Normalize names of span inputs in crypto API

The asymmetric types operate on either hashed input, or unprocessed input.
The existing API tends to call hashed input "hash" (or "rgbHash" for older API),
and unprocessed input "data" (or "rgbData").

This change modifies the new (ReadOnly)Span-based methods to use "data"
and "hash" (as appropriate) instead of "source".  Particularly because the
hash-based methods in DSA do not contain the word Hash, making "source"
for CreateSignature ambiguous.

In the cases where the existing parameter was named "rgbHash" (et al) the
"rgb" was dropped in the (ReadOnly)Span variant, including in the cases
where the (ReadOnly)Span variant is a proper overload.

Author: bartonjs

src/Common/src/System/Security/Cryptography/DSACng.SignVerify.cs

@@ -45,21 +45,21 @@ public override byte[] CreateSignature(byte[] rgbHash)
                 }
             }
 
-            public override unsafe bool TryCreateSignature(ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten)
+            public override unsafe bool TryCreateSignature(ReadOnlySpan<byte> hash, Span<byte> destination, out int bytesWritten)
             {
-                byte[] arrayToReturnToArrayPool = AdjustHashSizeIfNecessaryWithArrayPool(ref source);
+                byte[] arrayToReturnToArrayPool = AdjustHashSizeIfNecessaryWithArrayPool(ref hash);
                 try
                 {
                     using (SafeNCryptKeyHandle keyHandle = GetDuplicatedKeyHandle())
                     {
-                        return CngCommon.TrySignHash(keyHandle, source, destination, AsymmetricPaddingMode.None, null, out bytesWritten);
+                        return CngCommon.TrySignHash(keyHandle, hash, destination, AsymmetricPaddingMode.None, null, out bytesWritten);
                     }
                 }
                 finally
                 {
                     if (arrayToReturnToArrayPool != null)
                     {
-                        Array.Clear(arrayToReturnToArrayPool, 0, source.Length);
+                        Array.Clear(arrayToReturnToArrayPool, 0, hash.Length);
                         ArrayPool<byte>.Shared.Return(arrayToReturnToArrayPool);
                     }
                 }
@@ -79,24 +79,24 @@ public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
                 return VerifySignature((ReadOnlySpan<byte>)rgbHash, (ReadOnlySpan<byte>)rgbSignature);
             }
 
-            public override bool VerifySignature(ReadOnlySpan<byte> rgbHash, ReadOnlySpan<byte> rgbSignature)
+            public override bool VerifySignature(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> signature)
             {
-                byte[] arrayToReturnToArrayPool = AdjustHashSizeIfNecessaryWithArrayPool(ref rgbHash);
+                byte[] arrayToReturnToArrayPool = AdjustHashSizeIfNecessaryWithArrayPool(ref hash);
                 try
                 {
                     using (SafeNCryptKeyHandle keyHandle = GetDuplicatedKeyHandle())
                     {
                         unsafe
                         {
-                            return CngCommon.VerifyHash(keyHandle, rgbHash, rgbSignature, AsymmetricPaddingMode.None, null);
+                            return CngCommon.VerifyHash(keyHandle, hash, signature, AsymmetricPaddingMode.None, null);
                         }
                     }
                 }
                 finally
                 {
                     if (arrayToReturnToArrayPool != null)
                     {
-                        Array.Clear(arrayToReturnToArrayPool, 0, rgbHash.Length);
+                        Array.Clear(arrayToReturnToArrayPool, 0, hash.Length);
                         ArrayPool<byte>.Shared.Return(arrayToReturnToArrayPool);
                     }
                 }

src/Common/src/System/Security/Cryptography/DSAOpenSsl.cs

@@ -180,8 +180,8 @@ protected override byte[] HashData(byte[] data, int offset, int count, HashAlgor
             protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) =>
                 AsymmetricAlgorithmHelpers.HashData(data, hashAlgorithm);
 
-            protected override bool TryHashData(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
-                AsymmetricAlgorithmHelpers.TryHashData(source, destination, hashAlgorithm, out bytesWritten);
+            protected override bool TryHashData(ReadOnlySpan<byte> data, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
+                AsymmetricAlgorithmHelpers.TryHashData(data, destination, hashAlgorithm, out bytesWritten);
 
             public override byte[] CreateSignature(byte[] rgbHash)
             {
@@ -216,15 +216,15 @@ public override byte[] CreateSignature(byte[] rgbHash)
                 }
             }
 
