internal static DSA MakeExportable(this DSA dsa)
{
if (dsa is DSACng dsaCng)
{
const CngExportPolicies Exportability =
CngExportPolicies.AllowExport |
CngExportPolicies.AllowPlaintextExport;
if ((dsaCng.Key.ExportPolicy & Exportability) == CngExportPolicies.AllowExport)
{
DSA copy = DSA.Create();
copy.ImportEncryptedPkcs8PrivateKey(
nameof(MakeExportable),
dsa.ExportEncryptedPkcs8PrivateKey(
nameof(MakeExportable),
new PbeParameters(
PbeEncryptionAlgorithm.TripleDes3KeyPkcs12,
HashAlgorithmName.SHA1,
2048)),
out _);
return(copy);
}
}
return(dsa);
}
private static void UseAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] pkcs8Private;
byte[] pkcs8EncryptedPrivate;
byte[] subjectPublicKeyInfo;
string pwStr = "Hello";
// Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8.
byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr);
PbeParameters pbeParameters = new PbeParameters(
PbeEncryptionAlgorithm.Aes192Cbc,
HashAlgorithmName.SHA256,
3072);
// Ensure the key was loaded, then dispose it.
// Also ensures all of the inputs are valid for the disposed tests.
using (key)
{
pkcs8Private = key.ExportPkcs8PrivateKey();
pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters);
subjectPublicKeyInfo = key.ExportSubjectPublicKeyInfo();
}
Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey());
Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo());
Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
// Check encrypted import with the wrong password.
// It shouldn't do enough work to realize it was wrong.
pwBytes = Array.Empty <byte>();
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
}
public static void NoFuzzyEncryptedPkcs8()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
int bytesRead = -1;
byte[] spki = key.ExportSubjectPublicKeyInfo();
byte[] empty = Array.Empty <byte>();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(empty, spki, out bytesRead));
Assert.Equal(-1, bytesRead);
byte[] pkcs8 = key.ExportPkcs8PrivateKey();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(empty, pkcs8, out bytesRead));
Assert.Equal(-1, bytesRead);
}
}
public static void DecryptPkcs12PbeTooManyIterations()
{
// pbeWithSHAAnd3-KeyTripleDES-CBC with 600,001 iterations
byte[] high3DesIterationKey = Convert.FromBase64String(@"
MIIBezAlBgoqhkiG9w0BDAEDMBcEEDH/8QAPoG1utiuJkzA4u4kCAwknwQSCAVD9BOoJTlihH9zP
0AmAXtBa7fjJGnq4tZBJSYmJbNxszTSvM3tEkzyiqFWd6Ptm9bf0cOybad2LXIWnrtlIclGD0ibH
earAf1YvAIBFlbDXfVF8v5//XL2R1d8kcp4fqTVKdRunTSvPS0rIFP5Mrfj89WacHO3HQOB6UMMT
ZYSdI3qZj+6Rlo0a7/MEO23Y0zR9XLdUhyra+UixzVi05VslPoWn1dsFksbklwtV+IRJ9biMjCta
8fr3uqHmtb57121dA3p4A2dya8bgcHOJlMPsYxJ012GV4twULSyaZz6hXOzVh3AL5uLlrzSkV7ZQ
dkOGlpaaJkhGKtkfxRe82w3ZXhuLsVt3vPciDbbF5hIDf8JX7X1aANq5Ka9Tcs3Lyd/FVdkceqn7
KaC843/LqYiSNoD7rBPpSpkyLtldwhqc7o2Wz7tyb1Oj8WF47AJD5OI=");
using (DSA key = DSAFactory.Create())
{
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey("test", high3DesIterationKey, out _));
}
}
public static void DecryptPkcs12WithBytes()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
string charBased = "hello";
byte[] byteBased = Encoding.UTF8.GetBytes(charBased);
byte[] encrypted = key.ExportEncryptedPkcs8PrivateKey(
charBased,
new PbeParameters(
PbeEncryptionAlgorithm.TripleDes3KeyPkcs12,
HashAlgorithmName.SHA1,
123));
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(byteBased, encrypted, out _));
}
}
