public static void NoPrivKeyFromPublicOnly()
{
using (DSA key = DSAFactory.Create())
{
DSAParameters dsaParameters = DSATestData.GetDSA1024Params();
dsaParameters.X = null;
key.ImportParameters(dsaParameters);
Assert.ThrowsAny <CryptographicException>(
() => key.ExportPkcs8PrivateKey());
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportPkcs8PrivateKey(Span <byte> .Empty, out _));
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72),
Span <byte> .Empty,
out _));
}
}
private static void UseAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] pkcs8Private;
byte[] pkcs8EncryptedPrivate;
byte[] subjectPublicKeyInfo;
string pwStr = "Hello";
// Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8.
byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr);
PbeParameters pbeParameters = new PbeParameters(
PbeEncryptionAlgorithm.Aes192Cbc,
HashAlgorithmName.SHA256,
3072);
// Ensure the key was loaded, then dispose it.
// Also ensures all of the inputs are valid for the disposed tests.
using (key)
{
pkcs8Private = key.ExportPkcs8PrivateKey();
pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters);
subjectPublicKeyInfo = key.ExportSubjectPublicKeyInfo();
}
Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey());
Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo());
Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
// Check encrypted import with the wrong password.
// It shouldn't do enough work to realize it was wrong.
pwBytes = Array.Empty <byte>();
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
}
public static void BadPbeParameters()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
Assert.ThrowsAny <ArgumentNullException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
null));
Assert.ThrowsAny <ArgumentNullException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> .Empty,
null));
Assert.ThrowsAny <ArgumentNullException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
null,
Span <byte> .Empty,
out _));
Assert.ThrowsAny <ArgumentNullException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> .Empty,
null,
Span <byte> .Empty,
out _));
// PKCS12 requires SHA-1
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA256, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA256, 72),
Span <byte> .Empty,
out _));
// PKCS12 requires SHA-1
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.MD5, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.MD5, 72),
Span <byte> .Empty,
out _));
// PKCS12 requires a char-based password
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(0, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(0, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm (negative enum value)
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)(-5), HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)(-5), HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm (overly-large enum value)
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)15, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)15, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown hash algorithm
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, new HashAlgorithmName("Potato"), 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, new HashAlgorithmName("Potato"), 72),
Span <byte> .Empty,
out _));
}
}
