public void RoundtripRSA512PKCS1()
{
NSError error;
SecKey private_key;
SecKey public_key;
using (var record = new SecRecord(SecKind.Key)) {
record.KeyType = SecKeyType.RSA;
record.KeySizeInBits = 512; // it's not a performance test :)
Assert.That(SecKey.GenerateKeyPair(record.ToDictionary(), out public_key, out private_key), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair");
byte [] plain = new byte [20] {
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
};
byte [] cipher;
if (TestRuntime.CheckXcodeVersion(8, 0))
{
Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Encrypt");
// I would have expect false
Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Decrypt");
using (var pub = public_key.GetPublicKey()) {
// a new native instance of the key is returned (so having a new managed SecKey is fine)
Assert.That(pub.Handle, Is.Not.EqualTo(public_key.Handle), "public/GetPublicKey");
}
using (var attrs = public_key.GetAttributes()) {
Assert.That(attrs.Count, Is.GreaterThan(0), "public/GetAttributes");
}
using (var data = public_key.GetExternalRepresentation(out error)) {
Assert.Null(error, "public/error-1");
Assert.NotNull(data, "public/GetExternalRepresentation");
using (var key = SecKey.Create(data, SecKeyType.RSA, SecKeyClass.Public, 512, null, out error)) {
Assert.Null(error, "public/Create/error-1");
}
}
}
Assert.That(public_key.Encrypt(SecPadding.PKCS1, plain, out cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt");
byte[] result;
if (TestRuntime.CheckXcodeVersion(8, 0))
{
Assert.False(private_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Encrypt");
Assert.True(private_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Decrypt");
using (var pub2 = private_key.GetPublicKey()) {
// a new native instance of the key is returned (so having a new managed SecKey is fine)
Assert.That(pub2.Handle, Is.Not.EqualTo(public_key.Handle), "private/GetPublicKey");
}
using (var attrs = private_key.GetAttributes()) {
Assert.That(attrs.Count, Is.GreaterThan(0), "private/GetAttributes");
}
using (var data2 = private_key.GetExternalRepresentation(out error)) {
Assert.Null(error, "private/error-1");
Assert.NotNull(data2, "private/GetExternalRepresentation");
using (var key = SecKey.Create(data2, SecKeyType.RSA, SecKeyClass.Private, 512, null, out error)) {
Assert.Null(error, "private/Create/error-1");
}
}
}
public_key.Dispose();
Assert.That(private_key.Decrypt(SecPadding.PKCS1, cipher, out result), Is.EqualTo(SecStatusCode.Success), "Decrypt");
Assert.That(plain, Is.EqualTo(result), "match");
private_key.Dispose();
}
}
public void RoundtripRSAMinPKCS1()
{
NSError error;
SecKey private_key;
SecKey public_key;
var label = $"KeyTest.RoundtripRSAMinPKCS1-{CFBundle.GetMain ().Identifier}-{GetType ().FullName}-{Process.GetCurrentProcess ().Id}";
try {
using (var record = new SecRecord(SecKind.Key)) {
record.KeyType = SecKeyType.RSA;
record.KeySizeInBits = MinRsaKeySize; // it's not a performance test :)
record.Label = label;
Assert.That(SecKey.GenerateKeyPair(record.ToDictionary(), out public_key, out private_key), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair");
byte [] plain = new byte [20] {
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
};
byte [] cipher;
if (TestRuntime.CheckXcodeVersion(8, 0))
{
Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Encrypt");
#if MONOMAC
Assert.That(public_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), Is.EqualTo(TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 13)), "public/IsAlgorithmSupported/Decrypt");
using (var pub = public_key.GetPublicKey()) {
// macOS behaviour is not consistent - but the test main goal is to check we get a key
Assert.That(pub.Handle, Is.Not.EqualTo(IntPtr.Zero), "public/GetPublicKey");
}
#else
Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Decrypt");
using (var pub = public_key.GetPublicKey())
{
// a new native instance of the key is returned (so having a new managed SecKey is fine)
Assert.False(pub.Handle == public_key.Handle, "public/GetPublicKey");
}
#endif
using (var attrs = public_key.GetAttributes()) {
Assert.That(attrs.Count, Is.GreaterThan((nuint)0), "public/GetAttributes");
}
using (var data = public_key.GetExternalRepresentation(out error)) {
Assert.Null(error, "public/error-1");
Assert.NotNull(data, "public/GetExternalRepresentation");
using (var key = SecKey.Create(data, SecKeyType.RSA, SecKeyClass.Public, MinRsaKeySize, null, out error)) {
Assert.Null(error, "public/Create/error-1");
}
}
}
Assert.That(public_key.Encrypt(SecPadding.PKCS1, plain, out cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt");
byte[] result;
if (TestRuntime.CheckXcodeVersion(8, 0))
{
Assert.False(private_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Encrypt");
Assert.True(private_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Decrypt");
using (var pub2 = private_key.GetPublicKey()) {
// a new native instance of the key is returned (so having a new managed SecKey is fine)
Assert.That(pub2.Handle, Is.Not.EqualTo(public_key.Handle), "private/GetPublicKey");
}
using (var attrs = private_key.GetAttributes()) {
Assert.That(attrs.Count, Is.GreaterThan((nuint)0), "private/GetAttributes");
}
using (var data2 = private_key.GetExternalRepresentation(out error)) {
Assert.Null(error, "private/error-1");
Assert.NotNull(data2, "private/GetExternalRepresentation");
using (var key = SecKey.Create(data2, SecKeyType.RSA, SecKeyClass.Private, MinRsaKeySize, null, out error)) {
Assert.Null(error, "private/Create/error-1");
}
}
}
public_key.Dispose();
var expectedResult = SecStatusCode.Success;
#if __MACOS__
if (!TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 8))
{
expectedResult = SecStatusCode.InvalidData;
}
#endif
Assert.That(private_key.Decrypt(SecPadding.PKCS1, cipher, out result), Is.EqualTo(expectedResult), "Decrypt");
if (expectedResult != SecStatusCode.InvalidData)
{
Assert.That(plain, Is.EqualTo(result), "match");
}
private_key.Dispose();
}
} finally {
// Clean up after us
DeleteKeysWithLabel(label);
}
}