public static CngKey Create(CngAlgorithm algorithm, string keyName, CngKeyCreationParameters creationParameters) { if (algorithm == null) { throw new ArgumentNullException("algorithm"); } if (creationParameters == null) { creationParameters = new CngKeyCreationParameters(); } if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported")); } if (keyName != null) { KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(keyName, KeyContainerPermissionFlags.Create) { ProviderName = creationParameters.Provider.Provider }; KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); permission.AccessEntries.Add(accessEntry); permission.Demand(); } SafeNCryptProviderHandle provider = NCryptNative.OpenStorageProvider(creationParameters.Provider.Provider); SafeNCryptKeyHandle keyHandle = NCryptNative.CreatePersistedKey(provider, algorithm.Algorithm, keyName, creationParameters.KeyCreationOptions); SetKeyProperties(keyHandle, creationParameters); NCryptNative.FinalizeKey(keyHandle); CngKey key = new CngKey(provider, keyHandle); if (keyName == null) { key.IsEphemeral = true; } return key; }
private CngAlgorithm GetCngAlgorithm(HashAlgorithm hashAlgorithm) { CngAlgorithm cngAlgorithm = null; if (hashAlgorithm == null) { cngAlgorithm = CngAlgorithm.Sha1; } else if (hashAlgorithm is MD5) { cngAlgorithm = CngAlgorithm.MD5; } else if (hashAlgorithm is SHA1) { cngAlgorithm = CngAlgorithm.Sha1; } else if (hashAlgorithm is SHA256) { cngAlgorithm = CngAlgorithm.Sha256; } else if (hashAlgorithm is SHA384) { cngAlgorithm = CngAlgorithm.Sha384; } else if (hashAlgorithm is SHA512) { cngAlgorithm = CngAlgorithm.Sha512; } return(cngAlgorithm); }
public CngKey GetOrGenerateKey(int keySize, CngAlgorithm algorithm) { // If our key size was changed, we need to generate a new key. if (_lazyKey != null) { if (_lazyKey.KeySize != keySize) DisposeKey(); } // If we don't have a key yet, we need to generate one now. if (_lazyKey == null) { CngKeyCreationParameters creationParameters = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.AllowPlaintextExport, }; CngProperty keySizeProperty = new CngProperty(KeyPropertyName.Length, BitConverter.GetBytes(keySize), CngPropertyOptions.None); creationParameters.Parameters.Add(keySizeProperty); _lazyKey = CngKey.Create(algorithm, null, creationParameters); } return _lazyKey; }
public static CngKey Create(CngAlgorithm algorithm, string keyName, CngKeyCreationParameters creationParameters) { if (algorithm == null) throw new ArgumentNullException("algorithm"); if (creationParameters == null) creationParameters = new CngKeyCreationParameters(); SafeNCryptProviderHandle providerHandle = creationParameters.Provider.OpenStorageProvider(); SafeNCryptKeyHandle keyHandle; ErrorCode errorCode = Interop.NCrypt.NCryptCreatePersistedKey(providerHandle, out keyHandle, algorithm.Algorithm, keyName, 0, creationParameters.KeyCreationOptions); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); InitializeKeyProperties(keyHandle, creationParameters); errorCode = Interop.NCrypt.NCryptFinalizeKey(keyHandle, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); CngKey key = new CngKey(providerHandle, keyHandle); // No name translates to an ephemeral key if (keyName == null) { key.IsEphemeral = true; } return key; }
public static bool Verify(byte[] securedInput, byte[] signature, CngKey key, CngAlgorithm hash, int saltSize) { using (HashAlgorithm algo = HashAlgorithm(hash)) { return(VerifyHash(algo.ComputeHash(securedInput), signature, key, hash.Algorithm, saltSize)); } }
private static ECDsa LoadBase58CngPublicKey(string publicKey, CngAlgorithm alg) { var ecDsaCng = new ECDsaCng(CngKey.Import(Base58Encoding.Decode(publicKey), CngKeyBlobFormat.EccPublicBlob)); ecDsaCng.HashAlgorithm = alg; return(ecDsaCng); }
private static ECDsa LoadBase64CngPublicKey(string publicKey, CngAlgorithm alg) { var ecDsaCng = new ECDsaCng(CngKey.Import(Convert.FromBase64String(publicKey), CngKeyBlobFormat.EccPublicBlob)); ecDsaCng.HashAlgorithm = alg; return(ecDsaCng); }
internal BCryptHMAC(CngAlgorithm algorithm, CngProvider algorithmProvider, string hashName, int blockSize, byte[] key) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(algorithmProvider != null, "algorithmProvider != null"); Debug.Assert(!String.IsNullOrEmpty(hashName), "!String.IsNullOrEmpty(hashName)"); Debug.Assert(blockSize > 0, "blockSize > 0"); Debug.Assert(key != null, "key != null"); BlockSizeValue = blockSize; HashName = hashName; m_algorithm = BCryptNative.OpenAlgorithm(algorithm.Algorithm, algorithmProvider.Provider, BCryptNative.AlgorithmProviderOptions.HmacAlgorithm); // Resetting the key will call Initialize for us, and get us setup with a hash handle, // so we don't need to create the hash handle ourselves Key = key; HashSizeValue = BCryptNative.GetInt32Property(m_hash, BCryptNative.HashPropertyName.HashLength) * 8; }
