[Mono-dev] RSA and ECDH

Brandon Perry bperry.volatile at gmail.com
Sun Feb 16 18:22:58 UTC 2014 

On 02/16/2014 11:33 AM, Edward Ned Harvey (mono) wrote:
> Ideally, yeah, but realistically, behavior will deviate.  (See my other question, about the non-existence of ECDiffieHellman.  Existence vs Non-existence is a pretty big deviation.)   ;-)  The important thing is that the API remain functionally equivalent.

But they aren't functionally equivalent, the ctors do not function
equivalently. It is only syntactically equivalent. This is, arguably, a bug.

>   Not long ago, I discovered that PKCS12.GetBytes() in MS behaves fine with a blank password, while mono fails on blank password.  And the hash algorithm is basically restricted to SHA1, as deviation from SHA1 causes mono to fail a lot.  Which is fine, but the point is, deviations do exist.  Some more dramatic than others.

Yep, agreed. I have found deviations as well. Doesn't mean they should
exist. Especially if the reason is to make unit tests perform faster, as
the below comment suggests was a main reason. You are no longer testing
the same functionality as you would be if that unit test were running on
.NET.

>
> This particular difference, generating key in constructor versus only when necessary, as far as I'm concerned, is not a bug, and not an issue.  Because the API remains the same.  On the other hand, the non-existent ECDiffieHellman is a significant missing feature, and the non-acceptance of blank password is a legitimate bug that nobody cares about.   ;-)    (Not even me)
>
> In RSACryptoServiceProvider.cs constructor, there is this comment:
>
> // Here it's not clear if we need to generate a keypair
> // (note: MS implementation generates a keypair in this case).
> // However we:
> // (a) often use this constructor to import an existing keypair.
> // (b) take a LOT of time to generate the RSA keypair
> // So we'll generate the keypair only when (and if) it's being
> // used (or exported). This should save us a lot of time (at 
> // least in the unit tests).
>

According to this, behaviour deviation is not desired.
http://www.mono-project.com/FAQ:_Technical#Compatibility


However, this is a large deviation from your original question of speed
(pun intended). It may be related though.

More information about the Mono-devel-list mailing list