public void TestChangeFromNamedCurveToKeySize(CurveDef curveDef)
{
if (!curveDef.Curve.IsNamed)
{
return;
}
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
ECParameters param = ec.ExportParameters(false);
// Avoid comparing against same key as in curveDef
if (ec.KeySize != 384 && ec.KeySize != 521)
{
ec.KeySize = 384;
ECParameters param384 = ec.ExportParameters(false);
Assert.NotEqual(param.Curve.Oid.FriendlyName, param384.Curve.Oid.FriendlyName);
Assert.Equal(384, ec.KeySize);
ec.KeySize = 521;
ECParameters param521 = ec.ExportParameters(false);
Assert.NotEqual(param384.Curve.Oid.FriendlyName, param521.Curve.Oid.FriendlyName);
Assert.Equal(521, ec.KeySize);
}
}
}
public void Array_SignData_VerifyData_UsesHashDataAndSignHashAndVerifyHash()
{
using (var ecdsa = new OverrideAbstractECDsa(ECDsaFactory.Create()))
{
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((byte[])null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData(null, 0, 0, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[1], -1, 0, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[1], 2, 0, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[1], 0, -1, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[1], 0, 2, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new byte[1], 0, 1, new HashAlgorithmName(null)));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new byte[1], 0, 1, new HashAlgorithmName("")));
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.VerifyData((byte[])null, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.VerifyData(null, 0, 0, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.VerifyData(new byte[1], -1, 0, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.VerifyData(new byte[1], 2, 0, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.VerifyData(new byte[1], 0, -1, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.VerifyData(new byte[1], 0, 2, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("signature", () => ecdsa.VerifyData(new byte[1], 0, 1, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new byte[1], 0, 1, new byte[1], new HashAlgorithmName(null)));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new byte[1], 0, 1, new byte[1], new HashAlgorithmName("")));
var input = new byte[1024];
Random.Shared.NextBytes(input);
byte[] result = ecdsa.SignData(input, HashAlgorithmName.SHA256);
Assert.NotNull(result);
Assert.NotEmpty(result);
Assert.False(ecdsa.VerifyData(input.AsSpan(1).ToArray(), result, HashAlgorithmName.SHA256));
Assert.True(ecdsa.VerifyData(input, result, HashAlgorithmName.SHA256));
}
}
public void SignaturesAtZeroDoNotVerify_IEEEP1363(CurveDef curveDef)
{
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
byte[] data = new byte[] { 1, 2, 3, 4 };
byte[] signature = ec.SignData(data, HashAlgorithmName.SHA256, DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
// Verify it now.
bool verified = ec.VerifyData(
data,
signature,
HashAlgorithmName.SHA256,
DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
Assert.True(verified, nameof(ec.VerifyData));
// Since the signature is fixed field, create a zero signature just by zeroing it out.
// The important thing is that it is the right length.
Array.Clear(signature);
verified = ec.VerifyData(
data,
signature,
HashAlgorithmName.SHA256,
DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
Assert.False(verified, nameof(ec.VerifyData));
}
}
public void TestNegative256WithRandomKey()
{
using (ECDsa ecdsa = ECDsaFactory.Create(ECCurve.NamedCurves.nistP256))
{
Verify256(ecdsa, false); // will not match because of randomness
}
}
public void BaseProperties_ExpectedValues()
{
using (var ecdsa = new OverrideAbstractECDsa(ECDsaFactory.Create()))
{
Assert.Null(ecdsa.KeyExchangeAlgorithm);
Assert.Equal("ECDsa", ecdsa.SignatureAlgorithm);
}
}
public void TestPositive256WithExplicitParameters()
{
using (ECDsa ecdsa = ECDsaFactory.Create())
{
ecdsa.ImportParameters(EccTestData.GetNistP256ExplicitTestData());
Verify256(ecdsa, true);
}
}
