public static void Verify2048WithSha1()
{
byte[] data = { 1, 2, 3, 4 };
byte[] signature = (
"28DC05B452C8FC0E0BFE9DA067D11147D31B1F3C63E5CF95046A812417C64844868D04D3A1D23" +
"13E5DD07DE757B3A836E70A1C85DDC90CB62DE2E44746C760F2").HexToByteArray();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Untampered data verifies");
data[0] ^= 0xFF;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Tampered data verifies");
data[0] ^= 0xFF;
signature[signature.Length - 1] ^= 0xFF;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Tampered signature verifies");
}
}
public static void VerifyKnown_2048_SHA512()
{
byte[] signature =
{
0x6F, 0x44, 0x68, 0x1F, 0x74, 0xF7, 0x90, 0x2F,
0x38, 0x43, 0x9B, 0x00, 0x15, 0xDA, 0xF6, 0x8F,
0x97, 0xB4, 0x4A, 0x52, 0xF7, 0xC1, 0xEC, 0x21,
0xE2, 0x44, 0x48, 0x71, 0x0F, 0xEC, 0x5E, 0xB3,
0xA1, 0xCB, 0xE4, 0x42, 0xC8, 0x1E, 0xCD, 0x3C,
0xA8, 0x15, 0x51, 0xDE, 0x0C, 0xCC, 0xAE, 0x4D,
0xEB, 0x2A, 0xE9, 0x13, 0xBB, 0x7F, 0x3C, 0xFB,
0x69, 0x8A, 0x8E, 0x0F, 0x80, 0x87, 0x2E, 0xA6,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
}
}
public static void VerifyKnown_2048_SHA384()
{
byte[] signature =
{
0x56, 0xBA, 0x70, 0x48, 0x18, 0xBA, 0xE3, 0x43,
0xF0, 0x7F, 0x25, 0xFE, 0xEA, 0xF1, 0xDB, 0x49,
0x37, 0x15, 0xD3, 0xD0, 0x5B, 0x9D, 0x57, 0x19,
0x73, 0x44, 0xDA, 0x70, 0x8D, 0x44, 0x7D, 0xBA,
0x83, 0xDB, 0x8E, 0x8F, 0x39, 0x0F, 0x83, 0xD5,
0x0B, 0x73, 0x81, 0x77, 0x3D, 0x9B, 0x8D, 0xA4,
0xAD, 0x94, 0x3C, 0xAB, 0x7A, 0x6C, 0x81, 0x48,
0x2F, 0xCF, 0x50, 0xE3, 0x34, 0x0B, 0xEC, 0xF0,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
}
}
public static void VerifyKnown_2048_SHA256()
{
byte[] signature =
{
0x92, 0x06, 0x0B, 0x57, 0xF1, 0x35, 0x20, 0x28,
0xC6, 0x54, 0x4A, 0x0F, 0x08, 0x48, 0x5F, 0x5D,
0x55, 0xA8, 0x42, 0xFB, 0x05, 0xA7, 0x3E, 0x32,
0xCA, 0xC6, 0x91, 0x77, 0x70, 0x0A, 0x68, 0x44,
0x60, 0x63, 0xF7, 0xE7, 0x96, 0x54, 0x8F, 0x4A,
0x6D, 0x47, 0x10, 0xEE, 0x9A, 0x9F, 0xC2, 0xC8,
0xDD, 0x74, 0xAE, 0x1A, 0x68, 0xF3, 0xA9, 0xB8,
0x62, 0x14, 0x50, 0xA3, 0x01, 0x1D, 0x2A, 0x22,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
}
}
public static void ExportAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] hash = new byte[20];
// Ensure that the key got created, and then Dispose it.
