internal override byte[] Sign( byte[] content, CoseSigner signer, CoseHeaderMap?protectedHeaders = null, CoseHeaderMap?unprotectedHeaders = null, byte[]?associatedData = null, bool isDetached = false) { Span <byte> destination; int bytesWritten; byte[] expectedEncodedMsg = SignFixed(content, signer, protectedHeaders, unprotectedHeaders, associatedData, isDetached); // Assert TrySign returns false when destination buffer is smaller than what we need (size - i). for (int i = 1; i < 10; i++) { destination = expectedEncodedMsg.AsSpan(0, expectedEncodedMsg.Length - i); Assert.False(TrySign(content, destination, signer, out bytesWritten, protectedHeaders, unprotectedHeaders, associatedData, isDetached)); Assert.Equal(0, bytesWritten); } // Assert TrySign returns true when destination is double the required size (or at least 2k). destination = new byte[Math.Max(expectedEncodedMsg.Length * 2, 2048)]; Assert.True(TrySign(content, destination, signer, out bytesWritten, protectedHeaders, unprotectedHeaders, associatedData, isDetached)); Assert.Equal(expectedEncodedMsg.Length, bytesWritten); // Assert TrySign returns true when destination is the exact size required. destination = destination.Slice(0, expectedEncodedMsg.Length); destination.Clear(); Assert.True(TrySign(content, destination, signer, out bytesWritten, protectedHeaders, unprotectedHeaders, associatedData, isDetached)); Assert.Equal(destination.Length, bytesWritten); return(destination.ToArray()); }
public void VerifyThrowsIfIncorrectIntegerAlgorithm(int incorrectAlg) { CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash); // Template header signer.ProtectedHeaders.Add(new CoseHeaderLabel(42), 42); string hexTemplateHeaders = "47A20126182A182A"; string hexCborMessage = Sign(s_sampleContent, signer).ByteArrayToHex(); // Creaft a encoded protected map that replaces the "Template value" map. var writer = new CborWriter(); writer.WriteStartMap(1); writer.WriteInt32(1); writer.WriteInt32(incorrectAlg); writer.WriteEndMap(); byte[] newMap = writer.Encode(); writer.Reset(); writer.WriteByteString(newMap); string hexNewMap = writer.Encode().ByteArrayToHex(); hexCborMessage = ReplaceFirst(hexCborMessage, hexTemplateHeaders, hexNewMap); CoseMessage msg = Decode(ByteUtils.HexToByteArray(hexCborMessage)); Assert.Throws <CryptographicException>(() => Verify(msg, DefaultKey, s_sampleContent)); }
public void CoseSigner_RSA_Success() { var signer = new CoseSigner(RSA.Create(), RSASignaturePadding.Pkcs1, HashAlgorithmName.SHA256); Assert.NotNull(signer.ProtectedHeaders); Assert.NotNull(signer.UnprotectedHeaders); Assert.NotNull(signer.RSASignaturePadding); }
public void CoseSigner_RSAKeyNeedsSignaturePadding() { RSA rsa = RSA.Create(); Assert.Throws <ArgumentException>("key", () => new CoseSigner(rsa, HashAlgorithmName.SHA256)); var signer = new CoseSigner(rsa, RSASignaturePadding.Pss, HashAlgorithmName.SHA256); Assert.Equal(signer.RSASignaturePadding, RSASignaturePadding.Pss); }
internal override byte[] Sign(byte[] content, CoseSigner signer) { if (content == null) { return(CoseSign1Message.SignDetached((Stream)null !, signer)); } using Stream stream = GetTestStream(content); return(CoseSign1Message.SignDetached(stream, signer)); }
internal override byte[] Sign(byte[] content, CoseSigner signer) { if (content == null) { return(CoseSign1Message.SignDetachedAsync(null !, signer).GetAwaiter().GetResult()); } using Stream stream = GetTestStream(content); return(CoseSign1Message.SignDetachedAsync(stream, signer).GetAwaiter().GetResult()); }
