public void OneCert_TwentyKeys_NoMatches() { string pw = nameof(OneCert_NoKey_WithLocalKeyId); using (var cert = new X509Certificate2(TestData.MsCertificate)) using (RSA rsa = RSA.Create(TestData.RsaBigExponentParams)) { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents certContents = new Pkcs12SafeContents(); Pkcs12SafeContents keyContents = new Pkcs12SafeContents(); Pkcs12CertBag certBag = certContents.AddCertificate(cert); certBag.Attributes.Add(s_keyIdOne); byte[] keyExport = rsa.ExportEncryptedPkcs8PrivateKey(pw, s_windowsPbe); for (int i = 0; i < 20; i++) { Pkcs12SafeBag keyBag = new Pkcs12ShroudedKeyBag(keyExport, skipCopy: true); keyContents.AddSafeBag(keyBag); // Even with i=1 this won't match, because { 0x01 } != { 0x01, 0x00, 0x00, 0x00 } and // { 0x01 } != { 0x00, 0x00, 0x00, 0x01 } (binary comparison, not "equivalence" comparison). keyBag.Attributes.Add(new Pkcs9LocalKeyId(BitConverter.GetBytes(i))); } AddContents(keyContents, builder, pw, encrypt: false); AddContents(certContents, builder, pw, encrypt: true); builder.SealWithMac(pw, s_digestAlgorithm, MacCount); byte[] pfxBytes = builder.Encode(); ReadPfx(pfxBytes, pw, cert); } }
public static void BuildWithBytesFactoryReadDirect() { using (RSA rsa = RSA.Create()) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); byte[] encryptionKey = new byte[] { 1, 2, 3, 4, 5 }; Pkcs12ShroudedKeyBag keyBag = contents.AddShroudedKey(rsa, encryptionKey, s_pbkdf2Pbe); using (RSA rsa2 = RSA.Create()) { rsa2.ImportEncryptedPkcs8PrivateKey( encryptionKey, keyBag.EncryptedPkcs8PrivateKey.Span, out _); byte[] sig = new byte[rsa.KeySize / 8]; Assert.True(rsa2.TrySignData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1, out int sigLen)); Assert.Equal(sig.Length, sigLen); Assert.True(rsa.VerifyData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1)); } } }
public static void BuildWithCharsFactoryReadDirect() { using (RSA rsa = RSA.Create()) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); Pkcs12ShroudedKeyBag keyBag = contents.AddShroudedKey(rsa, nameof(rsa), s_win7Pbe); using (RSA rsa2 = RSA.Create()) { rsa2.ImportEncryptedPkcs8PrivateKey( (ReadOnlySpan <char>)nameof(rsa), keyBag.EncryptedPkcs8PrivateKey.Span, out _); byte[] sig = new byte[rsa.KeySize / 8]; Assert.True(rsa2.TrySignData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1, out int sigLen)); Assert.Equal(sig.Length, sigLen); Assert.True(rsa.VerifyData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1)); } } }
public static void SkipCopyHonored(bool skipCopy) { Pkcs12ShroudedKeyBag shroudedKeyBag = new Pkcs12ShroudedKeyBag(s_derNull, skipCopy); if (skipCopy) { Assert.True( s_derNull.Span.Overlaps(shroudedKeyBag.EncryptedPkcs8PrivateKey.Span), "Same memory"); } else { Assert.False( s_derNull.Span.Overlaps(shroudedKeyBag.EncryptedPkcs8PrivateKey.Span), "Same memory"); } }
public static void Test1() { var loader = (CertLoaderFromRawData)Certificates.RSAKeyTransferCapi1; ReadOnlyMemory <byte> pfxData = loader.PfxData; Pkcs12Info info = Pkcs12Info.Decode(pfxData, out int bytesConsumed); Assert.Equal(pfxData.Length, bytesConsumed); Assert.Equal(Pkcs12IntegrityMode.Password, info.IntegrityMode); CheckMac(info, loader.Password); ReadOnlyCollection <Pkcs12SafeContents> authSafe = info.AuthenticatedSafe; Assert.Same(authSafe, info.AuthenticatedSafe); Assert.Equal(2, authSafe.Count); Assert.Equal(Pkcs12ConfidentialityMode.None, authSafe[0].ConfidentialityMode); Assert.Equal(Pkcs12ConfidentialityMode.None, authSafe[1].ConfidentialityMode); List <Pkcs12SafeBag> safe0Bags = new List <Pkcs12SafeBag>(authSafe[0].GetBags()); Assert.Equal(1, safe0Bags.Count); Pkcs12ShroudedKeyBag shroudedKeyBag = Assert.IsType <Pkcs12ShroudedKeyBag>(safe0Bags[0]); CryptographicAttributeObjectCollection keyBagAttrs = shroudedKeyBag.Attributes; Assert.Same(keyBagAttrs, shroudedKeyBag.Attributes); Assert.Equal(2, keyBagAttrs.Count); Assert.Equal(Oids.LocalKeyId, keyBagAttrs[0].Oid.Value); Assert.Equal(1, keyBagAttrs[0].Values.Count); Pkcs9LocalKeyId keyKeyId = Assert.IsType <Pkcs9LocalKeyId>(keyBagAttrs[0].Values[0]); Assert.Equal("1.3.6.1.4.1.311.17.1", keyBagAttrs[1].Oid.Value); Assert.Equal(1, keyBagAttrs[1].Values.Count); Pkcs9AttributeObject