public void CreateKey()
{
foreach (var algorithmAndExpectedResult in this.stretchedKeyBase64)
{
this.logger.WriteLine("Testing algorithm: {0}", algorithmAndExpectedResult.Key);
var algorithm = WinRTCrypto.KeyDerivationAlgorithmProvider.OpenAlgorithm(algorithmAndExpectedResult.Key);
ICryptographicKey key = algorithm.CreateKey(this.originalKey);
Assert.NotNull(key);
Assert.Equal(this.originalKey.Length * 8, key.KeySize);
IKeyDerivationParameters parameters = WinRTCrypto.KeyDerivationParameters.BuildForPbkdf2(this.salt, this.iterations);
Assert.Equal(this.iterations, parameters.IterationCount);
CollectionAssertEx.AreEqual(this.salt, parameters.KdfGenericBinary);
try
{
byte[] keyMaterial = WinRTCrypto.CryptographicEngine.DeriveKeyMaterial(key, parameters, 20);
Assert.Equal(algorithmAndExpectedResult.Value, Convert.ToBase64String(keyMaterial));
}
catch (NotSupportedException)
{
this.logger.WriteLine(" - Not supported on this platform");
}
}
}
public void PublicKeyRoundTrip(AsymmetricAlgorithm algorithm, int keySize, CryptographicPublicKeyBlobType format)
{
var keyAlgorithm = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithm);
using (var key = keyAlgorithm.CreateKeyPair(keySize))
{
byte[] keyBlob = key.ExportPublicKey(format);
using (var key2 = keyAlgorithm.ImportPublicKey(keyBlob, format))
{
byte[] key2Blob = key2.ExportPublicKey(format);
CollectionAssertEx.AreEqual(keyBlob, key2Blob);
try
{
// We use a non-empty buffer here because monotouch's
// Security.SecKey.Encrypt method has a bug that throws
// IndexOutOfRangeException when given empty buffers.
WinRTCrypto.CryptographicEngine.Encrypt(key2, new byte[1]);
}
catch (NotSupportedException)
{
// Some algorithms, such as ECDSA, only support signing/verifying.
}
this.logger.WriteLine(Convert.ToBase64String(keyBlob));
}
}
}
public void CreateDecryptor()
{
byte[] cipherText = Convert.FromBase64String(DataAesCiphertextBase64);
var decryptor = WinRTCrypto.CryptographicEngine.CreateDecryptor(this.aesKey, IV);
byte[] plaintext = decryptor.TransformFinalBlock(cipherText, 0, cipherText.Length);
CollectionAssertEx.AreEqual(this.data, plaintext);
}
public void EncryptAndDecrypt_AES_NoIV()
{
byte[] cipherText = WinRTCrypto.CryptographicEngine.Encrypt(this.aesKey, this.data, null);
CollectionAssertEx.AreNotEqual(this.data, cipherText);
Assert.Equal("oCSAA4sUCGa5ukwSJdeKWw==", Convert.ToBase64String(cipherText));
byte[] plainText = WinRTCrypto.CryptographicEngine.Decrypt(this.aesKey, cipherText, null);
CollectionAssertEx.AreEqual(this.data, plainText);
}
public void GenerateRandom()
{
byte[] buffer1 = WinRTCrypto.CryptographicBuffer.GenerateRandom(15);
Assert.Equal(15, buffer1.Length);
byte[] buffer2 = WinRTCrypto.CryptographicBuffer.GenerateRandom(15);
Assert.Equal(15, buffer2.Length);
CollectionAssertEx.AreNotEqual(buffer1, buffer2);
}
public void GetBytes()
{
byte[] keyFromPassword = NetFxCrypto.DeriveBytes.GetBytes(Password1, Salt1, 5, 10, HashAlgorithmName.SHA1);
byte[] keyFromBytes = NetFxCrypto.DeriveBytes.GetBytes(Encoding.UTF8.GetBytes(Password1), Salt1, 5, 10, HashAlgorithmName.SHA1);
CollectionAssertEx.AreEqual(keyFromPassword, keyFromBytes);
Assert.Equal(DerivedKey, Convert.ToBase64String(keyFromPassword));
byte[] keyWithOtherSalt = NetFxCrypto.DeriveBytes.GetBytes(Password1, Salt2, 5, 10, HashAlgorithmName.SHA1);
CollectionAssertEx.AreNotEqual(keyFromPassword, keyWithOtherSalt);
}
public void DeriveKeyMaterial()
{
var dh1 = NetFxCrypto.ECDiffieHellman.Create();
var dh2 = NetFxCrypto.ECDiffieHellman.Create();
byte[] secret1 = dh1.DeriveKeyMaterial(dh2.PublicKey);
byte[] secret2 = dh2.DeriveKeyMaterial(dh1.PublicKey);
CollectionAssertEx.AreEqual(secret1, secret2);
}
public void EncryptAndDecrypt_RSA()
{
byte[] keyMaterialBytes = Convert.FromBase64String(AesKeyMaterial);
byte[] cipherText = WinRTCrypto.CryptographicEngine.Encrypt(
RsaEncryptingKey,
keyMaterialBytes,
null);
CollectionAssertEx.AreNotEqual(keyMaterialBytes, cipherText);
byte[] plainText = WinRTCrypto.CryptographicEngine.Decrypt(RsaEncryptingKey, cipherText, null);
CollectionAssertEx.AreEqual(keyMaterialBytes, plainText);
}
public void ImportExportPublicKey()