public void SignWithCriticalHeaders_NotTransportingTheSpecifiedCriticalHeaderThrows() { CoseHeaderMap protectedHeaders = GetHeaderMapWithAlgorithm(DefaultAlgorithm); AddCriticalHeaders(protectedHeaders, null, includeSpecifiedCritHeader: false); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders); Assert.Throws <CryptographicException>(() => Sign(s_sampleContent, signer)); }
public void SignWithCriticalHeaders() { CoseHeaderMap protectedHeaders = GetHeaderMapWithAlgorithm(DefaultAlgorithm); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedProtectedHeaders = GetExpectedProtectedHeaders(DefaultAlgorithm); AddCriticalHeaders(protectedHeaders, expectedProtectedHeaders, includeSpecifiedCritHeader: true); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders); ReadOnlySpan <byte> encodedMessage = Sign(s_sampleContent, signer); AssertCoseSignMessage(encodedMessage, s_sampleContent, DefaultKey, DefaultAlgorithm, expectedProtectedHeaders); }
internal override byte[] Sign( byte[] content, CoseSigner signer, CoseHeaderMap?protectedHeaders = null, CoseHeaderMap?unprotectedHeaders = null, byte[]?associatedData = null, bool isDetached = false) { return(isDetached ? CoseMultiSignMessage.SignDetached(content, signer, protectedHeaders, unprotectedHeaders, associatedData) : CoseMultiSignMessage.SignEmbedded(content, signer, protectedHeaders, unprotectedHeaders, associatedData)); }
internal override byte[] Sign(byte[] content, CoseSigner signer, CoseHeaderMap?protectedHeaders = null, CoseHeaderMap?unprotectedHeaders = null, byte[]?associatedData = null, bool isDetached = false) { Assert.False(isDetached); if (content == null) { return(SignDetached(null !, signer, protectedHeaders, unprotectedHeaders, associatedData)); } using Stream stream = GetTestStream(content); return(SignDetached(stream, signer, protectedHeaders, unprotectedHeaders, associatedData)); }
public void MultiSign_SignWithCriticalHeaders_NotTransportingTheSpecifiedCriticalHeaderThrows_BodyHeaders() { if (MessageKind != CoseMessageKind.MultiSign) { return; } CoseHeaderMap bodyProtectedHeaders = GetEmptyHeaderMap(); AddCriticalHeaders(bodyProtectedHeaders, null, includeSpecifiedCritHeader: false); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash); Assert.Throws <CryptographicException>(() => Sign(s_sampleContent, signer, bodyProtectedHeaders)); }
public void MultiSign_AddSignatureWithDuplicateHeaderBetweenProtectedAndUnprotected() { if (MessageKind != CoseMessageKind.MultiSign) { return; } CoseHeaderMap protectedHeaders, unprotectedHeaders; Initialize(DefaultAlgorithm); CoseMultiSignMessage msg = Assert.IsType <CoseMultiSignMessage>(Decode(Sign(s_sampleContent, GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders, unprotectedHeaders)))); // Algorithm header is duplicated. It is a special case because it is mandatory that the header exists in the protected map. unprotectedHeaders.Add(CoseHeaderLabel.Algorithm, (int)DefaultAlgorithm); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders, unprotectedHeaders); Assert.Throws <CryptographicException>(() => AddSignature(msg, s_sampleContent, signer)); // other known header is duplicate. Initialize(DefaultAlgorithm); protectedHeaders.Add(CoseHeaderLabel.ContentType, ContentTypeDummyValue); unprotectedHeaders.Add(CoseHeaderLabel.ContentType, ContentTypeDummyValue); signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders, unprotectedHeaders); Assert.Throws <CryptographicException>(() => AddSignature(msg, s_sampleContent, signer)); // not-known int header is duplicate. Initialize(DefaultAlgorithm); var myLabel = new CoseHeaderLabel(42); protectedHeaders.Add(myLabel, 42); unprotectedHeaders.Add(myLabel, 42); signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders, unprotectedHeaders); Assert.Throws <CryptographicException>(() => AddSignature(msg, s_sampleContent, signer)); // not-known tstr header is duplicate. Initialize(DefaultAlgorithm); myLabel = new CoseHeaderLabel("42"); protectedHeaders.Add(myLabel, 42); unprotectedHeaders.Add(myLabel, 42); signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders, unprotectedHeaders); Assert.Throws <CryptographicException>(() => AddSignature(msg, s_sampleContent, signer)); void Initialize(CoseAlgorithm algorithm) { protectedHeaders = GetHeaderMapWithAlgorithm(algorithm); unprotectedHeaders = GetEmptyHeaderMap(); } }
public void MultiSign_SignWithCriticalHeaders_BodyHeaders() { if (MessageKind != CoseMessageKind.MultiSign) { return; } CoseHeaderMap bodyProtectedHeaders = GetEmptyHeaderMap(); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedBodyProtected = GetEmptyExpectedHeaders(); AddCriticalHeaders(bodyProtectedHeaders, expectedBodyProtected, includeSpecifiedCritHeader: true); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash); ReadOnlySpan <byte> encodedMessage = Sign(s_sampleContent, signer, bodyProtectedHeaders); AssertCoseSignMessage(encodedMessage, s_sampleContent, DefaultKey, DefaultAlgorithm, expectedMultiSignBodyProtectedHeaders: expectedBodyProtected); }
public void MultiSign_SignWithAllCborTypesAsHeaderValue_BodyHeaders(bool useProtectedMap, byte[] encodedValue) { if (MessageKind != CoseMessageKind.MultiSign) { return; } var myLabel = new CoseHeaderLabel(42); CoseHeaderMap signProtectedHeaders = GetHeaderMapWithAlgorithm(DefaultAlgorithm); CoseHeaderMap signUnprotectedHeaders = GetEmptyHeaderMap(); CoseHeaderMap bodyProtectedHeaders = GetEmptyHeaderMap(); CoseHeaderMap bodyUnprotectedHeaders = GetEmptyHeaderMap(); (useProtectedMap ? bodyProtectedHeaders : bodyUnprotectedHeaders)[myLabel] = CoseHeaderValue.FromEncodedValue(encodedValue); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedSignProtectedHeaders = GetExpectedProtectedHeaders(DefaultAlgorithm); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedSignUnprotectedHeaders = GetEmptyExpectedHeaders(); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedProtectedHeaders = GetEmptyExpectedHeaders(); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedUnprotectedHeaders = GetEmptyExpectedHeaders(); (useProtectedMap ? expectedProtectedHeaders : expectedUnprotectedHeaders).Add((myLabel, encodedValue)); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash, signProtectedHeaders, signUnprotectedHeaders); ReadOnlySpan <byte> encodedMessage = Sign(s_sampleContent, signer, bodyProtectedHeaders, bodyUnprotectedHeaders); AssertCoseSignMessage( encodedMessage, s_sampleContent, DefaultKey, DefaultAlgorithm, expectedSignProtectedHeaders, expectedSignUnprotectedHeaders, null, expectedProtectedHeaders, expectedUnprotectedHeaders); // Verify it is transported correctly. CoseMessage message = Decode(encodedMessage); ReadOnlyMemory <byte> roundtrippedValue = (useProtectedMap ? message.ProtectedHeaders : message.UnprotectedHeaders)[myLabel].EncodedValue; AssertExtensions.SequenceEqual(encodedValue, roundtrippedValue.Span); }
public void VerifyThrowsIfIncorrectStringAlgorithm() { CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash); // Template header signer.ProtectedHeaders.Add(new CoseHeaderLabel(42), 42); string hexTemplateHeaders = "47A20126182A182A"; string hexCborMessage = Sign(s_sampleContent, signer).ByteArrayToHex(); // Algorithm header is "FOO". string hexNewMap = "49A10166343634463446"; hexCborMessage = ReplaceFirst(hexCborMessage, hexTemplateHeaders, hexNewMap); CoseMessage msg = Decode(ByteUtils.HexToByteArray(hexCborMessage)); Assert.Throws <CryptographicException>(() => Verify(msg, DefaultKey, s_sampleContent)); }
