/// <summary>
/// ImportParameters will replace the existing key that ECDsaCng is working with by creating a
/// new CngKey. If the parameters contains only Q, then only a public key will be imported.
/// If the parameters also contains D, then a full key pair will be imported.
/// The parameters Curve value specifies the type of the curve to import.
/// </summary>
/// <exception cref="CryptographicException">
/// if <paramref name="parameters" /> does not contain valid values.
/// </exception>
/// <exception cref="NotSupportedException">
/// if <paramref name="parameters" /> references a curve that cannot be imported.
/// </exception>
/// <exception cref="PlatformNotSupportedException">
/// if <paramref name="parameters" /> references a curve that is not supported by this platform.
/// </exception>
public override void ImportParameters(ECParameters parameters)
{
parameters.Validate();
ECCurve curve = parameters.Curve;
bool includePrivateParamerters = (parameters.D != null);
if (curve.IsPrime)
{
byte[] ecExplicitBlob = ECCng.GetPrimeCurveBlob(ref parameters);
ImportFullKeyBlob(ecExplicitBlob, includePrivateParamerters);
}
else if (curve.IsNamed)
{
// FriendlyName is required; an attempt was already made to default it in ECCurve
if (string.IsNullOrEmpty(curve.Oid.FriendlyName))
throw new PlatformNotSupportedException(string.Format(SR.Cryptography_InvalidCurveOid, curve.Oid.Value.ToString()));
byte[] ecNamedCurveBlob = ECCng.GetNamedCurveBlob(ref parameters);
ImportKeyBlob(ecNamedCurveBlob, curve.Oid.FriendlyName, includePrivateParamerters);
}
else
{
throw new PlatformNotSupportedException(string.Format(SR.Cryptography_CurveNotSupported, curve.CurveType.ToString()));
}
}
internal static ECParameters GetNistP256ExplicitTestData()
{
// explicit values for s_ECDsa256Key (nistP256)
ECParameters p = new ECParameters();
p.Q = new ECPoint
{
X = ("96E476F7473CB17C5B38684DAAE437277AE1EFADCEB380FAD3D7072BE2FFE5F0").HexToByteArray(),
Y = ("B54A94C2D6951F073BFC25E7B81AC2A4C41317904929D167C3DFC99122175A94").HexToByteArray()
};
ECCurve c = p.Curve;
c.CurveType = ECCurve.ECCurveType.PrimeShortWeierstrass;
c.A = ("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC").HexToByteArray();
c.B = ("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B").HexToByteArray();
c.G = new ECPoint()
{
X = ("6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296").HexToByteArray(),
Y = ("4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5").HexToByteArray(),
};
c.Cofactor = ("01").HexToByteArray();
c.Order = ("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551").HexToByteArray();
c.Prime = ("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF").HexToByteArray();
c.Seed = null;
c.Hash = null;
p.Curve = c;
return p;
}
/// <summary>
/// Exports the key and explicit curve parameters used by the ECC object into an <see cref="ECParameters"/> object.
/// </summary>
/// <exception cref="CryptographicException">
/// if there was an issue obtaining the curve values.
/// </exception>
/// <exception cref="PlatformNotSupportedException">
/// if explicit export is not supported by this platform. Windows 10 or higher is required.
/// </exception>
/// <returns>The key and explicit curve parameters used by the ECC object.</returns>
public override ECParameters ExportExplicitParameters(bool includePrivateParameters)
{
byte[] blob = ExportFullKeyBlob(includePrivateParameters);
ECParameters ecparams = new ECParameters();
ECCng.ExportPrimeCurveParameters(ref ecparams, blob, includePrivateParameters);
return ecparams;
}
internal static ECParameters GetNistP224KeyTestData()
{
// key values for nistP224
ECParameters p = new ECParameters();
p.Q = new ECPoint
{
X = ("00B6C6FA7EFF084CEF007B414690027085173AAB846906C964D900C0").HexToByteArray(),
Y = ("845213F2A07DDE66EE0B19021E62C721A0FBF41E878FB2A34C40C872").HexToByteArray()
};
p.D = ("CE57F5C60F208819DC5FB994FF4EB4E11D40694B5E79564C2688B756").HexToByteArray();
p.Curve = ECCurve.CreateFromOid(new Oid("1.3.132.0.33", "nistP224"));
return p;
}
/// <summary>
/// Exports the key used by the ECC object into an <see cref="ECParameters"/> object.
/// If the curve has a name, the Curve property will contain named curve parameters otherwise it will contain explicit parameters.
/// </summary>
/// <exception cref="CryptographicException">
/// if there was an issue obtaining the curve values.
/// </exception>
/// <returns>The key and named curve parameters used by the ECC object.</returns>
public override ECParameters ExportParameters(bool includePrivateParameters)
{
ECParameters ecparams = new ECParameters();
string curveName = GetCurveName();
if (string.IsNullOrEmpty(curveName))
{
byte[] fullKeyBlob = ExportFullKeyBlob(includePrivateParameters);
ECCng.ExportPrimeCurveParameters(ref ecparams, fullKeyBlob, includePrivateParameters);
}
else
{
byte[] keyBlob = ExportKeyBlob(includePrivateParameters);
ECCng.ExportNamedCurveParameters(ref ecparams, keyBlob, includePrivateParameters);
ecparams.Curve = ECCurve.CreateFromFriendlyName(curveName);
}
return ecparams;
}
public void TestChangeFromNamedCurveToKeySize(CurveDef curveDef)
{
using (ECDsa ec = ECDsaFactory.Create(curveDef.Curve))
{
ECParameters param = ec.ExportParameters(false);
// Avoid comparing against same key as in curveDef
if (ec.KeySize != 384 && ec.KeySize != 521)
{
ec.KeySize = 384;
ECParameters param384 = ec.ExportParameters(false);
Assert.NotEqual(param.Curve.Oid.FriendlyName, param384.Curve.Oid.FriendlyName);
Assert.Equal(384, ec.KeySize);
ec.KeySize = 521;
ECParameters param521 = ec.ExportParameters(false);
Assert.NotEqual(param384.Curve.Oid.FriendlyName, param521.Curve.Oid.FriendlyName);
Assert.Equal(521, ec.KeySize);
}
}
}
public static void TestGeneralExportWithExplicitParameters()
{
if (!ECDiffieHellmanFactory.ExplicitCurvesSupported)
{
return;
}
using (ECDiffieHellman ecdsa = ECDiffieHellmanFactory.Create())
{
ECParameters param = EccTestData.GetNistP256ExplicitTestData();
param.Validate();
ecdsa.ImportParameters(param);
Assert.True(param.Curve.IsExplicit);
param = ecdsa.ExportParameters(false);
param.Validate();
// We should have explicit values, not named, as this curve has no name.
