public static void NoFuzzySubjectPublicKeyInfo()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
int bytesRead = -1;
byte[] pkcs8 = key.ExportPkcs8PrivateKey();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportSubjectPublicKeyInfo(pkcs8, out bytesRead));
Assert.Equal(-1, bytesRead);
ReadOnlySpan <byte> passwordBytes = pkcs8.AsSpan(0, 15);
byte[] encryptedPkcs8 = key.ExportEncryptedPkcs8PrivateKey(
passwordBytes,
new PbeParameters(
PbeEncryptionAlgorithm.Aes256Cbc,
HashAlgorithmName.SHA512,
123));
Assert.ThrowsAny <CryptographicException>(
() => key.ImportSubjectPublicKeyInfo(encryptedPkcs8, out bytesRead));
Assert.Equal(-1, bytesRead);
}
}
private static AsymmetricAlgorithm DecodeDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = new Oid(Oids.Dsa, null), Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
spki.Encode(writer);
DSA dsa = DSA.Create();
try
{
dsa.ImportSubjectPublicKeyInfo(writer.EncodeAsSpan(), out _);
return(dsa);
}
catch (Exception)
{
dsa.Dispose();
throw;
}
}
}
private static DSA DecodeDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = Oids.Dsa, Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
int written = writer.Encode(rented);
DSA dsa = DSA.Create();
IDisposable?toDispose = dsa;
try
{
dsa.ImportSubjectPublicKeyInfo(rented.AsSpan(0, written), out _);
toDispose = null;
return(dsa);
}
finally
{
toDispose?.Dispose();
CryptoPool.Return(rented, written);
}
}
private static void UseAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] pkcs8Private;
byte[] pkcs8EncryptedPrivate;
byte[] subjectPublicKeyInfo;
string pwStr = "Hello";
// Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8.
byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr);
PbeParameters pbeParameters = new PbeParameters(
PbeEncryptionAlgorithm.Aes192Cbc,
HashAlgorithmName.SHA256,
3072);
// Ensure the key was loaded, then dispose it.
// Also ensures all of the inputs are valid for the disposed tests.
using (key)
{
pkcs8Private = key.ExportPkcs8PrivateKey();
pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters);
subjectPublicKeyInfo = key.ExportSubjectPublicKeyInfo();
}
Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey());
Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo());
Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
// Check encrypted import with the wrong password.
// It shouldn't do enough work to realize it was wrong.
pwBytes = Array.Empty <byte>();
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
}
public DSA?GetDSAPublicKey()
{
if (_oid.Value != Oids.Dsa)
{
return(null);
}
DSA dsa = DSA.Create();
try
{
dsa.ImportSubjectPublicKeyInfo(ExportSubjectPublicKeyInfo(), out _);
return(dsa);
}
catch
{
dsa.Dispose();
throw;
}
}
private static AsymmetricAlgorithm DecodeDsaPublicKey(byte[] encodedKeyValue, byte[] encodedParameters)
{
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn
{
Algorithm = new AlgorithmIdentifierAsn {
Algorithm = Oids.Dsa, Parameters = encodedParameters
},
SubjectPublicKey = encodedKeyValue,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
if (!writer.TryEncode(rented, out int written))
{
Debug.Fail("TryEncode failed with a pre-allocated buffer");
throw new InvalidOperationException();
}
DSA dsa = DSA.Create();
IDisposable?toDispose = dsa;
try
{
dsa.ImportSubjectPublicKeyInfo(rented.AsSpan(0, written), out _);
toDispose = null;
return(dsa);
}
finally
{
toDispose?.Dispose();
CryptoPool.Return(rented, written);
}
}