public CngKey GetOrGenerateKey(int keySize, CngAlgorithm algorithm) { // If our key size was changed, we need to generate a new key. if (_lazyKey != null) { if (_lazyKey.KeySize != keySize) { DisposeKey(); } } // If we don't have a key yet, we need to generate one now. if (_lazyKey == null) { CngKeyCreationParameters creationParameters = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.AllowPlaintextExport, }; CngProperty keySizeProperty = new CngProperty(KeyPropertyName.Length, BitConverter.GetBytes(keySize), CngPropertyOptions.None); creationParameters.Parameters.Add(keySizeProperty); _lazyKey = CngKey.Create(algorithm, null, creationParameters); } return(_lazyKey); }
//[Fact] - Keeping this test for reference but we don't want to run it as an inner-loop test because // it creates a key on disk. public static void AesRoundTrip256BitsNoneECBUsingStoredKey() { CngAlgorithm algname = new CngAlgorithm("AES"); string keyName = "CoreFxTest-" + Guid.NewGuid(); CngKey _cngKey = CngKey.Create(algname, keyName); try { using (Aes alg = new AesCng(keyName)) { try { alg.Padding = PaddingMode.None; alg.Mode = CipherMode.ECB; int keySize = alg.KeySize; byte[] plainText = "15a818701f0f7c99fe4b1b4b860f131b".HexToByteArray(); byte[] cipher = alg.Encrypt(plainText); byte[] decrypted = alg.Decrypt(cipher); byte[] expectedDecrypted = "15a818701f0f7c99fe4b1b4b860f131b".HexToByteArray(); Assert.Equal <byte>(expectedDecrypted, decrypted); } catch (Exception e) { Console.WriteLine(e.Message); } } } finally { _cngKey.Delete(); } }
/// <summary> /// Create a CNG Key and form as string. /// </summary> /// <param name="ca">The Algorithm.</param> /// <param name="cbf">The CNG Key Blob Format.</param> /// <returns>The key.</returns> public string GenerateCngKeyAsString(CngAlgorithm ca, CngKeyBlobFormat cbf) { CngKey ck = GenerateCngKey(ca); byte[] b = ck.Export(cbf); string[] s = new string[b.Length]; int i = 0; foreach (byte v in b) { StringBuilder sb = new StringBuilder(); sb.Append(v); s[i] = sb.ToString(); } StringBuilder strb = new StringBuilder(); foreach (string st in s) { strb.Append(st); strb.Append(','); } return(strb.ToString()); }
/// <summary> /// Constructs the core to use a stored CNG key. /// </summary> public CngSymmetricAlgorithmCore(string algorithm, ICngSymmetricAlgorithm outer, string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { if (keyName == null) { throw new ArgumentNullException("keyName"); } if (provider == null) { throw new ArgumentNullException("provider"); } _algorithm = algorithm; _outer = outer; _keyName = keyName; _provider = provider; _optionOptions = openOptions; using (CngKey cngKey = ProduceCngKey()) { CngAlgorithm actualAlgorithm = cngKey.Algorithm; if (algorithm != actualAlgorithm.Algorithm) { throw new CryptographicException(SR.GetString(SR.Cryptography_CngKeyWrongAlgorithm, actualAlgorithm.Algorithm, algorithm)); } _outer.BaseKeySize = cngKey.KeySize; } }
public static bool Verify(byte[] securedInput, byte[] signature, CngKey key, CngAlgorithm hash, int saltSize) { using (HashAlgorithm algo = HashAlgorithm(hash)) { return VerifyHash(algo.ComputeHash(securedInput),signature, key, hash.Algorithm, saltSize); } }
public static byte[] Sign(byte[] input, CngKey key, CngAlgorithm hash, int saltSize) { using (HashAlgorithm algo = HashAlgorithm(hash)) { return(SignHash(algo.ComputeHash(input), key, hash.Algorithm, saltSize)); } }
public EcDsaPrivateKeyProvider( ID2LSecurityTokenFactory d2lSecurityTokenFactory, CngAlgorithm algorithm ) { m_d2lSecurityTokenFactory = d2lSecurityTokenFactory; m_algorithm = algorithm; }
public static void CreateEphemeral_WithParameters() { CngAlgorithm alg = CngAlgorithm.ECDiffieHellmanP256; CngKeyCreationParameters p = new CngKeyCreationParameters(); p.ExportPolicy = CngExportPolicies.AllowExport; p.KeyUsage = CngKeyUsages.KeyAgreement; p.UIPolicy = new CngUIPolicy(CngUIProtectionLevels.ForceHighProtection, "MyFriendlyName", "MyDescription", "MyUseContext", "MyCreationTitle"); byte[] myPropValue1 = "23afbc".HexToByteArray(); p.Parameters.Add(new CngProperty("MyProp1", myPropValue1, CngPropertyOptions.CustomProperty)); byte[] myPropValue2 = "8765".HexToByteArray(); p.Parameters.Add(new CngProperty("MyProp2", myPropValue2, CngPropertyOptions.CustomProperty)); using (CngKey key = CngKey.Create(alg, null, p)) { Assert.Equal(CngAlgorithm.ECDiffieHellmanP256, key.Algorithm); Assert.Equal(CngExportPolicies.AllowExport, key.ExportPolicy); Assert.Equal(CngKeyUsages.KeyAgreement, key.KeyUsage); CngUIPolicy uiPolicy = key.UIPolicy; Assert.Equal(CngUIProtectionLevels.ForceHighProtection, uiPolicy.ProtectionLevel); Assert.Equal("MyFriendlyName", uiPolicy.FriendlyName); Assert.Equal("MyDescription", uiPolicy.Description); Assert.Equal("MyUseContext", uiPolicy.UseContext); Assert.Equal("MyCreationTitle", uiPolicy.CreationTitle); byte[] propValue1Actual = key.GetProperty("MyProp1", CngPropertyOptions.CustomProperty).GetValue(); Assert.Equal <byte>(myPropValue1, propValue1Actual); byte[] propValue2Actual = key.GetProperty("MyProp2", CngPropertyOptions.CustomProperty).GetValue(); Assert.Equal <byte>(myPropValue2, propValue2Actual); } }
