Example #1
0
        public void InvalidStreamArrayArguments_Throws()
        {
            using (DSA dsa = DSAFactory.Create(1024))
            {
                AssertExtensions.Throws <ArgumentNullException>("rgbHash", () => dsa.CreateSignature(null));

                AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.SignData((byte[])null, HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.SignData(null, 0, 0, HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.SignData(new byte[1], -1, 0, HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.SignData(new byte[1], 2, 0, HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.SignData(new byte[1], 0, -1, HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.SignData(new byte[1], 0, 2, HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.VerifyData((byte[])null, null, HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.VerifyData(null, 0, 0, null, HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentNullException>("signature", () => dsa.VerifyData(new byte[1], null, HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.VerifyData(new byte[1], -1, 0, new byte[1], HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.VerifyData(new byte[1], 2, 0, new byte[1], HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.VerifyData(new byte[1], 0, -1, new byte[1], HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.VerifyData(new byte[1], 0, 2, new byte[1], HashAlgorithmName.SHA1));
            }
        }
        public static void ThirdPartyProvider_DSA()
        {
            using (DSA dsaOther = new DSAOther())
            {
                dsaOther.ImportParameters(TestData.GetDSA1024Params());

                X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaOther);

                // macOS DSA is limited to FIPS 186-3.
                HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA1;

                CertificateRequest request = new CertificateRequest(
                    new X500DistinguishedName($"CN={nameof(ThirdPartyProvider_DSA)}"),
                    dsaGen.PublicKey,
                    hashAlgorithm);

                byte[] signature;
                byte[] data = request.SubjectName.RawData;

                DateTimeOffset now = DateTimeOffset.UtcNow;

                using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
                    using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaOther))
                        using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey())
                        {
                            signature = dsa.SignData(data, hashAlgorithm);
                        }

                Assert.True(dsaOther.VerifyData(data, signature, hashAlgorithm));
            }
        }
Example #3
0
        public static void AssociatePersistedKey_CAPIviaCNG_DSA(int provType)
        {
            const string KeyName = nameof(AssociatePersistedKey_CAPIviaCNG_DSA);

            CspParameters cspParameters = new CspParameters(provType)
            {
                KeyContainerName = KeyName,
                Flags            = CspProviderFlags.UseNonExportableKey,
            };

            using (DSACryptoServiceProvider dsaCsp = new DSACryptoServiceProvider(cspParameters))
            {
                dsaCsp.PersistKeyInCsp = false;

                X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaCsp);

                // Use SHA-1 because that's all DSACryptoServiceProvider understands.
                HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA1;
                byte[]            signature;

                CertificateRequest request = new CertificateRequest(
                    new X500DistinguishedName($"CN={KeyName}-{provType}"),
                    dsaGen.PublicKey,
                    hashAlgorithm);

                DateTimeOffset now = DateTimeOffset.UtcNow;

                using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
                    using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaCsp))
                        using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey())
                        {
                            // `dsa` will be an DSACng wrapping the CAPI key
                            Assert.IsAssignableFrom <DSACng>(dsa);

                            request = new CertificateRequest(
                                new X500DistinguishedName($"CN={KeyName}-{provType}-again"),
                                dsaGen.PublicKey,
                                hashAlgorithm);

                            using (X509Certificate2 cert2 = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
                                using (X509Certificate2 cert2WithPrivateKey = cert2.CopyWithPrivateKey(dsa))
                                    using (DSA dsa2 = cert2WithPrivateKey.GetDSAPrivateKey())
                                    {
                                        signature = dsa2.SignData(Array.Empty <byte>(), hashAlgorithm);

                                        Assert.True(dsaCsp.VerifyData(Array.Empty <byte>(), signature, hashAlgorithm));
                                    }
                        }