{
using (var dh = NetFxCrypto.ECDiffieHellman.Create())
{
var publicKeyBytes = dh.PublicKey.ToByteArray();
var publicKey2 = NetFxCrypto.ECDiffieHellmanCngPublicKey.FromByteArray(publicKeyBytes);
Assert.IsNotNull(publicKey2);
var publicKey2Bytes = publicKey2.ToByteArray();
CollectionAssertEx.AreEqual(publicKeyBytes, publicKey2Bytes);
}
}
public void RSAParametersPrivateKeyRoundtrip()
{
IAsymmetricKeyAlgorithmProvider?rsa = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
ICryptographicKey?keyPair = rsa.CreateKeyPair(512);
RSAParameters parameters = keyPair.ExportParameters(includePrivateParameters: true);
ICryptographicKey keyPair2 = rsa.ImportParameters(parameters);
var blob1 = keyPair.Export();
var blob2 = keyPair2.Export();
CollectionAssertEx.AreEqual(blob1, blob2);
}
public void EncryptAndDecrypt_AES_IV()
{
byte[] iv = IV;
byte[] cipherText = WinRTCrypto.CryptographicEngine.Encrypt(this.aesKey, this.data, iv);
CollectionAssertEx.AreNotEqual(this.data, cipherText);
Assert.Equal(DataAesCiphertextBase64, Convert.ToBase64String(cipherText));
Assert.Equal <byte>(iv, IV); // ensure IV wasn't tampered with
byte[] plainText = WinRTCrypto.CryptographicEngine.Decrypt(this.aesKey, cipherText, iv);
CollectionAssertEx.AreEqual(this.data, plainText);
Assert.Equal <byte>(iv, IV); // ensure IV wasn't tampered with
}
public void RSAParametersPublicKeyRoundtrip()
{
var rsa = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
var keyPair = rsa.CreateKeyPair(512);
RSAParameters parameters = keyPair.ExportParameters(includePrivateParameters: false);
Assert.Null(parameters.P);
Assert.Null(parameters.InverseQ);
Assert.Null(parameters.D);
Assert.Null(parameters.Q);
Assert.Null(parameters.DP);
Assert.Null(parameters.DQ);
ICryptographicKey publicKey = rsa.ImportParameters(parameters);
var blob1 = keyPair.ExportPublicKey();
var blob2 = publicKey.ExportPublicKey();
CollectionAssertEx.AreEqual(blob1, blob2);
}
private async Task PlayBobRoleAsync(ICryptographicKey ownSigningKey, ICryptographicKey othersSigningPublicKey, Stream channel, CancellationToken cancellationToken)
{
// Create ephemeral ECDH key pair, to prepare for the symmetric encryption key exchange.
using (var ecdhKeyPair = NetFxCrypto.ECDiffieHellman.Create())
{
// Send the ephemeral ECDH public key to Alice.
var ecdhPublicKey = ecdhKeyPair.PublicKey.ToByteArray();
await WriteAsync(channel, ecdhPublicKey, cancellationToken);
// Authenticate to Alice that this is really Bob's ephemeral public key.
byte[] ecdhPublicKeySignature = WinRTCrypto.CryptographicEngine.Sign(ownSigningKey, ecdhPublicKey);
await WriteAsync(channel, ecdhPublicKeySignature, cancellationToken);
// Read Alice's reply. It consists of her own ephemeral public key and signature.
byte[] alicePublicDH = await ReadAsync(channel, cancellationToken);
byte[] aliceSignedDH = await ReadAsync(channel, cancellationToken);
// Authenticate Alice's public key.
Assert.IsTrue(WinRTCrypto.CryptographicEngine.VerifySignature(othersSigningPublicKey, alicePublicDH, aliceSignedDH));
// Deserialize Alice's public key and derive the shared secret from it.
var aliceDHPK = NetFxCrypto.ECDiffieHellmanCngPublicKey.FromByteArray(alicePublicDH);
byte[] encryptionKeyMaterial = ecdhKeyPair.DeriveKeyMaterial(aliceDHPK);
var encryptionKey = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7)
.CreateSymmetricKey(encryptionKeyMaterial);
// Bob reads Alice's secret message using the shared secret that both parties derived,
// but never transmitted.
using (var aes = CryptoStream.ReadFrom(channel, WinRTCrypto.CryptographicEngine.CreateDecryptor(encryptionKey)))
{
byte[] plaintext = await ReadAsync(aes, cancellationToken);
// Assert that the plaintext is as it was expected to be.
CollectionAssertEx.AreEqual(SecretMessage, plaintext);
}
channel.Dispose();
}
}
public void DecodeFromHexString()
{
CollectionAssertEx.AreEqual(new byte[] { 0x00, 0x1, 0xf, 0xae, 0xff, 0xf0 }, WinRTCrypto.CryptographicBuffer.DecodeFromHexString("00010faefff0"));
}
public void DecodeFromHexString_EmptyString()
{
CollectionAssertEx.AreEqual(new byte[0], WinRTCrypto.CryptographicBuffer.DecodeFromHexString(string.Empty));
}
