public void ClientEncryption4Queue()
{
var kv = new KeyVaultTester("624c0e2f-6122-4b26-a229-06431f82e6b3", "C35CBFF9FA6C51E51E1DE97B6D1E246F27661301", "https://kvsignalrdeva.vault.azure.net");
var name = "AzSignalR-Storage-ClientEncryptionKey";
var rsaValue = kv.GetSecretAsync(name).Result;
string kid = "signalrkeyid";
StorageRunnerContext.RunOnQueue(storage,
"jwtestqueuea" + Guid.NewGuid().ToString().Substring(0, 8),
(cloudQueue) =>
{
var csp1 = new RSACryptoServiceProvider();
csp1.FromXmlString(rsaValue);
var rsa1 = new RsaKey(kid, csp1);
QueueEncryptionPolicy policy = new QueueEncryptionPolicy(rsa1, null);
QueueRequestOptions options = new QueueRequestOptions()
{
EncryptionPolicy = policy
};
cloudQueue.AddMessage(new CloudQueueMessage("messageContentABC"), null, null, options, null);
// Retrieve message
var csp2 = new RSACryptoServiceProvider();
csp2.FromXmlString(rsaValue);
var rsa2 = new RsaKey(kid, csp2);
QueueEncryptionPolicy policy2 = new QueueEncryptionPolicy(rsa2, null);
QueueRequestOptions options2 = new QueueRequestOptions()
{
EncryptionPolicy = policy2
};
CloudQueueMessage retrMessage = cloudQueue.GetMessage(null, options2, null);
Console.WriteLine(retrMessage.AsString);
});
}
public void RestoreLeadingZeros_doesnt_change_valid_parameters()
{
var rsa = new RSAParameters
{
Exponent = RsaKeyData.Exponent.Decode64Loose(),
Modulus = RsaKeyData.Modulus.Decode64Loose(),
P = RsaKeyData.P.Decode64Loose(),
Q = RsaKeyData.Q.Decode64Loose(),
DP = RsaKeyData.DP.Decode64Loose(),
DQ = RsaKeyData.DQ.Decode64Loose(),
InverseQ = RsaKeyData.InverseQ.Decode64Loose(),
D = RsaKeyData.D.Decode64Loose(),
};
var padded = RsaKey.RestoreLeadingZeros(rsa);
Assert.Equal(rsa.Exponent, padded.Exponent);
Assert.Equal(rsa.Modulus, padded.Modulus);
Assert.Equal(rsa.P, padded.P);
Assert.Equal(rsa.Q, padded.Q);
Assert.Equal(rsa.DP, padded.DP);
Assert.Equal(rsa.DQ, padded.DQ);
Assert.Equal(rsa.InverseQ, padded.InverseQ);
Assert.Equal(rsa.D, padded.D);
}
public void Setup()
{
privateKey = new RsaKey(null, AsymmetricKeyType.Encrypted, 4096);
publicKey = new RsaKey(null, AsymmetricKeyType.Public, 2048);
keyPair = new AsymmetricKeyPair(privateKey, publicKey);
}
public void RestoreLeadingZeros_pads_to_correct_length()
{
var rsa = new RSAParameters
{
Exponent = new byte[3],
Modulus = new byte[2048 / 8 - 1],
P = new byte[13],
Q = new byte[17],
DP = new byte[23],
DQ = new byte[37],
InverseQ = new byte[53],
D = new byte[133],
};
var padded = RsaKey.RestoreLeadingZeros(rsa);
Assert.Equal(3, padded.Exponent.Length);
Assert.Equal(2048 / 8, padded.Modulus.Length);
Assert.Equal(1024 / 8, padded.P.Length);
Assert.Equal(1024 / 8, padded.Q.Length);
Assert.Equal(1024 / 8, padded.DP.Length);
Assert.Equal(1024 / 8, padded.DQ.Length);
Assert.Equal(1024 / 8, padded.InverseQ.Length);
Assert.Equal(2048 / 8, padded.D.Length);
}
public void Given_PublicKeyWithDetailsFromPrivateKey_When_GetKeyType_Then_ExceptionThrownOrPublicEnumIsRetunedDependingOnFlag(
[Values(true, false)] bool throwExceptionWhenPublicKeyHasTooMuchInfo)
{
// Arrange
var rsaKey = new RsaKey(new RSAParameters()
{
Exponent = new byte[1],
Modulus = new byte[1],
D = new byte[1]
}, true);
// Act
var res = KeyTypeEnum.Private;
Action act = () => res = rsaKey.GetKeyType(throwExceptionWhenPublicKeyHasTooMuchInfo);
// Assert
if (throwExceptionWhenPublicKeyHasTooMuchInfo)
{
act.ShouldThrow <EnvCryptException>()
.And.Message.Should()
.Contain("has information from the private key");
