public virtual IAsymmetricKey EncryptPrivateKey(IAsymmetricKey key, string password, EncryptionType encryptionType)
{
if (key.IsEncrypted)
{
throw new InvalidOperationException("Key is already encrypted");
}
if (encryptionType == EncryptionType.None)
{
throw new InvalidOperationException("Key encryption type must be specified.");
}
var saltLength = configuration.Get <int>("SaltLengthInBytes");
byte[] salt = secureRandomGenerator.NextBytes(saltLength);
var iterationCount = configuration.Get <int>("KeyDerivationIterationCount");
byte[] privateKeyContent;
if (encryptionType == EncryptionType.Pkcs)
{
privateKeyContent = pkcsEncryptionGenerator.Encrypt(password, salt, iterationCount, key.Content);
}
else
{
privateKeyContent = aesEncryptionGenerator.Encrypt(password, salt, iterationCount, key.Content);
}
return(keyProvider.GetEncryptedPrivateKey(privateKeyContent));
}
public void GenerateRandom(int amount, int randomLenght)
{
var results = new List <byte[]>();
for (var i = 0; i < amount; i++)
{
var result = randomGenerator.NextBytes(randomLenght);
results.Add(result);
}
CollectionAssert.AllItemsAreUnique(results);
}
public void ShouldReturnValidKey()
{
var algorithmMapper = new SignatureAlgorithmIdentifierMapper();
var secureRandom = new SecureRandomGenerator();
var signatureProvider = new SignatureProvider(algorithmMapper, secureRandom, new SignerUtilitiesWrapper());
byte[] data = secureRandom.NextBytes(100);
IAsymmetricKey result = keyProvider.GetPrivateKey(rsaKeyPair.PrivateKey.Content);
Signature signature = signatureProvider.CreateSignature(result, data);
Assert.IsTrue(signatureProvider.VerifySignature(rsaKeyPair.PublicKey, signature));
}
public void SetupSignatureProviderTest()
{
algorithmIdentifierMapper = new SignatureAlgorithmIdentifierMapper();
secureRandomGenerator = new SecureRandomGenerator();
signatureProvider = new SignatureProvider(algorithmIdentifierMapper, secureRandomGenerator, new SignerUtilitiesWrapper());
content = secureRandomGenerator.NextBytes(2000);
keys = new Dictionary <CipherType, IAsymmetricKeyPair>();
var rsaGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator);
var rsaKeyProvider = new RsaKeyProvider(rsaGenerator);
IAsymmetricKeyPair keyPair = rsaKeyProvider.CreateKeyPair(2048);
keys.Add(keyPair.PrivateKey.CipherType, keyPair);
}
public void SetupCreateSignatureTest()
{
encoding = new EncodingWrapper();
var random = new SecureRandomGenerator();
fileContent = random.NextBytes(10000);
file = new Mock <FileWrapper>();
fileOutput = new Dictionary <string, byte[]>();
file.Setup(f => f.WriteAllBytes(It.IsAny <string>(), It.IsAny <byte[]>()))
.Callback <string, byte[]>((path, content) =>
{
fileOutput.Add(path, content);
});
file.Setup(f => f.ReadAllBytes("foo.file"))
.Returns(fileContent);
console = new Mock <ConsoleWrapper>();
consoleOutput = new List <string>();
console.Setup(c => c.WriteLine(It.IsAny <string>()))
.Callback <string>(input => consoleOutput.Add(input));
Container container = ContainerProvider.GetContainer();
container.Register <FileWrapper>(() => file.Object);
container.Register <ConsoleWrapper>(() => console.Object);
var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(new SecureRandomGenerator());
rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator);
dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator);
ecKeyProvider = new EcKeyProvider(asymmetricKeyPairGenerator, new FieldToCurveNameMapper());
