Detect if RSA-384 is supported on the platform

Author: vcsjones

src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs

@@ -11,8 +11,89 @@ namespace Test.Cryptography
 {
     internal static class PlatformSupport
     {
+        private static readonly RSAParameters s_rsa384Parameters = new RSAParameters
+        {
+            Modulus = new byte[]
+            {
+                0xDA, 0xCC, 0x22, 0xD8, 0x6E, 0x67, 0x15, 0x75,
+                0x03, 0x2E, 0x31, 0xF2, 0x06, 0xDC, 0xFC, 0x19,
+                0x2C, 0x65, 0xE2, 0xD5, 0x10, 0x89, 0xE5, 0x11,
+                0x2D, 0x09, 0x6F, 0x28, 0x82, 0xAF, 0xDB, 0x5B,
+                0x78, 0xCD, 0xB6, 0x57, 0x2F, 0xD2, 0xF6, 0x1D,
+                0xB3, 0x90, 0x47, 0x22, 0x32, 0xE3, 0xD9, 0xF5,
+            },
+            Exponent = new byte[]
+            {
+                0x01, 0x00, 0x01,
+            },
+            D = new byte[]
+            {
+                0x7A, 0x59, 0xBD, 0x02, 0x9A, 0x7A, 0x3A, 0x9D,
+                0x7C, 0x71, 0xD0, 0xAC, 0x2E, 0xFA, 0x54, 0x5F,
+                0x1F, 0x5C, 0xBA, 0x43, 0xBB, 0x43, 0xE1, 0x3B,
+                0x78, 0x77, 0xAF, 0x82, 0xEF, 0xEB, 0x40, 0xC3,
+                0x8D, 0x1E, 0xCD, 0x73, 0x7F, 0x5B, 0xF9, 0xC8,
+                0x96, 0x92, 0xB2, 0x9C, 0x87, 0x5E, 0xD6, 0xE1,
+            },
+            P = new byte[]
+            {
+                0xFA, 0xDB, 0xD7, 0xF8, 0xA1, 0x8B, 0x3A, 0x75,
+                0xA4, 0xF6, 0xDF, 0xAE, 0xE3, 0x42, 0x6F, 0xD0,
+                0xFF, 0x8B, 0xAC, 0x74, 0xB6, 0x72, 0x2D, 0xEF,
+            },
+            DP = new byte[]
+            {
+                0x24, 0xFF, 0xBB, 0xD0, 0xDD, 0xF2, 0xAD, 0x02,
+                0xA0, 0xFC, 0x10, 0x6D, 0xB8, 0xF3, 0x19, 0x8E,
+                0xD7, 0xC2, 0x00, 0x03, 0x8E, 0xCD, 0x34, 0x5D,
+            },
+            Q = new byte[]
+            {
+                0xDF, 0x48, 0x14, 0x4A, 0x6D, 0x88, 0xA7, 0x80,
+                0x14, 0x4F, 0xCE, 0xA6, 0x6B, 0xDC, 0xDA, 0x50,
+                0xD6, 0x07, 0x1C, 0x54, 0xE5, 0xD0, 0xDA, 0x5B,
+            },
+            DQ = new byte[]
+            {
+                0x85, 0xDF, 0x73, 0xBB, 0x04, 0x5D, 0x91, 0x00,
+                0x6C, 0x2D, 0x45, 0x9B, 0xE6, 0xC4, 0x2E, 0x69,
+                0x95, 0x4A, 0x02, 0x24, 0xAC, 0xFE, 0x42, 0x4D,
+            },
+            InverseQ = new byte[]
+            {
+                0x1A, 0x3A, 0x76, 0x9C, 0x21, 0x26, 0x2B, 0x84,
+                0xCA, 0x9C, 0xA9, 0x62, 0x0F, 0x98, 0xD2, 0xF4,
+                0x3E, 0xAC, 0xCC, 0xD4, 0x87, 0x9A, 0x6F, 0xFD,
+            },
+        };
+
         private static readonly Dictionary<CngAlgorithm, bool> s_platformCryptoSupportedAlgorithms = new();
 