}
else
{
act.ShouldNotThrow <EnvCryptException>();
res.Should().Be(KeyTypeEnum.Public);
}
}
public void RsaCipherConstructorTest()
{
RsaKey key = null; // TODO: Initialize to an appropriate value
RsaCipher target = new RsaCipher(key);
Assert.Inconclusive("TODO: Implement code to verify target");
}
private byte[] CalculateRSA(byte[] input, RsaKey Key, bool isSigning = true)
{
List <byte> result = new List <byte>(input.Length);
int readingSize = isSigning ? Key.ReadingSize : Key.PackingSize;
int packingSize = isSigning ? Key.PackingSize : Key.ReadingSize;
for (int i = 0; i < input.Length; i += readingSize)
{
int countOfBytes = Math.Min(readingSize, input.Length - i); // calculate count of bytes in block
byte[] block = new byte[countOfBytes + 1];
Buffer.BlockCopy(input, i, block, 0, countOfBytes);
byte[] tempResult = ModifyMessage(block, Key, isSigning).ToByteArray();
byte[] packingUnit = new byte[packingSize];
Buffer.BlockCopy(tempResult, 0, packingUnit, 0, Math.Min(packingUnit.Length, tempResult.Length)); //copy to packing block from result of ciphering
result.AddRange(packingUnit);
}
return(result.ToArray());
}
public int GetMaxBytesThatCanBeEncrypted(RsaKey key)
{
Contract.Requires <ArgumentNullException>(key != null, "key");
Contract.Ensures(Contract.Result <int>() > 0);
return(default(int));
}
public void GenerateWithEmbeddedDataNull_Should_Succeed()
{
// Arrange
// Act
// Assert
RsaKey.Generate(embeddedData: null);
}
public void GenerateWithoutSignature_Should_Succeed()
{
// Arrange
// Act
// Assert
RsaKey.Generate().Should().NotBeNull();
}
public void SetUp()
{
_rsaCryptoUtil = new RsaPkcs8CryptoUtil();
_bytesUtil = new BytesUtil();
//_key = _rsaCryptoUtil.GenerateKeys();
_key = new RsaKey
{
Private = @"-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPFSWsy4T/cW5aXD
aAHHIEPpD5VBYQL/VgSyBTh0WUIg4SnXI8IIP8HozkijxMcagt5gXdfb2wa0KxO6
yy6Yyzt1GfzAG2ijN0gB72s8tXgmbTCw7eAHEr+SsLMdHWPPXzQgixIQrmiPwEqi
/ACwelWSjHbu8vYC63dCdIpuPBUDAgMBAAECgYBEmYqiQ4rHzMR/eKrqRnbPl0MM
xMcVGQyUzR5azAhLmhkn0baig8HMF6f8UkGv78Nf/7jtkdwTbcgJFcKIfnrW4Lyw
FF9hwGVf2bKyRqkMiZI+e307cYevKK7KU0qCw1Z4a8KCfCt0wiCcYu/Y4Epi/q2R
xy0akcGb+bBnz6B1IQJBAP3sv/3cE3EAoPKG+cmyHv+gRDxmyhjaCWvwR7CYp0jI
EWigH0G15UzcxxSOiyPk2vjX0OUa85FmABZka6YtVVsCQQDzSzywcjOIdzuy1tdH
7gFdH2zwln2VkyWrqHDkTbApIfsV3ipsgGa2bx5DCirSe29tiI9wAwXzC08qyyVZ
b8d5AkEAlObjQxtt7yMePno2OjeQg/hYa08fjek2AyzY7U7nMf/YbZEQIzlmKGeC
+qQIJdlLKwdrgR4H3KiCvp7OnZkR5wJBANoljP48994V4w6BOrkBPHHOOrUiiupx
7SYUu1zKF/lZwbQi53EwVGiiC8VauXjPOuNAvjRWUaBSdKLPUeb2pikCQQC9xErQ
DFWwCsAUf6kTPxw6Uvn5nCx3u5J3Wdx7Urfw5c3A7BBQdsu8UP6zbyhpxJCzAbAD
hhsyI5hID8mQOUY2
-----END PRIVATE KEY-----
",
Public = @"-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxUlrMuE/3FuWlw2gBxyBD6Q+V
QWEC/1YEsgU4dFlCIOEp1yPCCD/B6M5Io8THGoLeYF3X29sGtCsTussumMs7dRn8
wBtoozdIAe9rPLV4Jm0wsO3gBxK/krCzHR1jz180IIsSEK5oj8BKovwAsHpVkox2
7vL2Aut3QnSKbjwVAwIDAQAB
-----END PUBLIC KEY-----
"
};
}
public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
{
var cek = Arrays.Random(cekSizeBits);
if (key is CngKey)
{
var publicKey = (CngKey)key;
return(new[] { cek, RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256) });
}
if (key is RSACryptoServiceProvider)
{
//This is for backward compatibility only with 2.x
//To be removed in 3.x
var publicKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(false));
return(new[] { cek, RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256) });
