/// <summary>
/// Returns the string to pass to the platform APIs for a given algorithm.
/// </summary>
/// <param name="algorithm">The algorithm desired.</param>
/// <returns>The platform-specific string to pass to OpenAlgorithm.</returns>
private static string GetAlgorithmName(KeyDerivationAlgorithm algorithm)
{
switch (algorithm)
{
case KeyDerivationAlgorithm.Pbkdf2Md5:
return(Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Md5);
case KeyDerivationAlgorithm.Pbkdf2Sha1:
return(Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha1);
case KeyDerivationAlgorithm.Pbkdf2Sha256:
return(Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha256);
case KeyDerivationAlgorithm.Pbkdf2Sha384:
return(Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha384);
case KeyDerivationAlgorithm.Pbkdf2Sha512:
return(Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha512);
case KeyDerivationAlgorithm.Sp800108CtrHmacMd5:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacMd5);
case KeyDerivationAlgorithm.Sp800108CtrHmacSha1:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha1);
case KeyDerivationAlgorithm.Sp800108CtrHmacSha256:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha256);
case KeyDerivationAlgorithm.Sp800108CtrHmacSha384:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha384);
case KeyDerivationAlgorithm.Sp800108CtrHmacSha512:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha512);
case KeyDerivationAlgorithm.Sp80056aConcatMd5:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatMd5);
case KeyDerivationAlgorithm.Sp80056aConcatSha1:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha1);
case KeyDerivationAlgorithm.Sp80056aConcatSha256:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha256);
case KeyDerivationAlgorithm.Sp80056aConcatSha384:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha384);
case KeyDerivationAlgorithm.Sp80056aConcatSha512:
return(Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha512);
default:
throw new NotSupportedException();
}
}
public static void DeriveBytesWithUnusedSalt(KeyDerivationAlgorithm a)
{
if (!a.SupportsSalt)
{
var x = KeyAgreementAlgorithm.X25519;
using (var k = new Key(x))
using (var s = x.Agree(k, k.PublicKey))
{
Assert.Throws <ArgumentException>("salt", () => a.DeriveBytes(s, new byte[1], ReadOnlySpan <byte> .Empty, 0));
}
}
}
public void KeyDerivation_Pbkdf2(KeyDerivationAlgorithm algorithmName)
{
IKeyDerivationAlgorithmProvider?provider = WinRTCrypto.KeyDerivationAlgorithmProvider.OpenAlgorithm(algorithmName);
ICryptographicKey?originalKey = provider.CreateKey(Encoding.UTF8.GetBytes("my secret"));
var salt = WinRTCrypto.CryptographicBuffer.GenerateRandom(32);
const int iterationCount = 2;
IKeyDerivationParameters?parameters = WinRTCrypto.KeyDerivationParameters.BuildForPbkdf2(salt, iterationCount);
const int desiredKeySize = 8;
byte[] derivedKey = WinRTCrypto.CryptographicEngine.DeriveKeyMaterial(originalKey, parameters, desiredKeySize);
Assert.Equal(desiredKeySize, derivedKey.Length);
this.logger.WriteLine("Derived key: {0}", Convert.ToBase64String(derivedKey));
}
public static void DeriveBytesWithSpanTooLarge(KeyDerivationAlgorithm a)
{
var x = KeyAgreementAlgorithm.X25519;
if (a.MaxCount == int.MaxValue)
{
return;
}
using (var k = new Key(x))
using (var s = x.Agree(k, k.PublicKey))
{
Assert.Throws <ArgumentException>("bytes", () => a.DeriveBytes(s, ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, new byte[a.MaxCount + 1]));
}
}
public static void DeriveBytesWithSaltOverlapping(KeyDerivationAlgorithm a)
{
var x = KeyAgreementAlgorithm.X25519;
if (!a.SupportsSalt)
{
return;
}
using (var k = new Key(x))
using (var s = x.Agree(k, k.PublicKey))
{
var b = new byte[200];
Assert.Throws <ArgumentException>("bytes", () => a.DeriveBytes(s, b.AsSpan(10, 100), ReadOnlySpan <byte> .Empty, b.AsSpan(60, 100)));
Assert.Throws <ArgumentException>("bytes", () => a.DeriveBytes(s, b.AsSpan(60, 100), ReadOnlySpan <byte> .Empty, b.AsSpan(10, 100)));
}
}
/// <summary>
/// Returns the string to pass to the platform APIs for a given algorithm.