Assert.True(param.Curve.IsExplicit);
}
}
internal static ECDiffieHellman CreateECDiffieHellmanFromPublicKeyBlob(byte[] keyBlob)
{
Debug.Assert(keyBlob.Length == ECCPublicKeyBlob.Size, $"ECC public key blob was not the expected length. Actual: {keyBlob.Length}. Expected: {ECCPublicKeyBlob.Size}");
byte[] x = new byte[ECCPublicKeyBlob.KeySize];
byte[] y = new byte[ECCPublicKeyBlob.KeySize];
Buffer.BlockCopy(keyBlob, ECCPublicKeyBlob.HeaderSize, x, 0, ECCPublicKeyBlob.KeySize);
Buffer.BlockCopy(keyBlob, ECCPublicKeyBlob.HeaderSize + ECCPublicKeyBlob.KeySize, y, 0, ECCPublicKeyBlob.KeySize);
var parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q = new ECPoint
{
X = x,
Y = y
},
};
return(ECDiffieHellman.Create(parameters));
}
public static void ImportExplicitWithHashButNoSeed()
{
if (!ECDsaFactory.ExplicitCurvesSupported)
{
return;
}
using (ECDsa ec = ECDsaFactory.Create())
{
ECCurve curve = EccTestData.GetNistP256ExplicitCurve();
Assert.NotNull(curve.Hash);
ec.GenerateKey(curve);
ECParameters parameters = ec.ExportExplicitParameters(true);
Assert.NotNull(parameters.Curve.Hash);
parameters.Curve.Seed = null;
ec.ImportParameters(parameters);
ec.Exercise();
}
}
private static void VerifyNamedCurve(ECParameters parameters, ECDsa ec, int keySize, bool includePrivate)
{
parameters.Validate();
Assert.True(parameters.Curve.IsNamed, "parameters.Curve.IsNamed");
Assert.Equal(keySize, ec.KeySize);
Assert.True(
includePrivate && parameters.D.Length > 0 ||
!includePrivate && parameters.D == null,
"Private key is " + (includePrivate ? "present" : "absent"));
if (includePrivate)
{
ec.Exercise();
}
// Ensure the key doesn't get regenerated after export
ECParameters paramSecondExport = ec.ExportParameters(includePrivate);
paramSecondExport.Validate();
AssertEqual(parameters, paramSecondExport);
}
private static void Validate(
ECParameters parameters,
ECCurve explicitCurve,
byte[] msg,
byte[] signature,
HashAlgorithmName hashAlgorithm)
{
byte[] tamperedSignature = (byte[])signature.Clone();
tamperedSignature[0] ^= 0xFF;
using (ECDsa ecdsa = ECDsaFactory.Create())
{
ecdsa.ImportParameters(parameters);
Assert.True(
ecdsa.VerifyData(msg, signature, hashAlgorithm),
"named verifies signature");
Assert.False(
ecdsa.VerifyData(msg, tamperedSignature, hashAlgorithm),
"named verifies tampered");
}
if (ECDsaFactory.ExplicitCurvesSupported)
{
using (ECDsa ecdsa = ECDsaFactory.Create())
{
parameters.Curve = explicitCurve;
ecdsa.ImportParameters(parameters);
Assert.True(
ecdsa.VerifyData(msg, signature, hashAlgorithm),
"explicit verifies signature");
Assert.False(
ecdsa.VerifyData(msg, tamperedSignature, hashAlgorithm),
"explicit verifies tampered");
}
}
}
public static Hash EncryptString(ByteString data, ECKeyPair keyPair)
{
using (var ecDiffieHellman = ECDiffieHellman.Create(keyPair))
{
using (var ephem = ECDiffieHellman.Create(keyPair.ECParameters.Curve))
{
ECParameters ephemPublicParams = ephem.ExportParameters(false);
int pointLen = ephemPublicParams.Q.X.Length;
byte[] rBar = new byte[pointLen * 2 + 1];
rBar[0] = (byte)(keyPair.PublicKey.X.Length + keyPair.PublicKey.Y.Length);
Buffer.BlockCopy(ephemPublicParams.Q.X, 0, rBar, 1, pointLen);
Buffer.BlockCopy(ephemPublicParams.Q.Y, 0, rBar, 1 + pointLen, pointLen);
var ek = ephem.DeriveKeyFromHash(ecDiffieHellman.PublicKey, HashAlgorithmName.SHA256, null,
new byte[] { 0, 0, 0, 1 });
var mk = ephem.DeriveKeyFromHash(ecDiffieHellman.PublicKey, HashAlgorithmName.SHA256, null,
new byte[] { 0, 0, 0, 2 });
using (RijndaelManaged aes = new RijndaelManaged())
{
aes.Padding = PaddingMode.PKCS7;
using (ICryptoTransform encryptor = aes.CreateEncryptor(ek, new byte[16]))
{
if (!encryptor.CanTransformMultipleBlocks)
{
throw new InvalidOperationException();
}
Hash em = encryptor.TransformFinalBlock(data, 0, data.Length);
byte[] da;
using (HMAC hmac = new HMACSHA256(mk))
{
da = hmac.ComputeHash(em);
}
return(rBar.Concat((byte[])em).Concat(da).ToArray());
}
}
}
}
}
public static void TestExplicitCurves(CurveDef curveDef)
{
if (!ECDiffieHellmanFactory.ExplicitCurvesSupported)
{
return;
}
using (ECDiffieHellman ec1 = ECDiffieHellmanFactory.Create(curveDef.Curve))
{
ECParameters param1 = ec1.ExportExplicitParameters(curveDef.IncludePrivate);
VerifyExplicitCurve(param1, ec1, curveDef);
using (ECDiffieHellman ec2 = ECDiffieHellmanFactory.Create())
{
ec2.ImportParameters(param1);
ECParameters param2 = ec2.ExportExplicitParameters(curveDef.IncludePrivate);
VerifyExplicitCurve(param1, ec1, curveDef);
AssertEqual(param1, param2);
}
}
}
public static void ValidateNistP521Sha512()
{
byte[] msg = (
"9ecd500c60e701404922e58ab20cc002651fdee7cbc9336adda33e4c1088fab1" +
"964ecb7904dc6856865d6c8e15041ccf2d5ac302e99d346ff2f686531d255216" +
"78d4fd3f76bbf2c893d246cb4d7693792fe18172108146853103a51f824acc62" +
"1cb7311d2463c3361ea707254f2b052bc22cb8012873dcbb95bf1a5cc53ab89f"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP521,
Q = new ECPoint
{
X = ("0061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd8" +
"1aedfe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad1").HexToByteArray(),
