public void SignaturesAtZeroDoNotVerify_IEEEP1363(CurveDef curveDef)
{
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
byte[] data = new byte[] { 1, 2, 3, 4 };
byte[] signature = ec.SignData(data, HashAlgorithmName.SHA256, DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
// Verify it now.
bool verified = ec.VerifyData(
data,
signature,
HashAlgorithmName.SHA256,
DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
Assert.True(verified, nameof(ec.VerifyData));
// Since the signature is fixed field, create a zero signature just by zeroing it out.
// The important thing is that it is the right length.
Array.Clear(signature);
verified = ec.VerifyData(
data,
signature,
HashAlgorithmName.SHA256,
DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
Assert.False(verified, nameof(ec.VerifyData));
}
}
public void TestChangeFromNamedCurveToKeySize(CurveDef curveDef)
{
if (!curveDef.Curve.IsNamed)
{
return;
}
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
ECParameters param = ec.ExportParameters(false);
// Avoid comparing against same key as in curveDef
if (ec.KeySize != 384 && ec.KeySize != 521)
{
ec.KeySize = 384;
ECParameters param384 = ec.ExportParameters(false);
Assert.NotEqual(param.Curve.Oid.FriendlyName, param384.Curve.Oid.FriendlyName);
Assert.Equal(384, ec.KeySize);
ec.KeySize = 521;
ECParameters param521 = ec.ExportParameters(false);
Assert.NotEqual(param384.Curve.Oid.FriendlyName, param521.Curve.Oid.FriendlyName);
Assert.Equal(521, ec.KeySize);
}
}
}
public static void TestNamedCurvesNegative(CurveDef curveDef)
{
if (!curveDef.Curve.IsNamed)
{
return;
}
// An exception may be thrown during Create() if the Oid is bad, or later during native calls
Assert.Throws <PlatformNotSupportedException>(
() => ECDiffieHellmanFactory.Create(curveDef.Curve).ExportParameters(false));
}
public static void TestKeyPropertyFromNamedCurve(CurveDef curveDef)
{
ECDsaCng e = new ECDsaCng(curveDef.Curve);
CngKey key1 = e.Key;
VerifyKey(key1);
e.Exercise();
CngKey key2 = e.Key;
Assert.Same(key1, key2);
}
public static void TestExplicitCurvesKeyAgree(CurveDef curveDef)
{
if (!ECDiffieHellmanFactory.ExplicitCurvesSupported)
{
return;
}
using (ECDiffieHellman ecdh1Named = ECDiffieHellmanFactory.Create(curveDef.Curve))
{
ECParameters ecdh1ExplicitParameters = ecdh1Named.ExportExplicitParameters(true);
using (ECDiffieHellman ecdh1Explicit = ECDiffieHellmanFactory.Create())
using (ECDiffieHellman ecdh2 = ECDiffieHellmanFactory.Create(ecdh1ExplicitParameters.Curve))
{
ecdh1Explicit.ImportParameters(ecdh1ExplicitParameters);
using (ECDiffieHellmanPublicKey ecdh1NamedPub = ecdh1Named.PublicKey)
using (ECDiffieHellmanPublicKey ecdh1ExplicitPub = ecdh1Explicit.PublicKey)
using (ECDiffieHellmanPublicKey ecdh2Pub = ecdh2.PublicKey)
{
HashAlgorithmName hash = HashAlgorithmName.SHA256;
byte[] ech1Named_ecdh1Named = ecdh1Named.DeriveKeyFromHash(ecdh1NamedPub, hash);
byte[] ech1Named_ecdh1Named2 = ecdh1Named.DeriveKeyFromHash(ecdh1NamedPub, hash);
byte[] ech1Named_ecdh1Explicit = ecdh1Named.DeriveKeyFromHash(ecdh1ExplicitPub, hash);
byte[] ech1Named_ecdh2Explicit = ecdh1Named.DeriveKeyFromHash(ecdh2Pub, hash);
byte[] ecdh1Explicit_ecdh1Named = ecdh1Explicit.DeriveKeyFromHash(ecdh1NamedPub, hash);
byte[] ecdh1Explicit_ecdh1Explicit = ecdh1Explicit.DeriveKeyFromHash(ecdh1ExplicitPub, hash);
