Unify the RSACng tests with the other RSA classes.

This required some fixes to RSACng that will need to
be ported to 4.6.

�Set the export policies so that ImportParameters(true)
 works.

�Throw the right (or wrong, depending on your pov)
 exception if ImportParameters() is given an
 RSAParameters with null fields.

�VerifyHash(). Don't throw CryptographicException
 if the hash doesn't verify. Just return false like
 the nice docs say.

Author: Atsushi Kanamori

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs

@@ -5,7 +5,7 @@
 
 namespace System.Security.Cryptography.Rsa.Tests
 {
-    public class ImportExport
+    public partial class ImportExport
     {
         [Fact]
         public static void ExportAutoKey()
@@ -37,33 +37,6 @@ public static void ExportAutoKey()
             Assert.Equal(privateParams.Exponent, publicParams.Exponent);
         }
 
-        [Fact]
-        public static void PaddedExport()
-        {
-            // OpenSSL's numeric type for the storage of RSA key parts disregards zero-valued
-            // prefix bytes.
-            //
-            // The .NET 4.5 RSACryptoServiceProvider type verifies that all of the D breakdown
-            // values (P, DP, Q, DQ, InverseQ) are exactly half the size of D (which is itself
-            // the same size as Modulus).
-            //
-            // These two things, in combination, suggest that we ensure that all .NET
-            // implementations of RSA export their keys to the fixed array size suggested by their
-            // KeySize property.
-            RSAParameters diminishedDPParamaters = TestData.DiminishedDPParamaters;
-            RSAParameters exported;
-
-            using (RSA rsa = RSAFactory.Create())
-            {
-                rsa.ImportParameters(diminishedDPParamaters);
-                exported = rsa.ExportParameters(true);
-            }
-
-            // DP is the most likely to fail, the rest just otherwise ensure that Export
-            // isn't losing data.
-            AssertKeyEquals(ref diminishedDPParamaters, ref exported);
-        }
-
         [Fact]
         public static void LargeKeyImportExport()
         {
@@ -93,30 +66,6 @@ public static void LargeKeyImportExport()
             }
         }
 
-        [Fact]
-        public static void UnusualExponentImportExport()
-        {
-            // Most choices for the Exponent value in an RSA key use a Fermat prime.
-            // Since a Fermat prime is 2^(2^m) + 1, it always only has two bits set, and
-            // frequently has the form { 0x01, [some number of 0x00s], 0x01 }, which has the same
-            // representation in both big- and little-endian.
-            //
-            // The only real requirement for an Exponent value is that it be coprime to (p-1)(q-1).
-            // So here we'll use the (non-Fermat) prime value 433 (0x01B1) to ensure big-endian export.
-            RSAParameters unusualExponentParameters = TestData.UnusualExponentParameters;
-            RSAParameters exported;
-
-            using (RSA rsa = RSAFactory.Create())
-            {
-                rsa.ImportParameters(unusualExponentParameters);
-                exported = rsa.ExportParameters(true);
-            }
-
-            // Exponent is the most likely to fail, the rest just otherwise ensure that Export
-            // isn't losing data.
-            AssertKeyEquals(ref unusualExponentParameters, ref exported);
-        }
-
         [Fact]
         public static void ImportReset()
         {

