public void TestSealOpen()
{
string inputMsg = "This is a message";
byte[] input = Encoding.ASCII.GetBytes(inputMsg);
const int numKeys = 10;
var rsas = new RSA[numKeys];
var pkeys = new CryptoKey[numKeys];
for (int i = 0; i < numKeys; i++) {
rsas[i] = new RSA();
rsas[i].GenerateKeys(1024, BigNumber.One, null, null);
pkeys[i] = new CryptoKey(rsas[i]);
}
try {
foreach (var cipher in Ciphers(true)) {
using (var cc = new CipherContext(cipher)) {
var env = cc.Seal(pkeys, input);
Assert.AreNotEqual(input, env.Data);
for (int i = 0; i < numKeys; i++) {
var result = cc.Open(env.Data, env.Keys[i], env.IV, pkeys[i]);
Assert.AreEqual(input, result);
}
}
}
}
finally {
for (int i = 0; i < numKeys; i++) {
pkeys[i].Dispose();
rsas[i].Dispose();
}
}
}
public void TestRsaSha1()
{
using (Configuration cfg = new Configuration("openssl.cnf"))
{
// Test RSA/SHA1 with other SelfSigned method
BigNumber bn = 0x10001;
CryptoKey key;
using (RSA rsa = new RSA())
{
rsa.GenerateKeys(2048, bn, OnGenerator, null);
key = new CryptoKey(rsa);
// rsa is assigned, we no longer need this instance
}
using (var root = X509CertificateAuthority.SelfSigned(
cfg,
new SimpleSerialNumber(),
key,
MessageDigest.SHA1,
"Root1",
DateTime.Now,
TimeSpan.FromDays(365)))
{
Console.WriteLine(root.Certificate);
}
}
}
/// <summary>
/// Calls X509_REQ_new() and then initializes version, subject, and key.
/// </summary>
/// <param name="version"></param>
/// <param name="subject"></param>
/// <param name="key"></param>
public X509Request(int version, X509Name subject, CryptoKey key)
: this()
{
this.Version = version;
this.Subject = subject;
this.PublicKey = key;
}
public void CanAddRequestExtensions()
{
var extList = new List<X509V3ExtensionValue> {
new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"),
new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
};
var start = DateTime.Now;
var end = start + TimeSpan.FromMinutes(10);
using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY))))
using (var request = new X509Request(1,new X509Name("foo"),key))
{
OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>();
foreach (var extValue in extList)
{
using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value))
{
Console.WriteLine(ext);
extensions.Add(ext);
}
}
request.AddExtensions(extensions);
Assert.AreEqual(EXPECTED_CERT, request.PEM);
}
}
public void CanAddExtensions()
{
X509V3ExtensionList extList = new X509V3ExtensionList();
extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));
DateTime start = DateTime.Now;
DateTime end = start + TimeSpan.FromMinutes(10);
CryptoKey key = new CryptoKey(new DSA(true));
using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) {
foreach (X509V3ExtensionValue extValue in extList) {
using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) {
cert.AddExtension(ext);
}
}
foreach (X509Extension ext in cert.Extensions) {
Console.WriteLine(ext);
}
Assert.AreEqual(extList.Count, cert.Extensions.Count);
}
}
public void Bug3017248()
{
CryptoKey key = new CryptoKey(new DSA(true));
BIO output = BIO.MemoryBuffer();
key.WritePrivateKey(output, Cipher.Null, "password");
output.SetClose(BIO.CloseOption.Close);
Console.WriteLine(output.ReadString());
}
static TestCipher()
{
const int numKeys = 10;
Keys = new CryptoKey[numKeys];
for (int i = 0; i < numKeys; i++)
{
using (var rsa = new RSA())
{
rsa.GenerateKeys(1024, BigNumber.One, null, null);
Keys[i] = new CryptoKey(rsa);
}
}
}
public void CanCompareDSA()
{
using (var dsa = new DSA(true))
using (var lhs = new CryptoKey(dsa))
{
Assert.AreEqual(lhs, lhs);
using (var rhs = new CryptoKey(dsa))
{
Assert.AreEqual(lhs, rhs);
}
using (var dsa2 = new DSA(true))
using (var other = new CryptoKey(dsa2))
{
Assert.AreNotEqual(lhs, other);
}
}
}