-            public override bool TryCreateSignature(ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten)
+            public override bool TryCreateSignature(ReadOnlySpan<byte> hash, Span<byte> destination, out int bytesWritten)
             {
                 byte[] converted;
                 SafeDsaHandle key = _key.Value;
                 int signatureSize = Interop.Crypto.DsaEncodedSignatureSize(key);
                 byte[] signature = ArrayPool<byte>.Shared.Rent(signatureSize);
                 try
                 {
-                    bool success = Interop.Crypto.DsaSign(key, source, source.Length, new Span<byte>(signature, 0, signatureSize), out signatureSize);
+                    bool success = Interop.Crypto.DsaSign(key, hash, hash.Length, new Span<byte>(signature, 0, signatureSize), out signatureSize);
                     if (!success)
                     {
                         throw Interop.Crypto.CreateOpenSslCryptographicException();
@@ -269,20 +269,20 @@ public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
                 return VerifySignature((ReadOnlySpan<byte>)rgbHash, (ReadOnlySpan<byte>)rgbSignature);
             }
 
-            public override bool VerifySignature(ReadOnlySpan<byte> rgbHash, ReadOnlySpan<byte> rgbSignature)
+            public override bool VerifySignature(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> signature)
             {
                 SafeDsaHandle key = _key.Value;
 
                 int expectedSignatureBytes = Interop.Crypto.DsaSignatureFieldSize(key) * 2;
-                if (rgbSignature.Length != expectedSignatureBytes)
+                if (signature.Length != expectedSignatureBytes)
                 {
                     // The input isn't of the right length (assuming no DER), so we can't sensibly re-encode it with DER.
                     return false;
                 }
 
-                byte[] openSslFormat = AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(rgbSignature);
+                byte[] openSslFormat = AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(signature);
 
-                return Interop.Crypto.DsaVerify(key, rgbHash, rgbHash.Length, openSslFormat, openSslFormat.Length);
+                return Interop.Crypto.DsaVerify(key, hash, hash.Length, openSslFormat, openSslFormat.Length);
             }
 
             private void SetKey(SafeDsaHandle newKey)

src/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs

@@ -235,8 +235,8 @@ protected override byte[] HashData(byte[] data, int offset, int count, HashAlgor
                 protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) =>
                     AsymmetricAlgorithmHelpers.HashData(data, hashAlgorithm);
 
-                protected override bool TryHashData(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
-                    AsymmetricAlgorithmHelpers.TryHashData(source, destination, hashAlgorithm, out bytesWritten);
+                protected override bool TryHashData(ReadOnlySpan<byte> data, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
+                    AsymmetricAlgorithmHelpers.TryHashData(data, destination, hashAlgorithm, out bytesWritten);
 
                 protected override void Dispose(bool disposing)
                 {

src/Common/src/System/Security/Cryptography/ECDsaOpenSsl.cs

@@ -89,7 +89,7 @@ public override byte[] SignHash(byte[] hash)
                 return converted;
             }
 
-            public override bool TrySignHash(ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten)
+            public override bool TrySignHash(ReadOnlySpan<byte> hash, Span<byte> destination, out int bytesWritten)
             {
                 SafeEcKeyHandle key = _key.Value;
 
@@ -98,7 +98,7 @@ public override bool TrySignHash(ReadOnlySpan<byte> source, Span<byte> destinati
                 byte[] signature = ArrayPool<byte>.Shared.Rent(signatureLength);
                 try
                 {
-                    if (!Interop.Crypto.EcDsaSign(source, source.Length, new Span<byte>(signature, 0, signatureLength), ref signatureLength, key))
+                    if (!Interop.Crypto.EcDsaSign(hash, hash.Length, new Span<byte>(signature, 0, signatureLength), ref signatureLength, key))
                     {
                         throw Interop.Crypto.CreateOpenSslCryptographicException();
                     }
@@ -159,8 +159,8 @@ protected override byte[] HashData(byte[] data, int offset, int count, HashAlgor
             protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) =>
                 AsymmetricAlgorithmHelpers.HashData(data, hashAlgorithm);
 
-            protected override bool TryHashData(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
-                AsymmetricAlgorithmHelpers.TryHashData(source, destination, hashAlgorithm, out bytesWritten);
+            protected override bool TryHashData(ReadOnlySpan<byte> data, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
+                AsymmetricAlgorithmHelpers.TryHashData(data, destination, hashAlgorithm, out bytesWritten);
 
             protected override void Dispose(bool disposing)
             {

src/Common/src/System/Security/Cryptography/RSACng.EncryptDecrypt.cs

@@ -27,12 +27,12 @@ public override unsafe byte[] Decrypt(byte[] data, RSAEncryptionPadding padding)
             EncryptOrDecrypt(data, padding, encrypt: false);
 