internal BCryptHMAC(CngAlgorithm algorithm, CngProvider algorithmProvider, string hashName, int blockSize, byte[] key) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(algorithmProvider != null, "algorithmProvider != null"); Debug.Assert(!String.IsNullOrEmpty(hashName), "!String.IsNullOrEmpty(hashName)"); Debug.Assert(blockSize > 0, "blockSize > 0"); Debug.Assert(key != null, "key != null"); BlockSizeValue = blockSize; HashName = hashName; m_algorithm = BCryptNative.OpenAlgorithm(algorithm.Algorithm, algorithmProvider.Provider, BCryptNative.AlgorithmProviderOptions.HmacAlgorithm); // Resetting the key will call Initialize for us, and get us setup with a hash handle, // so we don't need to create the hash handle ourselves Key = key; HashSizeValue = BCryptNative.GetInt32Property(m_hash, BCryptNative.HashPropertyName.HashLength) * 8; }
public ECDiffieHellmanBc(Int32 keySize) { Org.BouncyCastle.Asn1.X9.X9ECParameters ecParams; switch (keySize) { case 256: ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256r1"); break; case 384: ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1"); break; case 521: ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp521r1"); break; default: throw new ArgumentException("ECDiffieHellman key size " + keySize + " not supported"); } _keySize = keySize; _domainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N, ecParams.H, ecParams.GetSeed()); // Initialize key generation parameters with new SecureRandom Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(); ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(_domainParameters, secureRandom); // Generate key pair from domain parameters Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator generator = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); generator.Init(keyGenParams); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair(); // Save the private and public key parameters _privateKeyParameters = (ECPrivateKeyParameters) keyPair.Private; _publicKeyParameters = (ECPublicKeyParameters) keyPair.Public; _kdf = ECDiffieHellmanKeyDerivationFunction.Hash; _hashAlgorithm = CngAlgorithm.Sha256; }
internal BCryptAuthenticatedSymmetricAlgorithm(CngAlgorithm algorithm, CngProvider implementation, KeySizes[] legalBlockSizes, KeySizes[] legalKeySizes) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(implementation != null, "implementation != null"); Debug.Assert(legalBlockSizes != null, "legalBlockSizes != null"); Debug.Assert(legalKeySizes != null, "legalKeySizes != null"); m_algorithm = algorithm; m_implementation = implementation; m_chainingMode = CngChainingMode.Gcm; LegalBlockSizesValue = legalBlockSizes; LegalKeySizesValue = legalKeySizes; // Create a temporary algorithm handle so that we can query it for some properties - such as the // block and tag sizes. using (SafeBCryptAlgorithmHandle algorithmHandle = SetupAlgorithm()) { // Get block size in bits BlockSize = BCryptNative.GetInt32Property(algorithmHandle, BCryptNative.ObjectPropertyName.BlockLength) * 8; UpdateLegalTagSizes(algorithmHandle); } }
/// <summary> /// Create a CNG keypair /// </summary> /// <param name="pkAlgo">Key algorithm (from supported set)</param> /// <param name="name">Key container name</param> /// <returns> /// CNG keypair /// </returns> /// <exception cref="System.NotSupportedException">Creation of key not supported for: + pkAlgo.Algorithm</exception> /// <remarks> /// Keys are exportable /// </remarks> public static CngKey Create(CngAlgorithm pkAlgo, string name) { // Normalise the name string _name = name.Replace(' ', '_'); CngKeyCreationParameters keyParams = new CngKeyCreationParameters(); keyParams.ExportPolicy = CngExportPolicies.AllowPlaintextExport; keyParams.KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey; keyParams.Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider; // Note that CngAlgorithm is not an enum if (pkAlgo.Algorithm.Contains("ECDSA")) { keyParams.KeyUsage = CngKeyUsages.Signing; } else if (pkAlgo.Algorithm.Contains("ECDH")) { keyParams.KeyUsage = CngKeyUsages.KeyAgreement; } else { throw new NotSupportedException("Creation of key not supported for: " + pkAlgo.Algorithm); } return(CngKey.Create(pkAlgo, _name, keyParams)); }