private static X509Certificate CreateCertificate()
{
BigNumber bn = 0x10001;
var rsa = new RSA();
rsa.GenerateKeys(2048, bn, null, null);
var key = new CryptoKey(rsa);
var cert = new X509Certificate(
new SimpleSerialNumber().Next(),
new X509Name("Mooege"),
new X509Name("Mooege"),
key,
DateTime.Now,
DateTime.Now + TimeSpan.FromDays(365));
cert.PrivateKey = key;
return cert;
}
X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section)
{
var now = DateTime.Now;
var future = now + TimeSpan.FromDays(365);
using (var subject = new X509Name(name))
using (var rsa = new RSA())
{
rsa.GenerateKeys(1024, BigNumber.One, null, null);
using (var key = new CryptoKey(rsa))
{
var request = new X509Request(1, subject, key);
var cert = ca.ProcessRequest(request, now, future, cfg, section);
cert.PrivateKey = key;
return cert;
}
}
}
public void CanCompare()
{
using (DSA dsa = new DSA(true))
{
using (CryptoKey lhs = new CryptoKey(dsa))
{
Assert.AreEqual(lhs, lhs);
using (CryptoKey rhs = new CryptoKey(dsa))
{
Assert.AreEqual(lhs, rhs);
}
using (DSA dsa2 = new DSA(true))
{
using (CryptoKey other = new CryptoKey(dsa2))
{
Assert.IsFalse(lhs == other);
}
}
}
}
using (RSA rsa = new RSA())
{
rsa.GenerateKeys(1024, BigNumber.One, null, null);
using (CryptoKey lhs = new CryptoKey(rsa))
{
Assert.AreEqual(lhs, lhs);
using (CryptoKey rhs = new CryptoKey(rsa))
{
Assert.AreEqual(lhs, rhs);
}
using (RSA rsa2 = new RSA())
{
rsa2.GenerateKeys(1024, BigNumber.One, null, null);
using (CryptoKey other = new CryptoKey(rsa2))
{
Assert.IsFalse(lhs == other);
}
}
}
}
}
public void CanCompareRSA()
{
using (var rsa = new RSA())
{
rsa.GenerateKeys(1024, BigNumber.One, null, null);
using (var lhs = new CryptoKey(rsa))
{
Assert.AreEqual(lhs, lhs);
using (var rhs = new CryptoKey(rsa))
{
Assert.AreEqual(lhs, rhs);
}
using (var rsa2 = new RSA())
{
rsa2.GenerateKeys(1024, BigNumber.One, null, null);
using (var other = new CryptoKey(rsa2))
{
Assert.AreNotEqual(lhs, other);
}
}
}
}
}
/// <summary>
/// Calls EVP_SignFinal()
/// </summary>
/// <param name="md"></param>
/// <param name="bio"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public static byte[] Sign(MessageDigest md, BIO bio, CryptoKey pkey)
{
BIO bmd = BIO.MessageDigest(md);
bmd.Push(bio);
while (true)
{
ArraySegment<byte> bytes = bmd.ReadBytes(1024 * 4);
if (bytes.Count == 0)
break;
}
MessageDigestContext ctx = new MessageDigestContext(bmd);
byte[] sig = new byte[pkey.Size];
uint len = (uint)sig.Length;
Native.ExpectSuccess(Native.EVP_SignFinal(ctx.Handle, sig, ref len, pkey.Handle));
byte[] ret = new byte[len];
Buffer.BlockCopy(sig, 0, ret, 0, (int)len);
return ret;
}
/// <summary>
/// Calls EVP_DigestInit_ex(), EVP_DigestUpdate(), and EVP_SignFinal()
/// </summary>
/// <param name="msg"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public byte[] Sign(byte[] msg, CryptoKey pkey)
{
byte[] sig = new byte[pkey.Size];
uint len = (uint)sig.Length;
Native.ExpectSuccess(Native.EVP_DigestInit_ex(this.ptr, this.md.Handle, IntPtr.Zero));
Native.ExpectSuccess(Native.EVP_DigestUpdate(this.ptr, msg, (uint)msg.Length));
Native.ExpectSuccess(Native.EVP_SignFinal(this.ptr, sig, ref len, pkey.Handle));
byte[] ret = new byte[len];
Buffer.BlockCopy(sig, 0, ret, 0, (int)len);
return ret;
}
/// <summary>
/// Calls EVP_OpenInit() and EVP_OpenFinal()
/// </summary>
/// <param name="input"></param>
/// <param name="ekey"></param>
/// <param name="iv"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public byte[] Open(byte[] input, byte[] ekey, byte[] iv, CryptoKey pkey)
{
Native.ExpectSuccess(Native.EVP_OpenInit(
this.ptr, this.cipher.Handle, ekey, ekey.Length, iv, pkey.Handle));
MemoryStream memory = new MemoryStream();
byte[] output = new byte[input.Length + this.Cipher.BlockSize];
int len;
