This project has moved. For the latest updates, please go here.

BitLength assignment missing on ImportParameters

Jul 15, 2008 at 5:25 PM
Edited Jul 15, 2008 at 7:09 PM
The ImportParameters method of RSACng class, on the marshalling you do not assign the BitLength value and the function throws exception on the last line of the method
I modified as
pBcryptBlob->BitLength =blobSize * 8;
and at least the function succeeded. 
However I couldn't find the correct bitlength value for it. A call to encyptValue method fails with the modified Bitlength assignment. I couldn't find any documentation on the bitlength value as well. 

My guess is that the bitlength is the bit size of modulo key. But again I think there is something is missing in this function.

Thanks
Can.

Coordinator
Jul 15, 2008 at 8:07 PM

Hi Can,

Thanks for spotting the bug in ImportParameters; we need to set the BitLength on the blob to be the bit length of the RSA key, which is generally defined to be the length of the modulus.  We also needed to be asserting away the demand for KeyContainerPermisison that's going to occur from the import.

I've uploaded a fix for this problem, and added a test case to the unit test suite.  The changeset can be found here:  http://www.codeplex.com/clrsecurity/SourceControl/DirectoryView.aspx?SourcePath=%24%2fclrsecurity&changeSetId=14489, if you resync the sources you should get the update.

One remaining issue that you might run into is a CryptographicException complaining about an InvalidOperationException if you try to import a full key pair.  The reason this happens is that the default KSP that RSACng uses (the Microsoft Software KSP that ships in Vista) does not support importing full RSA key blobs.  This creates a restriction where you can only import public keys (so if you use a method like ToXmlString to create a round-tripped key you'll want to pass false as a parameter).

-Shawn Farkas [MS]


canerten wrote:
The ImportParameters method of RSACng class, on the marshalling you do not assign the BitLength value and the function throws exception on the last line of the method
I modified as
pBcryptBlob->BitLength =blobSize * 8;
and at least the function succeeded. 
However I couldn't find the correct bitlength value for it. A call to encyptValue method fails with the modified Bitlength assignment. I couldn't find any documentation on the bitlength value as well. 

My guess is that the bitlength is the bit size of modulo key. But again I think there is something is missing in this function.

Thanks
Can.




Jul 15, 2008 at 8:55 PM
Hi Shawn,

Thanks for the great library and for the fix.
I really appreciated it.

Kind Regards
Can.

shawnfa wrote:

Hi Can,

Thanks for spotting the bug in ImportParameters; we need to set the BitLength on the blob to be the bit length of the RSA key, which is generally defined to be the length of the modulus.  We also needed to be asserting away the demand for KeyContainerPermisison that's going to occur from the import.

I've uploaded a fix for this problem, and added a test case to the unit test suite.  The changeset can be found here:  http://www.codeplex.com/clrsecurity/SourceControl/DirectoryView.aspx?SourcePath=%24%2fclrsecurity&changeSetId=14489, if you resync the sources you should get the update.

One remaining issue that you might run into is a CryptographicException complaining about an InvalidOperationException if you try to import a full key pair.  The reason this happens is that the default KSP that RSACng uses (the Microsoft Software KSP that ships in Vista) does not support importing full RSA key blobs.  This creates a restriction where you can only import public keys (so if you use a method like ToXmlString to create a round-tripped key you'll want to pass false as a parameter).

-Shawn Farkas [MS]


canerten wrote:
The ImportParameters method of RSACng class, on the marshalling you do not assign the BitLength value and the function throws exception on the last line of the method
I modified as
pBcryptBlob->BitLength =blobSize * 8;
and at least the function succeeded. 
However I couldn't find the correct bitlength value for it. A call to encyptValue method fails with the modified Bitlength assignment. I couldn't find any documentation on the bitlength value as well. 

My guess is that the bitlength is the bit size of modulo key. But again I think there is something is missing in this function.

Thanks
Can.