cspNameAttr = Assert.IsType <Pkcs9AttributeObject>(keyBagAttrs[1].Values[0]); byte[] cspNameBytes = Encoding.BigEndianUnicode.GetBytes("Microsoft Strong Cryptographic Provider"); Assert.Equal( $"1E{cspNameBytes.Length:X2}{cspNameBytes.ByteArrayToHex()}", cspNameAttr.RawData.ByteArrayToHex()); List <Pkcs12SafeBag> safe1Bags = new List <Pkcs12SafeBag>(authSafe[1].GetBags()); Assert.Equal(1, safe0Bags.Count); Assert.IsType <Pkcs12CertBag>(safe1Bags[0]); Pkcs12CertBag certBag = (Pkcs12CertBag)safe1Bags[0]; Assert.True(certBag.IsX509Certificate, "certBag.IsX509Certificate"); Assert.InRange(certBag.EncodedCertificate.Length, loader.CerData.Length + 2, int.MaxValue); CryptographicAttributeObjectCollection certBagAttrs = certBag.Attributes; Assert.Same(certBagAttrs, certBag.Attributes); Assert.Equal(1, certBagAttrs.Count); Assert.Equal(Oids.LocalKeyId, certBagAttrs[0].Oid.Value); Assert.Equal(1, certBagAttrs[0].Values.Count); Pkcs9LocalKeyId certKeyId = Assert.IsType <Pkcs9LocalKeyId>(certBagAttrs[0].Values[0]); Assert.Equal(keyKeyId.KeyId.ByteArrayToHex(), certKeyId.KeyId.ByteArrayToHex()); byte[] data = { 9, 8, 7, 6, 5, 4, 3, 2, 1 }; byte[] encrypted; using (X509Certificate2 fromLoader = loader.GetCertificate()) using (X509Certificate2 fromBag = certBag.GetCertificate()) using (RSA loaderPub = fromLoader.GetRSAPublicKey()) { Assert.Equal(fromLoader.RawData, fromBag.RawData); encrypted = loaderPub.Encrypt(data, RSAEncryptionPadding.OaepSHA1); } int bytesRead; using (RSA rsa = RSA.Create()) { rsa.ImportEncryptedPkcs8PrivateKey( loader.Password, shroudedKeyBag.EncryptedPkcs8PrivateKey.Span, out bytesRead); byte[] dec = rsa.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA1); Assert.Equal(data, dec); } Assert.Equal(shroudedKeyBag.EncryptedPkcs8PrivateKey.Length, bytesRead); }
public static void ReadWithEncryptedContents() { var loader = (CertLoaderFromRawData)Certificates.RSAKeyTransfer_ExplicitSki; ReadOnlyMemory <byte> pfxData = loader.PfxData; Pkcs12Info info = Pkcs12Info.Decode(pfxData, out int bytesConsumed); Assert.Equal(pfxData.Length, bytesConsumed); Assert.Equal(Pkcs12IntegrityMode.Password, info.IntegrityMode); CheckMac(info, loader.Password); ReadOnlyCollection <Pkcs12SafeContents> authSafe = info.AuthenticatedSafe; Assert.Same(authSafe, info.AuthenticatedSafe); Assert.Equal(2, authSafe.Count); Assert.Equal(Pkcs12ConfidentialityMode.Password, authSafe[0].ConfidentialityMode); Assert.Equal(Pkcs12ConfidentialityMode.None, authSafe[1].ConfidentialityMode); Assert.ThrowsAny <CryptographicException>( () => authSafe[0].Decrypt(loader.Password.AsSpan().Slice(1))); Assert.Equal(Pkcs12ConfidentialityMode.Password, authSafe[0].ConfidentialityMode); authSafe[0].Decrypt(loader.Password); Assert.Equal(Pkcs12ConfidentialityMode.None, authSafe[0].ConfidentialityMode); List <Pkcs12SafeBag> safe0Bags = new List <Pkcs12SafeBag>(authSafe[0].GetBags()); Assert.Equal(1, safe0Bags.Count); Pkcs12CertBag certBag = Assert.IsType <Pkcs12CertBag>(safe0Bags[0]); Assert.True(certBag.IsX509Certificate, "certBag.IsX509Certificate"); Assert.InRange(certBag.EncodedCertificate.Length, loader.CerData.Length + 2, int.MaxValue); List <Pkcs12SafeBag> safe1Bags = new List <Pkcs12SafeBag>(authSafe[1].GetBags()); Assert.Equal(1, safe0Bags.Count); Pkcs12ShroudedKeyBag shroudedKeyBag = Assert.IsType <Pkcs12ShroudedKeyBag>(safe1Bags[0]); byte[] data = { 9, 8, 7, 6, 5, 4, 3, 2, 1 }; byte[] encrypted; using (X509Certificate2 fromLoader = loader.GetCertificate()) using (X509Certificate2 fromBag = certBag.GetCertificate()) using (RSA loaderPub = fromLoader.GetRSAPublicKey()) { Assert.Equal(fromLoader.RawData, fromBag.RawData); encrypted = loaderPub.Encrypt(data, RSAEncryptionPadding.OaepSHA1); } int bytesRead; using (RSA rsa = RSA.Create()) { rsa.ImportEncryptedPkcs8PrivateKey( loader.Password, shroudedKeyBag.EncryptedPkcs8PrivateKey.Span, out bytesRead); byte[] dec = rsa.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA1); Assert.Equal(data, dec); } Assert.Equal(shroudedKeyBag.EncryptedPkcs8PrivateKey.Length, bytesRead); }