Native.ExpectSuccess(Native.EVP_DecryptUpdate(this.ptr, output, out len, input, input.Length));
memory.Write(output, 0, len);
Native.ExpectSuccess(Native.EVP_OpenFinal(this.ptr, output, out len));
memory.Write(output, 0, len);
return memory.ToArray();
}
public void CanCreateFromDH()
{
using (DH dh = new DH())
{
dh.GenerateKeys();
using (CryptoKey key = new CryptoKey(dh)) {
Assert.AreEqual(CryptoKey.KeyType.DH, key.Type);
}
}
}
public void CanCreateFromDSA()
{
using (DSA dsa = new DSA(true))
{
using (CryptoKey key = new CryptoKey(dsa))
{
Assert.AreEqual(CryptoKey.KeyType.DSA, key.Type);
Assert.AreEqual(dsa.Size, key.Size);
}
}
using (CryptoKey key = new CryptoKey(new DSA(false)))
{
Assert.AreEqual(CryptoKey.KeyType.DSA, key.Type);
}
}
/// <summary>
/// Calls EVP_DigestInit_ex(), EVP_DigestUpdate(), and EVP_VerifyFinal()
/// </summary>
/// <param name="msg"></param>
/// <param name="sig"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public bool Verify(byte[] msg, byte[] sig, CryptoKey pkey)
{
Native.ExpectSuccess(Native.EVP_DigestInit_ex(this.ptr, this.md.Handle, IntPtr.Zero));
Native.ExpectSuccess(Native.EVP_DigestUpdate(this.ptr, msg, (uint)msg.Length));
int ret = Native.ExpectSuccess(Native.EVP_VerifyFinal(this.ptr, sig, (uint)sig.Length, pkey.Handle));
return ret == 1;
}
/// <summary>
/// Calls EVP_VerifyFinal()
/// </summary>
/// <param name="md"></param>
/// <param name="bio"></param>
/// <param name="sig"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public static bool Verify(MessageDigest md, BIO bio, byte[] sig, CryptoKey pkey)
{
BIO bmd = BIO.MessageDigest(md);
bmd.Push(bio);
while (true)
{
ArraySegment<byte> bytes = bmd.ReadBytes(1024 * 4);
if (bytes.Count == 0)
break;
}
MessageDigestContext ctx = new MessageDigestContext(bmd);
int ret = Native.ExpectSuccess(Native.EVP_VerifyFinal(ctx.Handle, sig, (uint)sig.Length, pkey.Handle));
return ret == 1;
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
IEnumerable<X509V3ExtensionValue> extensions)
{
var cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (extensions != null)
{
foreach (var extValue in extensions)
{
using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
{
cert.AddExtension(ext);
}
}
}
cert.Sign(key, digest);
return new X509CertificateAuthority(cert, key, seq);
}
public void CanCreateFromRSA()
{
using (RSA rsa = new RSA())
{
rsa.GenerateKeys(1024, BigNumber.One, null, null);
using (CryptoKey key = new CryptoKey(rsa))
{
Assert.AreEqual(CryptoKey.KeyType.RSA, key.Type);
Assert.AreEqual(rsa.Size, key.Size);
}
}
}
/// <summary>
/// Constructs a X509CertifcateAuthority with the specified parameters.
/// </summary>
/// <param name="caCert"></param>
/// <param name="caKey"></param>
/// <param name="serial"></param>
public X509CertificateAuthority(X509Certificate caCert, CryptoKey caKey, ISequenceNumber serial)
{
if (!caCert.CheckPrivateKey(caKey))
throw new Exception("The specified CA Private Key does match the specified CA Certificate");
this.caCert = caCert;
this.caKey = caKey;
this.serial = serial;
}
public void CanCreateAndDispose()
{
using (CryptoKey key = new CryptoKey())
{
}
}
/// <summary>
/// Calls EVP_OpenInit() and EVP_OpenFinal()
/// </summary>
/// <param name="input"></param>
/// <param name="iv"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public byte[] Open(byte[] input, byte[] iv, CryptoKey pkey)
{
Native.ExpectSuccess(Native.EVP_OpenInit(
this.ptr, this.cipher.Handle, input, input.Length, iv, pkey.Handle));
int len;
Native.ExpectSuccess(Native.EVP_OpenFinal(this.ptr, null, out len));
byte[] output = new byte[len];
Native.ExpectSuccess(Native.EVP_OpenFinal(this.ptr, output, out len));
return output;
}
public int UsePrivateKey(CryptoKey key)
{
return Native.ExpectSuccess(Native.SSL_CTX_use_PrivateKey(this.ptr, key.Handle));