                // Some certs have disposed, did they delete the key?
                cspParameters.Flags = CspProviderFlags.UseExistingKey;

                using (var stillPersistedKey = new DSACryptoServiceProvider(cspParameters))
                {
                    stillPersistedKey.SignData(Array.Empty <byte>(), hashAlgorithm);
                }
            }
        }
Example #4
0
 public static void SignAndVerifyDataNew1024()
 {
     using (DSA dsa = DSAFactory.Create(1024))
     {
         byte[] signature        = dsa.SignData(DSATestData.HelloBytes, new HashAlgorithmName("SHA1"));
         bool   signatureMatched = dsa.VerifyData(DSATestData.HelloBytes, signature, new HashAlgorithmName("SHA1"));
         Assert.True(signatureMatched);
     }
 }
Example #5
0
        public static void AssociatePersistedKey_CNG_DSA()
        {
            const string KeyName = nameof(AssociatePersistedKey_CNG_DSA);

            CngKey            cngKey        = null;
            HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA256;

            byte[] signature;

            try
            {
                CngKeyCreationParameters creationParameters = new CngKeyCreationParameters()
                {
                    ExportPolicy       = CngExportPolicies.None,
                    Provider           = CngProvider.MicrosoftSoftwareKeyStorageProvider,
                    KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
                    Parameters         =
                    {
                        new CngProperty("Length", BitConverter.GetBytes(1024), CngPropertyOptions.None),
                    }
                };

                cngKey = CngKey.Create(new CngAlgorithm("DSA"), KeyName, creationParameters);

                using (DSACng dsaCng = new DSACng(cngKey))
                {
                    X509SignatureGenerator dsaGen = new DSAX509SignatureGenerator(dsaCng);

                    CertificateRequest request = new CertificateRequest(
                        new X500DistinguishedName($"CN={KeyName}"),
                        dsaGen.PublicKey,
                        HashAlgorithmName.SHA256);

                    DateTimeOffset now = DateTimeOffset.UtcNow;

                    using (X509Certificate2 cert = request.Create(request.SubjectName, dsaGen, now, now.AddDays(1), new byte[1]))
                        using (X509Certificate2 certWithPrivateKey = cert.CopyWithPrivateKey(dsaCng))
                            using (DSA dsa = certWithPrivateKey.GetDSAPrivateKey())
                            {
                                signature = dsa.SignData(Array.Empty <byte>(), hashAlgorithm);

                                Assert.True(dsaCng.VerifyData(Array.Empty <byte>(), signature, hashAlgorithm));
                            }
                }

                // Some certs have disposed, did they delete the key?
                using (CngKey stillPersistedKey = CngKey.Open(KeyName, CngProvider.MicrosoftSoftwareKeyStorageProvider))
                    using (DSACng dsaCng = new DSACng(stillPersistedKey))
                    {
                        dsaCng.SignData(Array.Empty <byte>(), hashAlgorithm);
                    }
            }
            finally
            {
                cngKey?.Delete();
            }
        }
Example #6
0
        public void InvalidArrayArguments_Throws()
        {
            using (DSA dsa = DSAFactory.Create(1024))
            {
                AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.SignData((Stream)null, HashAlgorithmName.SHA1));
                AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.VerifyData((Stream)null, null, HashAlgorithmName.SHA1));

                AssertExtensions.Throws <ArgumentNullException>("signature", () => dsa.VerifyData(new MemoryStream(), null, HashAlgorithmName.SHA1));
            }
        }
Example #7
0
 private static void SignAndVerify(byte[] data, string hashAlgorithmName, DSAParameters dsaParameters, int expectedSignatureLength)
 {
     using (DSA dsa = DSAFactory.Create())
     {
         dsa.ImportParameters(dsaParameters);
         byte[] signature = dsa.SignData(data, new HashAlgorithmName(hashAlgorithmName));
         Assert.Equal(expectedSignatureLength, signature.Length);
         bool signatureMatched = dsa.VerifyData(data, signature, new HashAlgorithmName(hashAlgorithmName));
         Assert.True(signatureMatched);
     }
 }
Example #8
0
        public static void InvalidKeySize_DoesNotInvalidateKey()
        {
            using (DSA dsa = DSAFactory.Create())
            {
                byte[] signature = dsa.SignData(DSATestData.HelloBytes, HashAlgorithmName.SHA1);

