protected override byte[] SignData(ECDsa ecdsa, byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) => ecdsa.SignData(data, offset, count, hashAlgorithm);
public void SignData_InvalidArguments_Throws(ECDsa ecdsa)
{
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((byte[])null, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData(null, -1, -1, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[0], -1, -1, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[0], 2, 1, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[0], 0, -1, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[0], 0, 1, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentNullException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentNullException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentNullException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new byte[10], 0, 10, new HashAlgorithmName("")));
Assert.ThrowsAny <CryptographicException>(() => ecdsa.SignData(new byte[0], new HashAlgorithmName(Guid.NewGuid().ToString("N"))));
Assert.ThrowsAny <CryptographicException>(() => ecdsa.SignData(new byte[0], 0, 0, new HashAlgorithmName(Guid.NewGuid().ToString("N"))));
}
public void SignDataByteArraySpan_UnsupportedHashAlgorithm_ThrowsCryptographicException(ECDsa ecdsa)
{
Assert.Throws <CryptographicException>(
() => ecdsa.SignData(new byte[0], 0, 0, new HashAlgorithmName("NOT_A_REAL_HASH_ALGORITHM")));
}
/// <summary> /// Signs the provided bytes. /// </summary> /// <param name="bytesToSign">The bytes to sign.</param> /// <returns>The signed bytes.</returns> public byte[] Sign(byte[] bytesToSign) => _privateKey.SignData(bytesToSign, this.HashAlgorithmName);
public void SignDataByteArraySpan_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName)));
}
public void SignDataStream_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
{
Assert.Throws <ArgumentNullException>("data",
() => ecdsa.SignData((Stream)null, default(HashAlgorithmName)));
}
public override byte[] Sign(byte[] input)
{
return(_ecdsa.SignData(input, _hashes[Algorithm]));
}
public void SignDataByteArraySpan_NegativeCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
Assert.Throws <ArgumentOutOfRangeException>("count",
() => ecdsa.SignData(new byte[0], 0, -1, default(HashAlgorithmName)));
}
public void SignDataByteArray_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
{
AssertExtensions.Throws <ArgumentNullException>("data",
() => ecdsa.SignData((byte[])null, default(HashAlgorithmName)));
}
public void SignDataByteArraySpan_OffsetGreaterThanCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
AssertExtensions.Throws <ArgumentOutOfRangeException>("offset",
() => ecdsa.SignData(new byte[0], 2, 1, default(HashAlgorithmName)));
}
public override byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm)
{
byte[] ieeeFormat = _key.SignData(data, hashAlgorithm);
return(AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(ieeeFormat));
}
public void SignData_InvalidArguments_Throws(ECDsa ecdsa)
{
AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((Stream)null, default(HashAlgorithmName)));
AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new MemoryStream(), default(HashAlgorithmName)));
Assert.ThrowsAny <CryptographicException>(() => ecdsa.SignData(new MemoryStream(), new HashAlgorithmName(Guid.NewGuid().ToString("N"))));
}
public override byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm)
{
return(_key.SignData(data, hashAlgorithm, DSASignatureFormat.Rfc3279DerSequence));
}
public (byte[] Data, byte[] Sign) GetDocumentAndSignature()
{
byte[] aliceData = Encoding.UTF8.GetBytes("I'm Alice");
byte[] aliceDataSignature = _signAlgorithm.SignData(aliceData, HashAlgorithmName.SHA512);
return(aliceData, aliceDataSignature);
}
public void SignVerify_InteroperableSameKeys_RoundTripsUnlessTampered(ECDsa ecdsa, HashAlgorithmName hashAlgorithm)
{
byte[] data = Encoding.UTF8.GetBytes("something to repeat and sign");
// large enough to make hashing work though multiple iterations and not a multiple of 4KB it uses.
