Search code examples
c++cryptographycng

C++ Importing RSA public keys from modulus and exponent with CNG

I'm trying to use CNG to encrypt some data with a public key that is given as a parameter. When calling NCryptImportKey function, I get a NTE_BAD_DATA error which isn't listed in the msdn page.

My code:

#include <iostream>
#include <Windows.h>
#include <Bcrypt.h>
#include <Ntstatus.h>
#include <string>
#include <vector>
#include "base64.h"

using std::string;
using std::vector;

struct MyRSAPublicBlob {
    BCRYPT_RSAKEY_BLOB blob;
    BYTE exponent[3];
    BYTE modulus[128];
    MyRSAPublicBlob(const vector<BYTE>& mod, const vector<BYTE>& exp)
    {
        blob.BitLength = (128 + 3) * 8;
        blob.Magic = BCRYPT_RSAPUBLIC_MAGIC;
        blob.cbModulus = 128;
        blob.cbPublicExp = 3;
        for (size_t i = 0; i < mod.size(); ++i) //copy BigEndian
            modulus[i] = mod[mod.size() - 1 - i];
        for (size_t i = 0; i < exp.size(); ++i) //copy BigEndian
            exponent[i] = exp[exp.size() - 1 - i];
    }
    MyRSAPublicBlob() { ; }

};

MyRSAPublicBlob b;

bool RSA_encrypt() {
    SECURITY_STATUS stat;
    NCRYPT_PROV_HANDLE hProv;
    NCRYPT_KEY_HANDLE hKey;

    stat = NCryptOpenStorageProvider(&hProv, MS_KEY_STORAGE_PROVIDER, 0);
    if (ERROR_SUCCESS != stat) {
        std::cout << "failed in NCryptOpenStorageProvider: " << GetLastError() << std::endl;
        return false;
    }
    stat = NCryptImportKey(hProv,
        NULL,
        BCRYPT_RSAPUBLIC_BLOB,
        NULL,
        &hKey,
        (PBYTE)&b.blob,
        sizeof(b),
        0);

    if (ERROR_SUCCESS != stat) {
        std::cout << "failed in NCryptImportKey: " << GetLastError() << std::endl;
        return false;
    }

Example of how I construct MyRSAPublicBlob:

string PubKeyModulus = "yVUndgQFuB5Z5FgC0/WgWCg6Y8VuB582avGjQDdeoJDa1+RBKCyXo700sAMSGjM/bVakOlFqvCsVFNBysx1CH731CDb2DR1a0bsmYmDQ9d0ZHX+AOohVDIx9mc7bkDQZoEFpe9NqFsu95Y9yktpl1JKPmKyLOFgufGJYYvQyoOM=";
string PubKeyExp = "AQAB";

vector<BYTE> PubKeyModulus_bin = base64_decode(PubKeyModulus);
vector<BYTE> PubKeyExp_bin = base64_decode(PubKeyExp);
struct MyRSAPublicBlob c(PubKeyModulus_bin, PubKeyExp_bin);
b = c;

Anything I'm doing bluntly wrong?

Solution

  • The BitLength value is the "size of the key", which for RSA means "the size of the Modulus value". So it's sort of redundant with cbModulus, but c'est la vie.

    If you remove the + 3 in your calculation of BitLength it'll probably start working. Compare to .NET building the blob for RSACng.ImportParameters: http://source.dot.net/#System.Security.Cryptography.Cng/Common/System/Security/Cryptography/RSACng.ImportExport.cs,79