Y = ("00e7d0c75c38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3" +
"f58df7346435ff0434199583c97c665a97f12f706f2357da4b40288def888e59e6").HexToByteArray(),
},
D = ("00f749d32704bc533ca82cef0acf103d8f4fba67f08d2678e515ed7db886267ffa" +
"f02fab0080dca2359b72f574ccc29a0f218c8655c0cccf9fee6c5e567aa14cb926").HexToByteArray(),
};
byte[] signature = (
// r
"004de826ea704ad10bc0f7538af8a3843f284f55c8b946af9235af5af74f2b76e0" +
"99e4bc72fd79d28a380f8d4b4c919ac290d248c37983ba05aea42e2dd79fdd33e8" +
// s
"0087488c859a96fea266ea13bf6d114c429b163be97a57559086edb64aed4a1859" +
"4b46fb9efc7fd25d8b2de8f09ca0587f54bd287299f47b2ff124aac566e8ee3b43"
).HexToByteArray();
Validate(
parameters,
EccTestData.GetNistP521ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA512);
}
public static void ValidateNistP521Sha384()
{
byte[] msg = (
"dbc094402c5b559d53168c6f0c550d827499c6fb2186ae2db15b89b4e6f46220" +
"386d6f01bebde91b6ceb3ec7b4696e2cbfd14894dd0b7d656d23396ce920044f" +
"9ca514bf115cf98ecaa55b950a9e49365c2f3a05be5020e93db92c3743751304" +
"4973e792af814d0ffad2c8ecc89ae4b35ccb19318f0b988a7d33ec5a4fe85dfe"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP521,
Q = new ECPoint
{
X = ("013b4ab7bc1ddf7fd74ca6f75ac560c94169f435361e74eba1f8e759ac70ab3af1" +
"38d8807aca3d8e73b5c2eb787f6dcca2718122bd94f08943a686b115d869d3f406").HexToByteArray(),
Y = ("00f293c1d627b44e7954d0546270665888144a94d437679d074787959d0d944d82" +
"23b9d4b5d068b4fbbd1176a004b476810475cd2a200b83eccd226d08b444a71e71").HexToByteArray(),
},
D = ("0095976d387d814e68aeb09abecdbf4228db7232cd3229569ade537f33e07ed0da" +
"0abdee84ab057c9a00049f45250e2719d1ecaccf91c0e6fcdd4016b75bdd98a950").HexToByteArray(),
};
byte[] signature = (
// r
"002128f77df66d16a604ffcd1a515e039d49bf6b91a215b814b2a1c88d32039521" +
"fbd142f717817b838450229025670d99c1fd5ab18bd965f093cae7accff0675aae" +
// s
"0008dc65a243700a84619dce14e44ea8557e36631db1a55de15865497dbfd66e76" +
"a7471f78e510c04e613ced332aa563432a1017da8b81c146059ccc7930153103a6"
).HexToByteArray();
Validate(
parameters,
EccTestData.GetNistP521ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA384);
}
/// <summary>
/// Exports the key used by the ECC object into an <see cref="ECParameters"/> object.
/// If the key was created as a named curve, the Curve property will contain named curve parameters
/// otherwise it will contain explicit parameters.
/// </summary>
/// <exception cref="CryptographicException">
/// if there was an issue obtaining the curve values.
/// </exception>
/// <returns>The key and named curve parameters used by the ECC object.</returns>
public override ECParameters ExportParameters()
{
using (CngKey key = Import())
{
ECParameters ecparams = new ECParameters();
string curveName = key.GetCurveName(out _);
if (string.IsNullOrEmpty(curveName))
{
byte[] fullKeyBlob = ECCng.ExportFullKeyBlob(key, includePrivateParameters: false);
ECCng.ExportPrimeCurveParameters(ref ecparams, fullKeyBlob, includePrivateParameters: false);
}
else
{
byte[] keyBlob = ECCng.ExportKeyBlob(key, includePrivateParameters: false);
ECCng.ExportNamedCurveParameters(ref ecparams, keyBlob, includePrivateParameters: false);
ecparams.Curve = ECCurve.CreateFromFriendlyName(curveName);
}
return(ecparams);
}
}
public static string Sign(string apiKey, string data)
{
var digest = SHA256.Create().ComputeHash(Encoding.ASCII.GetBytes(data));
var keyInfo = ASN1.ParseASN1String(apiKey);
if (!ASN1.NIST_P_256_CURVE.Equals(keyInfo.CurveNameHex, StringComparison.InvariantCultureIgnoreCase))
{
throw new NotSupportedException("Curves other than NIST P256 are not supported");
}
var q = new ECPoint {
X = keyInfo.Qx, Y = keyInfo.Qy
};
var d = keyInfo.PrivateKey;
var ecParams = new ECParameters {
D = d, Curve = ECCurve.NamedCurves.nistP256, Q = q
};
using (var dsa = ECDsa.Create(ecParams))
{
return(Utils.ByteArrayToHexString(dsa.SignHash(digest)));
}
}
public static void TestNamedCurves(CurveDef curveDef)
{
if (!curveDef.Curve.IsNamed)
{
return;
}
using (ECDsa ec1 = ECDsaFactory.Create(curveDef.Curve))
{
ECParameters param1 = ec1.ExportParameters(curveDef.IncludePrivate);
VerifyNamedCurve(param1, ec1, curveDef.KeySize, curveDef.IncludePrivate);
using (ECDsa ec2 = ECDsaFactory.Create())
{
ec2.ImportParameters(param1);
ECParameters param2 = ec2.ExportParameters(curveDef.IncludePrivate);
VerifyNamedCurve(param2, ec2, curveDef.KeySize, curveDef.IncludePrivate);
AssertEqual(param1, param2);
}
}
}
public void LookupCurveByOidFriendlyName()
{
// prime256v1 is alias for nistP256 for OpenSsl
var ec = new ECDiffieHellmanOpenSsl(ECCurve.CreateFromFriendlyName("prime256v1"));
ECParameters param = ec.ExportParameters(false);
param.Validate();
Assert.Equal(256, ec.KeySize);
Assert.True(param.Curve.IsNamed);
Assert.Equal("ECDSA_P256", param.Curve.Oid.FriendlyName); // OpenSsl maps prime256v1 to ECDSA_P256
Assert.Equal(ECDSA_P256_OID_VALUE, param.Curve.Oid.Value);
// secp521r1 is same as nistP521; note Windows uses secP521r1 (uppercase P)
ec = new ECDiffieHellmanOpenSsl(ECCurve.CreateFromFriendlyName("secp521r1"));
param = ec.ExportParameters(false);
param.Validate();
Assert.Equal(521, ec.KeySize);
Assert.True(param.Curve.IsNamed);
