Add support for external Crypto

So users can use their own RSA/ECDSA instance.
darinkes · Mar 21, 2024 · b535984 · b535984
1 parent 65b7f1e
commit b535984
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 17 deletions.
diff --git a/SshNet.Keygen.Tests/TestKey.cs b/SshNet.Keygen.Tests/TestKey.cs
@@ -265,5 +265,47 @@ public void TestED25519()
             TestFormatKey<ED25519Key>("ED25519", 256);
             TestFormatKey<ED25519Key>("ED25519", 256, "12345");
         }
+
+        [Test]
+        public void TestOwnRSA()
+        {
+            RSA? rsa;
+            int keySize = 2048;
+#if NET8_0_OR_GREATER
+            rsa = RSA.Create();
+            if (rsa is RSACryptoServiceProvider)
+            {
+                rsa.Dispose();
+                rsa = new RSACng(keySize);
+            }
+            rsa.KeySize = keySize;
+#else
+            var rsa = new RSACryptoServiceProvider(keySize);
+#endif
+            var keyInfo = new SshKeyGenerateInfo()
+            {
+                Rsa = rsa
+            };
+            _ = SshKey.Generate(keyInfo);
+        }
+
+        [Test]
+        public void TestOwnEcdsa()
+        {
+            ECDsa? ecdsa;
+#if NET8_0_OR_GREATER
+            var curve = ECCurve.CreateFromFriendlyName("nistp256");
+            ecdsa = ECDsa.Create();
+            ecdsa.GenerateKey(curve);
+#else
+            ecdsa = new ECDsaCng(256);
+#endif
+            var keyInfo = new SshKeyGenerateInfo()
+            {
+                KeyType = SshKeyType.ECDSA,
+                Ecdsa = ecdsa
+            };
+            _ = SshKey.Generate(keyInfo);
+        }
     }
 }
diff --git a/SshNet.Keygen/SshKey.cs b/SshNet.Keygen/SshKey.cs
@@ -60,8 +60,16 @@ public static GeneratedPrivateKey Generate(SshKeyGenerateInfo info)
                 }
                 case SshKeyType.RSA:
                 {
-                    using var rsa = CreateRSA(info.KeyLength);
-                    var rsaParameters = rsa.ExportParameters(true);
+                    RSAParameters rsaParameters;
+                    if (info.Rsa is not null)
+                    {
+                        rsaParameters = info.Rsa.ExportParameters(true);
+                    }
+                    else
+                    {
+                        using var rsa = CreateRSA(info.KeyLength);
+                        rsaParameters = rsa.ExportParameters(true);
+                    }
 
                     key = new RsaKey(
                         rsaParameters.Modulus.ToBigInteger2().ToByteArray().Reverse().ToBigInteger(),
@@ -75,28 +83,49 @@ public static GeneratedPrivateKey Generate(SshKeyGenerateInfo info)
                 }
                 case SshKeyType.ECDSA:
                 {
+                    var dispose = false;
 #if NETSTANDARD
-                    var curve = info.KeyLength switch
+                    ECDsa? ecdsa;
+                    if (info.Ecdsa is not null)
                     {
-                        256 => ECCurve.CreateFromFriendlyName("nistp256"),
-                        384 => ECCurve.CreateFromFriendlyName("nistp384"),
-                        521 => ECCurve.CreateFromFriendlyName("nistp521"),
-                        _ => throw new CryptographicException("Unsupported KeyLength")
-                    };
-
-                    using var ecdsa = ECDsa.Create();
-                    if (ecdsa is null)
-                        throw new CryptographicException("Unable to generate ECDSA");
-                    ecdsa.GenerateKey(curve);
-                    var ecdsaParameters = ecdsa.ExportParameters(true);
+                        ecdsa = info.Ecdsa;
+                    }
+                    else
+                    {
+                        var curve = info.KeyLength switch
+                        {
+                            256 => ECCurve.CreateFromFriendlyName("nistp256"),
+                            384 => ECCurve.CreateFromFriendlyName("nistp384"),
+                            521 => ECCurve.CreateFromFriendlyName("nistp521"),
+                            _ => throw new CryptographicException("Unsupported KeyLength")
+                        };
+
+                        ecdsa = ECDsa.Create();
+                        if (ecdsa is null)
+                            throw new CryptographicException("Unable to generate ECDSA");
+                        dispose = true;
+                        ecdsa.GenerateKey(curve);
+                    }
+
+                    var ecParameters = ecdsa.ExportParameters(true);
 
                     key = new EcdsaKey(
                         ecdsa.EcCurveNameSshCompat(),
-                        ecdsaParameters.UncompressedCoords(),
-                        ecdsaParameters.D
+                        ecParameters.UncompressedCoords(),
+                        ecParameters.D
                     );
 #else
-                    using var ecdsa = new ECDsaCng(info.KeyLength);
+                    ECDsaCng ecdsa;
+                    if (info.Ecdsa is not null)
+                    {
+                        ecdsa = info.Ecdsa;
+                    }
+                    else
+                    {
+                        ecdsa = new ECDsaCng(info.KeyLength);
+                        dispose = true;
+                    }
+
                     var keyBlob = ecdsa.Key.Export(CngKeyBlobFormat.EccPrivateBlob);
                     using var stream = new MemoryStream(keyBlob);
                     using var reader = new BinaryReader(stream);
@@ -112,6 +141,8 @@ public static GeneratedPrivateKey Generate(SshKeyGenerateInfo info)
                         d
                     );
 #endif
+                    if (dispose)
+                        ecdsa.Dispose();
                     break;
                 }
                 default:

diff --git a/SshNet.Keygen/SshKeyGenerateInfo.cs b/SshNet.Keygen/SshKeyGenerateInfo.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Security.Cryptography;
 using SshNet.Keygen.SshKeyEncryption;
 
 namespace SshNet.Keygen
@@ -31,6 +32,14 @@ public class SshKeyGenerateInfo
 
         public SshKeyType KeyType { get; set; }
 
+        public RSA? Rsa { get; set; }
+
+#if NETSTANDARD
+        public ECDsa? Ecdsa { get; set; }
+#else
+        public ECDsaCng? Ecdsa { get; set; }
+#endif
+
         public SshKeyGenerateInfo(SshKeyType keyType = DefaultSshKeyType)
         {
             Encryption = DefaultSshKeyEncryption;