         /// <summary>Encrypts data using the public key.</summary>
-        public override bool TryEncrypt(ReadOnlySpan<byte> source, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten) =>
-            TryEncryptOrDecrypt(source, destination, padding, encrypt: true, bytesWritten: out bytesWritten);
+        public override bool TryEncrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten) =>
+            TryEncryptOrDecrypt(data, destination, padding, encrypt: true, bytesWritten: out bytesWritten);
 
         /// <summary>Decrypts data using the private key.</summary>
-        public override bool TryDecrypt(ReadOnlySpan<byte> source, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten) =>
-            TryEncryptOrDecrypt(source, destination, padding, encrypt: false, bytesWritten: out bytesWritten);
+        public override bool TryDecrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten) =>
+            TryEncryptOrDecrypt(data, destination, padding, encrypt: false, bytesWritten: out bytesWritten);
 
         // Conveniently, Encrypt() and Decrypt() are identical save for the actual P/Invoke call to CNG. Thus, both
         // array-based APIs invoke this common helper with the "encrypt" parameter determining whether encryption or decryption is done.
@@ -81,7 +81,7 @@ private unsafe byte[] EncryptOrDecrypt(byte[] data, RSAEncryptionPadding padding
 
         // Conveniently, Encrypt() and Decrypt() are identical save for the actual P/Invoke call to CNG. Thus, both
         // span-based APIs invoke this common helper with the "encrypt" parameter determining whether encryption or decryption is done.
-        private unsafe bool TryEncryptOrDecrypt(ReadOnlySpan<byte> source, Span<byte> destination, RSAEncryptionPadding padding, bool encrypt, out int bytesWritten)
+        private unsafe bool TryEncryptOrDecrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, bool encrypt, out int bytesWritten)
         {
             if (padding == null)
             {
@@ -93,7 +93,7 @@ private unsafe bool TryEncryptOrDecrypt(ReadOnlySpan<byte> source, Span<byte> de
                 switch (padding.Mode)
                 {
                     case RSAEncryptionPaddingMode.Pkcs1:
-                        return TryEncryptOrDecrypt(keyHandle, source, destination, AsymmetricPaddingMode.NCRYPT_PAD_PKCS1_FLAG, null, encrypt, out bytesWritten);
+                        return TryEncryptOrDecrypt(keyHandle, data, destination, AsymmetricPaddingMode.NCRYPT_PAD_PKCS1_FLAG, null, encrypt, out bytesWritten);
 
                     case RSAEncryptionPaddingMode.Oaep:
                         IntPtr namePtr = Marshal.StringToHGlobalUni(padding.OaepHashAlgorithm.Name);
@@ -105,7 +105,7 @@ private unsafe bool TryEncryptOrDecrypt(ReadOnlySpan<byte> source, Span<byte> de
                                 pbLabel = IntPtr.Zero, // It would nice to put randomized data here but RSAEncryptionPadding does not at this point provide support for this.
                                 cbLabel = 0,
                             };
-                            return TryEncryptOrDecrypt(keyHandle, source, destination, AsymmetricPaddingMode.NCRYPT_PAD_OAEP_FLAG, &paddingInfo, encrypt, out bytesWritten);
+                            return TryEncryptOrDecrypt(keyHandle, data, destination, AsymmetricPaddingMode.NCRYPT_PAD_OAEP_FLAG, &paddingInfo, encrypt, out bytesWritten);
                         }
                         finally
                         {

src/Common/src/System/Security/Cryptography/RSACng.SignVerify.cs

@@ -68,7 +68,7 @@ public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RS
             }
         }
 
-        public override unsafe bool TrySignHash(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding, out int bytesWritten)
+        public override unsafe bool TrySignHash(ReadOnlySpan<byte> hash, Span<byte> destination, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding, out int bytesWritten)
         {
             string hashAlgorithmName = hashAlgorithm.Name;
             if (string.IsNullOrEmpty(hashAlgorithmName))
@@ -89,11 +89,11 @@ public override unsafe bool TrySignHash(ReadOnlySpan<byte> source, Span<byte> de
                     {
                         case RSASignaturePaddingMode.Pkcs1:
                             var pkcs1PaddingInfo = new BCRYPT_PKCS1_PADDING_INFO() { pszAlgId = namePtr };
-                            return keyHandle.TrySignHash(source, destination, AsymmetricPaddingMode.NCRYPT_PAD_PKCS1_FLAG, &pkcs1PaddingInfo, out bytesWritten);
+                            return keyHandle.TrySignHash(hash, destination, AsymmetricPaddingMode.NCRYPT_PAD_PKCS1_FLAG, &pkcs1PaddingInfo, out bytesWritten);
 