/// </summary>
/// <param name="algorithm">The algorithm desired.</param>
/// <returns>The platform-specific string to pass to OpenAlgorithm.</returns>
private static string GetAlgorithmName(KeyDerivationAlgorithm algorithm)
{
switch (algorithm)
{
case KeyDerivationAlgorithm.Pbkdf2Md5:
return Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Md5;
case KeyDerivationAlgorithm.Pbkdf2Sha1:
return Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha1;
case KeyDerivationAlgorithm.Pbkdf2Sha256:
return Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha256;
case KeyDerivationAlgorithm.Pbkdf2Sha384:
return Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha384;
case KeyDerivationAlgorithm.Pbkdf2Sha512:
return Platform.Core.KeyDerivationAlgorithmNames.Pbkdf2Sha512;
case KeyDerivationAlgorithm.Sp800108CtrHmacMd5:
return Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacMd5;
case KeyDerivationAlgorithm.Sp800108CtrHmacSha1:
return Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha1;
case KeyDerivationAlgorithm.Sp800108CtrHmacSha256:
return Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha256;
case KeyDerivationAlgorithm.Sp800108CtrHmacSha384:
return Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha384;
case KeyDerivationAlgorithm.Sp800108CtrHmacSha512:
return Platform.Core.KeyDerivationAlgorithmNames.Sp800108CtrHmacSha512;
case KeyDerivationAlgorithm.Sp80056aConcatMd5:
return Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatMd5;
case KeyDerivationAlgorithm.Sp80056aConcatSha1:
return Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha1;
case KeyDerivationAlgorithm.Sp80056aConcatSha256:
return Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha256;
case KeyDerivationAlgorithm.Sp80056aConcatSha384:
return Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha384;
case KeyDerivationAlgorithm.Sp80056aConcatSha512:
return Platform.Core.KeyDerivationAlgorithmNames.Sp80056aConcatSha512;
default:
throw new NotSupportedException();
}
}
public void CreateKey(KeyDerivationAlgorithm algorithmName, string result)
{
this.logger.WriteLine("Testing algorithm: {0}", algorithmName);
IKeyDerivationAlgorithmProvider?algorithm = WinRTCrypto.KeyDerivationAlgorithmProvider.OpenAlgorithm(algorithmName);
ICryptographicKey key = algorithm.CreateKey(this.originalKey);
Assert.NotNull(key);
Assert.Equal(this.originalKey.Length * 8, key.KeySize);
IKeyDerivationParameters parameters = WinRTCrypto.KeyDerivationParameters.BuildForPbkdf2(this.salt, this.iterations);
Assert.Equal(this.iterations, parameters.IterationCount);
CollectionAssertEx.AreEqual(this.salt, parameters.KdfGenericBinary);
try
{
byte[] keyMaterial = WinRTCrypto.CryptographicEngine.DeriveKeyMaterial(key, parameters, 20);
Assert.Equal(result, Convert.ToBase64String(keyMaterial));
}
catch (NotSupportedException)
{
this.logger.WriteLine(" - Not supported on this platform");
}
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyDerivationAlgorithmProvider"/> class.
/// </summary>
/// <param name="algorithm">The algorithm.</param>
internal KeyDerivationAlgorithmProvider(KeyDerivationAlgorithm algorithm)
{
this.algorithm = algorithm;
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyDerivationAlgorithmProvider"/> class.
/// </summary>
/// <param name="algorithm">The algorithm.</param>
internal KeyDerivationAlgorithmProvider(KeyDerivationAlgorithm algorithm)
{
this.algorithm = algorithm;
}
/// <inheritdoc />
public IKeyDerivationAlgorithmProvider OpenAlgorithm(KeyDerivationAlgorithm algorithm)
{
return new KeyDerivationAlgorithmProvider(algorithm);
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyDerivationCryptographicKey"/> class.
/// </summary>
/// <param name="algorithm">The algorithm to use when deriving a cryptographic key.</param>
/// <param name="key">The key.</param>
internal KeyDerivationCryptographicKey(KeyDerivationAlgorithm algorithm, byte[] key)
{
Requires.NotNull(key, "key");
this.algorithm = algorithm;
this.key = key;
}