public void ReEncodeWithDuplicateHeaderBetweenProtectedAndUnprotected() { // Algorithm header is duplicated. It is a special case because it is mandatory that the header exists in the protected map. CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash); CoseMessage msg = Decode(Sign(s_sampleContent, signer)); GetSigningHeaderMap(msg, getProtectedMap: false).Add(CoseHeaderLabel.Algorithm, (int)DefaultAlgorithm); AllEncodeOverloadsShouldThrow(msg); // other known header is duplicate. CoseHeaderMap protectedHeaders = GetEmptyHeaderMap(); protectedHeaders.Add(CoseHeaderLabel.ContentType, ContentTypeDummyValue); signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders); msg = Decode(Sign(s_sampleContent, signer)); GetSigningHeaderMap(msg, getProtectedMap: false).Add(CoseHeaderLabel.ContentType, ContentTypeDummyValue); AllEncodeOverloadsShouldThrow(msg); // not-known int header is duplicate. var myLabel = new CoseHeaderLabel(42); protectedHeaders = GetEmptyHeaderMap(); protectedHeaders.Add(myLabel, 42); signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders); msg = Decode(Sign(s_sampleContent, signer)); GetSigningHeaderMap(msg, getProtectedMap: false).Add(myLabel, 42); AllEncodeOverloadsShouldThrow(msg); // not-known tstr header is duplicate. myLabel = new CoseHeaderLabel("42"); protectedHeaders = GetEmptyHeaderMap(); protectedHeaders.Add(myLabel, 42); signer = GetCoseSigner(DefaultKey, DefaultHash, protectedHeaders); msg = Decode(Sign(s_sampleContent, signer)); GetSigningHeaderMap(msg, getProtectedMap: false).Add(myLabel, 42); AllEncodeOverloadsShouldThrow(msg); }
public void MultiSign_SignWithCriticalHeaders_NotTransportingTheSpecifiedCriticalHeaderThrows_AddSignature() { if (MessageKind != CoseMessageKind.MultiSign) { return; } ReadOnlySpan <byte> encodedMsg = Sign(s_sampleContent, GetCoseSigner(DefaultKey, DefaultHash)); CoseMultiSignMessage multiSignMsg = Assert.IsType <CoseMultiSignMessage>(Decode(encodedMsg)); multiSignMsg.RemoveSignature(0); CoseHeaderMap signProtectedHeaders = GetHeaderMapWithAlgorithm(DefaultAlgorithm); AddCriticalHeaders(signProtectedHeaders, null, includeSpecifiedCritHeader: false); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash, signProtectedHeaders); Assert.Throws <CryptographicException>(() => AddSignature(multiSignMsg, s_sampleContent, signer)); }
public void MultiSign_ReEncodeWithDuplicateHeaderBetweenProtectedAndUnprotected_BodyProtected() { if (MessageKind != CoseMessageKind.MultiSign) { return; } // known header is duplicate. CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash); CoseHeaderMap protectedHeaders = GetEmptyHeaderMap(); protectedHeaders.Add(CoseHeaderLabel.ContentType, ContentTypeDummyValue); CoseMessage msg = Decode(Sign(s_sampleContent, signer, protectedHeaders)); msg.UnprotectedHeaders.Add(CoseHeaderLabel.ContentType, ContentTypeDummyValue); AllEncodeOverloadsShouldThrow(msg); // not-known int header is duplicate. var myLabel = new CoseHeaderLabel(42); protectedHeaders = GetEmptyHeaderMap(); protectedHeaders.Add(myLabel, 42); signer = GetCoseSigner(DefaultKey, DefaultHash); msg = Decode(Sign(s_sampleContent, signer, protectedHeaders)); msg.UnprotectedHeaders.Add(myLabel, 42); AllEncodeOverloadsShouldThrow(msg); // not-known tstr header is duplicate. myLabel = new CoseHeaderLabel("42"); protectedHeaders = GetEmptyHeaderMap(); protectedHeaders.Add(myLabel, 42); signer = GetCoseSigner(DefaultKey, DefaultHash); msg = Decode(Sign(s_sampleContent, signer, protectedHeaders)); msg.UnprotectedHeaders.Add(myLabel, 42); AllEncodeOverloadsShouldThrow(msg); }
