protected override byte[] SignData(ECDsa ecdsa, byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) => ecdsa.SignData(data, offset, count, hashAlgorithm);
public void SignData_InvalidArguments_Throws(ECDsa ecdsa) { AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((byte[])null, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData(null, -1, -1, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[0], -1, -1, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[0], 2, 1, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[0], 0, -1, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[0], 0, 1, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentNullException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentNullException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentNullException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new byte[10], 0, 10, new HashAlgorithmName(""))); Assert.ThrowsAny <CryptographicException>(() => ecdsa.SignData(new byte[0], new HashAlgorithmName(Guid.NewGuid().ToString("N")))); Assert.ThrowsAny <CryptographicException>(() => ecdsa.SignData(new byte[0], 0, 0, new HashAlgorithmName(Guid.NewGuid().ToString("N")))); }
public void SignDataByteArraySpan_UnsupportedHashAlgorithm_ThrowsCryptographicException(ECDsa ecdsa) { Assert.Throws <CryptographicException>( () => ecdsa.SignData(new byte[0], 0, 0, new HashAlgorithmName("NOT_A_REAL_HASH_ALGORITHM"))); }
/// <summary> /// Signs the provided bytes. /// </summary> /// <param name="bytesToSign">The bytes to sign.</param> /// <returns>The signed bytes.</returns> public byte[] Sign(byte[] bytesToSign) => _privateKey.SignData(bytesToSign, this.HashAlgorithmName);
public void SignDataByteArraySpan_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa) { Assert.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName))); }
public void SignDataStream_NullData_ThrowsArgumentNullException(ECDsa ecdsa) { Assert.Throws <ArgumentNullException>("data", () => ecdsa.SignData((Stream)null, default(HashAlgorithmName))); }
public override byte[] Sign(byte[] input) { return(_ecdsa.SignData(input, _hashes[Algorithm])); }
public void SignDataByteArraySpan_NegativeCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa) { Assert.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[0], 0, -1, default(HashAlgorithmName))); }
public void SignDataByteArray_NullData_ThrowsArgumentNullException(ECDsa ecdsa) { AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((byte[])null, default(HashAlgorithmName))); }
public void SignDataByteArraySpan_OffsetGreaterThanCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa) { AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.SignData(new byte[0], 2, 1, default(HashAlgorithmName))); }
public override byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm) { byte[] ieeeFormat = _key.SignData(data, hashAlgorithm); return(AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(ieeeFormat)); }
public void SignData_InvalidArguments_Throws(ECDsa ecdsa) { AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.SignData((Stream)null, default(HashAlgorithmName))); AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new MemoryStream(), default(HashAlgorithmName))); Assert.ThrowsAny <CryptographicException>(() => ecdsa.SignData(new MemoryStream(), new HashAlgorithmName(Guid.NewGuid().ToString("N")))); }
public override byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm) { return(_key.SignData(data, hashAlgorithm, DSASignatureFormat.Rfc3279DerSequence)); }
public (byte[] Data, byte[] Sign) GetDocumentAndSignature() { byte[] aliceData = Encoding.UTF8.GetBytes("I'm Alice"); byte[] aliceDataSignature = _signAlgorithm.SignData(aliceData, HashAlgorithmName.SHA512); return(aliceData, aliceDataSignature); }
public void SignVerify_InteroperableSameKeys_RoundTripsUnlessTampered(ECDsa ecdsa, HashAlgorithmName hashAlgorithm) { byte[] data = Encoding.UTF8.GetBytes("something to repeat and sign"); // large enough to make hashing work though multiple iterations and not a multiple of 4KB it uses. byte[] dataArray = new byte[33333]; MemoryStream dataStream = new MemoryStream(dataArray, true); while (dataStream.Position < dataArray.Length - data.Length) { dataStream.Write(data, 0, data.Length); } dataStream.Position = 0; byte[] dataArray2 = new byte[dataArray.Length + 2]; dataArray.CopyTo(dataArray2, 1); ArraySegment <byte> dataSpan = new ArraySegment <byte>(dataArray2, 1, dataArray.Length); HashAlgorithm halg; if (hashAlgorithm == HashAlgorithmName.MD5) { halg = MD5.Create(); } else if (hashAlgorithm == HashAlgorithmName.SHA1) { halg = SHA1.Create(); } else if (hashAlgorithm == HashAlgorithmName.SHA256) { halg = SHA256.Create(); } else if (hashAlgorithm == HashAlgorithmName.SHA384) { halg = SHA384.Create(); } else if (hashAlgorithm == HashAlgorithmName.SHA512) { halg = SHA512.Create(); } else { throw new Exception("Hash algorithm not supported."); } List <byte[]> signatures = new List <byte[]>(6); // Compute a signature using each of the SignData overloads. Then, verify it using each // of the VerifyData overloads, and VerifyHash overloads. // // Then, verify that VerifyHash fails if the data is tampered with. signatures.Add(ecdsa.SignData(dataArray, hashAlgorithm)); signatures.Add(ecdsa.SignData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, hashAlgorithm)); signatures.Add(ecdsa.SignData(dataStream, hashAlgorithm)); dataStream.Position = 0; signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataArray))); signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count))); signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataStream))); dataStream.Position = 0; foreach (byte[] signature in signatures) { Assert.True(ecdsa.VerifyData(dataArray, signature, hashAlgorithm), "Verify 1"); Assert.True(ecdsa.VerifyData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, signature, hashAlgorithm), "Verify 2"); Assert.True(ecdsa.VerifyData(dataStream, signature, hashAlgorithm), "Verify 