public void InvalidStreamArrayArguments_Throws()
{
using (DSA dsa = DSAFactory.Create(1024))
{
AssertExtensions.Throws <ArgumentNullException>("rgbHash", () => dsa.CreateSignature(null));
AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.SignData((byte[])null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.SignData(null, 0, 0, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.SignData(new byte[1], -1, 0, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.SignData(new byte[1], 2, 0, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.SignData(new byte[1], 0, -1, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.SignData(new byte[1], 0, 2, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.VerifyData((byte[])null, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.VerifyData(null, 0, 0, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("signature", () => dsa.VerifyData(new byte[1], null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.VerifyData(new byte[1], -1, 0, new byte[1], HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => dsa.VerifyData(new byte[1], 2, 0, new byte[1], HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.VerifyData(new byte[1], 0, -1, new byte[1], HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => dsa.VerifyData(new byte[1], 0, 2, new byte[1], HashAlgorithmName.SHA1));
}
}
public void InvalidArrayArguments_Throws()
{
using (DSA dsa = DSAFactory.Create(1024))
{
AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.SignData((Stream)null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("data", () => dsa.VerifyData((Stream)null, null, HashAlgorithmName.SHA1));
AssertExtensions.Throws <ArgumentNullException>("signature", () => dsa.VerifyData(new MemoryStream(), null, HashAlgorithmName.SHA1));
}
}
private static void Validate(
string p,
string q,
string g,
string x,
string y,
string msg,
string r,
string s,
HashAlgorithmName hashAlgorithm)
{
// Public+Private key
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(
new DSAParameters
{
P = p.HexToByteArray(),
Q = q.HexToByteArray(),
G = g.HexToByteArray(),
X = x.HexToByteArray(),
Y = y.HexToByteArray(),
});
byte[] message = msg.HexToByteArray();
byte[] signature = (r + s).HexToByteArray();
Assert.True(dsa.VerifyData(message, signature, hashAlgorithm), "Public+Private Valid Signature");
signature[0] ^= 0xFF;
Assert.False(dsa.VerifyData(message, signature, hashAlgorithm), "Public+Private Tampered Signature");
}
// Public only
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(
new DSAParameters
{
P = p.HexToByteArray(),
Q = q.HexToByteArray(),
G = g.HexToByteArray(),
X = null,
Y = y.HexToByteArray(),
});
byte[] message = msg.HexToByteArray();
byte[] signature = (r + s).HexToByteArray();
Assert.True(dsa.VerifyData(message, signature, hashAlgorithm), "Public-Only Valid Signature");
signature[0] ^= 0xFF;
Assert.False(dsa.VerifyData(message, signature, hashAlgorithm), "Public-Only Tampered Signature");
}
}
public static void VerifyKnownSignature()
{
// The parameters and signature come from FIPS 186-2 APPENDIX 5. EXAMPLE OF THE DSA
using (DSA dsa = DSAFactory.Create())
{
DSAParameters dsaParameters = new DSAParameters
{
P = (
"8df2a494492276aa3d25759bb06869cbeac0d83afb8d0cf7" +
"cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac" +
"49693dfbf83724c2ec0736ee31c80291").HexToByteArray(),
Q = ("c773218c737ec8ee993b4f2ded30f48edace915f").HexToByteArray(),
G = (
"626d027839ea0a13413163a55b4cb500299d5522956cefcb" +
"3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9c" +
"c42e9f6f464b088cc572af53e6d78802").HexToByteArray(),
X = ("2070b3223dba372fde1c0ffc7b2e3b498b260614").HexToByteArray(),
Y = (
"19131871d75b1612a819f29d78d1b0d7346f7aa77bb62a85" +
"9bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74" +
"858fba33f44c06699630a76b030ee333").HexToByteArray(),
};
byte[] signature = (
// r