}
if (key is RSA)
{
var publicKey = (RSA)key;
return(new[] { cek, publicKey.Encrypt(cek, RSAEncryptionPadding.OaepSHA256) });
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey or RSA types.");
}
private protected PgpKey(KeyPacket keyPacket)
{
this.keyPacket = keyPacket;
this.keyCertifications = new List <PgpCertification>();
this.ids = new List <PgpUser>();
this.fingerprint = CalculateFingerprint();
if (keyPacket.Version <= 3)
{
var rsaParameters = RsaKey.ReadOpenPgpPublicKey(keyPacket.KeyBytes, out var _);
var modulus = rsaParameters.Modulus !;
this.keyId = (long)(((ulong)modulus[modulus.Length - 8] << 56)
| ((ulong)modulus[modulus.Length - 7] << 48)
| ((ulong)modulus[modulus.Length - 6] << 40)
| ((ulong)modulus[modulus.Length - 5] << 32)
| ((ulong)modulus[modulus.Length - 4] << 24)
| ((ulong)modulus[modulus.Length - 3] << 16)
| ((ulong)modulus[modulus.Length - 2] << 8)
| (ulong)modulus[modulus.Length - 1]);
}
else
{
this.keyId = (long)(((ulong)fingerprint[fingerprint.Length - 8] << 56)
| ((ulong)fingerprint[fingerprint.Length - 7] << 48)
| ((ulong)fingerprint[fingerprint.Length - 6] << 40)
| ((ulong)fingerprint[fingerprint.Length - 5] << 32)
| ((ulong)fingerprint[fingerprint.Length - 4] << 24)
| ((ulong)fingerprint[fingerprint.Length - 3] << 16)
| ((ulong)fingerprint[fingerprint.Length - 2] << 8)
| (ulong)fingerprint[fingerprint.Length - 1]);
}
}
public byte[] WrapKey(byte[] cek, object key, IDictionary <string, object> header)
{
#if NET40
if (key is CngKey cngKey)
{
return(RsaOaep.Encrypt(cek, cngKey, CngAlgorithm.Sha256));
}
else if (key is RSACryptoServiceProvider rsaKey)
{
//This is for backward compatibility only with 2.x
//To be removed in 3.x
var publicKey = RsaKey.New(rsaKey.ExportParameters(false));
return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of CngKey or RSACryptoServiceProvider types.");
#elif NET461 || NET472
if (key is CngKey cngKey)
{
return(RsaOaep.Encrypt(cek, cngKey, CngAlgorithm.Sha256));
}
else if (key is RSACryptoServiceProvider rsaKey)
{
//This is for backward compatibility only with 2.x
//To be removed in 3.x
var publicKey = RsaKey.New(rsaKey.ExportParameters(false));
return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
}
else if (key is RSA rsa)
{
return(rsa.Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
}
else if (key is Jwk jwk)
{
if (jwk.Kty == Jwk.KeyTypes.RSA)
{
return(jwk.RsaKey().Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
}
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of CngKey, RSACryptoServiceProvider, RSA types or Jwk type with kty='rsa'.");
#elif NETSTANDARD
if (key is RSA rsa)
{
return(rsa.Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
}
else if (key is Jwk jwk)
{
if (jwk.Kty == Jwk.KeyTypes.RSA)
{
return(jwk.RsaKey().Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
}
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of RSA types or Jwk type with kty='rsa'.");
#endif
}
public void RsaDigitalSignatureConstructorTest()
{
RsaKey rsaKey = null; // TODO: Initialize to an appropriate value
RsaDigitalSignature target = new RsaDigitalSignature(rsaKey);
Assert.Inconclusive("TODO: Implement code to verify target");
}
static void Main(string[] args)
{
RsaKey keys = RsaCrypt.GenerateRsaKeys();
Console.WriteLine(keys.PublicKey);
Console.WriteLine(keys.PrivateKey);
}
public void Given_ArrayOfByteArrays_When_Decrypted_Then_ByteArrayConcatenated()
{
// Arrange
