public void EcdsaPlatformTest()
{
using (var store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
Pkcs11X509Certificate cert = Helpers.GetCertificate(store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserEcdsaLabel);
ECDsa p11PrivKey = cert.GetECDsaPrivateKey();
Assert.IsNotNull(p11PrivKey);
ECDsa p11PubKey = cert.GetECDsaPublicKey();
Assert.IsNotNull(p11PubKey);
ECDsa cngKey = CryptoObjects.GetTestUserPlatformEcdsaProvider();
Assert.IsNotNull(cngKey);
foreach (HashAlgorithmName hashAlgName in _hashNames)
{
byte[] hash1 = Helpers.ComputeHash(_data1, hashAlgName);
byte[] hash2 = Helpers.ComputeHash(_data2, hashAlgName);
byte[] p11Signature = p11PrivKey.SignHash(hash1);
Assert.IsNotNull(p11Signature);
bool result1 = cngKey.VerifyHash(hash1, p11Signature);
Assert.IsTrue(result1);
bool result2 = cngKey.VerifyHash(hash2, p11Signature);
Assert.IsFalse(result2);
byte[] cngSignature = cngKey.SignHash(hash1);
Assert.IsNotNull(cngSignature);
bool result3 = p11PubKey.VerifyHash(hash1, cngSignature);
Assert.IsTrue(result3);
bool result4 = p11PubKey.VerifyHash(hash2, cngSignature);
Assert.IsFalse(result4);
}
}
}
public void BasicEcdsaCertificateRequestTest()
{
// Load PKCS#11 based store
using (var pkcs11Store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
// Find signing certificate (CA certificate)
Pkcs11X509Certificate pkcs11CertOfCertificateAuthority = Helpers.GetCertificate(pkcs11Store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserEcdsaLabel);
// Generate new key pair for end entity
ECDsa ecKeyPairOfEndEntity = ECDsa.Create(ECCurve.NamedCurves.nistP256);
// Define certificate request
CertificateRequest certificateRequest = new CertificateRequest(
new X500DistinguishedName("C=SK,L=Bratislava,CN=BasicEcdsaCertificateRequestTest"),
ecKeyPairOfEndEntity,
HashAlgorithmName.SHA256);
// Define certificate extensions
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
certificateRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, false));
// Issue X.509 certificate for end entity
X509Certificate2 certificateOfEndEntity = certificateRequest.Create(
pkcs11CertOfCertificateAuthority.Info.ParsedCertificate.SubjectName,
X509SignatureGenerator.CreateForECDsa(pkcs11CertOfCertificateAuthority.GetECDsaPrivateKey()),
DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddDays(365),
new BigInteger(1).ToByteArray());
// Verify signature on X.509 certificate for end entity
Assert.IsTrue(CaCertSignedEndEntityCert(pkcs11CertOfCertificateAuthority.Info.ParsedCertificate.RawData, certificateOfEndEntity.RawData));
// Asociate end entity certificate with its private key
certificateOfEndEntity = certificateOfEndEntity.CopyWithPrivateKey(ecKeyPairOfEndEntity);
// Export end entity certificate to PKCS#12 file
string basePath = Helpers.GetBasePath();
string pkcs12FilePath = Path.Combine(basePath, "BasicEcdsaCertificateRequestTest.p12");
File.WriteAllBytes(pkcs12FilePath, certificateOfEndEntity.Export(X509ContentType.Pkcs12, "password"));
}
}