Ejemplo n.º 1
0
 public static void VerifyDefaultKeySize_Cng()
 {
     using (DSA dsa = new DSACng())
     {
         // DSACng detects OS version and selects appropriate default key size
         Assert.Equal(DSAFactory.SupportsFips186_3 ? 2048 : 1024, dsa.KeySize);
     }
 }
Ejemplo n.º 2
0
        static AsymmetricAlgorithm GetAsymmetricAlgorithm(DsaPublicKeyParameters key)
        {
            var parameters = GetDSAParameters(key);

            parameters.Y = key.Y.ToByteArrayUnsigned();

#if NET45 || NET46 || __MOBILE__
            var dsa = new DSACryptoServiceProvider();
#else
            var dsa = new DSACng();
#endif

            dsa.ImportParameters(parameters);

            return(dsa);
        }
Ejemplo n.º 3
0
        public void Test3()
        {
            AesManaged aes4 = new AesManaged
            {
                KeySize   = 128,
                BlockSize = 128,
                Mode      = CipherMode.ECB, // Noncompliant
                Padding   = PaddingMode.PKCS7
            };

            RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider();
            var encryptedData             = RSA1.Encrypt(new byte[50], false); // Noncompliant: OAEP Padding is not used (second parameter set to false)


            var dsa1 = new DSACng();                       // Compliant - default key size is 2048
            var dsa2 = new DSACng(2048);                   // Compliant
            var rsa1 = new RSACryptoServiceProvider(2048); // Compliant
            var rsa2 = new RSACng();                       // Compliant - default key size is 2048
        }
Ejemplo n.º 4
0
        static AsymmetricAlgorithm GetAsymmetricAlgorithm(DsaPrivateKeyParameters key, DsaPublicKeyParameters pub)
        {
            var parameters = GetDSAParameters(key);

            parameters.X = key.X.ToByteArrayUnsigned();

            if (pub != null)
            {
                parameters.Y = pub.Y.ToByteArrayUnsigned();
            }

#if NET45 || NET46 || NETSTANDARD2_0 || __MOBILE__
            var dsa = new DSACryptoServiceProvider();
#else
            var dsa = new DSACng();
#endif

            dsa.ImportParameters(parameters);

            return(dsa);
        }
Ejemplo n.º 5
0
        public ICertificatePal CopyWithPrivateKey(DSA dsa)
        {
            DSACng          dsaCng = dsa as DSACng;
            ICertificatePal clone  = null;

            if (dsaCng != null)
            {
                clone = CopyWithPersistedCngKey(dsaCng.Key);

                if (clone != null)
                {
                    return(clone);
                }
            }

            DSACryptoServiceProvider dsaCsp = dsa as DSACryptoServiceProvider;

            if (dsaCsp != null)
            {
                clone = CopyWithPersistedCapiKey(dsaCsp.CspKeyContainerInfo);

                if (clone != null)
                {
                    return(clone);
                }
            }

            DSAParameters privateParameters = dsa.ExportParameters(true);

            using (PinAndClear.Track(privateParameters.X))
                using (DSACng clonedKey = new DSACng())
                {
                    clonedKey.ImportParameters(privateParameters);

                    return(CopyWithEphemeralKey(clonedKey.Key));
                }
        }
 public void CompliantKeySizeConstructors()
 {
     var dsa1 = new DSACng(3072);
     var dsa2 = new DSAOpenSsl(2048);
 }
Ejemplo n.º 7
0
        public static DSA GetDSAPublicKey(this X509Certificate2 certificate)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException("certificate");
            }

            if (!IsDSA(certificate))
            {
                return(null);
            }

            unsafe
            {
                DSAParameters dp = new DSAParameters();

                SafeLocalAllocHandle dssKeyLocalAlloc = null;
                try
                {
                    byte[] encodedPublicKey = certificate.PublicKey.EncodedKeyValue.RawData;
                    uint   cbDSSKey;
                    if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PUBLICKEY), encodedPublicKey, out dssKeyLocalAlloc, out cbDSSKey))
                    {
                        throw new CryptographicException(Marshal.GetLastWin32Error());
                    }
                    if (cbDSSKey < Marshal.SizeOf(typeof(CapiNative.CRYPTOAPI_BLOB)))
                    {
                        throw new CryptographicException();
                    }

                    CapiNative.CRYPTOAPI_BLOB *pDssKeyBlob = (CapiNative.CRYPTOAPI_BLOB *)(dssKeyLocalAlloc.DangerousGetHandle());
                    dp.Y = ToBigEndianByteArray(*pDssKeyBlob);
                }
                finally
                {
                    if (dssKeyLocalAlloc != null)
                    {
                        dssKeyLocalAlloc.Dispose();
                        dssKeyLocalAlloc = null;
                    }
                }

