">
       <Link>Common\Microsoft\Win32\SafeHandles\SafeBignumHandle.Unix.cs</Link>
     </Compile>