private void AsymmetricConstructor_Test(string testcase, AsymmetricSecurityKey key, string algorithm, ExpectedException exceptionExpected = null) { Console.WriteLine(string.Format("Testcase: '{0}'", testcase)); AsymmetricSignatureProvider provider = null; try { if (testcase.StartsWith("Signing")) { provider = new AsymmetricSignatureProvider(key, algorithm, true); } else { provider = new AsymmetricSignatureProvider(key, algorithm, false); } if (exceptionExpected != null && exceptionExpected.Thrown != null) { Assert.Fail("Expected exception: '{0}'", exceptionExpected.Thrown); } } catch (Exception ex) { ExpectedException.ProcessException(exceptionExpected, ex); } }
private bool Verify(byte[] payload, byte[] signature, byte[] publicKey) { var key = new ECDsaSecurityKey(LoadPublicKey(publicKey)); var provider = new AsymmetricSignatureProvider(key, SecurityAlgorithms.EcdsaSha256Signature); return(provider.Verify(payload, signature)); }
public void AsymmetricSignatureProvider_Dispose() { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature); provider.Dispose(); try { provider.Sign(new byte[256]); } catch (Exception ex) { ExpectedException.ProcessException(ExpectedException.ObjDisp, ex); } try { provider.Verify(new byte[256], new byte[256]); } catch (Exception ex) { ExpectedException.ProcessException(ExpectedException.ObjDisp, ex); } try { provider.Dispose(); } catch (Exception ex) { Assert.Fail(string.Format("AsymmetricSignatureProvider.Dispose called twice, caught exception: '{0}'", ex)); } }
private byte[] Sign(byte[] payload, byte[] publicKey, byte[] privateKey) { var key = new ECDsaSecurityKey(LoadPrivateKey(privateKey)); var provider = new AsymmetricSignatureProvider(key, SecurityAlgorithms.EcdsaSha256Signature); return(provider.Sign(payload)); }
public void AsymmetricSignatureProvider_Sign_Verify_ParameterChecking() { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm); Provider_Sign_Verify_ParameterChecking("Sign - null 'input'", provider, null, null, ExpectedException.ArgNull); Provider_Sign_Verify_ParameterChecking("Sign - zero bytes 'input'", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524")); Provider_Sign_Verify_ParameterChecking("Sign - _formatter will be null since provider wasn't created with willBeUsedForSigning == true", provider, new byte[1], null, ExpectedException.InvalidOp("Jwt10520")); Provider_Sign_Verify_ParameterChecking("Verify - null 'input'", provider, null, null, ExpectedException.ArgNull); Provider_Sign_Verify_ParameterChecking("Verify - null 'signature'", provider, new byte[1], null, ExpectedException.ArgNull); Provider_Sign_Verify_ParameterChecking("Verify - 'input' zero bytes", provider, new byte[0], new byte[1], ExpectedException.ArgEx("Jwt10525")); Provider_Sign_Verify_ParameterChecking("Verify - 'signature' zero bytes", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526")); }
private void AsymmetricSignatureProvidersSignVariation(SecurityKey key, string algorithm, byte[] input, ExpectedException ee, List <string> errors) { try { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(key, algorithm, true); byte[] signature = provider.Sign(input); ee.ProcessNoException(errors); } catch (Exception ex) { ee.ProcessException(ex, errors); } }
public void AsymmetricSignatureProvider_Publics() { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm); SignatureProvider_SignVariation(provider, null, null, ExpectedException.ArgumentNullException()); SignatureProvider_SignVariation(provider, new byte[0], null, ExpectedException.ArgumentException("IDX10624:")); SignatureProvider_SignVariation(provider, new byte[1], null, ExpectedException.InvalidOperationException("IDX10620:")); SignatureProvider_VerifyVariation(provider, null, null, ExpectedException.ArgumentNullException()); SignatureProvider_VerifyVariation(provider, new byte[1], null, ExpectedException.ArgumentNullException()); SignatureProvider_VerifyVariation(provider, new byte[0], new byte[1], ExpectedException.ArgumentException("IDX10625:")); SignatureProvider_VerifyVariation(provider, new byte[1], new byte[0], ExpectedException.ArgumentException("IDX10626:")); }