public void MultiSign_SignWithCriticalHeaders_AddSignature() { if (MessageKind != CoseMessageKind.MultiSign) { return; } ReadOnlySpan <byte> encodedMsg = Sign(s_sampleContent, GetCoseSigner(DefaultKey, DefaultHash)); CoseMultiSignMessage multiSignMsg = Assert.IsType <CoseMultiSignMessage>(Decode(encodedMsg)); multiSignMsg.RemoveSignature(0); CoseHeaderMap signProtectedHeaders = GetHeaderMapWithAlgorithm(DefaultAlgorithm); List <(CoseHeaderLabel, ReadOnlyMemory <byte>)> expectedSignProtected = GetExpectedProtectedHeaders(DefaultAlgorithm); AddCriticalHeaders(signProtectedHeaders, expectedSignProtected, includeSpecifiedCritHeader: true); CoseSigner signer = GetCoseSigner(DefaultKey, DefaultHash, signProtectedHeaders); AddSignature(multiSignMsg, s_sampleContent, signer); AssertCoseSignMessage(multiSignMsg.Encode(), s_sampleContent, DefaultKey, DefaultAlgorithm, expectedProtectedHeaders: expectedSignProtected); }
private bool TrySign(ReadOnlySpan <byte> content, Span <byte> destination, CoseSigner signer, out int bytesWritten, CoseHeaderMap?protectedHeaders, CoseHeaderMap?unprotectedHeaders, byte[]?associatedData, bool isDetached) => isDetached? CoseMultiSignMessage.TrySignDetached(content, destination, signer, out bytesWritten, protectedHeaders, unprotectedHeaders, associatedData) : CoseMultiSignMessage.TrySignEmbedded(content, destination, signer, out bytesWritten, protectedHeaders, unprotectedHeaders, associatedData);
private byte[] SignFixed(byte[] content, CoseSigner signer, CoseHeaderMap?protectedHeaders, CoseHeaderMap?unprotectedHeaders, byte[]?associatedData, bool isDetached) => isDetached? CoseMultiSignMessage.SignDetached(content, signer, protectedHeaders, unprotectedHeaders, associatedData) : CoseMultiSignMessage.SignEmbedded(content, signer, protectedHeaders, unprotectedHeaders, associatedData);
internal abstract byte[] Sign(byte[] content, CoseSigner signer);
internal abstract void AddSignature(CoseMultiSignMessage msg, byte[] content, CoseSigner signer, byte[]?associatedData = null);
internal override void AddSignature(CoseMultiSignMessage msg, byte[] content, CoseSigner signer, byte[]?associatedData = null) => MultiSignAddSignature(msg, content, signer, associatedData);
internal abstract byte[] Sign(byte[] content, CoseSigner signer, CoseHeaderMap?protectedHeaders = null, CoseHeaderMap?unprotectedHeaders = null, byte[]?associatedData = null, bool isDetached = false);
internal override byte[] Sign(byte[] content, CoseSigner signer) => CoseSign1Message.SignEmbedded(content, signer);
internal override byte[] Sign(byte[] content, CoseSigner signer) => CoseMultiSignMessage.SignDetached(content, signer);
internal override void AddSignature(CoseMultiSignMessage msg, byte[] content, CoseSigner signer, byte[]?associatedData = null) => throw new NotSupportedException();
private byte[] Sign(byte[] content, CoseSigner signer, bool isDetached, byte[]?associatedData) => isDetached? CoseSign1Message.SignDetached(content, signer, associatedData) : CoseSign1Message.SignEmbedded(content, signer, associatedData);
private bool TrySign(ReadOnlySpan <byte> content, Span <byte> destination, CoseSigner signer, bool isDetached, out int bytesWritten, byte[]?associatedData) => isDetached? CoseSign1Message.TrySignDetached(content, destination, signer, out bytesWritten, associatedData) : CoseSign1Message.TrySignEmbedded(content, destination, signer, out bytesWritten, associatedData);