Use System.Security.Cryptography for RSA (#1373)

* Use BCL for RSA

* Restore benchmark (with quirks for old code)

* Fixup benchmark (remove compatibility with old code)

* cosmetic tweaks

* Add a regression test for #1388

Author: Rob-Hague

src/Renci.SshNet/Common/Extensions.cs

@@ -64,6 +64,41 @@ public static BigInteger ToBigInteger2(this byte[] data)
             return data.ToBigInteger();
         }
 
+        public static byte[] ToByteArray(this BigInteger bigInt, bool isUnsigned = false, bool isBigEndian = false)
+        {
+            var data = bigInt.ToByteArray();
+
+            if (isUnsigned && data[data.Length - 1] == 0)
+            {
+                data = data.Take(data.Length - 1);
+            }
+
+            if (isBigEndian)
+            {
+                _ = data.Reverse();
+            }
+
+            return data;
+        }
+
+        // See https://github.com/dotnet/runtime/blob/9b57a265c7efd3732b035bade005561a04767128/src/libraries/Common/src/System/Security/Cryptography/KeyBlobHelpers.cs#L51
+        public static byte[] ExportKeyParameter(this BigInteger value, int length)
+        {
+            var target = value.ToByteArray(isUnsigned: true, isBigEndian: true);
+
+            // The BCL crypto is expecting exactly-sized byte arrays (sized to "length").
+            // If our byte array is smaller than required, then size it up.
+            // Otherwise, just return as is: if it is too large, we'll let the BCL throw the error.
+            if (target.Length < length)
+            {
+                var correctlySized = new byte[length];
+                Buffer.BlockCopy(target, 0, correctlySized, length - target.Length, target.Length);
+                return correctlySized;
+            }
+
+            return target;
+        }
+
         /// <summary>
         /// Reverses the sequence of the elements in the entire one-dimensional <see cref="Array"/>.
         /// </summary>

src/Renci.SshNet/Security/Cryptography/AsymmetricCipher.cs

@@ -1,21 +1,16 @@
-using System;
+#nullable enable
+using System;
 using System.Security.Cryptography;
 
-using Renci.SshNet.Common;
-using Renci.SshNet.Security.Cryptography.Ciphers;
-
 namespace Renci.SshNet.Security.Cryptography
 {
     /// <summary>
     /// Implements RSA digital signature algorithm.
     /// </summary>
-    public class RsaDigitalSignature : CipherDigitalSignature, IDisposable
+    public class RsaDigitalSignature : DigitalSignature, IDisposable
     {
-#if NET462
-        private readonly HashAlgorithm _hash;
-#else
-        private readonly IncrementalHash _hash;
-#endif
+        private readonly RsaKey _key;
+        private readonly HashAlgorithmName _hashAlgorithmName;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class with the SHA-1 hash algorithm.
@@ -32,36 +27,22 @@ public RsaDigitalSignature(RsaKey rsaKey)
         /// <param name="rsaKey">The RSA key.</param>
         /// <param name="hashAlgorithmName">The hash algorithm to use in the digital signature.</param>
         public RsaDigitalSignature(RsaKey rsaKey, HashAlgorithmName hashAlgorithmName)
-            : base(ObjectIdentifier.FromHashAlgorithmName(hashAlgorithmName), new RsaCipher(rsaKey))
         {
-#if NET462
-            _hash = CryptoConfig.CreateFromName(hashAlgorithmName.Name) as HashAlgorithm
-                ?? throw new ArgumentException($"Could not create {nameof(HashAlgorithm)} from `{hashAlgorithmName}`.", nameof(hashAlgorithmName));
-#else
-            // CryptoConfig.CreateFromName is a somewhat legacy API and is incompatible with trimming.
-            // Use IncrementalHash instead (which is also more modern and lighter-weight than HashAlgorithm).
-            _hash = IncrementalHash.CreateHash(hashAlgorithmName);
-#endif
+            _key = rsaKey;
+            _hashAlgorithmName = hashAlgorithmName;
         }
 
-        /// <summary>
-        /// Hashes the specified input.
-        /// </summary>
-        /// <param name="input">The input.</param>
-        /// <returns>
-        /// Hashed data.
-        /// </returns>
-        protected override byte[] Hash(byte[] input)
+        /// <inheritdoc/>
+        public override bool Verify(byte[] input, byte[] signature)
         {
-#if NET462
-            return _hash.ComputeHash(input);
-#else
-            _hash.AppendData(input);
-            return _hash.GetHashAndReset();
-#endif
+            return _key.RSA.VerifyData(input, signature, _hashAlgorithmName, RSASignaturePadding.Pkcs1);
         }
 
-        #region IDisposable Members
+        /// <inheritdoc/>
+        public override byte[] Sign(byte[] input)
+        {
+            return _key.RSA.SignData(input, _hashAlgorithmName, RSASignaturePadding.Pkcs1);
+        }
 
         /// <summary>
         /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
@@ -78,9 +59,6 @@ public void Dispose()
         /// <param name="disposing"><see langword="true"/> to release both managed and unmanaged resources; <see langword="false"/> to release only unmanaged resources.</param>
         protected virtual void Dispose(bool disposing)
         {
-            _hash.Dispose();
         }
-
-        #endregion
     }
 }