byte[] ecdh1Explicit_ecdh1Explicit2 = ecdh1Explicit.DeriveKeyFromHash(ecdh1ExplicitPub, hash);
byte[] ecdh1Explicit_ecdh2Explicit = ecdh1Explicit.DeriveKeyFromHash(ecdh2Pub, hash);
byte[] ecdh2_ecdh1Named = ecdh2.DeriveKeyFromHash(ecdh1NamedPub, hash);
byte[] ecdh2_ecdh1Explicit = ecdh2.DeriveKeyFromHash(ecdh1ExplicitPub, hash);
byte[] ecdh2_ecdh2Explicit = ecdh2.DeriveKeyFromHash(ecdh2Pub, hash);
byte[] ecdh2_ecdh2Explicit2 = ecdh2.DeriveKeyFromHash(ecdh2Pub, hash);
Assert.Equal(ech1Named_ecdh1Named, ech1Named_ecdh1Named2);
Assert.Equal(ech1Named_ecdh1Explicit, ecdh1Explicit_ecdh1Named);
Assert.Equal(ech1Named_ecdh2Explicit, ecdh2_ecdh1Named);
Assert.Equal(ecdh1Explicit_ecdh1Explicit, ecdh1Explicit_ecdh1Explicit2);
Assert.Equal(ecdh1Explicit_ecdh2Explicit, ecdh2_ecdh1Explicit);
Assert.Equal(ecdh2_ecdh2Explicit, ecdh2_ecdh2Explicit2);
}
}
}
}
public void TestRegenKeyNamed(CurveDef curveDef)
{
ECParameters param, param2;
ECDsa ec;
using (ec = ECDsaFactory.Create(curveDef.Curve))
{
param = ec.ExportParameters(true);
Assert.NotNull(param.D);
param.Validate();
ec.GenerateKey(param.Curve);
param2 = ec.ExportParameters(true);
param2.Validate();
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
}
}
public static void TestExplicitCurves(CurveDef curveDef)
{
if (!ECDiffieHellmanFactory.ExplicitCurvesSupported)
{
return;
}
using (ECDiffieHellman ec1 = ECDiffieHellmanFactory.Create(curveDef.Curve))
{
ECParameters param1 = ec1.ExportExplicitParameters(curveDef.IncludePrivate);
VerifyExplicitCurve(param1, ec1, curveDef);
using (ECDiffieHellman ec2 = ECDiffieHellmanFactory.Create())
{
ec2.ImportParameters(param1);
ECParameters param2 = ec2.ExportExplicitParameters(curveDef.IncludePrivate);
VerifyExplicitCurve(param1, ec1, curveDef);
AssertEqual(param1, param2);
}
}
}
public static void TestHashRoundTrip(CurveDef curveDef)
{
// This test is in the cng only tests because OpenSsl does not provide the hash algorithm
using (var cng = new ECDsaCng(curveDef.Curve))
{
ECParameters param = cng.ExportExplicitParameters(false);
// Add some dummy values and import
Assert.True(param.Curve.IsExplicit);
var curve = param.Curve;
curve.Hash = HashAlgorithmName.SHA1;
curve.Seed = new byte[1] {
0xFF
}; // Hash should have a seed
param.Curve = curve;
cng.ImportParameters(param);
// Export to see if the hash is there
ECParameters param2 = cng.ExportExplicitParameters(false);
Assert.Equal(HashAlgorithmName.SHA1.Name.ToUpper(), param2.Curve.Hash.Value.Name.ToUpper());
Assert.Equal(0xFF, param2.Curve.Seed[0]);
}
}
public void SignaturesAtZeroDoNotVerify_DER(CurveDef curveDef)
{
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
byte[] data = new byte[] { 1, 2, 3, 4 };
// ASN.1:
// SEQUENCE {
// INTEGER 0,
// INTEGER 0
// }
byte[] zeroSignature = new byte[]
{
0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00
};
bool verified = ec.VerifyData(
data,
zeroSignature,
HashAlgorithmName.SHA256,
DSASignatureFormat.Rfc3279DerSequence);
Assert.False(verified, nameof(ec.VerifyData));
}
}
private static void VerifyExplicitCurve(ECParameters parameters, ECDiffieHellman ec, CurveDef curveDef)
{
Assert.True(parameters.Curve.IsExplicit);
ECCurve curve = parameters.Curve;
Assert.True(curveDef.IsCurveTypeEqual(curve.CurveType));
Assert.True(
curveDef.IncludePrivate && parameters.D.Length > 0 ||