public static ECDiffieHellmanCngPublicKey FromTLSPublicKey(CngAlgorithm alg, byte[] tlsKey) { if (alg == CngAlgorithm.ECDiffieHellmanP256) { if (tlsKey.Length != 65) { throw new ArgumentOutOfRangeException(nameof(tlsKey), $"Expecting 65 bytes, received {tlsKey.Length} bytes."); } var buffer = new byte[72]; buffer.AsSpan().Write(BCRYPT_ECDH_PUBLIC_P256_MAGIC).Write(tlsKey.AsSpan().Slice(1)); return((ECDiffieHellmanCngPublicKey)ECDiffieHellmanCngPublicKey.FromByteArray(buffer, CngKeyBlobFormat.EccPublicBlob)); } if (alg == CngAlgorithm.ECDiffieHellmanP384) { if (tlsKey.Length != 97) { throw new ArgumentOutOfRangeException(nameof(tlsKey), $"Expecting 97 bytes, received {tlsKey.Length} bytes."); } var buffer = new byte[104]; buffer.AsSpan().Write(BCRYPT_ECDH_PUBLIC_P384_MAGIC).Write(tlsKey.AsSpan().Slice(1)); return((ECDiffieHellmanCngPublicKey)ECDiffieHellmanCngPublicKey.FromByteArray(buffer, CngKeyBlobFormat.EccPublicBlob)); } throw new NotImplementedException(); }
internal BCryptHMAC(CngAlgorithm algorithm, CngProvider algorithmProvider, string hashName, int blockSize, byte[] key) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(algorithmProvider != null, "algorithmProvider != null"); Debug.Assert(!String.IsNullOrEmpty(hashName), "!String.IsNullOrEmpty(hashName)"); Debug.Assert(blockSize > 0, "blockSize > 0"); Debug.Assert(key != null, "key != null"); BlockSizeValue = blockSize; // We set the HashName up to be the CNG version of the hash, since the base type will instantiate // the algorithm, and the CNG versions have different FIPS characteristics than the standard implementations. HashName = String.Format(CultureInfo.InvariantCulture, "System.Security.Cryptography.{0}Cng, {1}", hashName, typeof(SHA256Cng).Assembly.FullName); m_implementation = algorithmProvider; m_algorithm = BCryptNative.OpenAlgorithm(algorithm.Algorithm, algorithmProvider.Provider, BCryptNative.AlgorithmProviderOptions.HmacAlgorithm); // Resetting the key will call Initialize for us, and get us setup with a hash handle, // so we don't need to create the hash handle ourselves Key = key; HashSizeValue = BCryptNative.GetInt32Property(m_hash, BCryptNative.HashPropertyName.HashLength) * 8; }
/// <summary>constructor</summary> /// <param name="func">キー派生関数(Bob側と合わせる)。</param> /// <param name="hash">秘密協定の処理に使用するハッシュ アルゴリズム(Bob側と合わせる)</param> /// <param name="hmacKey">HMACキー</param> /// <param name="secretPrependOrLabel">SecretPrepend or Label</param> /// <param name="secretAppendOrSeed">SecretAppend or Seed</param> public EcdhCngBob(ECDiffieHellmanKeyDerivationFunction func, CngAlgorithm hash, byte[] hmacKey, byte[] secretPrependOrLabel, byte[] secretAppendOrSeed) { ECDiffieHellmanCng ecdh = new ECDiffieHellmanCng(); this._asa = ecdh; // 保持 // Alice側と合わせる。 ecdh.KeyDerivationFunction = func; if (func == ECDiffieHellmanKeyDerivationFunction.Hash) { ecdh.HashAlgorithm = hash; ecdh.SecretPrepend = secretPrependOrLabel; ecdh.SecretAppend = secretAppendOrSeed; } else if (func == ECDiffieHellmanKeyDerivationFunction.Hmac) { ecdh.HashAlgorithm = hash; ecdh.HmacKey = hmacKey; ecdh.SecretPrepend = secretPrependOrLabel; ecdh.SecretAppend = secretAppendOrSeed; } else if (func == ECDiffieHellmanKeyDerivationFunction.Tls) { ecdh.Label = secretPrependOrLabel; ecdh.Seed = secretAppendOrSeed; } // Aliceと鍵交換する交換鍵 this._exchangeKey = ecdh.PublicKey.ToByteArray(); }
public bool VerifyHash(byte[] hash, byte[] signature, CngAlgorithm hashAlgorithm) { if (hash == null) { throw new ArgumentNullException("hash"); } if (signature == null) { throw new ArgumentNullException("signature"); } if (hashAlgorithm == null) { throw new ArgumentNullException("hashAlgorithm"); } switch (SignaturePaddingMode) { case AsymmetricPaddingMode.Pkcs1: return(NCryptNative.VerifySignaturePkcs1(KeyHandle, hash, hashAlgorithm.Algorithm, signature)); case AsymmetricPaddingMode.Pss: return(NCryptNative.VerifySignaturePss(KeyHandle, hash, hashAlgorithm.Algorithm, SignatureSaltBytes, signature)); default: throw new InvalidOperationException(Properties.Resources.UnsupportedPaddingMode); } }
