AArnott · AArnott · Mar 17, 2016 · Mar 14, 2016 · Mar 14, 2016
diff --git a/src/PCLCrypto.Shared.Formatters/Formatters/BCryptRsaKeyFormatter.cs b/src/PCLCrypto.Shared.Formatters/Formatters/BCryptRsaKeyFormatter.cs
@@ -91,21 +91,21 @@ protected override unsafe RSAParameters ReadCore(Stream stream)
             }
 
             VerifyFormat(this.keyType == header.Magic, "Unexpected key blob type.");
-            parameters.Exponent = TrimLeadingZero(reader.ReadBytes(header.cbPublicExp));
-            parameters.Modulus = TrimLeadingZero(reader.ReadBytes(header.cbModulus));
+            parameters.Exponent = reader.ReadBytes(header.cbPublicExp);
+            parameters.Modulus = reader.ReadBytes(header.cbModulus);
 
             if (header.Magic != BCRYPT_RSAKEY_BLOB.MagicNumber.BCRYPT_RSAPUBLIC_MAGIC)
             {
-                parameters.P = TrimLeadingZero(reader.ReadBytes(header.cbPrime1));
-                parameters.Q = TrimLeadingZero(reader.ReadBytes(header.cbPrime2));
+                parameters.P = reader.ReadBytes(header.cbPrime1);
+                parameters.Q = reader.ReadBytes(header.cbPrime2);
 
                 if (header.Magic != BCRYPT_RSAKEY_BLOB.MagicNumber.BCRYPT_RSAPRIVATE_MAGIC)
                 {
                     VerifyFormat(header.Magic == BCRYPT_RSAKEY_BLOB.MagicNumber.BCRYPT_RSAFULLPRIVATE_MAGIC);
-                    parameters.DP = TrimLeadingZero(reader.ReadBytes(header.cbPrime1));
-                    parameters.DQ = TrimLeadingZero(reader.ReadBytes(header.cbPrime2));
-                    parameters.InverseQ = TrimLeadingZero(reader.ReadBytes(header.cbPrime1));
-                    parameters.D = TrimLeadingZero(reader.ReadBytes(header.cbModulus));
+                    parameters.DP = reader.ReadBytes(header.cbPrime1);
+                    parameters.DQ = reader.ReadBytes(header.cbPrime2);
+                    parameters.InverseQ = reader.ReadBytes(header.cbPrime1);
+                    parameters.D = reader.ReadBytes(header.cbModulus);
                 }
             }
 

diff --git a/src/PCLCrypto.Shared.Formatters/Formatters/CapiKeyFormatter.cs b/src/PCLCrypto.Shared.Formatters/Formatters/CapiKeyFormatter.cs
@@ -138,7 +138,7 @@ protected override RSAParameters ReadCore(Stream stream)
             int bitlen = reader.ReadInt32();
             int bytelen = bitlen / 8;
 
-            parameters.Exponent = TrimLeadingZero(ReadReversed(reader, 4));
+            parameters.Exponent = ReadReversed(reader, 4);
             parameters.Modulus = ReadReversed(reader, bytelen);
 
             if (hasPrivateKey)

diff --git a/src/PCLCrypto.Shared.Formatters/Formatters/KeyFormatter.cs b/src/PCLCrypto.Shared.Formatters/Formatters/KeyFormatter.cs
@@ -172,7 +172,7 @@ internal byte[] Write(RSAParameters parameters, bool includePrivateKey)
         internal RSAParameters Read(Stream stream)
         {
             var parameters = this.ReadCore(stream);
-            return parameters;
+            return TrimLeadingZeros(parameters);
         }
 
         /// <summary>
@@ -346,6 +346,26 @@ protected static byte[] TrimLeadingZero(byte[] buffer)
             return buffer;
         }
 
+        /// <summary>
+        /// Trim all leading zeros from an <see cref="RSAParameters"/> struct.
+        /// </summary>
+        /// <param name="parameters">The struct from which to remove parameters.</param>
+        /// <returns>The trimmed version of the struct.</returns>
+        protected static RSAParameters TrimLeadingZeros(RSAParameters parameters)
+        {
+            return new RSAParameters
+            {
+                Modulus = TrimLeadingZero(parameters.Modulus),
+                Exponent = TrimLeadingZero(parameters.Exponent),
+                D = TrimLeadingZero(parameters.D),
+                P = TrimLeadingZero(parameters.P),
+                DP = TrimLeadingZero(parameters.DP),
+                Q = TrimLeadingZero(parameters.Q),
+                DQ = TrimLeadingZero(parameters.DQ),
+                InverseQ = TrimLeadingZero(parameters.InverseQ),
+            };
+        }
+
         /// <summary>
         /// Trims up to one leading byte from the start of a buffer if that byte is a 0x00
         /// without modifying the original buffer.