"8bac1ab66410435cb7181f95b16ab97c92b341c0" +
// s
"41e2345f1f56df2458f426d155b4ba2db6dcd8c8"
).HexToByteArray();
byte[] data = Encoding.ASCII.GetBytes("abc");
dsa.ImportParameters(dsaParameters);
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
// Negative case
unchecked
{
--signature[signature.Length - 1];
}
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
}
}
public static void TestDSAPublicKey_VerifiesSignature()
{
byte[] data = { 1, 2, 3, 4, 5 };
byte[] wrongData = { 0xFE, 2, 3, 4, 5 };
byte[] signature =
"B06E26CFC939F25B864F52ABD3288222363A164259B0027FFC95DBC88F9204F7A51A901F3005C9F7".HexToByteArray();
using (var cert = new X509Certificate2(TestData.Dsa1024Cert))
using (DSA pubKey = cert.GetDSAPublicKey())
{
Assert.True(pubKey.VerifyData(data, signature, HashAlgorithmName.SHA1), "pubKey verifies signature");
Assert.False(pubKey.VerifyData(wrongData, signature, HashAlgorithmName.SHA1), "pubKey verifies tampered data");
signature[0] ^= 0xFF;
Assert.False(pubKey.VerifyData(data, signature, HashAlgorithmName.SHA1), "pubKey verifies tampered signature");
}
}
public static void VerifyKnownSignature()
{
using (DSA dsa = DSAFactory.Create())
{
byte[] data;
byte[] signature;
DSAParameters dsaParameters;
DSATestData.GetDSA1024_186_2(out dsaParameters, out signature, out data);
dsa.ImportParameters(dsaParameters);
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
// Negative case
signature[signature.Length - 1] ^= 0xff;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
}
}
public static void SignAndVerifyDataNew1024()
{
using (DSA dsa = DSAFactory.Create(1024))
{
byte[] signature = dsa.SignData(DSATestData.HelloBytes, new HashAlgorithmName("SHA1"));
bool signatureMatched = dsa.VerifyData(DSATestData.HelloBytes, signature, new HashAlgorithmName("SHA1"));
Assert.True(signatureMatched);
}
}
public static void DsaPrivateKeyProperty()
{
using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible))
{
AsymmetricAlgorithm alg = cert.PrivateKey;
Assert.NotNull(alg);
Assert.Same(alg, cert.PrivateKey);
Assert.IsAssignableFrom <DSA>(alg);
DSA dsa = (DSA)alg;
byte[] data = { 1, 2, 3, 4, 5 };
byte[] sig = dsa.SignData(data, HashAlgorithmName.SHA1);
Assert.True(dsa.VerifyData(data, sig, HashAlgorithmName.SHA1), "Key verifies signature");
data[0] ^= 0xFF;
Assert.False(dsa.VerifyData(data, sig, HashAlgorithmName.SHA1), "Key verifies tampered data signature");
}
}
private static void SignAndVerify(byte[] data, string hashAlgorithmName, DSAParameters dsaParameters, int expectedSignatureLength)
{
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(dsaParameters);
byte[] signature = dsa.SignData(data, new HashAlgorithmName(hashAlgorithmName));
Assert.Equal(expectedSignatureLength, signature.Length);
bool signatureMatched = dsa.VerifyData(data, signature, new HashAlgorithmName(hashAlgorithmName));
Assert.True(signatureMatched);
}
}
public static void ReadDSAPrivateKey()
{
byte[] data = { 1, 2, 3, 4, 5 };
using (var cert = new X509Certificate2(TestData.Dsa1024Pfx, TestData.Dsa1024PfxPassword, Cert.EphemeralIfPossible))
using (DSA privKey = cert.GetDSAPrivateKey())
using (DSA pubKey = cert.GetDSAPublicKey())
{
// Stick to FIPS 186-2 (DSS-SHA1)
byte[] signature = privKey.SignData(data, HashAlgorithmName.SHA1);
Assert.True(pubKey.VerifyData(data, signature, HashAlgorithmName.SHA1), "pubKey verifies signed data");
data[0] ^= 0xFF;
Assert.False(pubKey.VerifyData(data, signature, HashAlgorithmName.SHA1), "pubKey verifies tampered data");
// And verify that the public key isn't accidentally a private key.
Assert.ThrowsAny <CryptographicException>(() => pubKey.SignData(data, HashAlgorithmName.SHA1));
}
}
public static void InvalidKeySize_DoesNotInvalidateKey()
{
using (DSA dsa = DSAFactory.Create())
{
byte[] signature = dsa.SignData(DSATestData.HelloBytes, HashAlgorithmName.SHA1);
// A 2049-bit key is hard to describe, none of the providers support it.