                // A 2049-bit key is hard to describe, none of the providers support it.
                Assert.ThrowsAny <CryptographicException>(() => dsa.KeySize = 2049);

                Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA1));
            }
        }
Example #9
0
        public static void Sign2048WithSha1()
        {
            byte[] data = { 1, 2, 3, 4 };

            using (DSA dsa = DSAFactory.Create())
            {
                dsa.ImportParameters(DSATestData.GetDSA2048Params());

                byte[] signature = dsa.SignData(data, HashAlgorithmName.SHA1);

                Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
            }
        }
Example #10
0
        public static void PublicKey_CannotSign()
        {
            DSAParameters keyParameters = DSATestData.GetDSA1024Params();

            keyParameters.X = null;

            using (DSA dsa = DSAFactory.Create())
            {
                dsa.ImportParameters(keyParameters);

                Assert.ThrowsAny <CryptographicException>(
                    () => dsa.SignData(DSATestData.HelloBytes, HashAlgorithmName.SHA1));
            }
        }
        public override byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm)
        {
            byte[] ieeeFormat = _key.SignData(data, hashAlgorithm);

            Debug.Assert(ieeeFormat.Length % 2 == 0);
            int segmentLength = ieeeFormat.Length / 2;

            byte[] r = EncodeUnsignedInteger(ieeeFormat, 0, segmentLength);
            byte[] s = EncodeUnsignedInteger(ieeeFormat, segmentLength, segmentLength);

            return
                (new byte[] { 0x30 }.
                 Concat(EncodeLength(r.Length + s.Length)).
                 Concat(r).
                 Concat(s).
                 ToArray());
        }
Example #12
0
        public static void ReadDSAPrivateKey()
        {
            byte[] data = { 1, 2, 3, 4, 5 };

            using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible))
                using (DSA privKey = cert.GetDSAPrivateKey())
                    using (DSA pubKey = cert.GetDSAPublicKey())
                    {
                        // Stick to FIPS 186-2 (DSS-SHA1)
                        byte[] signature = privKey.SignData(data, HashAlgorithmName.SHA1);

                        Assert.True(pubKey.VerifyData(data, signature, HashAlgorithmName.SHA1), "pubKey verifies signed data");

                        data[0] ^= 0xFF;
                        Assert.False(pubKey.VerifyData(data, signature, HashAlgorithmName.SHA1), "pubKey verifies tampered data");

                        // And verify that the public key isn't accidentally a private key.
                        Assert.ThrowsAny <CryptographicException>(() => pubKey.SignData(data, HashAlgorithmName.SHA1));
                    }
        }
Example #13
0
        public static void DsaPrivateKeyProperty()
        {
            using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible))
            {
                AsymmetricAlgorithm alg = cert.PrivateKey;
                Assert.NotNull(alg);
                Assert.Same(alg, cert.PrivateKey);
                Assert.IsAssignableFrom <DSA>(alg);

                DSA    dsa  = (DSA)alg;
                byte[] data = { 1, 2, 3, 4, 5 };
                byte[] sig  = dsa.SignData(data, HashAlgorithmName.SHA1);

                Assert.True(dsa.VerifyData(data, sig, HashAlgorithmName.SHA1), "Key verifies signature");

                data[0] ^= 0xFF;

                Assert.False(dsa.VerifyData(data, sig, HashAlgorithmName.SHA1), "Key verifies tampered data signature");
            }
        }
Example #14
0
 public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) =>
 dsa.SignData(new MemoryStream(data), hashAlgorithm);
Example #15
0
 public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) =>
 dsa.SignData(data, hashAlgorithm);