Assert.Equal("ECDSA_P521", param.Curve.Oid.FriendlyName); // OpenSsl maps secp521r1 to ECDSA_P521
Assert.Equal(ECDSA_P521_OID_VALUE, param.Curve.Oid.Value);
}
private void ECParameters()
{
ECDsa eCDsa = ECDsa.Create();
var keyLength = Algorithm.Serialize().Split(new string[] { "ES" }, StringSplitOptions.None)[1]; // Algorithm = 'ES' + Keylength
var curveName = "P-" + keyLength;
Oid curveOid = null; // Workaround: Using ECCurve.CreateFromFriendlyName results in a PlatformException for NIST curves
switch (keyLength)
{
case "256":
curveOid = new Oid("1.2.840.10045.3.1.7");
break;
case "384":
curveOid = new Oid("1.3.132.0.34");
break;
case "512":
curveOid = new Oid("1.3.132.0.35");
break;
default:
throw new ArgumentException("Could not create ECCurve based on algorithm: " + Algorithm.Serialize());
}
eCDsa.GenerateKey(ECCurve.CreateFromOid(curveOid));
ECParameters eCParameters = eCDsa.ExportParameters(true);
var privateKeyD = Base64urlEncode(eCParameters.D);
var publicKeyX = Base64urlEncode(eCParameters.Q.X);
var publicKeyY = Base64urlEncode(eCParameters.Q.Y);
KeyParameters = new Dictionary <KeyParameter, string>
{
{ ECKeyParameterCRV, curveName },
{ ECKeyParameterX, publicKeyX },
{ ECKeyParameterY, publicKeyY },
{ ECKeyParameterD, privateKeyD }
};
}
private static void WriteECParametersAsCosePublicKey(CborWriter writer, ECParameters ecParams, HashAlgorithmName?algorithmName)
{
Debug.Assert(writer.ConformanceMode == CborConformanceMode.Ctap2Canonical && writer.ConvertIndefiniteLengthEncodings);
if (ecParams.Q.X is null || ecParams.Q.Y is null)
{
throw new ArgumentException("does not specify a public key point.", nameof(ecParams));
}
// run these first to perform necessary validation
(CoseKeyType kty, CoseCrvId crv) = MapECCurveToCoseKtyAndCrv(ecParams.Curve);
CoseKeyAlgorithm?alg = (algorithmName != null) ? MapHashAlgorithmNameToCoseKeyAlg(algorithmName.Value) : (CoseKeyAlgorithm?)null;
// Begin writing a CBOR object
writer.WriteStartMap(definiteLength: null);
// NB labels should be sorted according to CTAP2 canonical encoding rules.
// While the CborWriter will attempt to sort the encodings on its own,
// it is generally more efficient if keys are written in sorted order to begin with.
WriteCoseKeyLabel(writer, CoseKeyLabel.Kty);
writer.WriteInt32((int)kty);
if (alg != null)
{
WriteCoseKeyLabel(writer, CoseKeyLabel.Alg);
writer.WriteInt32((int)alg);
}
WriteCoseKeyLabel(writer, CoseKeyLabel.EcCrv);
writer.WriteInt32((int)crv);
WriteCoseKeyLabel(writer, CoseKeyLabel.EcX);
writer.WriteByteString(ecParams.Q.X);
WriteCoseKeyLabel(writer, CoseKeyLabel.EcY);
writer.WriteByteString(ecParams.Q.Y);
writer.WriteEndMap();
public virtual void HandleMcpeServerToClientHandshake(McpeServerToClientHandshake message)
{
string token = message.token;
Log.Debug($"JWT:\n{token}");
IDictionary <string, dynamic> headers = JWT.Headers(token);
string x5u = headers["x5u"];
Log.Debug($"JWT payload:\n{JWT.Payload(token)}");
var remotePublicKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(x5u.DecodeBase64());
var signParam = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q =
{
X = remotePublicKey.Q.AffineXCoord.GetEncoded(),
Y = remotePublicKey.Q.AffineYCoord.GetEncoded()
},
};
signParam.Validate();
var signKey = ECDsa.Create(signParam);
try
{
var data = JWT.Decode <HandshakeData>(token, signKey);
Client.InitiateEncryption(Base64Url.Decode(x5u), Base64Url.Decode(data.salt));
}
catch (Exception e)
{
Log.Error(token, e);
throw;
}
}
public static byte[] GetSecret(ReadOnlyMemory <byte> publicKey, ReadOnlyMemory <byte> privateKey)
{
ECParameters ecParameters;
{
var plist = SerializeHelper.Decode(privateKey).ToArray();
ecParameters = new ECParameters()
{
Curve = ECCurve.NamedCurves.nistP521,
Q = new ECPoint()
{
X = plist[0].ToArray(),
Y = plist[1].ToArray(),
},
D = plist[2].ToArray(),
};
}
ECDiffieHellmanPublicKey ecDiffieHellmanPublicKey;
{
var plist = SerializeHelper.Decode(publicKey).ToArray();
ecDiffieHellmanPublicKey = new CustomECDiffieHellmanPublicKey(
ECCurve.NamedCurves.nistP521,
new ECPoint()
{
X = plist[0].ToArray(),
Y = plist[1].ToArray(),
});
}
using (var ecdh = ECDiffieHellman.Create())
{
ecdh.ImportParameters(ecParameters);
return(ecdh.DeriveKeyFromHash(ecDiffieHellmanPublicKey, HashAlgorithmName.SHA256));
}
}
public static bool Verify(ReadOnlyMemory <byte> publicKey, ReadOnlyMemory <byte> signature, ReadOnlySequence <byte> sequence)
{
ECParameters ecParameters;
{
var plist = SerializeHelper.Decode(publicKey).ToArray();
ecParameters = new ECParameters()
{
Q = new ECPoint()
{
X = plist[0].ToArray(),
Y = plist[1].ToArray(),
},
};
}
using (var ecdsa = ECDsa.Create())
{
ecdsa.ImportParameters(ecParameters);
return(ecdsa.VerifyHash(Sha2_256.ComputeHash(sequence).AsSpan(), signature.Span));
}
}
private static ECDiffieHellman CreateECDiffieHellman(ECParameters ecParameters)
{
switch (ecParameters.Curve.Oid.Value)
{
case "1.2.840.10045.3.1.7": // NIST P-256
case "1.3.132.0.34": // NIST P-384
case "1.3.132.0.35": // NIST P-521
case "1.3.36.3.3.2.8.1.1.7": // brainpoolP256r1
case "1.3.36.3.3.2.8.1.1.11": // brainpoolP384r1 (not in RFC 4880bis!)