diff --git a/src/PCLCrypto.Shared.Formatters/Formatters/Pkcs1KeyFormatter.cs b/src/PCLCrypto.Shared.Formatters/Formatters/Pkcs1KeyFormatter.cs
@@ -49,21 +49,21 @@ protected override RSAParameters ReadCore(Stream stream)
                 case 2:
                     return new RSAParameters
                     {
-                        Modulus = TrimLeadingZero(sequence[0].Content),
-                        Exponent = TrimLeadingZero(sequence[1].Content),
+                        Modulus = sequence[0].Content,
+                        Exponent = sequence[1].Content,
                     };
                 case 9:
                     KeyFormatter.VerifyFormat(sequence[0].Content.Length == 1 && sequence[0].Content[0] == 0, "Unsupported version.");
                     return new RSAParameters
                     {
-                        Modulus = TrimLeadingZero(sequence[1].Content),
-                        Exponent = TrimLeadingZero(sequence[2].Content),
-                        D = TrimLeadingZero(sequence[3].Content),
-                        P = TrimLeadingZero(sequence[4].Content),
-                        Q = TrimLeadingZero(sequence[5].Content),
-                        DP = TrimLeadingZero(sequence[6].Content),
-                        DQ = TrimLeadingZero(sequence[7].Content),
-                        InverseQ = TrimLeadingZero(sequence[8].Content),
+                        Modulus = sequence[1].Content,
+                        Exponent = sequence[2].Content,
+                        D = sequence[3].Content,
+                        P = sequence[4].Content,
+                        Q = sequence[5].Content,
+                        DP = sequence[6].Content,
+                        DQ = sequence[7].Content,
+                        InverseQ = sequence[8].Content,
                     };
                 default:
                     throw KeyFormatter.FailFormat();

diff --git a/src/PCLCrypto.Tests.Shared/KeyFormatterTests.cs b/src/PCLCrypto.Tests.Shared/KeyFormatterTests.cs
@@ -41,30 +41,76 @@ public KeyFormatterTests(ITestOutputHelper logger)
         }
 
         [SkippableTheory(typeof(NotSupportedException)), CombinatorialData]
-        public void KeyFormatters_PrivateKeyRoundTrip(CryptographicPrivateKeyBlobType format)
+        public void KeyFormatters_PrivateKeyRoundTrip_Random(CryptographicPrivateKeyBlobType format)
+        {
+            this.KeyFormatters_PrivateKeyRoundTrip(rsaParameters.Value, format);
+        }
+
+        [SkippableTheory(typeof(NotSupportedException)), CombinatorialData]
+        public void KeyFormatters_PrivateKeyRoundTrip_ShortD(CryptographicPrivateKeyBlobType format)
+        {
+            this.KeyFormatters_PrivateKeyRoundTrip(CreateRSAParametersWithShortD(), format);
+        }
+
+        [Theory, CombinatorialData]
+        public void KeyFormatters_PublicKeyRoundTrip(CryptographicPublicKeyBlobType format)
+        {
+            var formatter = KeyFormatter.GetFormatter(format);
+            byte[] custom = formatter.Write(rsaParameters.Value, includePrivateKey: false);
+            var rsaParametersRead = formatter.Read(custom);
+
+            Assert.Equal<byte>(rsaParameters.Value.Exponent, rsaParametersRead.Exponent);
+            Assert.Equal<byte>(rsaParameters.Value.Modulus, rsaParametersRead.Modulus);
+
+            Assert.Null(rsaParametersRead.D);
+            Assert.Null(rsaParametersRead.P);
+            Assert.Null(rsaParametersRead.Q);
+            Assert.Null(rsaParametersRead.DP);
+            Assert.Null(rsaParametersRead.DQ);
+            Assert.Null(rsaParametersRead.InverseQ);
+        }
+
+        private static RSAParameters CreateRSAParametersWithShortD()
+        {
+            // This valid RSA key has a value for D with fewer significant bits than the Modulus,
+            // such that it can be expressed in 63 bytes instead of 64.
+            return new RSAParameters
+            {
+                Modulus = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("a4d5f49f3298500af851b031d27754fd63b8df7f37508b2bea15794ae706abc4cc790d5c8f4bac7ac46ac770b53830a28e97fd3bd9d2afdd18b8db9266965413"),
+                Exponent = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("010001"),
+                P = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("e6505d775acbc8077462f0cdbe22a59fc6c75758a9a097211bc4e071c963e415"),
+                D = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("6b87270cb2f4a9427ebacb35b516235b28b271198bfbfecda6e65b39817bd8907b0e7051b74ddb728f1f29220cef00095d63c224d5a148e14e15a9cb4c6849"),
+                Q = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("b73823d2929601f4f95050e17de1587841cbdc4152444f2352d9f83f54d71987"),
+                DP = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("200f81e352855994081499d6da27f28c5a5c77814523b0c6101a88efee0bf4bd"),
+                DQ = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("1471d6457c07f325f3e00b766e068449bf05d1891475fce2b32f116d77b91ce7"),
+                InverseQ = WinRTCrypto.CryptographicBuffer.DecodeFromHexString("c7e4c27f6596dec9f8d18eb3ccead992ca2ad7241a4abffdecaa5ad5bf965895"),
+            };
+        }
+
+        private void KeyFormatters_PrivateKeyRoundTrip(RSAParameters initialValue, CryptographicPrivateKeyBlobType format)
         {
             this.logger.WriteLine("Generated RSA parameters:");
-            this.LogRSAParameters(rsaParameters.Value, "  ");
+            this.LogRSAParameters(initialValue, "  ");
 