!curveDef.IncludePrivate && parameters.D == null);
Assert.Equal(curveDef.KeySize, ec.KeySize);
Assert.Equal(curve.A.Length, parameters.Q.X.Length);
Assert.Equal(curve.A.Length, parameters.Q.Y.Length);
Assert.Equal(curve.A.Length, curve.B.Length);
Assert.Equal(curve.A.Length, curve.G.X.Length);
Assert.Equal(curve.A.Length, curve.G.Y.Length);
Assert.True(curve.Seed == null || curve.Seed.Length > 0);
Assert.True(curve.Order == null || curve.Order.Length > 0);
if (curve.IsPrime)
{
Assert.Equal(curve.A.Length, curve.Prime.Length);
}
if (curveDef.IncludePrivate)
{
ec.Exercise();
}
// Ensure the key doesn't get regenerated after export
ECParameters paramSecondExport = ec.ExportExplicitParameters(curveDef.IncludePrivate);
AssertEqual(parameters, paramSecondExport);
}
public void TestRegenKeyExplicit(CurveDef curveDef)
{
ECParameters param, param2;
ECDsa ec, newEc;
using (ec = ECDsaFactory.Create(curveDef.Curve))
{
param = ec.ExportExplicitParameters(true);
Assert.NotNull(param.D);
using (newEc = ECDsaFactory.Create())
{
newEc.ImportParameters(param);
// The curve name is not flowed on explicit export\import (by design) so this exercises logic
// that regenerates based on current curve values
newEc.GenerateKey(param.Curve);
param2 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
// Specify same curve name
newEc.GenerateKey(curveDef.Curve);
Assert.Equal(curveDef.KeySize, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
// Specify different curve than current
if (param.Curve.IsPrime)
{
if (curveDef.Curve.IsNamed &&
curveDef.Curve.Oid.FriendlyName != ECCurve.NamedCurves.nistP256.Oid.FriendlyName)
{
// Specify different curve (nistP256) by explicit value
newEc.GenerateKey(ECCurve.NamedCurves.nistP256);
Assert.Equal(256, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// P,X,Y (and others) should not match
Assert.True(param2.Curve.IsPrime);
Assert.NotEqual(param.Curve.Prime, param2.Curve.Prime);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
// Reset back to original
newEc.GenerateKey(param.Curve);
Assert.Equal(curveDef.KeySize, newEc.KeySize);
ECParameters copyOfParam1 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, copyOfParam1, false);
ComparePublicKey(param.Q, copyOfParam1.Q, false);
CompareCurve(param.Curve, copyOfParam1.Curve);
// Set back to nistP256
newEc.GenerateKey(param2.Curve);
Assert.Equal(256, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// P,X,Y (and others) should not match
Assert.True(param2.Curve.IsPrime);
Assert.NotEqual(param.Curve.Prime, param2.Curve.Prime);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
}
}
else if (param.Curve.IsCharacteristic2)
{
if (curveDef.Curve.Oid.Value != ECDSA_Sect193r1_OID_VALUE)
{
if (ECDsaFactory.IsCurveValid(new Oid(ECDSA_Sect193r1_OID_VALUE)))
{
// Specify different curve by name
newEc.GenerateKey(ECCurve.CreateFromValue(ECDSA_Sect193r1_OID_VALUE));
Assert.Equal(193, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// Polynomial,X,Y (and others) should not match
Assert.True(param2.Curve.IsCharacteristic2);
Assert.NotEqual(param.Curve.Polynomial, param2.Curve.Polynomial);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
}
}
}
}
}
}
public static void TestCreateKeyFromCngAlgorithmNegative(CurveDef curveDef)
{
CngAlgorithm alg = CngAlgorithm.ECDsa;
Assert.ThrowsAny <Exception>(() => CngKey.Create(alg));
}