var listOfByteArraysToDecrypt = new List <byte[]>()
{
new byte[] { 1 },
new byte[] { 2 },
new byte[] { 3 },
};
var decryptedBytes = new List <byte[]>()
{
new byte[] { 1, 2, 3, 4 },
new byte[] { 6, 7, 8 },
new byte[] { 9, 10 },
};
var someKey = new RsaKey(new RSAParameters(), true);
var encryptionAlgoMock = new Mock <IEncryptionAlgo <RsaKey> >(MockBehavior.Strict);
encryptionAlgoMock.Setup(a => a.Decrypt(listOfByteArraysToDecrypt[0], someKey))
.Returns(decryptedBytes[0]);
encryptionAlgoMock.Setup(a => a.Decrypt(listOfByteArraysToDecrypt[1], someKey))
.Returns(decryptedBytes[1]);
encryptionAlgoMock.Setup(a => a.Decrypt(listOfByteArraysToDecrypt[2], someKey))
.Returns(decryptedBytes[2]);
// Act
var segEncrypt = new SegmentEncryptionAlgoStub(encryptionAlgoMock.Object);
var result = segEncrypt.Decrypt(listOfByteArraysToDecrypt, someKey);
// Assert
result.Should().BeEquivalentTo(
decryptedBytes[0].Concat(decryptedBytes[1]).Concat(decryptedBytes[2]));
}
public string AddKey(string key)
{
var rsaKey = new RsaKey(key);
keys[rsaKey.Kid] = rsaKey;
return(rsaKey.Kid);
}
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
if (key is CngKey)
{
var privateKey = (CngKey)key;
return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
}
if (key is RSACryptoServiceProvider)
{
//This is for backward compatibility only with 2.x
//To be removed in 3.x
var privateKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(true));
return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
}
if (key is RSA)
{
var privateKey = (RSA)key;
return(privateKey.Decrypt(encryptedCek, RSAEncryptionPadding.OaepSHA256));
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey or RSA types.");
}
public void Given_ValidAESPublicKey_When_MapToXMLPOCO_Then_NameMappedCorrectly()
{
// Arrange
var key = new RsaKey(new RSAParameters()
{
Exponent = new byte[1],
Modulus = new byte[2],
}, true);
const string keyName = "My Rsa Key";
key.Name = keyName;
var converter = new Mock <IKeyDetailsPersistConverter>(MockBehavior.Strict);
converter.Setup(c => c.Encode(key.Key.Exponent)).Returns("exponent");
converter.Setup(c => c.Encode(key.Key.Modulus)).Returns("modulus");
// Act
var aesKeyToXmlMapper = new RsaKeyToXmlMapper(converter.Object);
var xmlPoco = new EnvCryptKey();
aesKeyToXmlMapper.Map(key, xmlPoco);
// Assert
xmlPoco.Rsa.Should().NotBeNull().And.HaveCount(1);
xmlPoco.Name.Should().Be(keyName);
xmlPoco.Encryption.Should().Be(EnvCryptAlgoEnum.Rsa.ToString());
xmlPoco.Type.Should().Be(KeyTypeEnum.Public.ToString());
xmlPoco.Rsa[0].Exponent.Should().Be("exponent");
xmlPoco.Rsa[0].Modulus.Should().Be("modulus");
}
public void CertificateRoundtrip_Should_Succeed()
{
// Arrange
var signerKey = RsaKey.Generate();
var key = RsaKey.Generate(
embeddedData: new byte[] { 0xa1, 0xb2, 0xc3, 0xd4 },
signKeyCallback: hash => (RsaSignature)signerKey.Sign(hash));
var certificate = (RsaCertificate)key.DeriveCertificate();
// Act
RsaCertificate deserialized;
using (var memoryStream = new MemoryStream())
{
Xml.Serialize(
certificate: certificate,
stream: memoryStream);
memoryStream.Position = 0;
deserialized = Xml.DeserializeCertificate(stream: memoryStream);
}
// Assert
deserialized.Hash.Equals(certificate.Hash).Should().BeTrue();
deserialized.EmbeddedData.SequenceEqual(certificate.EmbeddedData).Should().BeTrue();
deserialized.Signature.SignerCertificateHash.Equals(certificate.Signature.SignerCertificateHash).Should().BeTrue();