                         case RSASignaturePaddingMode.Pss:
-                            var pssPaddingInfo = new BCRYPT_PSS_PADDING_INFO() { pszAlgId = namePtr, cbSalt = source.Length };
-                            return keyHandle.TrySignHash(source, destination, AsymmetricPaddingMode.NCRYPT_PAD_PSS_FLAG, &pssPaddingInfo, out bytesWritten);
+                            var pssPaddingInfo = new BCRYPT_PSS_PADDING_INFO() { pszAlgId = namePtr, cbSalt = hash.Length };
+                            return keyHandle.TrySignHash(hash, destination, AsymmetricPaddingMode.NCRYPT_PAD_PSS_FLAG, &pssPaddingInfo, out bytesWritten);
 
                         default:
                             throw new CryptographicException(SR.Cryptography_UnsupportedPaddingMode);

src/Common/src/System/Security/Cryptography/RSACng.cs

@@ -50,8 +50,8 @@ public override KeySizes[] LegalKeySizes
         protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) =>
             CngCommon.HashData(data, offset, count, hashAlgorithm);
 
-        protected override bool TryHashData(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
-            CngCommon.TryHashData(source, destination, hashAlgorithm, out bytesWritten);
+        protected override bool TryHashData(ReadOnlySpan<byte> data, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
+            CngCommon.TryHashData(data, destination, hashAlgorithm, out bytesWritten);
 
         protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) =>
             CngCommon.HashData(data, hashAlgorithm);

src/Common/src/System/Security/Cryptography/RSAOpenSsl.cs

@@ -120,7 +120,7 @@ public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding)
             return plainBytes;
         }
 
-        public override bool TryDecrypt(ReadOnlySpan<byte> source, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten)
+        public override bool TryDecrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten)
         {
             if (padding == null)
             {
@@ -137,7 +137,7 @@ public override bool TryDecrypt(ReadOnlySpan<byte> source, Span<byte> destinatio
                 return false;
             }
 
-            int returnValue = Interop.Crypto.RsaPrivateDecrypt(source.Length, source, destination, key, rsaPadding);
+            int returnValue = Interop.Crypto.RsaPrivateDecrypt(data.Length, data, destination, key, rsaPadding);
             CheckReturn(returnValue);
 
             // If the padding mode is RSA_NO_PADDING then the size of the decrypted block
@@ -174,7 +174,7 @@ public override byte[] Encrypt(byte[] data, RSAEncryptionPadding padding)
             return buf;
         }
 
-        public override bool TryEncrypt(ReadOnlySpan<byte> source, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten)
+        public override bool TryEncrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten)
         {
             if (padding == null)
             {
@@ -191,7 +191,7 @@ public override bool TryEncrypt(ReadOnlySpan<byte> source, Span<byte> destinatio
                 return false;
             }
 
-            int returnValue = Interop.Crypto.RsaPublicEncrypt(source.Length, source, destination, key, rsaPadding);
+            int returnValue = Interop.Crypto.RsaPublicEncrypt(data.Length, data, destination, key, rsaPadding);
             CheckReturn(returnValue);
 
             bytesWritten = returnValue;
@@ -389,8 +389,8 @@ protected override byte[] HashData(byte[] data, int offset, int count, HashAlgor
         protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) =>
             AsymmetricAlgorithmHelpers.HashData(data, hashAlgorithm);
 
-        protected override bool TryHashData(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
-            AsymmetricAlgorithmHelpers.TryHashData(source, destination, hashAlgorithm, out bytesWritten);
+        protected override bool TryHashData(ReadOnlySpan<byte> data, Span<byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) =>
+            AsymmetricAlgorithmHelpers.TryHashData(data, destination, hashAlgorithm, out bytesWritten);
 
         public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
         {
@@ -436,7 +436,7 @@ private byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithmName)
             return signature;
         }
 
-        public override bool TrySignHash(ReadOnlySpan<byte> source, Span<byte> destination, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding, out int bytesWritten)
+        public override bool TrySignHash(ReadOnlySpan<byte> hash, Span<byte> destination, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding, out int bytesWritten)
         {
             if (string.IsNullOrEmpty(hashAlgorithm.Name))
             {
@@ -462,7 +462,7 @@ public override bool TrySignHash(ReadOnlySpan<byte> source, Span<byte> destinati
             }
 
             int signatureSize;
-            if (!Interop.Crypto.RsaSign(algorithmNid, source, source.Length, destination, out signatureSize, rsa))
+            if (!Interop.Crypto.RsaSign(algorithmNid, hash, hash.Length, destination, out signatureSize, rsa))
             {
                 throw Interop.Crypto.CreateOpenSslCryptographicException();
             }