private static HashAlgorithm HashAlgorithm(CngAlgorithm hash) { #if NET40 || NET461 if (hash == CngAlgorithm.Sha256) { return(new SHA256Cng()); } if (hash == CngAlgorithm.Sha384) { return(new SHA384Cng()); } if (hash == CngAlgorithm.Sha512) { return(new SHA512Cng()); } throw new ArgumentException(string.Format("RsaPss expects hash function to be SHA256, SHA384 or SHA512, but was given:{0}", hash)); #elif NETSTANDARD1_4 if (hash == CngAlgorithm.Sha256) { return(SHA256.Create()); } if (hash == CngAlgorithm.Sha384) { return(SHA384.Create()); } if (hash == CngAlgorithm.Sha512) { return(SHA512.Create()); } throw new NotImplementedException("not yet"); #endif }
/// <summary> /// Initializes a new instance of <see cref="ECDHKey"/> class, using the specified curve algorithm. /// </summary> /// <param name="algorithm">The algorithm the key will be used with.</param> /// <param name="keyName">The name of the key, if the key should be persisted.</param> /// <exception cref="ArgumentNullException"><paramref name="algorithm"/> is <see langword="null"/>.</exception> /// <exception cref="ArgumentException"><paramref name="algorithm"/> is not a valid curve algorithm.</exception> /// <exception cref="InvalidOperationException"> /// The key specified by <paramref name="keyName"/> is not using the specified <paramref name="algorithm"/>. /// </exception> public ECDHKey(CngAlgorithm algorithm, string keyName = null) { Contract.Requires <ArgumentNullException>(algorithm != null, nameof(algorithm)); Contract.Requires <ArgumentException>(algorithm.Algorithm.StartsWith("ECDH_"), nameof(algorithm)); key = LoadOrCreateKey(keyName, algorithm); }
/// <summary> /// Constructs the core to use a stored CNG key. /// </summary> public CngSymmetricAlgorithmCore(ICngSymmetricAlgorithm outer, string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { if (keyName == null) { throw new ArgumentNullException(nameof(keyName)); } if (provider == null) { throw new ArgumentNullException(nameof(provider)); } _outer = outer; _keyName = keyName; _provider = provider; _optionOptions = openOptions; using (CngKey cngKey = ProduceCngKey()) { CngAlgorithm actualAlgorithm = cngKey.Algorithm; string algorithm = _outer.GetNCryptAlgorithmIdentifier(); if (algorithm != actualAlgorithm.Algorithm) { throw new CryptographicException(SR.Format(SR.Cryptography_CngKeyWrongAlgorithm, actualAlgorithm.Algorithm, algorithm)); } _outer.BaseKeySize = cngKey.KeySize; } }
/// <summary> /// Unpack a CAPI CRYPT_OID_INFO structure into an Oid2 /// </summary> private Oid2(CapiNative.CRYPT_OID_INFO oidInfo) { m_oid = oidInfo.pszOID ?? String.Empty; m_name = oidInfo.pwszName ?? String.Empty; m_group = oidInfo.dwGroupId; // Algorithm information is only set for specific OID groups if (oidInfo.dwGroupId == OidGroup.EncryptionAlgorithm || oidInfo.dwGroupId == OidGroup.HashAlgorithm || oidInfo.dwGroupId == OidGroup.PublicKeyAlgorithm || oidInfo.dwGroupId == OidGroup.SignatureAlgorithm) { // Values of 0 or -1 indicate that there is no CAPI algorithm mapping if (oidInfo.dwValue != 0 && oidInfo.dwValue != -1) { m_algorithmId = oidInfo.dwValue; } if (!String.IsNullOrEmpty(oidInfo.pwszCNGAlgid)) { m_cngAlgorithm = new CngAlgorithm(oidInfo.pwszCNGAlgid); } if (!String.IsNullOrEmpty(oidInfo.pwszCNGExtraAlgid)) { m_cngExtraAlgorithm = new CngAlgorithm(oidInfo.pwszCNGExtraAlgid); } } }
public static byte[] Sign(byte[] input, CngKey key, CngAlgorithm hash, int saltSize) { using (HashAlgorithm algo = HashAlgorithm(hash)) { return SignHash(algo.ComputeHash(input), key, hash.Algorithm, saltSize); } }
public static void VerifyMachineKey( CngAlgorithm algorithm, int plainBytesCount, Func <string, SymmetricAlgorithm> persistedFunc, Func <SymmetricAlgorithm> ephemeralFunc) { string keyName = Guid.NewGuid().ToString(); CngKeyCreationParameters creationParameters = new CngKeyCreationParameters { Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider, ExportPolicy = CngExportPolicies.AllowPlaintextExport, KeyCreationOptions = CngKeyCreationOptions.MachineKey, }; CngKey cngKey = CngKey.Create(algorithm, keyName, creationParameters); try { VerifyPersistedKey( keyName, plainBytesCount, persistedFunc, ephemeralFunc, CipherMode.CBC, PaddingMode.PKCS7); } finally { // Delete also Disposes the key, no using should be added here. cngKey.Delete(); } }
public static void CreateEmphemeral_Default() { CngAlgorithm alg = CngAlgorithm.ECDiffieHellmanP256; using (CngKey key = CngKey.Create(alg, null, null)) { } }
public EcDsaPrivateKeyProvider( ID2LSecurityTokenFactory d2lSecurityTokenFactory, CngAlgorithm algorithm ) { m_d2lSecurityTokenFactory = d2lSecurityTokenFactory; m_algorithm = algorithm; }
/// <summary> /// Create a CNG Key and form as string, then export as a file. /// </summary> /// <param name="ca">The Algorithm.</param> /// <param name="cbf">The CNG Key Blob Format.</param> public void GenerateAndExportAsFile(string path, CngAlgorithm ca, CngKeyBlobFormat cbf) { StreamWriter sw = new StreamWriter(path); sw.Write(GenerateCngKeyAsString(ca, cbf)); sw.Close(); }