public void SignVerify(SignatureProviderTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.SignVerify", theoryData); var bytes = Guid.NewGuid().ToByteArray(); try { var providerForSigningDirect = new AsymmetricSignatureProvider(theoryData.SigningKey, theoryData.SigningAlgorithm, true); providerForSigningDirect.ValidKeySize(); var providerForVerifyingDirect = new AsymmetricSignatureProvider(theoryData.VerifyKey, theoryData.VerifyAlgorithm, false); providerForVerifyingDirect.ValidKeySize(); var providerForSigningFromFactory = theoryData.SigningKey.CryptoProviderFactory.CreateForSigning(theoryData.SigningKey, theoryData.SigningAlgorithm); var providerForVerifyingFromFactory = theoryData.VerifyKey.CryptoProviderFactory.CreateForVerifying(theoryData.VerifyKey, theoryData.VerifyAlgorithm); byte[] signatureDirect = providerForSigningDirect.Sign(bytes); byte[] signatureFromFactory = providerForSigningFromFactory.Sign(bytes); if (!providerForVerifyingDirect.Verify(bytes, signatureDirect)) { context.AddDiff($"providerForVerifyingDirect.Verify (signatureDirect) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}"); } if (!providerForVerifyingDirect.Verify(bytes, signatureFromFactory)) { context.AddDiff($"providerForVerifyingDirect.Verify (signatureFromFactory) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}"); } if (!providerForVerifyingFromFactory.Verify(bytes, signatureDirect)) { context.AddDiff($"providerForVerifyingFromFactory.Verify (signatureDirect) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}"); } if (!providerForVerifyingFromFactory.Verify(bytes, signatureFromFactory)) { context.AddDiff($"providerForVerifyingFromFactory.Verify (signatureFromFactory) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}"); } theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
private async Task ValidateSignatureAsync(AcmeRawPostRequest request, AcmeHeader header, CancellationToken cancellationToken) { if (request is null) { throw new ArgumentNullException(nameof(request)); } if (header is null) { throw new ArgumentNullException(nameof(header)); } _logger.LogDebug("Attempting to validate signature ..."); var jwk = header.Jwk; if (jwk == null) { try { var accountId = header.GetAccountId(); var account = await _accountService.LoadAcountAsync(accountId, cancellationToken); jwk = account?.Jwk; } catch (InvalidOperationException) { throw new MalformedRequestException("KID could not be found."); } } if (jwk == null) { throw new MalformedRequestException("Could not load JWK."); } var securityKey = jwk.SecurityKey; using var signatureProvider = new AsymmetricSignatureProvider(securityKey, header.Alg); var plainText = System.Text.Encoding.UTF8.GetBytes($"{request.Header}.{request.Payload ?? ""}"); var signature = Base64UrlEncoder.DecodeBytes(request.Signature); if (!signatureProvider.Verify(plainText, signature)) { throw new MalformedRequestException("The signature could not be verified"); } _logger.LogDebug("successfully validated signature."); }
public void SignatureProviders_Sign() { List <string> errors = new List <string>(); byte[] rawBytes = new byte[8192]; (new Random()).NextBytes(rawBytes); // Asymmetric AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, null, ExpectedException.ArgumentNullException(), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, new byte[0], ExpectedException.ArgumentException("IDX10624:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_1024, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.ArgumentOutOfRangeException("IDX10630:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); #if NETCOREAPP1_0 AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); Assert.ThrowsAny <CryptographicException>(() => { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature); provider.Sign(rawBytes); }); #endif // since the actual exception thrown is private - WindowsCryptographicException, using this pattern to match the derived exception Assert.ThrowsAny <CryptographicException>(() => { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature); provider.Sign(rawBytes); }); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, "NOT_SUPPORTED", rawBytes, ExpectedException.ArgumentException("IDX10634:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.ECDsa256Key_Public, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyEcdsa256, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyEcdsa256Public, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); // Symmetric SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, null, ExpectedException.ArgumentNullException(), errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[0], ExpectedException.ArgumentException("IDX10624:"), errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.SymmetricSecurityKey_56, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.ArgumentOutOfRangeException("IDX10603:"), errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); TestUtilities.AssertFailIfErrors("SignatureProviders_Sign", errors); }