Assert.ThrowsAny <CryptographicException>(() => dsa.KeySize = 2049);
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA1));
}
}
public static void VerifyKnown_2048_SHA512()
{
byte[] signature =
{
0x6F, 0x44, 0x68, 0x1F, 0x74, 0xF7, 0x90, 0x2F,
0x38, 0x43, 0x9B, 0x00, 0x15, 0xDA, 0xF6, 0x8F,
0x97, 0xB4, 0x4A, 0x52, 0xF7, 0xC1, 0xEC, 0x21,
0xE2, 0x44, 0x48, 0x71, 0x0F, 0xEC, 0x5E, 0xB3,
0xA1, 0xCB, 0xE4, 0x42, 0xC8, 0x1E, 0xCD, 0x3C,
0xA8, 0x15, 0x51, 0xDE, 0x0C, 0xCC, 0xAE, 0x4D,
0xEB, 0x2A, 0xE9, 0x13, 0xBB, 0x7F, 0x3C, 0xFB,
0x69, 0x8A, 0x8E, 0x0F, 0x80, 0x87, 0x2E, 0xA6,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
}
}
public static void VerifyKnown_2048_SHA384()
{
byte[] signature =
{
0x56, 0xBA, 0x70, 0x48, 0x18, 0xBA, 0xE3, 0x43,
0xF0, 0x7F, 0x25, 0xFE, 0xEA, 0xF1, 0xDB, 0x49,
0x37, 0x15, 0xD3, 0xD0, 0x5B, 0x9D, 0x57, 0x19,
0x73, 0x44, 0xDA, 0x70, 0x8D, 0x44, 0x7D, 0xBA,
0x83, 0xDB, 0x8E, 0x8F, 0x39, 0x0F, 0x83, 0xD5,
0x0B, 0x73, 0x81, 0x77, 0x3D, 0x9B, 0x8D, 0xA4,
0xAD, 0x94, 0x3C, 0xAB, 0x7A, 0x6C, 0x81, 0x48,
0x2F, 0xCF, 0x50, 0xE3, 0x34, 0x0B, 0xEC, 0xF0,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
}
}
public static void Verify2048WithSha1()
{
byte[] data = { 1, 2, 3, 4 };
byte[] signature = (
"28DC05B452C8FC0E0BFE9DA067D11147D31B1F3C63E5CF95046A812417C64844868D04D3A1D23" +
"13E5DD07DE757B3A836E70A1C85DDC90CB62DE2E44746C760F2").HexToByteArray();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Untampered data verifies");
data[0] ^= 0xFF;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Tampered data verifies");
data[0] ^= 0xFF;
signature[signature.Length - 1] ^= 0xFF;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Tampered signature verifies");
}
}
public static void VerifyKnown_2048_SHA256()
{
byte[] signature =
{
0x92, 0x06, 0x0B, 0x57, 0xF1, 0x35, 0x20, 0x28,
0xC6, 0x54, 0x4A, 0x0F, 0x08, 0x48, 0x5F, 0x5D,
0x55, 0xA8, 0x42, 0xFB, 0x05, 0xA7, 0x3E, 0x32,
0xCA, 0xC6, 0x91, 0x77, 0x70, 0x0A, 0x68, 0x44,
0x60, 0x63, 0xF7, 0xE7, 0x96, 0x54, 0x8F, 0x4A,
0x6D, 0x47, 0x10, 0xEE, 0x9A, 0x9F, 0xC2, 0xC8,
0xDD, 0x74, 0xAE, 0x1A, 0x68, 0xF3, 0xA9, 0xB8,
0x62, 0x14, 0x50, 0xA3, 0x01, 0x1D, 0x2A, 0x22,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
}
}
public static void Sign2048WithSha1()
{
byte[] data = { 1, 2, 3, 4 };
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
byte[] signature = dsa.SignData(data, HashAlgorithmName.SHA1);
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
}
}
public static void VerifyKnown_576()
{
byte[] signature = (
// r:
"490AEFA5A4F28B35183BBA3BE2536514AB13A088" +
// s:
"3F883FE96524D4CC596F67B64A3382E794C8D65B").HexToByteArray();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.Dsa576Parameters);
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA1));
}
}
public static void VerifyKnown_512()
{
byte[] signature = (
// r:
"E21F20B0B5E553137F6649DDC58F5E4AB7D4E6DE" +
// s:
"C37534CC7D9630339936C581690E832BD85C6C79").HexToByteArray();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.Dsa512Parameters);
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA1));
}
}
public override bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm) => dsa.VerifyData(data, signature, hashAlgorithm);
public override bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm) => dsa.VerifyData(new MemoryStream(data), signature, hashAlgorithm);