using (key)
{
try
{
key.CreateSignature(hash);
}
catch (PlatformNotSupportedException) when(!SupportsKeyGeneration)
{
}
}
Assert.Throws <ObjectDisposedException>(() => key.ExportParameters(false));
Assert.Throws <ObjectDisposedException>(() => key.ExportParameters(true));
Assert.Throws <ObjectDisposedException>(() => key.ImportParameters(DSATestData.GetDSA1024Params()));
}
public static void ImportFromPem_Pkcs8UnEncrypted_IgnoresUnrelatedAlgorithm()
{
using (DSA dsa = DSAFactory.Create())
{
string pem = @"
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHChLC2xaEXtVv9oz8IaRys/BNfWhRv2NJ8tfVs0UrOKoAoGCCqGSM49
AwEHoUQDQgAEgQHs5HRkpurXDPaabivT2IaRoyYtIsuk92Ner/JmgKjYoSumHVmS
NfZ9nLTVjxeD08pD548KWrqmJAeZNsDDqQ==
-----END EC PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIHGAgEAMIGoBgcqhkjOOAQBMIGcAkEA1qi38cr3ppZNB2Y/xpHSL2q81Vw3rvWN
IHRnQNgv4U4UY2NifZGSUULc3uOEvgoeBO1b9fRxSG9NmG1CoufflQIVAPq19iXV
1eFkMKHvYw6+M4l8wiT5AkAIRMSQ5S71jgWQLGNtZNHV6yxggqDU87/RzgeOh7Q6
fve77OGaTv4qbZwinTYAg86p9yHzmwW6+XBS3vxnpYorBBYCFC49eoTIW2Z4Xh9v
55aYKyKwy5i8
-----END PRIVATE KEY-----";
dsa.ImportFromPem(pem);
DSAParameters dsaParameters = dsa.ExportParameters(true);
DSAImportExport.AssertKeyEquals(DSATestData.Dsa512Parameters, dsaParameters);
}
}
public static void ImportFromPem_Pkcs8_AmbiguousKey_Pkcs8()
{
using (DSA dsa = DSAFactory.Create())
{
string pem = @"
-----BEGIN PRIVATE KEY-----
MIHGAgEAMIGoBgcqhkjOOAQBMIGcAkEA1qi38cr3ppZNB2Y/xpHSL2q81Vw3rvWN
IHRnQNgv4U4UY2NifZGSUULc3uOEvgoeBO1b9fRxSG9NmG1CoufflQIVAPq19iXV
1eFkMKHvYw6+M4l8wiT5AkAIRMSQ5S71jgWQLGNtZNHV6yxggqDU87/RzgeOh7Q6
fve77OGaTv4qbZwinTYAg86p9yHzmwW6+XBS3vxnpYorBBYCFC49eoTIW2Z4Xh9v
55aYKyKwy5i8
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIHGAgEAMIGoBgcqhkjOOAQBMIGcAkEA1qi38cr3ppZNB2Y/xpHSL2q81Vw3rvWN
IHRnQNgv4U4UY2NifZGSUULc3uOEvgoeBO1b9fRxSG9NmG1CoufflQIVAPq19iXV
1eFkMKHvYw6+M4l8wiT5AkAIRMSQ5S71jgWQLGNtZNHV6yxggqDU87/RzgeOh7Q6
fve77OGaTv4qbZwinTYAg86p9yHzmwW6+XBS3vxnpYorBBYCFC49eoTIW2Z4Xh9v
55aYKyKwy5i8
-----END PRIVATE KEY-----";
ArgumentException ae = AssertExtensions.Throws <ArgumentException>("input", () => dsa.ImportFromPem(pem));
Assert.Contains(AmbiguousExceptionMarker, ae.Message);
}
}
public static void NoFuzzyEncryptedPkcs8()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
int bytesRead = -1;
byte[] spki = key.ExportSubjectPublicKeyInfo();
byte[] empty = Array.Empty <byte>();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(empty, spki, out bytesRead));
Assert.Equal(-1, bytesRead);
byte[] pkcs8 = key.ExportPkcs8PrivateKey();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(empty, pkcs8, out bytesRead));
Assert.Equal(-1, bytesRead);
}
}
private static KeyDescription CreateKey(int keySize)
{
DSA dsa = DSAFactory.Create(keySize);
int fieldSize;
if (keySize <= 1024)
{
fieldSize = 160;
}
else if (keySize == 3072)
{
fieldSize = 256;
}
else
{
fieldSize = dsa.ExportParameters(false).Q.Length * 8;
}
return(new KeyDescription(
dsa,
$"{keySize}-bit random key",
fieldSize));
}
public static void VerifyKnownSignature()
{
using (DSA dsa = DSAFactory.Create())
{
byte[] data;
byte[] signature;
DSAParameters dsaParameters;
DSATestData.GetDSA1024_186_2(out dsaParameters, out signature, out data);
byte[] hash;
using (SHA1 alg = SHA1.Create())
{
hash = alg.ComputeHash(data);
}
dsa.ImportParameters(dsaParameters);
var deformatter = new DSASignatureDeformatter(dsa);
deformatter.VerifySignature(hash, signature);
// Negative case
signature[signature.Length - 1] ^= 0xff;
Assert.False(deformatter.VerifySignature(hash, signature));
}
}
public static void FromXml_CounterOverflow_Succeeds()
{
// The counter value should be 105 (0x69).