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/ImportExportUnusual.cs

@@ -0,0 +1,64 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using Xunit;
+
+namespace System.Security.Cryptography.Rsa.Tests
+{
+    //
+    // These tests currently do not work against CNG and thus are split off so we can exclude them.
+    //
+    public partial class ImportExport
+    {
+        [Fact]
+        public static void PaddedExport()
+        {
+            // OpenSSL's numeric type for the storage of RSA key parts disregards zero-valued
+            // prefix bytes.
+            //
+            // The .NET 4.5 RSACryptoServiceProvider type verifies that all of the D breakdown
+            // values (P, DP, Q, DQ, InverseQ) are exactly half the size of D (which is itself
+            // the same size as Modulus).
+            //
+            // These two things, in combination, suggest that we ensure that all .NET
+            // implementations of RSA export their keys to the fixed array size suggested by their
+            // KeySize property.
+            RSAParameters diminishedDPParamaters = TestData.DiminishedDPParamaters;
+            RSAParameters exported;
+
+            using (RSA rsa = RSAFactory.Create())
+            {
+                rsa.ImportParameters(diminishedDPParamaters);
+                exported = rsa.ExportParameters(true);
+            }
+
+            // DP is the most likely to fail, the rest just otherwise ensure that Export
+            // isn't losing data.
+            AssertKeyEquals(ref diminishedDPParamaters, ref exported);
+        }
+
+        [Fact]
+        public static void UnusualExponentImportExport()
+        {
+            // Most choices for the Exponent value in an RSA key use a Fermat prime.
+            // Since a Fermat prime is 2^(2^m) + 1, it always only has two bits set, and
+            // frequently has the form { 0x01, [some number of 0x00s], 0x01 }, which has the same
+            // representation in both big- and little-endian.
+            //
+            // The only real requirement for an Exponent value is that it be coprime to (p-1)(q-1).
+            // So here we'll use the (non-Fermat) prime value 433 (0x01B1) to ensure big-endian export.
+            RSAParameters unusualExponentParameters = TestData.UnusualExponentParameters;
+            RSAParameters exported;
+
+            using (RSA rsa = RSAFactory.Create())
+            {
+                rsa.ImportParameters(unusualExponentParameters);
+                exported = rsa.ExportParameters(true);
+            }
+
+            // Exponent is the most likely to fail, the rest just otherwise ensure that Export
+            // isn't losing data.
+            AssertKeyEquals(ref unusualExponentParameters, ref exported);
+        }
+    }
+}

src/System.Security.Cryptography.Cng/src/Internal/Cryptography/Helpers.cs

@@ -139,6 +139,19 @@ public static IntPtr GetPropertyAsIntPtr(this SafeNCryptHandle ncryptHandle, str
                 return value;
             }
         }
+
+        /// <summary>
+        ///     Modify a CNG key's export policy.
+        /// </summary>
+        public static void SetExportPolicy(this SafeNCryptKeyHandle keyHandle, CngExportPolicies exportPolicy)
+        {
+            unsafe
+            {
+                ErrorCode errorCode = Interop.NCrypt.NCryptSetProperty(keyHandle, KeyPropertyName.ExportPolicy, &exportPolicy, sizeof(CngExportPolicies), CngPropertyOptions.Persist);
+                if (errorCode != ErrorCode.ERROR_SUCCESS)
+                    throw errorCode.ToCryptographicException();
+            }
+        }
     }
 }
 

src/System.Security.Cryptography.Cng/src/System/Security/Cryptography/CngKey.Create.cs

@@ -67,16 +67,14 @@ public static CngKey Create(CngAlgorithm algorithm, string keyName, CngKeyCreati
         /// <summary>
         ///     Setup the key properties specified in the key creation parameters
         /// </summary>
-        private static void InitializeKeyProperties(SafeNCryptHandle keyHandle, CngKeyCreationParameters creationParameters)
+        private static void InitializeKeyProperties(SafeNCryptKeyHandle keyHandle, CngKeyCreationParameters creationParameters)
         {
             unsafe
             {
                 if (creationParameters.ExportPolicy.HasValue)
                 {
                     CngExportPolicies exportPolicy = creationParameters.ExportPolicy.Value;
-                    ErrorCode errorCode = Interop.NCrypt.NCryptSetProperty(keyHandle, KeyPropertyName.ExportPolicy, &exportPolicy, sizeof(CngExportPolicies), CngPropertyOptions.Persist);
-                    if (errorCode != ErrorCode.ERROR_SUCCESS)
-                        throw errorCode.ToCryptographicException();
+                    keyHandle.SetExportPolicy(exportPolicy);
                 }
 
                 if (creationParameters.KeyUsage.HasValue)
@@ -119,7 +117,7 @@ private static void InitializeKeyProperties(SafeNCryptHandle keyHandle, CngKeyCr
         /// <summary>
         ///     Setup the UIPolicy key properties specified in the key creation parameters
         /// </summary>
-        private static void InitializeKeyUiPolicyProperties(SafeNCryptHandle keyHandle, CngUIPolicy uiPolicy)
+        private static void InitializeKeyUiPolicyProperties(SafeNCryptKeyHandle keyHandle, CngUIPolicy uiPolicy)
         {
             unsafe
             {

src/System.Security.Cryptography.Cng/src/System/Security/Cryptography/CngKey.StandardProperties.cs