private void AsymmetricSignatureProviders_Verify_Variation(SecurityKey key, string algorithm, byte[] rawBytes, byte[] signature, ExpectedException ee, List <string> errors, bool shouldSignatureSucceed) { try { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(key, algorithm); if (provider.Verify(rawBytes, signature) != shouldSignatureSucceed) { errors.Add("SignatureProvider.Verify did not return expected: " + shouldSignatureSucceed + " , algorithm: " + algorithm); } ee.ProcessNoException(errors); } catch (Exception ex) { ee.ProcessException(ex, errors); } }
public void SignatureProvider_Dispose() { AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509Key_Public_2048, SecurityAlgorithms.RsaSha256Signature); asymmetricSignatureProvider.Dispose(); ExpectedException expectedException = ExpectedException.ObjectDisposedException; SignatureProvider_DisposeVariation("Sign", asymmetricSignatureProvider, expectedException); SignatureProvider_DisposeVariation("Verify", asymmetricSignatureProvider, expectedException); SignatureProvider_DisposeVariation("Dispose", asymmetricSignatureProvider, ExpectedException.NoExceptionExpected); SymmetricSignatureProvider symmetricProvider = new SymmetricSignatureProvider(KeyingMaterial.DefaultSymmetricSecurityKey_256, KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2.Algorithm); symmetricProvider.Dispose(); SignatureProvider_DisposeVariation("Sign", symmetricProvider, expectedException); SignatureProvider_DisposeVariation("Verify", symmetricProvider, expectedException); SignatureProvider_DisposeVariation("Dispose", symmetricProvider, ExpectedException.NoExceptionExpected); }
public void AsymmetricSignatureProvider_SupportedAlgorithms() { var errors = new List <string>(); foreach (var algorithm in new string[] { SecurityAlgorithms.RsaSha256, SecurityAlgorithms.RsaSha384, SecurityAlgorithms.RsaSha512, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.RsaSha384Signature, SecurityAlgorithms.RsaSha512Signature }) { try { var provider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509Key_2048, algorithm); } catch (Exception ex) { errors.Add("Creation of AsymmetricSignatureProvider with algorithm: " + algorithm + ", threw: " + ex.Message); } } foreach (var algorithm in new string[] { SecurityAlgorithms.EcdsaSha256, SecurityAlgorithms.EcdsaSha384, SecurityAlgorithms.EcdsaSha512 }) { try { var provider = new AsymmetricSignatureProvider(KeyingMaterial.ECDsa256Key, algorithm); } catch (Exception ex) { errors.Add("Creation of AsymmetricSignatureProvider with algorithm: " + algorithm + ", threw: " + ex.Message); } } TestUtilities.AssertFailIfErrors("AsymmetricSignatureProvider_SupportedAlgorithms", errors); }
public void AsymmetricSignatureProvider_Defaults() { try { AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm, false); } catch (Exception) { Assert.Fail("AsymmetricSignatureProvider creation should not throw"); } try { AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm, true); } catch (Exception) { Assert.Fail("AsymmetricSignatureProvider creation should not throw"); } }
private void AsymmetricConstructorVariation(string testcase, SecurityKey key, string algorithm, ExpectedException expectedException) { AsymmetricSignatureProvider provider = null; try { if (testcase.StartsWith("Signing")) { provider = new AsymmetricSignatureProvider(key, algorithm, true); } else { provider = new AsymmetricSignatureProvider(key, algorithm, false); } expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
