Fix cross-platform strong name signing by manually parsing RSA key blobs

Ahmed · Ahmed · commit 6f1be26ee3f0 · 2026-02-04T13:49:47.000+02:00
diff --git a/src/Compiler/AbstractIL/ilsign.fs b/src/Compiler/AbstractIL/ilsign.fs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) Microsoft Corporation.  All Rights Reserved.  See License.txt in the project root for license information.
+// Copyright (c) Microsoft Corporation.  All Rights Reserved.  See License.txt in the project root for license information.
 
 module internal FSharp.Compiler.AbstractIL.StrongNameSign
 
@@ -126,9 +126,7 @@ type BlobReader =
     val mutable _blob: byte array
     val mutable _offset: int
     new(blob: byte array) = { _blob = blob; _offset = 0 }
-    
-    member x.Offset with get() = x._offset and set(v) = x._offset <- v
-    
+
     member x.ReadInt32() : int =
         let offset = x._offset
         x._offset <- offset + 4
@@ -147,8 +145,7 @@ type BlobReader =
 let RSAParametersFromBlob blob keyType =
     let mutable reader = BlobReader blob
 
-    let header = reader.ReadInt32()
-    if header <> 0x00000206 && header <> 0x00000207 && keyType = KeyType.KeyPair then
+    if reader.ReadInt32() <> 0x00000207 && keyType = KeyType.KeyPair then
         raise (CryptographicException(getResourceString (FSComp.SR.ilSignPrivateKeyExpected ())))
 
     reader.ReadInt32() |> ignore // ALG_ID
@@ -303,27 +300,40 @@ let signStream stream keyBlob =
     let signature = createSignature hash keyBlob KeyType.KeyPair
     patchSignature stream peReader signature
 
+let align8 size = (size + 7) &&& ~~~7
+
 let signatureSize (pk: byte array) =
-    if pk.Length < 20 then 0
-    else
-        let reader = BlobReader pk
-        reader.Offset <- 12
-        let bitLen = reader.ReadInt32()
-        let modulusLength = bitLen / 8
-        
-        if modulusLength < 160 then 128 else modulusLength - 32
-// Key signing
-type keyContainerName = string
-type keyPair = byte array
-type pubkey = byte array
-type pubkeyOptions = byte array * bool
+    if pk.Length < 16 then
+        raise (CryptographicException(getResourceString (FSComp.SR.ilSignInvalidPKBlob ())))
+
+    let reader = BlobReader pk
+
+    // Roslyn Logic: Skipping headers directly to get to the bitLen
+    reader.ReadInt32() |> ignore // Skip PUBLICKEYSTRUC (part 1: bType, bVersion, reserved)
+    reader.ReadInt32() |> ignore // Skip PUBLICKEYSTRUC (part 2: aiKeyAlg)
+    reader.ReadInt32() |> ignore // Skip RSAPUBKEY (part 1: magic)
 
+    let bitLen = reader.ReadInt32()
+
+    if bitLen <= 0 then
+        raise (CryptographicException(getResourceString (FSComp.SR.ilSignInvalidBitLen ())))
+
+    let size = bitLen / 8
+    align8 size
+
+// Returns a CLR Format Blob public key
 let getPublicKeyForKeyPair keyBlob =
     use rsa = RSA.Create()
     rsa.ImportParameters(RSAParametersFromBlob keyBlob KeyType.KeyPair)
     let rsaParameters = rsa.ExportParameters false
     toCLRKeyBlob rsaParameters CALG_RSA_KEYX
 
+// Key signing
+type keyContainerName = string
+type keyPair = byte array
+type pubkey = byte array
+type pubkeyOptions = byte array * bool
+
 let signerGetPublicKeyForKeyPair (kp: keyPair) : pubkey = getPublicKeyForKeyPair kp
 
 let signerSignatureSize (pk: pubkey) : int = signatureSize pk
@@ -368,7 +378,11 @@ type ILStrongNameSigner =
 
     member s.SignatureSize =
         let pkSignatureSize pk =
-            signerSignatureSize pk
+            try
+                signerSignatureSize pk
+            with exn ->
+                failwith ("A call to StrongNameSignatureSize failed (" + exn.Message + ")")
+                0x80
 
         match s with
         | PublicKeySigner pk -> pkSignatureSize pk