case "1.3.36.3.3.2.8.1.1.13": // brainpoolP512r1
return(ECDiffieHellman.Create(ecParameters));
case "1.3.6.1.4.1.3029.1.5.1": // Curve25519 / X25519
if (ecParameters.D != null)
{
Array.Reverse(ecParameters.D);
}
return(new X25519(ecParameters));
default:
throw new CryptographicException(SR.Cryptography_OpenPgp_UnsupportedCurveOid, ecParameters.Curve.Oid.Value);
}
}
public void ImportFromPem_Spki_IgnoresUnrelatedAlgorithms()
{
using (TAlg key = CreateKey())
{
key.ImportFromPem(@"
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBALc/WfXui9VeJLf/AprRaoVDyW0lPlQxm5NTLEHDwUd7idstLzPX
uah0WEjgao5oO1BEUR4byjYlJ+F89Cs4BhUCAwEAAQJBAK/m8jYvnK9exaSR+DAh
Ij12ip5pB+HOFOdhCbS/coNoIowa6WJGrd3Np1m9BBhouWloF8UB6Iu8/e/wAg+F
9ykCIQDzcnsehnYgVZTTxzoCJ01PGpgESilRyFzNEsb8V60ZewIhAMCyOujqUqn7
Q079SlHzXuvocqIdt4IM1EmIlrlU9GGvAh8Ijv3FFPUSLfANgfOIH9mX7ldpzzGk
rmaUzxQvyuVLAiEArCTM8dSbopUADWnD4jArhU50UhWAIaM6ZrKqC8k0RKsCIQDC
yZWUxoxAdjfrBGsx+U6BHM0Myqqe7fY7hjWzj4aBCw==
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgQHs5HRkpurXDPaabivT2IaRoyYt
Isuk92Ner/JmgKjYoSumHVmSNfZ9nLTVjxeD08pD548KWrqmJAeZNsDDqQ==
-----END PUBLIC KEY-----");
ECParameters ecParameters = ExportParameters(key, false);
ECParameters expected = EccTestData.GetNistP256ReferenceKey();
EccTestBase.ComparePublicKey(expected.Q, ecParameters.Q, isEqual: true);
}
}
public static void TestHashRoundTrip(CurveDef curveDef)
{
// This test is in the cng only tests because OpenSsl does not provide the hash algorithm
using (var cng = new ECDsaCng(curveDef.Curve))
{
ECParameters param = cng.ExportExplicitParameters(false);
// Add some dummy values and import
Assert.True(param.Curve.IsExplicit);
var curve = param.Curve;
curve.Hash = HashAlgorithmName.SHA1;
curve.Seed = new byte[1] {
0xFF
}; // Hash should have a seed
param.Curve = curve;
cng.ImportParameters(param);
// Export to see if the hash is there
ECParameters param2 = cng.ExportExplicitParameters(false);
Assert.Equal(HashAlgorithmName.SHA1.Name.ToUpper(), param2.Curve.Hash.Value.Name.ToUpper());
Assert.Equal(0xFF, param2.Curve.Seed[0]);
}
}
protected static ECParameters ReadOpenPgpECParameters(ReadOnlySpan <byte> source, out int bytesRead)
{
ECParameters ecParameters = new ECParameters();
int oidLength = source[0];
// TODO: Validate oidLength
var oidBytes = new byte[oidLength + 2];
oidBytes[0] = 6;
oidBytes[1] = (byte)oidLength;
source.Slice(1, oidLength).CopyTo(oidBytes.AsSpan(2));
var oid = new Oid(AsnDecoder.ReadObjectIdentifier(oidBytes, AsnEncodingRules.DER, out _));
ecParameters.Curve = ECCurve.CreateFromOid(oid);
var pointBytes = MPInteger.ReadInteger(source.Slice(oidLength + 1), out bytesRead);
bytesRead += oidLength + 1;
ecParameters.Q = DecodePoint(pointBytes);
return(ecParameters);
}
private ECDsa ConvertToSingKeyFormat(AsymmetricCipherKeyPair key)
{
ECPublicKeyParameters pubAsyKey = (ECPublicKeyParameters)key.Public;
ECPrivateKeyParameters privAsyKey = (ECPrivateKeyParameters)key.Private;
var signParam = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP256,
Q =
{
X = pubAsyKey.Q.AffineXCoord.GetEncoded(),
Y = pubAsyKey.Q.AffineYCoord.GetEncoded()
}
};
signParam.D = CryptoUtils.FixDSize(privAsyKey.D.ToByteArrayUnsigned(), signParam.Q.X.Length);
signParam.Validate();
X = pubAsyKey.Q.AffineXCoord.GetEncoded();
Y = pubAsyKey.Q.AffineYCoord.GetEncoded();
return(ECDsa.Create(signParam));
}
static byte[] getDeriveKey(byte[] key1, ECDiffieHellman alice)
{
byte[] keyX = new byte[key1.Length / 2];
byte[] keyY = new byte[keyX.Length];
Buffer.BlockCopy(key1, 1, keyX, 0, keyX.Length);
Buffer.BlockCopy(key1, 1 + keyX.Length, keyY, 0, keyY.Length);
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.brainpoolP256r1,
Q =
{
X = keyX,
Y = keyY,
},
};
byte[] derivedKey;
using (ECDiffieHellman bob = ECDiffieHellman.Create(parameters))
using (ECDiffieHellmanPublicKey bobPublic = bob.PublicKey)
{
return(derivedKey = alice.DeriveKeyFromHash(bobPublic, HashAlgorithmName.SHA256));
}
}
public _signatureProvider(SecurityKey key, string algorithm) : base(key, algorithm)
{
_key = key as JsonWebKey;
if (_key.Kty == JsonWebAlgorithmsKeyTypes.EllipticCurve)
{
var ecpa = new ECParameters
{
Curve = _curves[_key.Crv],
D = _key.D != null?Base64UrlEncoder.DecodeBytes(_key.D) : null,
Q = new ECPoint
{
X = Base64UrlEncoder.DecodeBytes(_key.X),
Y = Base64UrlEncoder.DecodeBytes(_key.Y)
}
};
_ecdsa = ECDsa.Create(ecpa);
}
else
{
throw new InvalidOperationException("Algorithm not yet supported");
}
}
public static void ValidateNistP384Sha512()
{
byte[] msg = (
"67d9eb88f289454d61def4764d1573db49b875cfb11e139d7eacc4b7a79d3db3" +
"bf7208191b2b2078cbbcc974ec0da1ed5e0c10ec37f6181bf81c0f32972a125d" +