                SafeLocalAllocHandle dssParametersLocalHandle = null;
                try
                {
                    byte[] encodedKeyAlgorithmParameters = certificate.GetKeyAlgorithmParameters();
                    uint   cbDSSParams;
                    if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PARAMETERS), encodedKeyAlgorithmParameters, out dssParametersLocalHandle, out cbDSSParams))
                    {
                        throw new CryptographicException(Marshal.GetLastWin32Error());
                    }
                    if (cbDSSParams < Marshal.SizeOf(typeof(CapiNative.CERT_DSS_PARAMETERS)))
                    {
                        throw new CryptographicException();
                    }

                    CapiNative.CERT_DSS_PARAMETERS *pDssParameters = (CapiNative.CERT_DSS_PARAMETERS *)(dssParametersLocalHandle.DangerousGetHandle());
                    dp.P = ToBigEndianByteArray(pDssParameters->p);
                    dp.Q = ToBigEndianByteArray(pDssParameters->q);
                    dp.G = ToBigEndianByteArray(pDssParameters->g);
                }
                finally
                {
                    if (dssParametersLocalHandle != null)
                    {
                        dssParametersLocalHandle.Dispose();
                        dssParametersLocalHandle = null;
                    }
                }

                DSACng dsaCng = new DSACng();
                dsaCng.ImportParameters(dp);
                return(dsaCng);
            }
        }
Ejemplo n.º 8
0
        public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certificate, DSA privateKey)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }
            if (privateKey == null)
            {
                throw new ArgumentNullException(nameof(privateKey));
            }

            if (certificate.HasPrivateKey)
            {
                throw new InvalidOperationException(SR.GetString(SR.Cryptography_Cert_AlreadyHasPrivateKey));
            }

            using (DSA publicKey = GetDSAPublicKey(certificate))
            {
                if (publicKey == null)
                {
                    throw new ArgumentException(SR.GetString(SR.Cryptography_PrivateKey_WrongAlgorithm));
                }

                DSAParameters currentParameters = publicKey.ExportParameters(false);
                DSAParameters newParameters     = privateKey.ExportParameters(false);

                if (!currentParameters.G.SequenceEqual(newParameters.G) ||
                    !currentParameters.P.SequenceEqual(newParameters.P) ||
                    !currentParameters.Q.SequenceEqual(newParameters.Q) ||
                    !currentParameters.Y.SequenceEqual(newParameters.Y))
                {
                    throw new ArgumentException(SR.GetString(SR.Cryptography_PrivateKey_DoesNotMatch), nameof(privateKey));
                }
            }

            DSACng           dsaCng  = privateKey as DSACng;
            X509Certificate2 newCert = null;

            if (dsaCng != null)
            {
                newCert = CertificateExtensionsCommon.CopyWithPersistedCngKey(certificate, dsaCng.Key);
            }

            if (newCert == null)
            {
                DSACryptoServiceProvider dsaCsp = privateKey as DSACryptoServiceProvider;

                if (dsaCsp != null)
                {
                    newCert = CertificateExtensionsCommon.CopyWithPersistedCapiKey(certificate, dsaCsp.CspKeyContainerInfo);
                }
            }

            if (newCert == null)
            {
                DSAParameters parameters = privateKey.ExportParameters(true);

                using (PinAndClear.Track(parameters.X))
                    using (dsaCng = new DSACng())
                    {
                        dsaCng.ImportParameters(parameters);

                        newCert = CertificateExtensionsCommon.CopyWithEphemeralCngKey(certificate, dsaCng.Key);
                    }
            }

            Debug.Assert(newCert != null);
            Debug.Assert(!ReferenceEquals(certificate, newCert));
            Debug.Assert(!certificate.HasPrivateKey);
            Debug.Assert(newCert.HasPrivateKey);
            return(newCert);
        }
Ejemplo n.º 9
0
        static AsymmetricCipherKeyPair GetAsymmetricCipherKeyPair(DSACng dsa)
        {
            GetAsymmetricKeyParameters(dsa, false, out var pub, out var key);

            return(new AsymmetricCipherKeyPair(pub, key));
        }
Ejemplo n.º 10
0
        static AsymmetricKeyParameter GetAsymmetricKeyParameter(DSACng dsa)
        {
            GetAsymmetricKeyParameters(dsa, false, out _, out var key);

            return(key);
        }
Ejemplo n.º 11
0
 public DSACngService(CngKey cngKey)
 {
     //Initializes a new instance of the DSACng class with a random 2,048-bit key pair.
     this.dsaService = new DSACng(cngKey);
 }
Ejemplo n.º 12
0
 public DSACngService(int size)
 {
     //Initializes a new instance of the DSACng class with a randomly generated key of the specified size.
     this.dsaService = new DSACng(size);
 }