attempting RSA to RSACSP

kdurkin77 · kdurkin77 · commit e185b7069794 · 2024-05-06T09:15:06.000-04:00
Change-Id: I0b8785af9cb77ba3dc7e2d1b8c7f9ea999868f26
diff --git a/DTLS.Net/Client.cs b/DTLS.Net/Client.cs
@@ -87,13 +87,8 @@ public class Client : IDisposable
         public List<TCipherSuite> SupportedCipherSuites { get; }
         public byte[] ServerCertificate { get; set; }
 
-#if NETSTANDARD2_1 || NET6_0_OR_GREATER
-        private CngKey _PrivateKeyRsa;
-        public CngKey PublicKey { get; set; }
-#else
-        private RSACryptoServiceProvider _PrivateKeyRsa;
-        public RSACryptoServiceProvider PublicKey { get; set; }
-#endif
+        private RSA _PrivateKeyRsa;
+        public RSA PublicKey { get; set; }
 
         public Client(EndPoint localEndPoint)
             : this(localEndPoint, [])
@@ -966,7 +961,6 @@ public async Task ConnectToServerAsync(EndPoint serverEndPoint, TimeSpan receive
             }
         }
 
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "Other methods are available but RSA is just for windows")]
         public void LoadX509Certificate(X509Chain chain)
         {
             if (chain == null)
@@ -976,17 +970,9 @@ public void LoadX509Certificate(X509Chain chain)
 
             var mainCert = chain.ChainElements[0].Certificate;
 
-#if NETSTANDARD2_1 || NET6_0_OR_GREATER
-#pragma warning disable SYSLIB0028 // Type or member is obsolete
-            _PrivateKeyRsa = ((RSACng)mainCert.PrivateKey).Key;
-#pragma warning restore SYSLIB0028 // Type or member is obsolete
-#pragma warning disable SYSLIB0027 // Type or member is obsolete
-            PublicKey = ((RSACng)mainCert.PublicKey.Key).Key;
-#pragma warning restore SYSLIB0027 // Type or member is obsolete
-#else
-            _PrivateKeyRsa = (RSACryptoServiceProvider)mainCert.PrivateKey;
-            PublicKey = (RSACryptoServiceProvider)mainCert.PublicKey.Key;
-#endif
+
+            _PrivateKeyRsa = mainCert.GetRSAPrivateKey();
+            PublicKey = mainCert.GetRSAPublicKey();
 
             var certChain = new List<byte[]>();
             foreach (var element in chain.ChainElements)
diff --git a/DTLS.Net/Util/TLSUtils.cs b/DTLS.Net/Util/TLSUtils.cs
@@ -224,25 +224,20 @@ public static byte[] CalculateKeyBlock(TlsContext context, int size)
                 : TlsUtilities.PRF(context, master_secret, ExporterLabel.key_expansion, seed, size);
         }
 
-#if NETSTANDARD2_1 || NET6_0_OR_GREATER
-        public static byte[] Sign(AsymmetricKeyParameter privateKey, CngKey rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
+        public static byte[] Sign(AsymmetricKeyParameter privateKey, RSA rsa, bool client, Version version, HandshakeInfo handshakeInfo,
             SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
-#else
-        public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServiceProvider rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
-            SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
-#endif
         {
-            if (privateKey == null && rsaKey == null)
+            if (privateKey == null && rsa == null)
             {
-                throw new ArgumentException("No key or Rsa CSP provided");
+                throw new ArgumentException("No key or RSA provided");
             }
 
             if (privateKey == null)
             {
 
                 if (signatureHashAlgorithm.Signature == TSignatureAlgorithm.RSA)
                 {
-                    return SignRsa(rsaKey, hash);
+                    return SignRsa(rsa, hash);
                 }
 
                 throw new ArgumentException("Need private key for non-RSA Algorithms");
@@ -304,34 +299,21 @@ public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServicePro
         }
 
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "Other methods are available but RSA is just for windows")]
-#if NETSTANDARD2_1 || NET6_0_OR_GREATER
-        public static byte[] SignRsa(CngKey cngKey, byte[] hash)
+        public static byte[] SignRsa(RSA rsa, byte[] hash)
         {
-            if(cngKey == null)
+            if (rsa == null)
             {
-                throw new ArgumentNullException(nameof(cngKey));
-            }
-
-            if(hash == null)
-            {
-                throw new ArgumentNullException(nameof(hash));
-            }
-
-            var result = NCryptInterop.SignHashRaw(cngKey, hash, cngKey.KeySize);
-            return result;
-        }
-#else
-        public static byte[] SignRsa(RSACryptoServiceProvider rsaCsp, byte[] hash)
-        {
-            if (rsaCsp == null)
-            {
-                throw new ArgumentNullException(nameof(rsaCsp));
+                throw new ArgumentNullException(nameof(rsa));
             }
 
             if (hash == null)
             {
                 throw new ArgumentNullException(nameof(hash));
             }
+            string xmlPrivateKey = rsa.ToXmlString(true);
+
+            var rsaCsp = new RSACryptoServiceProvider();
+            rsaCsp.FromXmlString(xmlPrivateKey);
 
             var cspInfo = rsaCsp.CspKeyContainerInfo;
             var provider = new CngProvider(cspInfo.ProviderName);
@@ -348,7 +330,52 @@ public static byte[] SignRsa(RSACryptoServiceProvider rsaCsp, byte[] hash)
                 return result;
             }
         }
-#endif
+
+//#if NETSTANDARD2_1 || NET6_0_OR_GREATER
+//        public static byte[] SignRsa(CngKey cngKey, byte[] hash)
+//        {
+//            if(cngKey == null)
+//            {
+//                throw new ArgumentNullException(nameof(cngKey));
+//            }
+
+//            if(hash == null)
+//            {
+//                throw new ArgumentNullException(nameof(hash));
+//            }
+
+//            var result = NCryptInterop.SignHashRaw(cngKey, hash, cngKey.KeySize);
+//            return result;
+//        }
+//#else
+//        public static byte[] SignRsa(RSACryptoServiceProvider rsaCsp, byte[] hash)
+//        {
+//            if (rsaCsp == null)
+//            {
+//                throw new ArgumentNullException(nameof(rsaCsp));
+//            }
+
+//            if (hash == null)
+//            {
+//                throw new ArgumentNullException(nameof(hash));
+//            }
+
+//            var cspInfo = rsaCsp.CspKeyContainerInfo;
+//            var provider = new CngProvider(cspInfo.ProviderName);
+//            var options = CngKeyOpenOptions.None;
+
+//            if (cspInfo.MachineKeyStore)
+//            {
+//                options = CngKeyOpenOptions.MachineKey;
+//            }
+
+//            using (var cngKey = CngKey.Open(cspInfo.KeyContainerName, provider, options))
+//            {
+//                var result = NCryptInterop.SignHashRaw(cngKey, hash, rsaCsp.KeySize);
+//                return result;
+//            }
+//        }
+//#endif
 
         public static byte[] GetVerifyData(Version version, HandshakeInfo handshakeInfo, bool client, bool isClientFinished,
             byte[] handshakeHash)