3"); Assert.True(dataStream.Position == dataArray.Length, "Check stream read 3A"); dataStream.Position = 0; Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify 4"); Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count), signature), "Verify 5"); Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataStream), signature), "Verify 6"); Assert.True(dataStream.Position == dataArray.Length, "Check stream read 6A"); dataStream.Position = 0; } int distinctSignatures = signatures.Distinct(new ByteArrayComparer()).Count(); Assert.True(distinctSignatures == signatures.Count, "Signing should be randomized"); foreach (byte[] signature in signatures) { signature[signature.Length - 1] ^= 0xFF; // flip some bits Assert.False(ecdsa.VerifyData(dataArray, signature, hashAlgorithm), "Verify Tampered 1"); Assert.False(ecdsa.VerifyData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, signature, hashAlgorithm), "Verify Tampered 2"); Assert.False(ecdsa.VerifyData(dataStream, signature, hashAlgorithm), "Verify Tampered 3"); Assert.True(dataStream.Position == dataArray.Length, "Check stream read 3B"); dataStream.Position = 0; Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify Tampered 4"); Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count), signature), "Verify Tampered 5"); Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataStream), signature), "Verify Tampered 6"); Assert.True(dataStream.Position == dataArray.Length, "Check stream read 6B"); dataStream.Position = 0; } }
public void SignDataByteArraySpan_NullData_ThrowsArgumentNullException(ECDsa ecdsa) { Assert.Throws <ArgumentNullException>("data", () => ecdsa.SignData(null, -1, -1, default(HashAlgorithmName))); }
/// <summary> /// Computes the hash value of the specified input stream using the specified /// hash algorithm, and signs the resulting hash value. /// </summary> /// <param name="data">The data to sign.</param> /// <param name="privateKey">ECDsa private key.</param> /// <param name="hashAlgorithm">The hash algorithm to use to create the hash value.</param> /// <returns>The signature for the specified data.</returns> public byte[] SignData(Stream data, ECDsa privateKey, Nequeo.Cryptography.HashcodeType hashAlgorithm = HashcodeType.SHA512) { return(privateKey.SignData(data, GetAlgorithmName(hashAlgorithm))); }
public void SignDataByteArraySpan_CountGreaterThanLengthMinusOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa) { Assert.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.SignData(new byte[0], 0, 1, default(HashAlgorithmName))); }
public byte[] Sign(byte[] data) { return(dsa.SignData(data, HashAlgorithmName.SHA256)); }
public void SignDataByteArraySpan_EmptyHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa) { Assert.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new byte[10], 0, 10, new HashAlgorithmName(""))); }
/// <summary> /// Computes the signature for the specified hash value. /// </summary> /// <param name="data">The data to sign.</param> /// <returns>The signature for the specified hash value.</returns> public byte[] Sign(byte[] data) { return(ecdsa.SignData(data, hashName)); }
public void SignDataStream_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa) { Assert.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.SignData(new MemoryStream(), default(HashAlgorithmName))); }
/// <inheritdoc/> public byte[] Sign(byte[] data) { return(_dsa.SignData(data, _algorithmName)); }
public void SignDataStream_UnsupportedHashAlgorithm_ThrowsCryptographicException(ECDsa ecdsa) { Assert.Throws <CryptographicException>( () => ecdsa.SignData(new MemoryStream(), new HashAlgorithmName("NOT_A_REAL_HASH_ALGORITHM"))); }
/// <summary> /// Securely exchanges a secret key /// </summary> /// <param name="stream"></param> /// <param name="ecParams">ECDSA public / private keypair used for signing</param> /// <returns>A tuple containing a 256 bit hashed secret key, and the fingerprint of the remote</returns> /// <exception cref="CryptographicException"></exception> /// <exception cref="InvalidDataException">Thrown when the remote sends invalid data</exception> public static async Task <(byte[], ECPoint)> ExchangeKeyAsync(this WsStream stream, ECParameters ecParams) { if (ecParams.D is null) { throw new CryptographicException("Private key must be provided"); } ECDsa ecDsa = ECDsa.Create(ecParams); // TODO: Harden security (prevent abuse, double check everything) // host authentication var pubBytes = ecDsa.ExportSubjectPublicKeyInfo(); // key exchange var ecdh = ECDiffieHellman.Create(); var kePubBytes = ecdh.ExportSubjectPublicKeyInfo(); // sign ecdh key to authenticate var signed = ecDsa.SignData(kePubBytes, HashAlgorithmName.SHA256); var bw = new AsyncBinaryWriter(stream); var br = new AsyncBinaryReader(stream); //1 await bw.WriteAsync(pubBytes.Length); await bw.WriteAsync(pubBytes); //2 await bw.WriteAsync(signed.Length); await bw.WriteAsync(signed); //3 await bw.WriteAsync(kePubBytes.Length); await bw.WriteAsync(kePubBytes); // read remote public key and verify signature //1 var remotePubKey = ECDsa.Create(); var remotePubBytes = await br.ReadBytesAsync(await br.ReadAssertAsync(120)); remotePubKey.ImportSubjectPublicKeyInfo(remotePubBytes, out _); //2 var remoteSignature = await br.ReadBytesAsync(await br.ReadAssertAsync(96)); //3 var remoteKePub = await br.ReadBytesAsync(await br.ReadAssertAsync(158)); var remoteEcdh = ECDiffieHellman.Create(); remoteEcdh.ImportSubjectPublicKeyInfo(remoteKePub, out _); // verify signed public key exchange key if (!remotePubKey.VerifyData(remoteKePub, remoteSignature, HashAlgorithmName.SHA256)) { throw new CryptographicException("Remote public key does not match hash!"); } // derive shared secret var sharedSecret = ecdh.DeriveKeyMaterial(remoteEcdh.PublicKey); // return the public key (fingerprint) of the remote, and the hashed shared secret return(SHA256.HashData(sharedSecret), remotePubKey.ExportParameters(false).Q); }