var asymmetricKeyProvider = new AsymmetricKeyProvider(new OidToCipherTypeMapper(), new KeyInfoWrapper(), rsaKeyProvider, dsaKeyProvider, null, null);
pkcs8PemFormatter = new Pkcs8PemFormattingProvider(asymmetricKeyProvider);
}
//Based on https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
public string GetOpenSshEd25519PrivateKey(IAsymmetricKeyPair keyPair, string comment)
{
var privateKey = (IEcKey)keyPair.PrivateKey;
if (keyPair.PrivateKey.IsEncrypted || !privateKey.IsCurve25519)
{
throw new InvalidOperationException("Only non-encrypted ed25519 keys are supported.");
}
byte[] openSshVersionHeader = encoding.GetBytes("openssh-key-v1\0");
byte[] cipherName = encoding.GetBytes("none");
byte[] kdf = encoding.GetBytes("none");
byte[] kdfOptions = encoding.GetBytes("");
byte[] numberOfKeys = BitConverter.GetBytes(1);
if (BitConverter.IsLittleEndian)
{
numberOfKeys = numberOfKeys.Reverse().ToArray();
}
byte[] publicKeyWithHeader = base64.FromBase64String(GetEd25519PublicKeyContent((keyPair.PrivateKey)));
byte[] publicKeyContent = ecKeyProvider.GetEd25519PublicKeyFromCurve25519(privateKey);
byte[] checkSumContent = randomGenerator.NextBytes(4);
byte[] identifier = encoding.GetBytes(sshCurveHeaders[privateKey.Curve]);
var privateKeyParameters = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privateKey.Content);
byte[] privateKeyContent = privateKeyParameters.D.ToByteArray();
byte[] commentContent = encoding.GetBytes(comment);
using (var keyStream = new MemoryStream())
{
//Header ('encoded' buffer in https://github.com/openssh/openssh-portable/blob/master/sshkey.c :2957)
using (var header = new MemoryStream())
{
header.Write(openSshVersionHeader, 0, openSshVersionHeader.Length);
header.Write(LengthAsBytes(cipherName.Length), 0, 4);
header.Write(cipherName, 0, cipherName.Length);
header.Write(LengthAsBytes(kdf.Length), 0, 4);
header.Write(kdf, 0, kdf.Length);
header.Write(LengthAsBytes(kdfOptions.Length), 0, 4);
header.Write(kdfOptions, 0, kdfOptions.Length);
header.Write(numberOfKeys, 0, numberOfKeys.Length);
header.Write(LengthAsBytes(publicKeyWithHeader.Length), 0, 4);
header.Write(publicKeyWithHeader, 0, publicKeyWithHeader.Length);
header.WriteTo(keyStream);
}
//KeyContent ('encrypted' buffer in https://github.com/openssh/openssh-portable/blob/master/sshkey.c :2957)
using (var content = new MemoryStream())
{
content.Write(checkSumContent, 0, checkSumContent.Length);
content.Write(checkSumContent, 0, checkSumContent.Length);
content.Write(LengthAsBytes(identifier.Length), 0, 4);
content.Write(identifier, 0, identifier.Length);
content.Write(LengthAsBytes(publicKeyContent.Length), 0, 4);
content.Write(publicKeyContent, 0, publicKeyContent.Length);
content.Write(LengthAsBytes(privateKeyContent.Length + publicKeyContent.Length), 0, 4);
content.Write(privateKeyContent, 0, privateKeyContent.Length);
content.Write(publicKeyContent, 0, publicKeyContent.Length);
content.Write(LengthAsBytes(commentContent.Length), 0, 4);
content.Write(commentContent, 0, commentContent.Length);
//Block size for cipher "none" defined in https://github.com/openssh/openssh-portable/blob/master/cipher.c
byte iterator = 1;
while ((content.Length % 8) != 0)
{
content.WriteByte(iterator++);
}
byte[] contentLength = BitConverter.GetBytes((int)content.Length);
if (BitConverter.IsLittleEndian)
{
contentLength = contentLength.Reverse().ToArray();
}
keyStream.Write(contentLength, 0, 4);
content.WriteTo(keyStream);
}
return(base64.ToBase64String(keyStream.ToArray()));
}
}