public void ConstructorCustom() { CngAlgorithm algo = new CngAlgorithm("custom"); Check(algo); Assert.IsFalse(algo.Equals((CngAlgorithm)null), "Equals((CngAlgorithm)null)"); Assert.IsFalse(algo.Equals((object)null), "Equals((object)null)"); }
protected static CngKey GivenTheKey(string keyname, CngAlgorithm algorithm) { return CngKey.Create(algorithm, keyname, new CngKeyCreationParameters { Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider, KeyCreationOptions = CngKeyCreationOptions.MachineKey, KeyUsage = CngKeyUsages.Signing }); }
public BCryptHashAlgorithm(CngAlgorithm algorithm, string implementation) { if (!BCryptNative.BCryptSupported) { throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported")); } this.m_algorithmHandle = BCryptNative.OpenAlgorithm(algorithm.Algorithm, implementation); this.Initialize(); }
public void ECDiffieHellmanP384() { CngAlgorithm algo = CngAlgorithm.ECDiffieHellmanP384; Assert.AreEqual("ECDH_P384", algo.Algorithm, "Algorithm"); Assert.IsTrue(algo.Equals(CngAlgorithm.ECDiffieHellmanP384), "Equals(static)"); Assert.IsTrue(Object.ReferenceEquals(algo, CngAlgorithm.ECDiffieHellmanP384), "ReferenceEquals"); Check(algo); }
public void ECDsaP521() { CngAlgorithm algo = CngAlgorithm.ECDsaP521; Assert.AreEqual("ECDSA_P521", algo.Algorithm, "Algorithm"); Assert.IsTrue(algo.Equals(CngAlgorithm.ECDsaP521), "Equals(static)"); Assert.IsTrue(Object.ReferenceEquals(algo, CngAlgorithm.ECDsaP521), "ReferenceEquals"); Check(algo); }
public void MD5() { CngAlgorithm algo = CngAlgorithm.MD5; Assert.AreEqual("MD5", algo.Algorithm, "Algorithm"); Assert.IsTrue(algo.Equals(CngAlgorithm.MD5), "Equals(static)"); Assert.IsTrue(Object.ReferenceEquals(algo, CngAlgorithm.MD5), "ReferenceEquals"); Check(algo); }
public void Sha512() { CngAlgorithm algo = CngAlgorithm.Sha512; Assert.AreEqual("SHA512", algo.Algorithm, "Algorithm"); Assert.IsTrue(algo.Equals(CngAlgorithm.Sha512), "Equals(static)"); Assert.IsTrue(Object.ReferenceEquals(algo, CngAlgorithm.Sha512), "ReferenceEquals"); Check(algo); }
public ECDiffieHellmanCng(int keySize) { this.m_hashAlgorithm = CngAlgorithm.Sha256; if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported")); } base.LegalKeySizesValue = s_legalKeySizes; this.KeySize = keySize; }
/// <summary> /// Get all of the keys for a specific algorithm supported by the provider /// </summary> public static IEnumerable<CngKey> GetKeys(this CngProvider provider, CngKeyOpenOptions openOptions, CngAlgorithm algorithm) { if (algorithm == null) throw new ArgumentNullException("algorithm"); return from key in provider.GetKeys(openOptions) where key.Algorithm == algorithm select key; }
private static HashAlgorithm HashAlgorithm(CngAlgorithm hash) { if (hash == CngAlgorithm.Sha256) return new SHA256Cng(); if (hash == CngAlgorithm.Sha384) return new SHA384Cng(); if (hash == CngAlgorithm.Sha512) return new SHA512Cng(); throw new ArgumentException(string.Format("RsaPss expects hash function to be SHA256, SHA384 or SHA512, but was given:{0}",hash)); }
private static byte[] GetCurveIdentifier(CngAlgorithm algorithm) { if (algorithm == CngAlgorithm.ECDsaP256) return new byte[] {0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}; if (algorithm == CngAlgorithm.ECDsaP384) return new byte[] {0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22}; if (algorithm == CngAlgorithm.ECDsaP521) return new byte[] {0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23}; throw new UnsupportedCurveException("Unknown algorithm " + algorithm.Algorithm); }
public static byte[] DeriveKeyMaterial(byte[] privateKey, byte[] otherPublicKey, CngAlgorithm hashAlgorithm) { #if Mono throw new NotSupportedException(); #else using (CngKey ck = CngKey.Import(privateKey, CngKeyBlobFormat.Pkcs8PrivateBlob)) using (ECDiffieHellmanCng ecdh = new ECDiffieHellmanCng(ck)) { ecdh.HashAlgorithm = hashAlgorithm; return ecdh.DeriveKeyMaterial(ECDiffieHellmanCngPublicKey.FromXmlString(Encoding.ASCII.GetString(otherPublicKey))); } #endif }
private static HashAlgorithm HashAlgorithm(CngAlgorithm hash) { #if NET40 if (hash == CngAlgorithm.Sha256) return new SHA256Cng(); if (hash == CngAlgorithm.Sha384) return new SHA384Cng(); if (hash == CngAlgorithm.Sha512) return new SHA512Cng(); throw new ArgumentException(string.Format("RsaPss expects hash function to be SHA256, SHA384 or SHA512, but was given:{0}",hash)); #elif NETSTANDARD1_4 throw new NotImplementedException("not yet"); #endif }
