public static void VerifyDefaultKeySize_Cng()
{
using (DSA dsa = new DSACng())
{
// DSACng detects OS version and selects appropriate default key size
Assert.Equal(DSAFactory.SupportsFips186_3 ? 2048 : 1024, dsa.KeySize);
}
}
static AsymmetricAlgorithm GetAsymmetricAlgorithm(DsaPublicKeyParameters key)
{
var parameters = GetDSAParameters(key);
parameters.Y = key.Y.ToByteArrayUnsigned();
#if NET45 || NET46 || __MOBILE__
var dsa = new DSACryptoServiceProvider();
#else
var dsa = new DSACng();
#endif
dsa.ImportParameters(parameters);
return(dsa);
}
public void Test3()
{
AesManaged aes4 = new AesManaged
{
KeySize = 128,
BlockSize = 128,
Mode = CipherMode.ECB, // Noncompliant
Padding = PaddingMode.PKCS7
};
RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider();
var encryptedData = RSA1.Encrypt(new byte[50], false); // Noncompliant: OAEP Padding is not used (second parameter set to false)
var dsa1 = new DSACng(); // Compliant - default key size is 2048
var dsa2 = new DSACng(2048); // Compliant
var rsa1 = new RSACryptoServiceProvider(2048); // Compliant
var rsa2 = new RSACng(); // Compliant - default key size is 2048
}
static AsymmetricAlgorithm GetAsymmetricAlgorithm(DsaPrivateKeyParameters key, DsaPublicKeyParameters pub)
{
var parameters = GetDSAParameters(key);
parameters.X = key.X.ToByteArrayUnsigned();
if (pub != null)
{
parameters.Y = pub.Y.ToByteArrayUnsigned();
}
#if NET45 || NET46 || NETSTANDARD2_0 || __MOBILE__
var dsa = new DSACryptoServiceProvider();
#else
var dsa = new DSACng();
#endif
dsa.ImportParameters(parameters);
return(dsa);
}
public ICertificatePal CopyWithPrivateKey(DSA dsa)
{
DSACng dsaCng = dsa as DSACng;
ICertificatePal clone = null;
if (dsaCng != null)
{
clone = CopyWithPersistedCngKey(dsaCng.Key);
if (clone != null)
{
return(clone);
}
}
DSACryptoServiceProvider dsaCsp = dsa as DSACryptoServiceProvider;
if (dsaCsp != null)
{
clone = CopyWithPersistedCapiKey(dsaCsp.CspKeyContainerInfo);
if (clone != null)
{
return(clone);
}
}
DSAParameters privateParameters = dsa.ExportParameters(true);
using (PinAndClear.Track(privateParameters.X))
using (DSACng clonedKey = new DSACng())
{
clonedKey.ImportParameters(privateParameters);
return(CopyWithEphemeralKey(clonedKey.Key));
}
}
public void CompliantKeySizeConstructors()
{
var dsa1 = new DSACng(3072);
var dsa2 = new DSAOpenSsl(2048);
}
public static DSA GetDSAPublicKey(this X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (!IsDSA(certificate))
{
return(null);
}
unsafe
{
DSAParameters dp = new DSAParameters();
SafeLocalAllocHandle dssKeyLocalAlloc = null;
try
{
byte[] encodedPublicKey = certificate.PublicKey.EncodedKeyValue.RawData;
uint cbDSSKey;
if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PUBLICKEY), encodedPublicKey, out dssKeyLocalAlloc, out cbDSSKey))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cbDSSKey < Marshal.SizeOf(typeof(CapiNative.CRYPTOAPI_BLOB)))
{
throw new CryptographicException();
}
CapiNative.CRYPTOAPI_BLOB *pDssKeyBlob = (CapiNative.CRYPTOAPI_BLOB *)(dssKeyLocalAlloc.DangerousGetHandle());
dp.Y = ToBigEndianByteArray(*pDssKeyBlob);
}
finally
{
if (dssKeyLocalAlloc != null)
{
dssKeyLocalAlloc.Dispose();
dssKeyLocalAlloc = null;
}
}
SafeLocalAllocHandle dssParametersLocalHandle = null;
try
{
byte[] encodedKeyAlgorithmParameters = certificate.GetKeyAlgorithmParameters();
