Skip to content

Implement PEM exports for RSA PKCS#1 and ECPrivateKey #61946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bartonjs merged 2 commits into from
Nov 29, 2021
Merged

Implement PEM exports for RSA PKCS#1 and ECPrivateKey #61946

bartonjs merged 2 commits into from
Nov 29, 2021

Conversation

@vcsjones
Copy link
Member

@vcsjones vcsjones commented Nov 22, 2021

Closes #51630. This is a replacement PR for #61487.

@vcsjones
Implement PEM exports on ECAlgorithm and RSA
d26db83 
This implements PEM exports for ECPrivateKey, and RSA PKCS#1 public and
private keys.
@vcsjones
Add tests for ECPrivateKey and PKCS#1 PEM exports.
138f88a
@ghost ghost added community-contribution Indicates that the PR has been added by a community member area-System.Security new-api-needs-documentation and removed community-contribution Indicates that the PR has been added by a community member labels Nov 22, 2021
@ghost
Copy link

ghost commented Nov 22, 2021

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost
Copy link

ghost commented Nov 22, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

Closes #51630. This is a replacement PR for #61487.

Author: vcsjones
Assignees: -
Labels:

area-System.Security, new-api-needs-documentation
Milestone: -

stephentoub
stephentoub reviewed Nov 23, 2021
View reviewed changes
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ECAlgorithm.cs
byte[] exported = ExportECPrivateKey();

// Fixed to prevent GC moves.
fixed (byte* pExported = exported)
Copy link
Member

@stephentoub stephentoub Nov 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the key was already exported to the array above, this is too late to guarantee no copies have been made.

Copy link
Member Author

@vcsjones vcsjones Nov 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is true but it's a pattern that occurs quite frequently in other places as a "best effort". Two examples:

But there are many more.

stephentoub
stephentoub reviewed Nov 23, 2021
View reviewed changes
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ECAlgorithm.cs
Comment on lines +935 to +945
static bool Export(ECAlgorithm alg, Span<byte> destination, out int bytesWritten)
{
return alg.TryExportECPrivateKey(destination, out bytesWritten);
}

return PemKeyHelpers.TryExportToPem(
this,
PemLabels.EcPrivateKey,
Export,
destination,
out charsWritten);
Copy link
Member

@stephentoub stephentoub Nov 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does Export need to be a local function? Why not just do it inline as a static lambda below and enable the compiler to cache the delegate?

Copy link
Member Author

@vcsjones vcsjones Nov 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looked cleaner this way (to me) and it's not a particularly performance sensitive function. As a lambda it would look like:

            return PemKeyHelpers.TryExportToPem(
                this,
                PemLabels.EcPrivateKey,
                static (ECAlgorithm alg, Span<byte> destination, out int bytesWritten) =>
                    alg.TryExportECPrivateKey(destination, out bytesWritten),
                destination,
                out charsWritten);

If we want to avoid the delegate allocation, I can fix this up and in a few other places that have already been done this way.

stephentoub
stephentoub reviewed Nov 23, 2021
View reviewed changes
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSA.cs
byte[] exported = ExportRSAPrivateKey();

// Fixed to prevent GC moves.
fixed (byte* pExported = exported)
Copy link
Member

@stephentoub stephentoub Nov 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as earlier. This will prevent exported from being moved from this point on, but it could have already been moved any number of times before this point.

@bartonjs bartonjs merged commit ca85979 into dotnet:main Nov 29, 2021
@vcsjones vcsjones deleted the 51630-rsa-ecc-pem-again branch November 29, 2021 22:24
@ghost ghost locked as resolved and limited conversation to collaborators Dec 30, 2021
@bartonjs bartonjs added the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label Aug 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

No one assigned

Labels

area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration new-api-needs-documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

APIs for exporting certificates and keys to PEM

3 participants

@vcsjones @stephentoub @bartonjs