"f64e3b3e1d838ec7da8dfe0b7fcc911e43159a79c73df5fa252b98790be511d8" +
"a732fcbf011aacc7d45d8027d50a347703d613ceda09f650c6104c9459537c8f"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q = new ECPoint
{
X = ("fb937e4a303617b71b6c1a25f2ac786087328a3e26bdef55e52d46ab5e69e541" +
"1bf9fc55f5df9994d2bf82e8f39a153e").HexToByteArray(),
Y = ("a97d9075e92fa5bfe67e6ec18e21cc4d11fde59a68aef72c0e46a28f31a9d603" +
"85f41f39da468f4e6c3d3fbac9046765").HexToByteArray(),
},
D = ("217afba406d8ab32ee07b0f27eef789fc201d121ffab76c8fbe3c2d352c59490" +
"9abe591c6f86233992362c9d631baf7c").HexToByteArray(),
};
byte[] signature = (
// r
"c269d9c4619aafdf5f4b3100211dddb14693abe25551e04f9499c91152a296d7449c08b36f87d1e16e8e15fee4a7f5c8" +
// s
"77ffed5c61665152d52161dc13ac3fbae5786928a3d736f42d34a9e4d6d4a70a02d5af90fa37a23a318902ae2656c071"
).HexToByteArray();
Validate(
parameters,
EccTestData.GetNistP384ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA512);
}
public static void TestNamedImportValidationNegative()
{
if (!ECDiffieHellmanFactory.ExplicitCurvesSupported)
{
return;
}
unchecked
{
using (ECDiffieHellman ec = ECDiffieHellmanFactory.Create())
{
ECParameters p = EccTestData.GetNistP224KeyTestData();
Assert.True(p.Curve.IsNamed);
var q = p.Q;
var c = p.Curve;
ec.ImportParameters(p);
ECParameters temp = p;
temp.Q.X = null; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp.Q.X = new byte[] { }; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp.Q.X = new byte[1] {
0x10
}; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp.Q.X = (byte[])p.Q.X.Clone(); temp.Q.X[0]--; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp = p;
temp.Q.Y = null; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp.Q.Y = new byte[] { }; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp.Q.Y = new byte[1] {
0x10
}; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp.Q.Y = (byte[])p.Q.Y.Clone(); temp.Q.Y[0]--; Assert.ThrowsAny <CryptographicException>(() => ec.ImportParameters(temp));
temp = p; temp.Curve = ECCurve.CreateFromOid(new Oid("Invalid", "Invalid")); Assert.ThrowsAny <PlatformNotSupportedException>(() => ec.ImportParameters(temp));
}
}
}
public static void ValidateNistP384Sha256()
{
byte[] msg = (
"663b12ebf44b7ed3872b385477381f4b11adeb0aec9e0e2478776313d536376d" +
"c8fd5f3c715bb6ddf32c01ee1d6f8b731785732c0d8441df636d8145577e7b31" +
"38e43c32a61bc1242e0e73d62d624cdc924856076bdbbf1ec04ad4420732ef0c" +
"53d42479a08235fcfc4db4d869c4eb2828c73928cdc3e3758362d1b770809997"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q = new ECPoint
{
X = ("0400193b21f07cd059826e9453d3e96dd145041c97d49ff6b7047f86bb0b0439" +
"e909274cb9c282bfab88674c0765bc75").HexToByteArray(),
Y = ("f70d89c52acbc70468d2c5ae75c76d7f69b76af62dcf95e99eba5dd11adf8f42" +
"ec9a425b0c5ec98e2f234a926b82a147").HexToByteArray(),
},
D = ("c602bc74a34592c311a6569661e0832c84f7207274676cc42a89f05816263018" +
"4b52f0d99b855a7783c987476d7f9e6b").HexToByteArray(),
};
byte[] signature = (
// r
"b11db00cdaf53286d4483f38cd02785948477ed7ebc2ad609054551da0ab0359978c61851788aa2ec3267946d440e878" +
// s
"16007873c5b0604ce68112a8fee973e8e2b6e3319c683a762ff5065a076512d7c98b27e74b7887671048ac027df8cbf2"
).HexToByteArray();
Validate(
parameters,
EccTestData.GetNistP384ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA256);
}
public void FromECDsaP384()
{
#if (NET45 || NETCOREAPP1_1)
Assert.Inconclusive("ECDsa is not available.");
#else
// From https://tools.ietf.org/html/rfc6605#section-6.2
var privateKey = Convert.FromBase64String("WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vwW7BOrbawVmVe0d9V94SR");
var dnsPublicKey = Convert.FromBase64String("xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8/uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40");
var qx = new byte[48];
var qy = new byte[48];
Array.Copy(dnsPublicKey, 0, qx, 0, 48);
Array.Copy(dnsPublicKey, 48, qy, 0, 48);
// Create the public key
var parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q = new ECPoint
{
X = qx,
Y = qy,
}
};
ECDsa publicKey = ECDsa.Create(parameters);
var dnskey = new DNSKEYRecord(publicKey)
{
Flags = DNSKEYFlags.ZoneKey | DNSKEYFlags.SecureEntryPoint
};
Assert.AreEqual(DNSKEYFlags.ZoneKey | DNSKEYFlags.SecureEntryPoint, dnskey.Flags);
Assert.AreEqual(3, dnskey.Protocol);
Assert.AreEqual(SecurityAlgorithm.ECDSAP384SHA384, dnskey.Algorithm);
CollectionAssert.AreEqual(dnsPublicKey, dnskey.PublicKey);
Assert.AreEqual(10771, dnskey.KeyTag());
#endif
}
/// <summary>
/// Creates an instance of the platform specific implementation of the cref="ECDsa" algorithm.
/// </summary>
/// <param name="parameters">
/// The <see cref="ECParameters"/> representing the elliptic curve parameters.
