TryParsePkcs1Oaep Method

TryParsePkcs1Oaep(ReadOnlySpan<byte>, int, out byte[])

Try to parse the formattedData as a PKCS #1 v2 OAEP block that was the result of decryption (see RFC 8017).

C#
public static bool TryParsePkcs1Oaep(ReadOnlySpan<byte> formattedData, int digestAlgorithm, out byte[] outputData)

Parameters

Type Name Description
ReadOnlySpan<byte> formattedData

The data to parse.
int digestAlgorithm

The algorithm to use in the OAEP operations. It must be one of the digest algorithms defined in this class: RsaFormat.Sha1, RsaFormat.Sha256, and so on.
byte[] outputData

An output argument, a new buffer containing the data portion of the block.

Returns

bool

True if the method is able to parse, false otherwise.

Remarks

This method will extract the data from the formatted data and return it in a new byte array. This is generally the plaintext (the formatted data is the decrypted block). If it is successful, it will return true. If it cannot extract the information, it will return false.

The method will verify that the first byte is 00, then it will perform MGF1 using the specified digest algorithm on the masked DB (data block) to unmask the salt, and then perform MGF1 on the salt to unmaskk the DB. It will then verify that the lHash and PS are correct. 

00 || masked salt || masked DB
  MGF1(maskedDB)
00 || salt || masked DB
  MGF1(salt)
00 || salt || lHash || PS || 01 || output data

The caller supplies the digest algorithm to use in the MGF1. It must be one of the supported values: RsaFormat.Sha1, Sha256, or so on.

This method will use the message digest implementations from CryptographyProviders.

The lHash value is the digest of the label (pSource). The standard specifies the default label is the empty string. This method will only be able to build an lHash from the default empty string.

Finally, the method will return a new byte array containing the actual data portion.

Because this method creates a new byte array, and it contains sensitive data, it is a good idea to overwrite the buffer when done with it. 

CryptographicOperations.ZeroMemory(outputData);

This method only supports blocks 128 or 256 bytes (1024 or 2048 bits) long.

If any element fails (the length of the formattedData is not supported, an expected byte is not there, or so on), the method will return false. If there is an error, the method might set the outputData argument to an empty array, or it might contain the purported data. If the return is false and there is data in outputData, that data is meaningless.