public ECDsaKeyVault ToECDsa()
{
if (PublicCertificate != null)
{
return((ECDsaKeyVault)ECDsaFactory.Create(TokenCredential, KeyIdentifier, PublicCertificate, cryptographyClientOptions));
}
return((ECDsaKeyVault)ECDsaFactory.Create(TokenCredential, KeyIdentifier, Key, cryptographyClientOptions));
}
public static void TestSpecialNistKeys(int keySize, string curveName, CngAlgorithm algorithm)
{
using (ECDsaCng cng = (ECDsaCng)ECDsaFactory.Create(keySize))
{
Assert.Equal(keySize, cng.KeySize);
ECParameters param = cng.ExportParameters(false);
Assert.Equal(curveName, param.Curve.Oid.FriendlyName);
Assert.Equal(algorithm, cng.Key.Algorithm);
}
}
public void PublicKey_CannotSign()
{
using (ECDsa ecdsaPriv = ECDsaFactory.Create())
using (ECDsa ecdsa = ECDsaFactory.Create())
{
ECParameters keyParameters = ecdsaPriv.ExportParameters(false);
ecdsa.ImportParameters(keyParameters);
Assert.ThrowsAny <CryptographicException>(
() => SignData(ecdsa, new byte[] { 1, 2, 3, 4, 5 }, HashAlgorithmName.SHA256));
}
}
public void NotSupportedBaseMethods_Throw()
{
using (var ecdsa = new OverrideAbstractECDsa(ECDsaFactory.Create()))
{
Assert.Throws <NotSupportedException>(() => ecdsa.ExportParameters(false));
Assert.Throws <NotSupportedException>(() => ecdsa.ExportExplicitParameters(false));
Assert.Throws <NotSupportedException>(() => ecdsa.ImportParameters(default(ECParameters)));
Assert.Throws <NotSupportedException>(() => ecdsa.GenerateKey(default(ECCurve)));
Assert.Throws <NotImplementedException>(() => ecdsa.FromXmlString(null));
Assert.Throws <NotImplementedException>(() => ecdsa.ToXmlString(false));
}
}
public void TestRegenKeyNistP256()
{
ECParameters param, param2;
ECDsa ec;
using (ec = ECDsaFactory.Create(256))
{
param = ec.ExportExplicitParameters(true);
Assert.NotNull(param.D);
ec.GenerateKey(param.Curve);
param2 = ec.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
}
}
public void KeySizeProp()
{
using (ECDsa e = ECDsaFactory.Create())
{
e.KeySize = 384;
Assert.Equal(384, e.KeySize);
ECParameters p384 = e.ExportParameters(false);
Assert.True(p384.Curve.IsNamed);
p384.Validate();
e.KeySize = 521;
Assert.Equal(521, e.KeySize);
ECParameters p521 = e.ExportParameters(false);
Assert.True(p521.Curve.IsNamed);
p521.Validate();
// Ensure the key was regenerated
Assert.NotEqual(p384.Curve.Oid.FriendlyName, p521.Curve.Oid.FriendlyName);
}
}
public void Span_TrySignData_VerifyData_UsesTryHashDataAndTrySignHashAndTryVerifyHash()
{
using (var ecdsa = new OverrideAbstractECDsa(ECDsaFactory.Create()))
{
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.TrySignData(new byte[1], new byte[1], new HashAlgorithmName(null), out int bytesWritten));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.TrySignData(new byte[1], new byte[1], new HashAlgorithmName(""), out int bytesWritten));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData((ReadOnlySpan <byte>) new byte[1], new byte[1], new HashAlgorithmName("")));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData((ReadOnlySpan <byte>) new byte[1], new byte[1], new HashAlgorithmName(null)));
var input = new byte[1024];
Random.Shared.NextBytes(input);
byte[] output = new byte[1];
int outputLength;
while (!ecdsa.TrySignData(input, output, HashAlgorithmName.SHA256, out outputLength))
{
output = new byte[output.Length * 2];
}
Assert.False(ecdsa.VerifyData((ReadOnlySpan <byte>)input, new ReadOnlySpan <byte>(output, 0, outputLength - 1), HashAlgorithmName.SHA256));
Assert.True(ecdsa.VerifyData((ReadOnlySpan <byte>)input, new ReadOnlySpan <byte>(output, 0, outputLength), HashAlgorithmName.SHA256));
}
}
public void SignaturesAtZeroDoNotVerify_DER(CurveDef curveDef)
{
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
byte[] data = new byte[] { 1, 2, 3, 4 };
// ASN.1:
// SEQUENCE {
// INTEGER 0,
// INTEGER 0
// }
byte[] zeroSignature = new byte[]
{
0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00
};
bool verified = ec.VerifyData(
data,
zeroSignature,
HashAlgorithmName.SHA256,
DSASignatureFormat.Rfc3279DerSequence);