private static string GetCurveUrn(CngAlgorithm algorithm) { if ((algorithm == CngAlgorithm.ECDsaP256) || (algorithm == CngAlgorithm.ECDiffieHellmanP256)) { return "urn:oid:1.2.840.10045.3.1.7"; } if ((algorithm == CngAlgorithm.ECDsaP384) || (algorithm == CngAlgorithm.ECDiffieHellmanP384)) { return "urn:oid:1.3.132.0.34"; } if (!(algorithm == CngAlgorithm.ECDsaP521) && !(algorithm == CngAlgorithm.ECDiffieHellmanP521)) { throw new ArgumentException(System.SR.GetString("Cryptography_UnknownEllipticCurve"), "algorithm"); } return "urn:oid:1.3.132.0.35"; }
internal BCryptSymmetricAlgorithm(CngAlgorithm algorithm, CngProvider algorithmProvider, KeySizes[] legalBlockSizes, KeySizes[] legalkeySizes) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(algorithmProvider != null, "algorithmProvider != null"); Debug.Assert(legalBlockSizes != null, "legalBlockSizes != null"); Debug.Assert(legalkeySizes != null, "legalKeySizes != null"); m_algorithm = algorithm; m_algorithmProvider = algorithmProvider; LegalBlockSizesValue = legalBlockSizes; LegalKeySizesValue = legalkeySizes; }
/// <summary> /// Create an Oid2 object for an OID which has no CAPI algorithm representation /// </summary> public Oid2(string oid, string friendlyName, OidGroup group, CngAlgorithm cngAlgorithm, CngAlgorithm extraCngAlgorithm) { if (oid == null) throw new ArgumentNullException("oid"); if (friendlyName == null) throw new ArgumentNullException("friendlyName"); m_oid = oid; m_name = friendlyName; m_group = group; m_cngAlgorithm = cngAlgorithm; m_cngExtraAlgorithm = extraCngAlgorithm; }
public static byte[] Encrypt(byte[] plainText, CngKey key, CngAlgorithm hash) { var paddingInfo = new BCrypt.BCRYPT_OAEP_PADDING_INFO(hash.Algorithm); uint cipherTextByteSize; uint status = NCrypt.NCryptEncrypt(key.Handle, plainText, plainText.Length, ref paddingInfo, null, 0, out cipherTextByteSize, BCrypt.BCRYPT_PAD_OAEP); if (status != BCrypt.ERROR_SUCCESS) throw new CryptographicException(string.Format("NCrypt.Encrypt() (ciphertext buffer size) failed with status code:{0}", status)); var cipherText = new byte[cipherTextByteSize]; status = NCrypt.NCryptEncrypt(key.Handle, plainText, plainText.Length, ref paddingInfo, cipherText, cipherTextByteSize, out cipherTextByteSize, BCrypt.BCRYPT_PAD_OAEP); if (status != BCrypt.ERROR_SUCCESS) throw new CryptographicException(string.Format("NCrypt.Encrypt() failed with status code:{0}", status)); return cipherText; }
private void Check (CngAlgorithm algo) { Assert.AreEqual (algo.Algorithm, algo.ToString (), "Algorithm/ToString"); Assert.AreEqual (algo.GetHashCode (), algo.Algorithm.GetHashCode (), "GetHashCode"); Assert.IsTrue (algo.Equals (algo), "Equals(self)"); Assert.IsTrue (algo.Equals ((object)algo), "Equals((object)self)"); CngAlgorithm copy = new CngAlgorithm (algo.Algorithm); Assert.AreEqual (algo.GetHashCode (), copy.GetHashCode (), "Copy"); Assert.IsTrue (algo.Equals (copy), "Equals(copy)"); Assert.IsTrue (algo.Equals ((object)copy), "Equals((object)copy)"); Assert.IsTrue (algo == copy, "algo==copy"); Assert.IsFalse (algo != copy, "algo!=copy"); Assert.IsFalse (algo.Equals (mono), "Equals(mono)"); Assert.IsFalse (algo.Equals ((object)mono), "Equals((object)mono)"); Assert.IsFalse (algo == mono, "algo==mono"); Assert.IsTrue (algo != mono, "algo!=mono"); }
public BCryptHashAlgorithm(CngAlgorithm algorithm, string implementation) { Contract.Requires(algorithm != null); Contract.Requires(!String.IsNullOrEmpty(implementation)); Contract.Ensures(m_algorithmHandle != null && !m_algorithmHandle.IsInvalid && !m_algorithmHandle.IsClosed); Contract.Ensures(m_hashHandle != null && !m_hashHandle.IsInvalid && !m_hashHandle.IsClosed); // Make sure CNG is supported on this platform if (!BCryptNative.BCryptSupported) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported)); } if (_algorithmCache == null) { _algorithmCache = new BCryptAlgorithmHandleCache(); } m_algorithmHandle = _algorithmCache.GetCachedAlgorithmHandle(algorithm.Algorithm, implementation); Initialize(); }
public ECDiffieHellmanCng(CngKey key) { this.m_hashAlgorithm = CngAlgorithm.Sha256; if (key == null) { throw new ArgumentNullException("key"); } if (key.AlgorithmGroup != CngAlgorithmGroup.ECDiffieHellman) { throw new ArgumentException(System.SR.GetString("Cryptography_ArgECDHRequiresECDHKey"), "key"); } if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported")); } base.LegalKeySizesValue = s_legalKeySizes; new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); this.Key = CngKey.Open(key.Handle, key.IsEphemeral ? CngKeyHandleOpenOptions.EphemeralKey : CngKeyHandleOpenOptions.None); CodeAccessPermission.RevertAssert(); this.KeySize = this.m_key.KeySize; }