// This payload says 0x01_00000069 (4294967401).
// Since we only end up looking at the last 4 bytes, this is /a/ right answer.
// This key comes from FIPS-186-2, Appendix 5, Example of the DSA.
// The version in DSATestData does not have the seed or counter supplied.
using (DSA dsa = DSAFactory.Create())
{
dsa.FromXmlString(@"
<DSAKeyValue>
<P>
jfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qs
SWk9+/g3JMLsBzbuMcgCkQ==
</P>
<Q>x3MhjHN+yO6ZO08t7TD0jtrOkV8=</Q>
<G>
Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
xC6fb0ZLCIzFcq9T5teIAg==
</G>
<Y>
GRMYcddbFhKoGfKdeNGw1zRveqd7tiqFm/1sVnXanSEtOjbvFnLvZguMfCVcwOx0
hY+6M/RMBmmWMKdrAw7jMw==
</Y>
<J>AgRO2deYCHK5/u5+ElWfz2J6fdI2PN/mnjBxceE11r5zt7x/DVqcoWAp2+dr</J>
<Seed>1QFOS2DvK6i2IRtAYroyJOBCfdM=</Seed>
<PgenCounter>AQAAAGk=</PgenCounter>
<X>IHCzIj26Ny/eHA/8ey47SYsmBhQ=</X>
</DSAKeyValue>");
DSATestData.GetDSA1024_186_2(out DSAParameters expected, out _, out _);
DSAImportExport.AssertKeyEquals(expected, dsa.ExportParameters(true));
}
}
public static void BadPbeParameters()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
Assert.ThrowsAny <ArgumentNullException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
null));
Assert.ThrowsAny <ArgumentNullException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> .Empty,
null));
Assert.ThrowsAny <ArgumentNullException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
null,
Span <byte> .Empty,
out _));
Assert.ThrowsAny <ArgumentNullException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> .Empty,
null,
Span <byte> .Empty,
out _));
// PKCS12 requires SHA-1
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA256, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA256, 72),
Span <byte> .Empty,
out _));
// PKCS12 requires SHA-1
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.MD5, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.MD5, 72),
Span <byte> .Empty,
out _));
// PKCS12 requires a char-based password
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(0, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(0, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm (negative enum value)
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)(-5), HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)(-5), HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm (overly-large enum value)
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)15, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)15, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown hash algorithm
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, new HashAlgorithmName("Potato"), 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, new HashAlgorithmName("Potato"), 72),
Span <byte> .Empty,
out _));
}
}
private static void UseAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] pkcs8Private;
byte[] pkcs8EncryptedPrivate;
byte[] subjectPublicKeyInfo;
string pwStr = "Hello";
// Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8.
byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr);
PbeParameters pbeParameters = new PbeParameters(
PbeEncryptionAlgorithm.Aes192Cbc,
HashAlgorithmName.SHA256,
3072);
// Ensure the key was loaded, then dispose it.
// Also ensures all of the inputs are valid for the disposed tests.
using (key)
{
pkcs8Private = key.ExportPkcs8PrivateKey();
pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters);
subjectPublicKeyInfo = key.ExportSubjectPublicKeyInfo();
}
Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey());
Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo());
Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
// Check encrypted import with the wrong password.
// It shouldn't do enough work to realize it was wrong.
pwBytes = Array.Empty <byte>();
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
}