uint cbDSSParams;
if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PARAMETERS), encodedKeyAlgorithmParameters, out dssParametersLocalHandle, out cbDSSParams))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cbDSSParams < Marshal.SizeOf(typeof(CapiNative.CERT_DSS_PARAMETERS)))
{
throw new CryptographicException();
}
CapiNative.CERT_DSS_PARAMETERS *pDssParameters = (CapiNative.CERT_DSS_PARAMETERS *)(dssParametersLocalHandle.DangerousGetHandle());
dp.P = ToBigEndianByteArray(pDssParameters->p);
dp.Q = ToBigEndianByteArray(pDssParameters->q);
dp.G = ToBigEndianByteArray(pDssParameters->g);
}
finally
{
if (dssParametersLocalHandle != null)
{
dssParametersLocalHandle.Dispose();
dssParametersLocalHandle = null;
}
}
DSACng dsaCng = new DSACng();
dsaCng.ImportParameters(dp);
return(dsaCng);
}
}
public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certificate, DSA privateKey)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
if (certificate.HasPrivateKey)
{
throw new InvalidOperationException(SR.GetString(SR.Cryptography_Cert_AlreadyHasPrivateKey));
}
using (DSA publicKey = GetDSAPublicKey(certificate))
{
if (publicKey == null)
{
throw new ArgumentException(SR.GetString(SR.Cryptography_PrivateKey_WrongAlgorithm));
}
DSAParameters currentParameters = publicKey.ExportParameters(false);
DSAParameters newParameters = privateKey.ExportParameters(false);
if (!currentParameters.G.SequenceEqual(newParameters.G) ||
!currentParameters.P.SequenceEqual(newParameters.P) ||
!currentParameters.Q.SequenceEqual(newParameters.Q) ||
!currentParameters.Y.SequenceEqual(newParameters.Y))
{
throw new ArgumentException(SR.GetString(SR.Cryptography_PrivateKey_DoesNotMatch), nameof(privateKey));
}
}
DSACng dsaCng = privateKey as DSACng;
X509Certificate2 newCert = null;
if (dsaCng != null)
{
newCert = CertificateExtensionsCommon.CopyWithPersistedCngKey(certificate, dsaCng.Key);
}
if (newCert == null)
{
DSACryptoServiceProvider dsaCsp = privateKey as DSACryptoServiceProvider;
if (dsaCsp != null)
{
newCert = CertificateExtensionsCommon.CopyWithPersistedCapiKey(certificate, dsaCsp.CspKeyContainerInfo);
}
}
if (newCert == null)
{
DSAParameters parameters = privateKey.ExportParameters(true);
using (PinAndClear.Track(parameters.X))
using (dsaCng = new DSACng())
{
dsaCng.ImportParameters(parameters);
newCert = CertificateExtensionsCommon.CopyWithEphemeralCngKey(certificate, dsaCng.Key);
}
}
Debug.Assert(newCert != null);
Debug.Assert(!ReferenceEquals(certificate, newCert));
Debug.Assert(!certificate.HasPrivateKey);
Debug.Assert(newCert.HasPrivateKey);
return(newCert);
}
static AsymmetricCipherKeyPair GetAsymmetricCipherKeyPair(DSACng dsa)
{
GetAsymmetricKeyParameters(dsa, false, out var pub, out var key);
return(new AsymmetricCipherKeyPair(pub, key));
}
static AsymmetricKeyParameter GetAsymmetricKeyParameter(DSACng dsa)
{
GetAsymmetricKeyParameters(dsa, false, out _, out var key);
return(key);
}
public DSACngService(CngKey cngKey)
{
//Initializes a new instance of the DSACng class with a random 2,048-bit key pair.
this.dsaService = new DSACng(cngKey);
}
public DSACngService(int size)
{
//Initializes a new instance of the DSACng class with a randomly generated key of the specified size.
this.dsaService = new DSACng(size);
}