deserialized.Signature.Signature.SequenceEqual(certificate.Signature.Signature).Should().BeTrue();
}
public async Task KeyVault_RsaKeyRSAOAEP()
{
// Arrange
byte[] KEK = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };
byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
byte[] EK = { 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D };
RsaKey key = new RsaKey("KEK");
var wrapped = await key.WrapKeyAsync(CEK, RsaOaep.AlgorithmName).ConfigureAwait(false);
var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, RsaOaep.AlgorithmName).ConfigureAwait(false);
// Assert
Assert.True(wrapped.Item2.Equals("RSA-OAEP"));
Assert.True(unwrapped.SequenceEqual(CEK));
var encrypted = await key.EncryptAsync(CEK, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false);
var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false);
// Assert
Assert.True(encrypted.Item3.Equals("RSA-OAEP"));
Assert.True(decrypted.SequenceEqual(CEK));
}
public async Task KeyVault_RsaKeyRSA15()
{
// Arrange
byte[] KEK = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
byte[] EK = { 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 };
RsaKey key = new RsaKey("KEK");
var wrapped = await key.WrapKeyAsync(CEK, Rsa15.AlgorithmName).ConfigureAwait(false);
var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, Rsa15.AlgorithmName).ConfigureAwait(false);
// Assert
Assert.True(wrapped.Item2.Equals("RSA_15"));
Assert.True(unwrapped.SequenceEqual(CEK));
var encrypted = await key.EncryptAsync(CEK, null, null, Rsa15.AlgorithmName).ConfigureAwait(false);
var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, Rsa15.AlgorithmName).ConfigureAwait(false);
// Assert
Assert.True(encrypted.Item3.Equals("RSA_15"));
Assert.True(decrypted.SequenceEqual(CEK));
}
public void CheckSignatureOfRegistrationToken()
{
var rsa = new RsaKey();
var ecdsa = new Key().GetBitcoinSecret(Network.ImpleumMain);
var token = new RegistrationToken(1,
"175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W",
IPAddress.Parse("172.16.1.10"),
IPAddress.Parse("2001:0db8:85a3:0000:1234:8a2e:0370:7334"),
"5678901234ABCDEF",
"",
16174,
ecdsa.PubKey);
// Only the 'header' portion of the registration token gets signed, minus the length bytes
var message = token.GetHeaderBytes();
var cryptoUtils = new CryptoUtils(rsa, ecdsa);
token.RsaSignature = cryptoUtils.SignDataRSA(message.ToArray());
token.EcdsaSignature = cryptoUtils.SignDataECDSA(message.ToArray());
var signature = cryptoUtils.SignDataECDSA(message.ToArray());
Assert.True(CryptoUtils.VerifySignatureECDSA(message.ToArray(), ecdsa.PubKey, Encoding.UTF8.GetString(signature)));
Assert.True(token.VerifySignatures());
}
public void RegistrationStoreAddTest()
{
var rsa = new RsaKey();
var ecdsa = new Key().GetBitcoinSecret(Network.ImpleumMain);
var token = new RegistrationToken(255,
"1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2",
IPAddress.Parse("127.0.0.1"),
IPAddress.Parse("2001:0db8:85a3:0000:0000:8a2e:0370:7334"),
"0123456789ABCDEF",
"",
37123,
ecdsa.PubKey);
var cryptoUtils = new CryptoUtils(rsa, ecdsa);
token.RsaSignature = cryptoUtils.SignDataRSA(token.GetHeaderBytes().ToArray());
token.EcdsaSignature = cryptoUtils.SignDataECDSA(token.GetHeaderBytes().ToArray());
RegistrationRecord record = new RegistrationRecord(DateTime.Now,
Guid.NewGuid(),
"137cc93a23383252348de58e53e193db471099e78ef89edf1fdea6ff340a7261",