/// <summary> /// 生成Jwt令牌信息 /// </summary> /// <param name="data"></param> /// <returns></returns> public string Protect(AuthenticationTicket data) { if (data == null) { throw new AggregateException(nameof(data)); } //生成jwt的id jti //从配置文件中读取 jwt的issuer 发行者 audience 受众 expires 过期时间 key 加密证书 var expires = data.Properties.ExpiresUtc.GetValueOrDefault().DateTime; //从配置文件中读取 jwt的issuer 发行者 audience 受众 expires 过期时间 key 加密证书 var issuer = "mecode"; var audience = "mywebapp"; var jti = audience + expires.Millisecond + "postman_code"; jti = MD5Util.GetMD5(jti); JwtSecurityToken token; string jwt; //获取签名证书 //包含用于生成数字签名的加密密钥 var handler = new JwtSecurityTokenHandler(); var rsaparmeters = RSAUtil.GenerateAndSaveKey("E:\\"); using (var rsa = new RSACryptoServiceProvider(2048)) { rsa.ImportParameters(rsaparmeters); var singingKey = new RsaSecurityKey(rsa); var signingCredentials = new SigningCredentials(singingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.RsaSha256Signature); var claimsIdentity = new ClaimsIdentity(data.Identity.Claims, "JWTTest"); claimsIdentity.AddClaim(new Claim("jti", jti)); claimsIdentity.AddClaim(new Claim("now", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"))); var asymmetric = new AsymmetricSignatureProvider(singingKey, SecurityAlgorithms.RsaSha256Signature, true); token = handler.CreateToken(issuer, audience, claimsIdentity, null, expires, signingCredentials, asymmetric); jwt = handler.WriteToken(token); } return(jwt); }
public void SignatureProviders_SignAndVerify() { // asymmetric try { Random r = new Random(); AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, SecurityAlgorithms.RsaSha256Signature); byte[] bytesin = new byte[1024]; r.NextBytes(bytesin); byte[] signature = provider.Sign(bytesin); } catch (Exception ex) { Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )"); } // asymmetric try { Random r = new Random(); AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, SecurityAlgorithms.RsaSha256Signature, true); byte[] bytesin = new byte[1024]; r.NextBytes(bytesin); byte[] signature = provider.Sign(bytesin); Assert.IsFalse(!provider.Verify(bytesin, signature), string.Format("AsymmetricSignatureProvider did not verify")); } catch (Exception) { Assert.Fail("Should have thrown, it is possible that crypto config mapped this."); } // unknown algorithm try { Random r = new Random(); AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature"); Assert.Fail(string.Format("Should have thrown, it is possible that crypto config mapped this.")); } catch (Exception ex) { Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )"); } // symmetric try { Random r = new Random(); SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature); byte[] bytesin = new byte[1024]; r.NextBytes(bytesin); byte[] signature = provider.Sign(bytesin); Assert.IsFalse(!provider.Verify(bytesin, signature), string.Format("Signature did not verify")); } catch (Exception ex) { Assert.Fail(string.Format("Unexpected exception received: '{0}'", ex)); } // unknown algorithm try { Random r = new Random(); SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSecurityKey_256, "SecurityAlgorithms.HmacSha256Signature"); Assert.Fail(string.Format("Should have thrown, it is possible that crypto config mapped this.")); } catch (Exception ex) { Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )"); } }
private byte[] GetSignature(SecurityKey key, string algorithm, byte[] rawBytes) { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(key, algorithm, true); return(provider.Sign(rawBytes)); }
public void RsaCngAdapterTest(RsaCngAdapterTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.RsaCngAdapterTest", theoryData); var cert = KeyingMaterial.CertSelfSigned2048_SHA256; var rsaCapiPrivateKey = new RsaSecurityKey(cert.PrivateKey as RSA); var rsaCapiPublicKey = new RsaSecurityKey(cert.PublicKey.Key as RSA); var clearBytes = Encoding.UTF8.GetBytes("blue star"); byte[] capiSignatureBytes = null; AsymmetricSignatureProvider providerCapiPrivate = null; AsymmetricSignatureProvider providerCapiPublic = null; // create CAPI providers try { providerCapiPrivate = new AsymmetricSignatureProvider(rsaCapiPrivateKey, theoryData.Algorithm, true); capiSignatureBytes = providerCapiPrivate.Sign(clearBytes); providerCapiPublic = new AsymmetricSignatureProvider(rsaCapiPublicKey, theoryData.Algorithm, false); if (!providerCapiPublic.Verify(clearBytes, capiSignatureBytes)) { context.AddDiff("providerCapiPublic.Verify(clearBytes, capiSignatureBytes)"); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } var rsaCngPrivateKey = new RsaSecurityKey(cert.GetRSAPrivateKey()); var rsaCngPublicKey = new RsaSecurityKey(cert.GetRSAPublicKey()); byte[] cngSignatureBytes = null; byte[] cngSignatureBytesByFactory = null; // create private signing AsymmetricSignatureProvider providerCngPrivate = null; try { providerCngPrivate = new AsymmetricSignatureProvider(rsaCngPrivateKey, theoryData.Algorithm, true); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // create private signing with CryptoProviderFactory.Default SignatureProvider providerCngPrivateByFactory = null; try { providerCngPrivateByFactory = CryptoProviderFactory.Default.CreateForSigning(rsaCngPrivateKey, theoryData.Algorithm); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // create public verifying AsymmetricSignatureProvider providerCngPublic = null; try { providerCngPublic = new AsymmetricSignatureProvider(rsaCngPublicKey, theoryData.Algorithm, false); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // create public verifying with CryptoProviderFactory.Default SignatureProvider providerCngPublicByFactory = null; try { providerCngPublicByFactory = CryptoProviderFactory.Default.CreateForVerifying(rsaCngPublicKey, theoryData.Algorithm); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } try { cngSignatureBytes = providerCngPrivate.Sign(clearBytes); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // cngByFactory Sign try { cngSignatureBytesByFactory = providerCngPrivateByFactory.Sign(clearBytes); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // CngPublic -> CngPrivate validates try { var cngVerify = providerCngPublic.Verify(clearBytes, cngSignatureBytes); if (!cngVerify) { context.AddDiff($"cngVerify = providerCngPublic.Verify(clearBytes, cngSignatureBytes) == false."); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // CngPublicByFactory -> CngPrivate validates try { var cngVerify = providerCngPublicByFactory.Verify(clearBytes, cngSignatureBytes); if (!cngVerify) { context.AddDiff($"cngVerify = providerCngPublicByFactory.Verify(clearBytes, cngSignatureBytes) == false."); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // CngPublic -> CAPI validates try { var cngVerify = providerCngPublic.Verify(clearBytes, capiSignatureBytes); if (!cngVerify) { context.AddDiff($"cngVerify = providerCngPublic.Verify(clearBytes, capiSignatureBytes) == false."); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // CngPublicByFactory -> CAPI validates try { var verify = providerCngPublicByFactory.Verify(clearBytes, capiSignatureBytes); if (!verify) { context.AddDiff($"verify = providerCngPublicByFactory.Verify(clearBytes, capiSignatureBytes) == false."); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // CAPIPublic -> Cng validates try { var verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytes); if (!verify) { context.AddDiff($"verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytes) == false."); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } // CAPIPublic -> CngByFactory validates try { var verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytesByFactory); if (!verify) { context.AddDiff($"verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytesByFactory) == false."); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
/// <summary> /// Constructs BouncyCastleEdDsaWrapper. /// </summary> /// <param name="signatureProvider">A provider for signatures.</param> /// <param name="curve">The type of curve.</param> /// <param name="securityKey">The security key containing the key material.</param> public BouncyCastleEdDsaWrapper(AsymmetricSignatureProvider signatureProvider, BouncyCastleEdDsaSecurityKey securityKey, string curve) : base(signatureProvider, CryptographyAlgorithmConstants.EdDsa.KeyType, curve) { SecurityKey = securityKey ?? throw new ArgumentNullException(nameof(securityKey)); }
/// <summary> /// A default constructor for classes that provide the concrete implementation. /// </summary> /// <param name="signatureProvider">A provider for signatures.</param> /// <param name="keyType">The type of key.</param> /// <param name="curve">The type of curve.</param> protected AsymmetricKeyWrapper(AsymmetricSignatureProvider signatureProvider, string keyType, string curve) { SignatureProvider = signatureProvider ?? throw new ArgumentNullException(nameof(signatureProvider)); KeyType = keyType ?? throw new ArgumentNullException(nameof(keyType)); Curve = curve ?? throw new ArgumentNullException(nameof(curve)); }