byte[] dataArray = new byte[33333];
MemoryStream dataStream = new MemoryStream(dataArray, true);
while (dataStream.Position < dataArray.Length - data.Length)
{
dataStream.Write(data, 0, data.Length);
}
dataStream.Position = 0;
byte[] dataArray2 = new byte[dataArray.Length + 2];
dataArray.CopyTo(dataArray2, 1);
ArraySegment <byte> dataSpan = new ArraySegment <byte>(dataArray2, 1, dataArray.Length);
HashAlgorithm halg;
if (hashAlgorithm == HashAlgorithmName.MD5)
{
halg = MD5.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA1)
{
halg = SHA1.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA256)
{
halg = SHA256.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA384)
{
halg = SHA384.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA512)
{
halg = SHA512.Create();
}
else
{
throw new Exception("Hash algorithm not supported.");
}
List <byte[]> signatures = new List <byte[]>(6);
// Compute a signature using each of the SignData overloads. Then, verify it using each
// of the VerifyData overloads, and VerifyHash overloads.
//
// Then, verify that VerifyHash fails if the data is tampered with.
signatures.Add(ecdsa.SignData(dataArray, hashAlgorithm));
signatures.Add(ecdsa.SignData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, hashAlgorithm));
signatures.Add(ecdsa.SignData(dataStream, hashAlgorithm));
dataStream.Position = 0;
signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataArray)));
signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count)));
signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataStream)));
dataStream.Position = 0;
foreach (byte[] signature in signatures)
{
Assert.True(ecdsa.VerifyData(dataArray, signature, hashAlgorithm), "Verify 1");
Assert.True(ecdsa.VerifyData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, signature, hashAlgorithm), "Verify 2");
Assert.True(ecdsa.VerifyData(dataStream, signature, hashAlgorithm), "Verify 3");
Assert.True(dataStream.Position == dataArray.Length, "Check stream read 3A");
dataStream.Position = 0;
Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify 4");
Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count), signature), "Verify 5");
Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataStream), signature), "Verify 6");
Assert.True(dataStream.Position == dataArray.Length, "Check stream read 6A");
dataStream.Position = 0;
}
int distinctSignatures = signatures.Distinct(new ByteArrayComparer()).Count();
Assert.True(distinctSignatures == signatures.Count, "Signing should be randomized");
foreach (byte[] signature in signatures)
{
signature[signature.Length - 1] ^= 0xFF; // flip some bits
Assert.False(ecdsa.VerifyData(dataArray, signature, hashAlgorithm), "Verify Tampered 1");
Assert.False(ecdsa.VerifyData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, signature, hashAlgorithm), "Verify Tampered 2");
Assert.False(ecdsa.VerifyData(dataStream, signature, hashAlgorithm), "Verify Tampered 3");
Assert.True(dataStream.Position == dataArray.Length, "Check stream read 3B");
dataStream.Position = 0;
Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify Tampered 4");
Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count), signature), "Verify Tampered 5");
Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataStream), signature), "Verify Tampered 6");
Assert.True(dataStream.Position == dataArray.Length, "Check stream read 6B");
dataStream.Position = 0;
}
}
public void SignDataByteArraySpan_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
{
Assert.Throws <ArgumentNullException>("data",
() => ecdsa.SignData(null, -1, -1, default(HashAlgorithmName)));
}
/// <summary>
/// Computes the hash value of the specified input stream using the specified
/// hash algorithm, and signs the resulting hash value.
/// </summary>
/// <param name="data">The data to sign.</param>
/// <param name="privateKey">ECDsa private key.</param>
/// <param name="hashAlgorithm">The hash algorithm to use to create the hash value.</param>
/// <returns>The signature for the specified data.</returns>
public byte[] SignData(Stream data, ECDsa privateKey, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512)
{
return(privateKey.SignData(data, GetAlgorithmName(hashAlgorithm)));
}
public void SignDataByteArraySpan_CountGreaterThanLengthMinusOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
Assert.Throws <ArgumentOutOfRangeException>("count",
() => ecdsa.SignData(new byte[0], 0, 1, default(HashAlgorithmName)));
}
public byte[] Sign(byte[] data)
{
return(dsa.SignData(data, HashAlgorithmName.SHA256));
}
public void SignDataByteArraySpan_EmptyHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.SignData(new byte[10], 0, 10, new HashAlgorithmName("")));
}
/// <summary>
/// Computes the signature for the specified hash value.