"0100000027c16c59051604707fcfc75e7ab33decbe72e72baff44ad2b38b78a13929eb5d092df004b20200000048473044022067c3c50f13a1b68402549c6a049a9298d8de03e176909cc6b44f9fd9d9db532502203e7416233a125264aef46698b22f429f60be9ed3b2115ec24f0a05de2a4e4cd901feffffff1d92cb2776b3c3cb3e89ad84c38c72fc72646238d23312a6b1931e7980f90f590200000049483045022100d4141e26371a198fb22347e0cc64fd0563ee11640108836e5f427873e4aa0d00022012960447890e151b46a19c2d1d480f7e81e5ceb615c9566be03189108cb08ce401feffffffa23c4e0da07acb439735e6f2a3c7a1ee15521138cc3815fdbac428e1756a3976010000004948304502210083dfda6e8a7584741c79d60a8c69c372789eb28680fdf43fe15e67eb05c7628e022041cde42e79e83c5be5902c035abcde02579e1841473efbbeb5a909d4520a8ea801fefffffff3b56cf319b4b4895beae1e047d77fddcfd8b86a3964226c0d24dda83335e40802000000484730440220219623b855cd1ac0ad43cb3b76097cb52db2d37b4a6a768a5911dfa3571ff4b602203eb843072f746e225e6c7225438f4f4bf012c18f1a1572d4ead288190d8d61cb01feffffff15209f56f6f5d1246f43057ab546be192659a3c88365529667eb3aa364ed4392000000006b483045022100a5791707155d03fb6e770c0dd0924cf08a3bd3b6e0b5713d7d3e84dc5c2e18bc02200370afce15733f5139a018d3ffc5e594e646ce372274818d9780906f9fb3699101210344e875df3990bf55d7218020b09aea6e1383206ec88344847771b3bc0d72251bfeffffff0220188fba000000001976a914b88f742a0a07af27ccfe21de8a40b9f7541f3e0088ac00e87648170000001976a914db0be998354d2139b14e06459d295de03b94fadb88ac90920000",
token,
null);
RegistrationStore store = new RegistrationStore(Path.GetTempFileName());
Assert.True(store.Add(record));
}
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
var privateKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.");
return(useSha256 ? RsaOaep.Decrypt(encryptedCek, RsaKey.New(privateKey.ExportParameters(true)), CngAlgorithm.Sha256)
: privateKey.Decrypt(encryptedCek, useRsaOaepPadding));
}
/// <summary>
/// 核对签名
/// </summary>
/// <returns></returns>
public bool CheckSign(out string errMsg)
{
if (string.IsNullOrWhiteSpace(RsaKey))
{
errMsg = "rsaKey is null."; return(false);
}
if (string.IsNullOrWhiteSpace(Ciphertext))
{
errMsg = "ciphertext is null."; return(false);
}
if (Timestamp == 0)
{
errMsg = "timestamp is null."; return(false);
}
if (string.IsNullOrWhiteSpace(Sign))
{
errMsg = "sign is null."; return(false);
}
//var st = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(Timestamp);
//if (Math.Abs(st.Days) >= 1) { errMsg = "timestamp is error."; return false; }
var txt = $"{Ciphertext.ToSafeString()}|{RsaKey.ToSafeString()}|{Timestamp.ToSafeString()}";
var hash = HashUtil.GetMd5String(txt);
if (Sign.ToUpper() != hash)
{
errMsg = "sign is error.";
return(false);
}
errMsg = null;
return(true);
}
public async Task DecryptMessageTest_KeyMismatch()
{
var testMessage = "Fake Message";
var testMessageBody = Encoding.Default.GetBytes(testMessage);
var message = new Message(testMessageBody);
using (var rsaProvider = new RSACryptoServiceProvider(4_096))
{
rsaProvider.PersistKeyInCsp = false;
using (var rsaKey = new RsaKey("Test Key", rsaProvider))
using (var rsaKey2 = new RsaKey("Test Key 2", rsaProvider))
{
var encryptionPolicy = new EncryptionPolicy(rsaKey, null);
var encryptedMessage = await message.EncryptAsync(encryptionPolicy, CancellationToken.None).ConfigureAwait(false);
var mockKeyResolver = Substitute.For <IKeyResolver>();
mockKeyResolver.ResolveKeyAsync("Test Key", CancellationToken.None).Returns(rsaKey2);
var decryptionPolicy = new EncryptionPolicy(o =>
{
o.EncryptionKey = (token) => mockKeyResolver.ResolveKeyAsync("Test Key", token);
});