}
/// <summary>
/// Calls EVP_SealInit() and EVP_SealFinal()
/// </summary>
/// <param name="pkeys"></param>
/// <param name="needsIV"></param>
/// <returns></returns>
public Envelope Seal(CryptoKey[] pkeys, bool needsIV)
{
Envelope ret = new Envelope();
byte[][] bufs = new byte[pkeys.Length][];
int[] lens = new int[pkeys.Length];
IntPtr[] pubkeys = new IntPtr[pkeys.Length];
ret.Keys = new ArraySegment<byte>[pkeys.Length];
for (int i = 0; i < pkeys.Length; ++i)
{
bufs[i] = new byte[pkeys[i].Size];
lens[i] = pkeys[i].Size;
pubkeys[i] = pkeys[i].Handle;
}
if(needsIV)
ret.IV = new byte[this.cipher.IVLength];
int len;
Native.ExpectSuccess(Native.EVP_SealInit(
this.ptr, this.cipher.Handle, bufs, lens, ret.IV, pubkeys, pubkeys.Length));
for (int i = 0; i < pkeys.Length; ++i)
{
ret.Keys[i] = new ArraySegment<byte>(bufs[i], 0, lens[i]);
}
Native.ExpectSuccess(Native.EVP_SealFinal(this.ptr, null, out len));
ret.Data = new byte[len];
Native.ExpectSuccess(Native.EVP_SealFinal(this.ptr, ret.Data, out len));
return ret;
}
public int InternalClientCertificateSelectionCallback(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
{
int nRet = 0;
x509_cert = null;
key = null;
Core.Stack<X509Name> name_stack = ssl.CAList;
string[] strIssuers = new string[name_stack.Count];
int count = 0;
foreach (X509Name name in name_stack)
{
strIssuers[count++] = name.OneLine;
}
if (localCertificateSelectionCallback != null)
{
X509Certificate cert = localCertificateSelectionCallback(this, targetHost, clientCertificates, ssl.GetPeerCertificate(), strIssuers);
if (cert != null && cert.HasPrivateKey)
{
x509_cert = cert;
key = cert.PrivateKey;
// Addref the cert and private key
x509_cert.AddRef();
key.AddRef();
// return success
nRet = 1;
}
}
return nRet;
}
/// <summary>
/// Calls EVP_SignFinal()
/// </summary>
/// <param name="pkey"></param>
/// <returns></returns>
public byte[] SignFinal(CryptoKey pkey)
{
byte[] digest = new byte[this.md.Size];
byte[] sig = new byte[pkey.Size];
uint len = (uint)sig.Length;
Native.ExpectSuccess(Native.EVP_SignFinal(this.ptr, sig, ref len, pkey.Handle));
return sig;
}
/// <summary>
/// Calls EVP_SealInit() and EVP_SealFinal()
/// </summary>
/// <param name="pkeys"></param>
/// <param name="input"></param>
/// <returns></returns>
public Envelope Seal(CryptoKey[] pkeys, byte[] input)
{
Envelope env = new Envelope();
var ptrs = new IntPtr[pkeys.Length];
try {
env.Keys = new byte[pkeys.Length][];
IntPtr[] pubkeys = new IntPtr[pkeys.Length];
int[] ekeylens = new int[pkeys.Length];
for (int i = 0; i < pkeys.Length; i++) {
ptrs[i] = Marshal.AllocHGlobal(pkeys[i].Size);
pubkeys[i] = pkeys[i].Handle;
}
if (this.Cipher.IVLength > 0) {
env.IV = new byte[this.Cipher.IVLength];
}
Native.ExpectSuccess(Native.EVP_SealInit(
this.ptr, this.Cipher.Handle, ptrs, ekeylens, env.IV, pubkeys, pubkeys.Length));
for (int i = 0; i < pkeys.Length; i++) {
env.Keys[i] = new byte[ekeylens[i]];
Marshal.Copy(ptrs[i], env.Keys[i], 0, ekeylens[i]);
}
MemoryStream memory = new MemoryStream();
byte[] output = new byte[input.Length + this.Cipher.BlockSize];
int len;
Native.ExpectSuccess(Native.EVP_EncryptUpdate(this.ptr, output, out len, input, input.Length));
memory.Write(output, 0, len);
Native.ExpectSuccess(Native.EVP_SealFinal(this.ptr, output, out len));
memory.Write(output, 0, len);
env.Data = memory.ToArray();
return env;
}
finally {
foreach (var ptr in ptrs) {
Marshal.FreeHGlobal(ptr);
}
}
}
/// <summary>
/// Calls EVP_VerifyFinal()
/// </summary>
/// <param name="sig"></param>
/// <param name="pkey"></param>
/// <returns></returns>
public bool VerifyFinal(byte[] sig, CryptoKey pkey)
{
int ret = Native.ExpectSuccess(Native.EVP_VerifyFinal(this.ptr, sig, (uint)sig.Length, pkey.Handle));
return ret == 1;
}
