[API Proposal]: RSA.GetMaxOutputSize

[vcsjones]

Background and motivation

This is a proposal for the discussion in #67059. We have some helpers for {EC}DSA for getting signature sizes. This adds a complementary API for RSA. The method handles a "right" size for encryption and signing, and a "worst case" for decryption.

This is useful if you want to stackalloc or rent a buffer to hold a signature and need to know how much data you need.

Remark:

I considered what this might look like for ECDiffieHellman derived keys. It's a little easier for developers to reason about those sizes from DeriveKeyFrom{Hash,Hmac} without a helper, so I didn't propose anything there.

API Proposal

namespace System.Security.Cryptography {
    public partial class RSA {
        public int GetMaxOutputSize();
    }
}

API Usage

byte[] signatureBuffer = ArrayPool<byte>.Shared.Rent(rsa.GetMaxOutputSize());
int written = rsa.Sign(blah, blah, signatureBuffer);
ReadOnlySpan<byte> signature = signatureBuffer.AsSpan(0, written);

Alternative Designs

Do nothing. Expect that developers know (KeySize + 7) / 8 is correct.

Risks

No response

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Background and motivation

This is a proposal for the discussion in #67059. We have some helpers for {EC}DSA for getting signature sizes. This adds a complementary API for RSA, both for creating signatures and PKCS1/OAEP encryption.

This is useful if you want to stackalloc or rent a buffer to hold a signature and need to know how much data you need.

Remark:

I considered what this might look like for ECDiffieHellman derived keys. It's a little easier for developers to reason about those sizes from DeriveKeyFrom{Hash,Hmac} without a helper, so I didn't propose anything there.

API Proposal

namespace System.Security.Cryptography {
    public partial class RSA {
        public int GetSignatureSize();
        public int GetEncryptedDataSize();
    }
}

API Usage

byte[] signatureBuffer = ArrayPool<byte>.Shared.Rent(rsa.GetSignatureSize());
int written = rsa.Sign(blah, blah, signatureBuffer);
ReadOnlySpan<byte> signature = signatureBuffer.AsSpan(0, written);

Alternative Designs

Do nothing. Expect that developers know (KeySize + 7) / 8 is correct.

Risks

No response

Author:	vcsjones
Assignees:	-
Labels:	api-suggestion, area-System.Security
Milestone:	-

[bartonjs]

Those two things are the same value, so it's unfortunate that they're two different methods. What about GetMaxOutputSize()? It's "how much will be written" for sign and encrypt, and the upper bound for decrypt (yeah, since we only allow for padded RSA the answer for decrypt is always at least 11 bytes less than that, but it's still an "if you're this big, you're safe...")

[vcsjones]

It's "how much will be written" for sign and encrypt, and the upper bound for decrypt (yeah, since we only allow for padded RSA the answer for decrypt is always at least 11 bytes less than that, but it's still an "if you're this big, you're safe...")

I was wrestling with that and was trying to achieve similar naming as we had for {EC}DSA. I'm not sure "Output" is the right thing there. Output of what? ExportRSAPrivateKey? ToXmlString?

I agree the single method is probably "better" but haven't found a way that I was super comfortable with.

[terrajobst]

Video

Looks good as proposed.

namespace System.Security.Cryptography;

public partial class RSA
{
    public int GetMaxOutputSize();
}