/// </summary>
/// <param name="data">The data to sign.</param>
/// <returns>The signature for the specified hash value.</returns>
public byte[] Sign(byte[] data)
{
return(ecdsa.SignData(data, hashName));
}
public void SignDataStream_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.SignData(new MemoryStream(), default(HashAlgorithmName)));
}
/// <inheritdoc/>
public byte[] Sign(byte[] data)
{
return(_dsa.SignData(data, _algorithmName));
}
public void SignDataStream_UnsupportedHashAlgorithm_ThrowsCryptographicException(ECDsa ecdsa)
{
Assert.Throws <CryptographicException>(
() => ecdsa.SignData(new MemoryStream(), new HashAlgorithmName("NOT_A_REAL_HASH_ALGORITHM")));
}
/// <summary>
/// Securely exchanges a secret key
/// </summary>
/// <param name="stream"></param>
/// <param name="ecParams">ECDSA public / private keypair used for signing</param>
/// <returns>A tuple containing a 256 bit hashed secret key, and the fingerprint of the remote</returns>
/// <exception cref="CryptographicException"></exception>
/// <exception cref="InvalidDataException">Thrown when the remote sends invalid data</exception>
public static async Task <(byte[], ECPoint)> ExchangeKeyAsync(this WsStream stream, ECParameters ecParams)
{
if (ecParams.D is null)
{
throw new CryptographicException("Private key must be provided");
}
ECDsa ecDsa = ECDsa.Create(ecParams);
// TODO: Harden security (prevent abuse, double check everything)
// host authentication
var pubBytes = ecDsa.ExportSubjectPublicKeyInfo();
// key exchange
var ecdh = ECDiffieHellman.Create();
var kePubBytes = ecdh.ExportSubjectPublicKeyInfo();
// sign ecdh key to authenticate
var signed = ecDsa.SignData(kePubBytes, HashAlgorithmName.SHA256);
var bw = new AsyncBinaryWriter(stream);
var br = new AsyncBinaryReader(stream);
//1
await bw.WriteAsync(pubBytes.Length);
await bw.WriteAsync(pubBytes);
//2
await bw.WriteAsync(signed.Length);
await bw.WriteAsync(signed);
//3
await bw.WriteAsync(kePubBytes.Length);
await bw.WriteAsync(kePubBytes);
// read remote public key and verify signature
//1
var remotePubKey = ECDsa.Create();
var remotePubBytes = await br.ReadBytesAsync(await br.ReadAssertAsync(120));
remotePubKey.ImportSubjectPublicKeyInfo(remotePubBytes, out _);
//2
var remoteSignature = await br.ReadBytesAsync(await br.ReadAssertAsync(96));
//3
var remoteKePub = await br.ReadBytesAsync(await br.ReadAssertAsync(158));
var remoteEcdh = ECDiffieHellman.Create();
remoteEcdh.ImportSubjectPublicKeyInfo(remoteKePub, out _);
// verify signed public key exchange key
if (!remotePubKey.VerifyData(remoteKePub, remoteSignature, HashAlgorithmName.SHA256))
{
throw new CryptographicException("Remote public key does not match hash!");
}
// derive shared secret
var sharedSecret = ecdh.DeriveKeyMaterial(remoteEcdh.PublicKey);
// return the public key (fingerprint) of the remote, and the hashed shared secret
return(SHA256.HashData(sharedSecret), remotePubKey.ExportParameters(false).Q);
}