/// </param>
public static ECDsa Create(ECParameters parameters)
{
ECDsa ec = new ECDsaImplementation.ECDsaOpenSsl();
ec.ImportParameters(parameters);
return ec;
}
public static void ValidateNistP384Sha512()
{
byte[] msg = (
"67d9eb88f289454d61def4764d1573db49b875cfb11e139d7eacc4b7a79d3db3" +
"bf7208191b2b2078cbbcc974ec0da1ed5e0c10ec37f6181bf81c0f32972a125d" +
"f64e3b3e1d838ec7da8dfe0b7fcc911e43159a79c73df5fa252b98790be511d8" +
"a732fcbf011aacc7d45d8027d50a347703d613ceda09f650c6104c9459537c8f"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q = new ECPoint
{
X = ("fb937e4a303617b71b6c1a25f2ac786087328a3e26bdef55e52d46ab5e69e541" +
"1bf9fc55f5df9994d2bf82e8f39a153e").HexToByteArray(),
Y = ("a97d9075e92fa5bfe67e6ec18e21cc4d11fde59a68aef72c0e46a28f31a9d603" +
"85f41f39da468f4e6c3d3fbac9046765").HexToByteArray(),
},
D = ("217afba406d8ab32ee07b0f27eef789fc201d121ffab76c8fbe3c2d352c59490" +
"9abe591c6f86233992362c9d631baf7c").HexToByteArray(),
};
byte[] signature = (
// r
"c269d9c4619aafdf5f4b3100211dddb14693abe25551e04f9499c91152a296d7449c08b36f87d1e16e8e15fee4a7f5c8" +
// s
"77ffed5c61665152d52161dc13ac3fbae5786928a3d736f42d34a9e4d6d4a70a02d5af90fa37a23a318902ae2656c071"
).HexToByteArray();
Validate(
parameters,
ECDsaTestData.GetNistP384ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA512);
}
public static void ValidateNistP521Sha384()
{
byte[] msg = (
"dbc094402c5b559d53168c6f0c550d827499c6fb2186ae2db15b89b4e6f46220" +
"386d6f01bebde91b6ceb3ec7b4696e2cbfd14894dd0b7d656d23396ce920044f" +
"9ca514bf115cf98ecaa55b950a9e49365c2f3a05be5020e93db92c3743751304" +
"4973e792af814d0ffad2c8ecc89ae4b35ccb19318f0b988a7d33ec5a4fe85dfe"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP521,
Q = new ECPoint
{
X = ("013b4ab7bc1ddf7fd74ca6f75ac560c94169f435361e74eba1f8e759ac70ab3af1" +
"38d8807aca3d8e73b5c2eb787f6dcca2718122bd94f08943a686b115d869d3f406").HexToByteArray(),
Y = ("00f293c1d627b44e7954d0546270665888144a94d437679d074787959d0d944d82" +
"23b9d4b5d068b4fbbd1176a004b476810475cd2a200b83eccd226d08b444a71e71").HexToByteArray(),
},
D = ("0095976d387d814e68aeb09abecdbf4228db7232cd3229569ade537f33e07ed0da" +
"0abdee84ab057c9a00049f45250e2719d1ecaccf91c0e6fcdd4016b75bdd98a950").HexToByteArray(),
};
byte[] signature = (
// r
"002128f77df66d16a604ffcd1a515e039d49bf6b91a215b814b2a1c88d32039521" +
"fbd142f717817b838450229025670d99c1fd5ab18bd965f093cae7accff0675aae" +
// s
"0008dc65a243700a84619dce14e44ea8557e36631db1a55de15865497dbfd66e76" +
"a7471f78e510c04e613ced332aa563432a1017da8b81c146059ccc7930153103a6"
).HexToByteArray();
Validate(
parameters,
ECDsaTestData.GetNistP521ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA384);
}
public static void ValidateNistP521Sha512()
{
byte[] msg = (
"9ecd500c60e701404922e58ab20cc002651fdee7cbc9336adda33e4c1088fab1" +
"964ecb7904dc6856865d6c8e15041ccf2d5ac302e99d346ff2f686531d255216" +
"78d4fd3f76bbf2c893d246cb4d7693792fe18172108146853103a51f824acc62" +
"1cb7311d2463c3361ea707254f2b052bc22cb8012873dcbb95bf1a5cc53ab89f"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP521,
Q = new ECPoint
{
X = ("0061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd8" +
"1aedfe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad1").HexToByteArray(),
Y = ("00e7d0c75c38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3" +
"f58df7346435ff0434199583c97c665a97f12f706f2357da4b40288def888e59e6").HexToByteArray(),
},
D = ("00f749d32704bc533ca82cef0acf103d8f4fba67f08d2678e515ed7db886267ffa" +
"f02fab0080dca2359b72f574ccc29a0f218c8655c0cccf9fee6c5e567aa14cb926").HexToByteArray(),
};
byte[] signature = (
// r
"004de826ea704ad10bc0f7538af8a3843f284f55c8b946af9235af5af74f2b76e0" +
"99e4bc72fd79d28a380f8d4b4c919ac290d248c37983ba05aea42e2dd79fdd33e8" +
// s
"0087488c859a96fea266ea13bf6d114c429b163be97a57559086edb64aed4a1859" +
"4b46fb9efc7fd25d8b2de8f09ca0587f54bd287299f47b2ff124aac566e8ee3b43"
).HexToByteArray();
Validate(
parameters,
ECDsaTestData.GetNistP521ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA512);
}
private static void Validate(
ECParameters parameters,
ECCurve explicitCurve,
byte[] msg,
byte[] signature,
HashAlgorithmName hashAlgorithm)
{
byte[] tamperedSignature = (byte[])signature.Clone();
tamperedSignature[0] ^= 0xFF;
using (ECDsa ecdsa = ECDsaFactory.Create())
{
ecdsa.ImportParameters(parameters);
Assert.True(
ecdsa.VerifyData(msg, signature, hashAlgorithm),
"named verifies signature");
Assert.False(
ecdsa.VerifyData(msg, tamperedSignature, hashAlgorithm),
"named verifies tampered");
}
if (ECDsaFactory.ExplicitCurvesSupported)
{
using (ECDsa ecdsa = ECDsaFactory.Create())
{
parameters.Curve = explicitCurve;
ecdsa.ImportParameters(parameters);
Assert.True(
ecdsa.VerifyData(msg, signature, hashAlgorithm),
"explicit verifies signature");
Assert.False(
ecdsa.VerifyData(msg, tamperedSignature, hashAlgorithm),
"explicit verifies tampered");
}
}
}
public static void ValidateNistP384Sha256()
{
byte[] msg = (
"663b12ebf44b7ed3872b385477381f4b11adeb0aec9e0e2478776313d536376d" +