Assert.False(verified, nameof(ec.VerifyData));
}
}
public void Stream_SignData_VerifyData_UsesHashDataAndSignHashAndVerifyHash()
{
using (var ecdsa = new OverrideAbstractECDsa(ECDsaFactory.Create()))
{
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((Stream)null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new MemoryStream(new byte[1]), new HashAlgorithmName(null)));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new MemoryStream(new byte[1]), new HashAlgorithmName("")));
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.VerifyData((Stream)null, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("signature", () => ecdsa.VerifyData(new MemoryStream(new byte[1]), null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new MemoryStream(new byte[1]), new byte[1], new HashAlgorithmName(null)));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new MemoryStream(new byte[1]), new byte[1], new HashAlgorithmName("")));
var input = new byte[1024];
new Random().NextBytes(input);
byte[] result = ecdsa.SignData(new MemoryStream(input), HashAlgorithmName.SHA256);
Assert.NotNull(result);
Assert.NotEmpty(result);
Assert.False(ecdsa.VerifyData(new MemoryStream(input.AsSpan(1).ToArray()), result, HashAlgorithmName.SHA256));
Assert.True(ecdsa.VerifyData(new MemoryStream(input), result, HashAlgorithmName.SHA256));
}
}
public void TestRegenKeyExplicit(CurveDef curveDef)
{
ECParameters param, param2;
ECDsa ec, newEc;
using (ec = ECDsaFactory.Create(curveDef.Curve))
{
param = ec.ExportExplicitParameters(true);
Assert.NotNull(param.D);
using (newEc = ECDsaFactory.Create())
{
newEc.ImportParameters(param);
// The curve name is not flowed on explicit export\import (by design) so this exercises logic
// that regenerates based on current curve values
newEc.GenerateKey(param.Curve);
param2 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
// Specify same curve name
newEc.GenerateKey(curveDef.Curve);
Assert.Equal(curveDef.KeySize, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
CompareCurve(param.Curve, param2.Curve);
// Specify different curve than current
if (param.Curve.IsPrime)
{
if (curveDef.Curve.IsNamed &&
curveDef.Curve.Oid.FriendlyName != ECCurve.NamedCurves.nistP256.Oid.FriendlyName)
{
// Specify different curve (nistP256) by explicit value
newEc.GenerateKey(ECCurve.NamedCurves.nistP256);
Assert.Equal(256, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// P,X,Y (and others) should not match
Assert.True(param2.Curve.IsPrime);
Assert.NotEqual(param.Curve.Prime, param2.Curve.Prime);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
// Reset back to original
newEc.GenerateKey(param.Curve);
Assert.Equal(curveDef.KeySize, newEc.KeySize);
ECParameters copyOfParam1 = newEc.ExportExplicitParameters(true);
// Only curve should match
ComparePrivateKey(param, copyOfParam1, false);
ComparePublicKey(param.Q, copyOfParam1.Q, false);
CompareCurve(param.Curve, copyOfParam1.Curve);
// Set back to nistP256
newEc.GenerateKey(param2.Curve);
Assert.Equal(256, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// P,X,Y (and others) should not match
Assert.True(param2.Curve.IsPrime);
Assert.NotEqual(param.Curve.Prime, param2.Curve.Prime);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
}
}
else if (param.Curve.IsCharacteristic2)
{
if (curveDef.Curve.Oid.Value != ECDSA_Sect193r1_OID_VALUE)
{
if (ECDsaFactory.IsCurveValid(new Oid(ECDSA_Sect193r1_OID_VALUE)))
{
// Specify different curve by name
newEc.GenerateKey(ECCurve.CreateFromValue(ECDSA_Sect193r1_OID_VALUE));
Assert.Equal(193, newEc.KeySize);
param2 = newEc.ExportExplicitParameters(true);
// Keys should not match
ComparePrivateKey(param, param2, false);
ComparePublicKey(param.Q, param2.Q, false);
// Polynomial,X,Y (and others) should not match
Assert.True(param2.Curve.IsCharacteristic2);
Assert.NotEqual(param.Curve.Polynomial, param2.Curve.Polynomial);
Assert.NotEqual(param.Curve.G.X, param2.Curve.G.X);
Assert.NotEqual(param.Curve.G.Y, param2.Curve.G.Y);
}
}
}
}
}
}