+        private static readonly Lazy<bool> s_lazyIsRSA384Supported = new Lazy<bool>(() =>
+        {
+            // Linux and Apple are known to support RSA-384, so return true without checking.
+            if (PlatformDetection.IsLinux || PlatformDetection.IsApplePlatform)
+            {
+                return true;
+            }
+
+            RSA rsa = RSA.Create();
+
+            try
+            {
+                rsa.ImportParameters(s_rsa384Parameters);
+                return true;
+            }
+            catch (CryptographicException)
+            {
+                return false;
+            }
+            finally
+            {
+                rsa.Dispose();
+            }
+        });
+
         private static bool PlatformCryptoProviderFunctional(CngAlgorithm algorithm)
         {
             // Use a full lock around a non-concurrent dictionary. We do not want the value factory for
@@ -91,6 +172,8 @@ private static bool CheckIfVbsAvailable()
         // Whether or not the current platform supports RC2
         internal static readonly bool IsRC2Supported = !PlatformDetection.IsAndroid;
 
+        internal static bool IsRSA384Supported => s_lazyIsRSA384Supported.Value;
+
 #if NET
         internal static readonly bool IsAndroidVersionAtLeast31 = OperatingSystem.IsAndroidVersionAtLeast(31);
 #else

src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs

@@ -2,32 +2,17 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Runtime.InteropServices;
+using Test.Cryptography;
 
 namespace System.Security.Cryptography.Rsa.Tests
 {
     public class RSACngProvider : IRSAProvider
     {
-        private bool? _supports384PrivateKey;
-
         public RSA Create() => new RSACng();
 
         public RSA Create(int keySize) => new RSACng(keySize);
 
-        public bool Supports384PrivateKey
-        {
-            get
-            {
-                if (!_supports384PrivateKey.HasValue)
-                {
-                    // For Windows 7 (Microsoft Windows 6.1) and Windows 8 (Microsoft Windows 6.2) this is false for RSACng.
-                    _supports384PrivateKey =
-                        !RuntimeInformation.OSDescription.Contains("Windows 6.1") &&
-                        !RuntimeInformation.OSDescription.Contains("Windows 6.2");
-                }
-
-                return _supports384PrivateKey.Value;
-            }
-        }
+        public bool Supports384PrivateKey => PlatformSupport.IsRSA384Supported;
 
         public bool SupportsLargeExponent => true;
 

src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs

@@ -3,6 +3,7 @@
 
 using System.Runtime.InteropServices;
 using System.Security.Cryptography.Tests;
+using Test.Cryptography;
 
 namespace System.Security.Cryptography.Rsa.Tests
 {
@@ -15,7 +16,7 @@ public class RSACryptoServiceProviderProvider : IRSAProvider
 
         public RSA Create(int keySize) => new RSACryptoServiceProvider(keySize);
 
-        public bool Supports384PrivateKey => true;
+        public bool Supports384PrivateKey => PlatformSupport.IsRSA384Supported;
 
         public bool SupportsLargeExponent => false;
 

src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs

@@ -3,12 +3,12 @@
 
 using System.Runtime.InteropServices;
 using System.Security.Cryptography.Tests;
+using Test.Cryptography;
 
 namespace System.Security.Cryptography.Rsa.Tests
 {
     public class DefaultRSAProvider : IRSAProvider
     {
-        private bool? _supports384PrivateKey;
         private bool? _supportsSha1Signatures;
         private bool? _supportsMd5Signatures;
 
@@ -26,21 +26,7 @@ public RSA Create(int keySize)
 #endif
         }
 
-        public bool Supports384PrivateKey
-        {
-            get
-            {
-                if (!_supports384PrivateKey.HasValue)
-                {
-                    // For Windows 7 (Microsoft Windows 6.1) and Windows 8 (Microsoft Windows 6.2) this is false for RSACng.
-                    _supports384PrivateKey = !RuntimeInformation.OSDescription.Contains("Windows 6.1") &&
-                        !RuntimeInformation.OSDescription.Contains("Windows 6.2");
-                }
-
-                return _supports384PrivateKey.Value;
-            }
-        }
-
+        public bool Supports384PrivateKey => PlatformSupport.IsRSA384Supported;
         public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
         public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());