var decryptedMessage = await encryptedMessage.DecryptAsync(decryptionPolicy, CancellationToken.None).ConfigureAwait(false);
}
}
}
public void CertificateSignedIndirectly_Should_FindIntermediateCertificateViaLocator()
{
// Arrange
var intermediateKey = RsaKey.Generate();
var intermediateCertificate = intermediateKey.DeriveCertificate();
var signedIntermediateCertificate = ScenarioRsa.DefaultSignerKey.Sign((RsaCertificate)intermediateCertificate);
var key = RsaKey.Generate();
var certificate = key.DeriveCertificate();
var signedCertificate = intermediateKey.Sign((RsaCertificate)certificate);
var scenario = new Scenario3();
var lookedUpIntermediateCertificate = false;
Mock.Get(scenario.CertificateLocator)
.Setup(m => m.Get(It.IsAny <IHash>()))
.Returns <IHash>((_hash) =>
{
if (_hash.Hash.SequenceEqual(intermediateCertificate.Hash.Hash))
{
lookedUpIntermediateCertificate = true;
return(signedIntermediateCertificate);
}
else
{
return(null);
}
});
// Act
// Assert
scenario.ChainWithLocator.Verify(signedCertificate);
lookedUpIntermediateCertificate.Should().BeTrue();
}
public void CertificateSignedWithUnlocatableCertificate_ShouldThrow_TrustException()
{
// Arrange
var intermediateKey = RsaKey.Generate();
var intermediateCertificate = intermediateKey.DeriveCertificate();
var signedIntermediateCertificate = ScenarioRsa.DefaultSignerKey.Sign((RsaCertificate)intermediateCertificate);
var key = RsaKey.Generate();
var certificate = key.DeriveCertificate();
var signedCertificate = intermediateKey.Sign((RsaCertificate)certificate);
var scenario = new Scenario3();
var lookedUpIntermediateCertificate = false;
Mock.Get(scenario.CertificateLocator)
.Setup(m => m.Get(It.IsAny <IHash>()))
.Returns <IHash>((_hash) =>
{
lookedUpIntermediateCertificate = true;
return(null);
});
// Act
// Assert
Assert.Throws <TrustException>(() => scenario.ChainWithLocator.Verify(signedCertificate));
lookedUpIntermediateCertificate.Should().BeTrue();
}
/// <summary>
/// Initializes a new instance of the <see cref="RsaCipher"/> class.
/// </summary>
/// <param name="key">The RSA key.</param>
public RsaCipher(RsaKey key)
{
if (key == null)
throw new ArgumentNullException("key");
_key = key;
_isPrivate = !_key.D.IsZero;
}
/// <summary>
/// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class.
/// </summary>
/// <param name="rsaKey">The RSA key.</param>
public RsaDigitalSignature(RsaKey rsaKey)
: base(new ObjectIdentifier(1, 3, 14, 3, 2, 26), new RsaCipher(rsaKey))
{
this._hash = new SHA1Hash();
}
/// <summary>
/// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class.
/// </summary>
/// <param name="rsaKey">The RSA key.</param>
public RsaDigitalSignature(RsaKey rsaKey)
: base(new ObjectIdentifier(1, 3, 14, 3, 2, 26), new RsaCipher(rsaKey))
{
this._hash = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha1).CreateHash();
}
/// <summary>
/// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class.
/// </summary>
/// <param name="rsaKey">The RSA key.</param>
public RsaDigitalSignature(RsaKey rsaKey)
: base(new ObjectIdentifier(1, 3, 14, 3, 2, 26), new RsaCipher(rsaKey))
{
_hash = CryptoAbstraction.CreateSHA1();
}
/// <summary>
/// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class.
/// </summary>
/// <param name="rsaKey">The RSA key.</param>
public RsaDigitalSignature(RsaKey rsaKey)
: base(new ObjectIdentifier(1, 3, 14, 3, 2, 26), new RsaCipher(rsaKey))
{
_hash = HashAlgorithmFactory.CreateSHA1();
}