             var formatter = KeyFormatter.GetFormatter(format);
-            byte[] custom = formatter.Write(rsaParameters.Value);
+            byte[] custom = formatter.Write(initialValue);
             var rsaParametersRead = formatter.Read(custom);
 
             this.logger.WriteLine("Read RSA parameters:");
             this.LogRSAParameters(rsaParametersRead, "  ");
 
-            Assert.Equal<byte>(rsaParameters.Value.Exponent, rsaParametersRead.Exponent);
-            Assert.Equal<byte>(rsaParameters.Value.Modulus, rsaParametersRead.Modulus);
+            Assert.Equal<byte>(initialValue.Exponent, rsaParametersRead.Exponent);
+            Assert.Equal<byte>(initialValue.Modulus, rsaParametersRead.Modulus);
 
-            Assert.Equal<byte>(rsaParameters.Value.P, rsaParametersRead.P);
-            Assert.Equal<byte>(rsaParameters.Value.Q, rsaParametersRead.Q);
+            Assert.Equal<byte>(initialValue.P, rsaParametersRead.P);
+            Assert.Equal<byte>(initialValue.Q, rsaParametersRead.Q);
 
             if (format != CryptographicPrivateKeyBlobType.BCryptPrivateKey)
             {
-                Assert.Equal<byte>(rsaParameters.Value.D, rsaParametersRead.D);
-                Assert.Equal<byte>(rsaParameters.Value.DP, rsaParametersRead.DP);
-                Assert.Equal<byte>(rsaParameters.Value.DQ, rsaParametersRead.DQ);
-                Assert.Equal<byte>(rsaParameters.Value.InverseQ, rsaParametersRead.InverseQ);
+                Assert.Equal<byte>(initialValue.D, rsaParametersRead.D);
+                Assert.Equal<byte>(initialValue.DP, rsaParametersRead.DP);
+                Assert.Equal<byte>(initialValue.DQ, rsaParametersRead.DQ);
+                Assert.Equal<byte>(initialValue.InverseQ, rsaParametersRead.InverseQ);
             }
             else
             {
@@ -76,24 +122,6 @@ public void KeyFormatters_PrivateKeyRoundTrip(CryptographicPrivateKeyBlobType fo
             }
         }
 
-        [Theory, CombinatorialData]
-        public void KeyFormatters_PublicKeyRoundTrip(CryptographicPublicKeyBlobType format)
-        {
-            var formatter = KeyFormatter.GetFormatter(format);
-            byte[] custom = formatter.Write(rsaParameters.Value, includePrivateKey: false);
-            var rsaParametersRead = formatter.Read(custom);
-
-            Assert.Equal<byte>(rsaParameters.Value.Exponent, rsaParametersRead.Exponent);
-            Assert.Equal<byte>(rsaParameters.Value.Modulus, rsaParametersRead.Modulus);
-
-            Assert.Null(rsaParametersRead.D);
-            Assert.Null(rsaParametersRead.P);
-            Assert.Null(rsaParametersRead.Q);
-            Assert.Null(rsaParametersRead.DP);
-            Assert.Null(rsaParametersRead.DQ);
-            Assert.Null(rsaParametersRead.InverseQ);
-        }
-
         private void LogRSAParameters(RSAParameters parameters, string indent = "")
         {
             Action<string> logValue = name =>