"c8fd5f3c715bb6ddf32c01ee1d6f8b731785732c0d8441df636d8145577e7b31" +
"38e43c32a61bc1242e0e73d62d624cdc924856076bdbbf1ec04ad4420732ef0c" +
"53d42479a08235fcfc4db4d869c4eb2828c73928cdc3e3758362d1b770809997"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP384,
Q = new ECPoint
{
X = ("0400193b21f07cd059826e9453d3e96dd145041c97d49ff6b7047f86bb0b0439" +
"e909274cb9c282bfab88674c0765bc75").HexToByteArray(),
Y = ("f70d89c52acbc70468d2c5ae75c76d7f69b76af62dcf95e99eba5dd11adf8f42" +
"ec9a425b0c5ec98e2f234a926b82a147").HexToByteArray(),
},
D = ("c602bc74a34592c311a6569661e0832c84f7207274676cc42a89f05816263018" +
"4b52f0d99b855a7783c987476d7f9e6b").HexToByteArray(),
};
byte[] signature = (
// r
"b11db00cdaf53286d4483f38cd02785948477ed7ebc2ad609054551da0ab0359978c61851788aa2ec3267946d440e878" +
// s
"16007873c5b0604ce68112a8fee973e8e2b6e3319c683a762ff5065a076512d7c98b27e74b7887671048ac027df8cbf2"
).HexToByteArray();
Validate(
parameters,
ECDsaTestData.GetNistP384ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA256);
}
private static void VerifyNamedCurve(ECParameters parameters, ECDsa ec, int keySize, bool includePrivate)
{
parameters.Validate();
Assert.True(parameters.Curve.IsNamed);
Assert.Equal(keySize, ec.KeySize);
Assert.True(
includePrivate && parameters.D.Length > 0 ||
!includePrivate && parameters.D == null);
if (includePrivate)
ec.Exercise();
// Ensure the key doesn't get regenerated after export
ECParameters paramSecondExport = ec.ExportParameters(includePrivate);
paramSecondExport.Validate();
AssertEqual(parameters, paramSecondExport);
}
private static void VerifyExplicitCurve(ECParameters parameters, ECDsa ec, CurveDef curveDef)
{
Assert.True(parameters.Curve.IsExplicit);
ECCurve curve = parameters.Curve;
Assert.True(curveDef.IsCurveTypeEqual(curve.CurveType));
Assert.True(
curveDef.IncludePrivate && parameters.D.Length > 0 ||
!curveDef.IncludePrivate && parameters.D == null);
Assert.Equal(curveDef.KeySize, ec.KeySize);
Assert.Equal(curve.A.Length, parameters.Q.X.Length);
Assert.Equal(curve.A.Length, parameters.Q.Y.Length);
Assert.Equal(curve.A.Length, curve.B.Length);
Assert.Equal(curve.A.Length, curve.G.X.Length);
Assert.Equal(curve.A.Length, curve.G.Y.Length);
Assert.True(curve.Seed == null || curve.Seed.Length > 0);
Assert.True(curve.Order == null || curve.Order.Length > 0);
if (curve.IsPrime)
{
Assert.Equal(curve.A.Length,curve.Prime.Length);
}
if (curveDef.IncludePrivate)
ec.Exercise();
// Ensure the key doesn't get regenerated after export
ECParameters paramSecondExport = ec.ExportExplicitParameters(curveDef.IncludePrivate);
AssertEqual(parameters, paramSecondExport);
}
internal static void ComparePrivateKey(ECParameters p1, ECParameters p2, bool isEqual = true)
{
if (isEqual)
{
Assert.Equal(p1.D, p2.D);
}
else
{
Assert.NotEqual(p1.D, p2.D);
}
}
internal static void AssertEqual(ECParameters p1, ECParameters p2)
{
ComparePrivateKey(p1, p2);
ComparePublicKey(p1.Q, p2.Q);
CompareCurve(p1.Curve, p2.Curve);
}
public static void ValidateNistP256Sha256()
{
byte[] msg = (
"5905238877c77421f73e43ee3da6f2d9e2ccad5fc942dcec0cbd25482935faaf" +
"416983fe165b1a045ee2bcd2e6dca3bdf46c4310a7461f9a37960ca672d3feb5" +
"473e253605fb1ddfd28065b53cb5858a8ad28175bf9bd386a5e471ea7a65c17c" +
"c934a9d791e91491eb3754d03799790fe2d308d16146d5c9b0d0debd97d79ce8"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP256,
Q = new ECPoint
{
X = "1ccbe91c075fc7f4f033bfa248db8fccd3565de94bbfb12f3c59ff46c271bf83".HexToByteArray(),
Y = "ce4014c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9".HexToByteArray(),
},
D = "519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464".HexToByteArray(),
};
byte[] signature = (
// r
"f3ac8061b514795b8843e3d6629527ed2afd6b1f6a555a7acabb5e6f79c8c2ac" +
// s
"8bf77819ca05a6b2786c76262bf7371cef97b218e96f175a3ccdda2acc058903"
).HexToByteArray();
Validate(
parameters,
ECDsaTestData.GetNistP256ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA256);
}
public static void ValidateNistP256Sha384()
{
byte[] msg = (
"e0b8596b375f3306bbc6e77a0b42f7469d7e83635990e74aa6d713594a3a2449" +
"8feff5006790742d9c2e9b47d714bee932435db747c6e733e3d8de41f2f91311" +
"f2e9fd8e025651631ffd84f66732d3473fbd1627e63dc7194048ebec93c95c15" +
"9b5039ab5e79e42c80b484a943f125de3da1e04e5bf9c16671ad55a1117d3306"
).HexToByteArray();
ECParameters parameters = new ECParameters
{
Curve = ECCurve.NamedCurves.nistP256,
Q = new ECPoint
{
X = "e0e7b99bc62d8dd67883e39ed9fa0657789c5ff556cc1fd8dd1e2a55e9e3f243".HexToByteArray(),
Y = "63fbfd0232b95578075c903a4dbf85ad58f8350516e1ec89b0ee1f5e1362da69".HexToByteArray(),
},
D = "b6faf2c8922235c589c27368a3b3e6e2f42eb6073bf9507f19eed0746c79dced".HexToByteArray(),
};
byte[] signature = (
// r
"f5087878e212b703578f5c66f434883f3ef414dc23e2e8d8ab6a8d159ed5ad83" +
// s
"306b4c6c20213707982dffbb30fba99b96e792163dd59dbe606e734328dd7c8a"
).HexToByteArray();
Validate(
parameters,
ECDsaTestData.GetNistP256ExplicitCurve(),
msg,
signature,
HashAlgorithmName.SHA384);
}