//[Fact] - Keeping this test for reference but we don't want to run it as an inner-loop test because // it creates a key on disk. public static void StoredKeyTripleDES() { CngAlgorithm algname = new CngAlgorithm("3DES"); string keyName = "CoreFxTest-" + Guid.NewGuid(); CngKey _cngKey = CngKey.Create(algname, keyName); try { using (TripleDES alg = new TripleDESCng(keyName)) { int keySize = alg.KeySize; Assert.Equal(192, keySize); // Since this is a stored key, it's not going to surrender the actual key bytes. Assert.ThrowsAny<CryptographicException>(() => alg.Key); } } finally { _cngKey.Delete(); } }
// The ephemeral key has already been validated by the AesCipherTests suite. // Therefore we can use the ephemeral key to validate the persisted key. internal static void VerifyPersistedKey( CngAlgorithm algorithm, int keySize, int plainBytesCount, Func<string, SymmetricAlgorithm> persistedFunc, Func<SymmetricAlgorithm> ephemeralFunc, CipherMode cipherMode, PaddingMode paddingMode) { string keyName = Guid.NewGuid().ToString(); CngKeyCreationParameters creationParameters = new CngKeyCreationParameters { Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider, ExportPolicy = CngExportPolicies.AllowPlaintextExport, Parameters = { new CngProperty("Length", BitConverter.GetBytes(keySize), CngPropertyOptions.None), } }; CngKey cngKey = CngKey.Create(algorithm, keyName, creationParameters); try { VerifyPersistedKey( keyName, plainBytesCount, persistedFunc, ephemeralFunc, cipherMode, paddingMode); } finally { // Delete also Disposes the key, no using should be added here. cngKey.Delete(); } }
public void ConstructorCustom () { CngAlgorithm algo = new CngAlgorithm ("custom"); Check (algo); Assert.IsFalse (algo.Equals ((CngAlgorithm) null), "Equals((CngAlgorithm)null)"); Assert.IsFalse (algo.Equals ((object) null), "Equals((object)null)"); }
/// <summary> /// Verify data which was signed and hashed with the given hash algorithm. This /// overload does not use the SignatureHashAlgorithm property. /// </summary> /// <param name="hash">hash to verify</param> /// <param name="signature">signature of the data</param> /// <param name="hashAlgorithm">algorithm that hash was hashed with</param> /// <returns>true if the signature verifies for the hash, false if it does not</returns> /// <exception cref="System.ArgumentNullException">if hash, signature, or hashAlgorithm are null</exception> public bool VerifyHash(byte[] hash, byte[] signature, CngAlgorithm hashAlgorithm) { return _key.VerifyHash(hash, signature, hashAlgorithm); }
/// <summary> /// Sign already hashed data, specifying the algorithm it was hashed with. This /// method does not use the SignatureHashAlgorithm property. /// </summary> /// <param name="hash">hash to sign</param> /// <param name="hashAlgorithm">algorithm hash was signed with</param> /// <exception cref="System.ArgumentNullException">if hash or hashAlgorithm are null</exception> /// <exception cref="System.Security.Cryptography.CryptographicException">if data could not be signed</exception> public byte[] SignHash(byte[] hash, CngAlgorithm hashAlgorithm) { return _key.SignHash(hash, hashAlgorithm); }
public static void VerifyMachineKey( CngAlgorithm algorithm, int plainBytesCount, Func<string, SymmetricAlgorithm> persistedFunc, Func<SymmetricAlgorithm> ephemeralFunc) { string keyName = Guid.NewGuid().ToString(); CngKeyCreationParameters creationParameters = new CngKeyCreationParameters { Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider, ExportPolicy = CngExportPolicies.AllowPlaintextExport, KeyCreationOptions = CngKeyCreationOptions.MachineKey, }; CngKey cngKey = CngKey.Create(algorithm, keyName, creationParameters); try { VerifyPersistedKey( keyName, plainBytesCount, persistedFunc, ephemeralFunc, CipherMode.CBC, PaddingMode.PKCS7); } finally { // Delete also Disposes the key, no using should be added here. cngKey.Delete(); } }
//[Fact] - Keeping this test for reference but we don't want to run it as an inner-loop test because // it creates a key on disk. public static void AesRoundTrip256BitsNoneECBUsingStoredKey() { CngAlgorithm algname = new CngAlgorithm("AES"); string keyName = "CoreFxTest-" + Guid.NewGuid(); CngKey _cngKey = CngKey.Create(algname, keyName); try { using (Aes alg = new AesCng(keyName)) { try { alg.Padding = PaddingMode.None; alg.Mode = CipherMode.ECB; int keySize = alg.KeySize; byte[] plainText = "15a818701f0f7c99fe4b1b4b860f131b".HexToByteArray(); byte[] cipher = alg.Encrypt(plainText); byte[] decrypted = alg.Decrypt(cipher); byte[] expectedDecrypted = "15a818701f0f7c99fe4b1b4b860f131b".HexToByteArray(); Assert.Equal<byte>(expectedDecrypted, decrypted); } catch (Exception e) { Console.WriteLine(e.Message); } } } finally { _cngKey.Delete(); } }