@@ -64,6 +64,11 @@ public CngExportPolicies ExportPolicy
                 CngExportPolicies policy = (CngExportPolicies)_keyHandle.GetPropertyAsDword(KeyPropertyName.ExportPolicy, CngPropertyOptions.None);
                 return policy;
             }
+
+            internal set
+            {
+                _keyHandle.SetExportPolicy(value);
+            }
         }
 
         /// <summary>

src/System.Security.Cryptography.Cng/src/System/Security/Cryptography/RSACng.ImportExport.cs

@@ -38,9 +38,21 @@ public override void ImportParameters(RSAParameters parameters)
             unsafe
             {
                 if (parameters.Exponent == null || parameters.Modulus == null)
-                    throw new ArgumentException(SR.Cryptography_InvalidRsaParameters);
+                    throw new CryptographicException(SR.Cryptography_InvalidRsaParameters);
 
-                bool includePrivate = parameters.P != null && parameters.Q != null;
+                bool includePrivate;
+                if (parameters.D == null)
+                {
+                    includePrivate = false;
+                    if (parameters.P != null || parameters.DP != null || parameters.Q != null || parameters.DQ != null || parameters.InverseQ != null)
+                        throw new CryptographicException(SR.Cryptography_InvalidRsaParameters);
+                }
+                else
+                {
+                    includePrivate = true;
+                    if (parameters.P == null || parameters.DP == null || parameters.Q == null || parameters.DQ == null || parameters.InverseQ == null)
+                        throw new CryptographicException(SR.Cryptography_InvalidRsaParameters);
+                }
 
                 //
                 // We need to build a key blob structured as follows:
@@ -94,7 +106,11 @@ public override void ImportParameters(RSAParameters parameters)
                     Debug.Assert(offset == blobSize, "offset == blobSize");
                 }
                 CngKeyBlobFormat blobFormat = includePrivate ? s_rsaPrivateBlob : s_rsaPublicBlob;
-                Key = CngKey.Import(rsaBlob, blobFormat);
+
+                CngKey newKey = CngKey.Import(rsaBlob, blobFormat);
+                newKey.ExportPolicy |= CngExportPolicies.AllowPlaintextExport;
+
+                Key = newKey;
             }
         }
 

src/System.Security.Cryptography.Cng/src/System/Security/Cryptography/RSACng.Key.cs

@@ -32,7 +32,11 @@ public CngKey Key
                 // If we don't have a key yet, we need to generate a random one now.
                 if (_lazyKey == null)
                 {
-                    CngKeyCreationParameters creationParameters = new CngKeyCreationParameters();
+                    CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
+                    {
+                        ExportPolicy = CngExportPolicies.AllowPlaintextExport,
+                    };
+
                     CngProperty keySizeProperty = new CngProperty(KeyPropertyName.Length, BitConverter.GetBytes(KeySize), CngPropertyOptions.None);
                     creationParameters.Parameters.Add(keySizeProperty);
                     _lazyKey = CngKey.Create(CngAlgorithm.Rsa, null, creationParameters);

src/System.Security.Cryptography.Cng/src/System/Security/Cryptography/RSACng.SignVerify.cs

@@ -65,12 +65,7 @@ public override bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName
                     {
                         SafeNCryptKeyHandle keyHandle = Key.Handle;
                         ErrorCode errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
-                        if (errorCode == ErrorCode.ERROR_SUCCESS)
-                            verified = true;
-                        else if (errorCode == ErrorCode.NTE_BAD_SIGNATURE)
-                            verified = false;
-                        else
-                            throw errorCode.ToCryptographicException();
+                        verified = (errorCode == ErrorCode.ERROR_SUCCESS);  // For consistency with other RSA classes, return "false" for any error code rather than making the caller catch an exception.
                     }
                 );
                 return verified;

src/System.Security.Cryptography.Cng/tests/RSACngProvider.cs

@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+namespace System.Security.Cryptography.Rsa.Tests
+{
+    public class RSACngProvider : IRSAProvider
+    {
+        public RSA Create()
+        {
+            return new RSACng();
+        }
+
+        public RSA Create(int keySize)
+        {
+            return new RSACng(keySize);
+        }
+    }
+
+    public partial class RSAFactory
+    {
+        private static readonly IRSAProvider s_provider = new RSACngProvider();
+    }
+}