public void DecodeVerifyDetachedContent()
{
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray("D28445A201260300A104423131F658406520BBAF2081D7E0ED0F95F76EB0733D667005F7467CEC4B87B9381A6BA1EDE8E00DF29F32A37230F39A842A54821FDD223092819D7728EFB9D3A0080B75380B"));
Assert.Null(msg.Content);
Assert.True(msg.Verify(DefaultKey, s_sampleContent));
}
public void SignWithNullKey()
{
byte[] content = GetDummyContent(ContentTestCase.Small);
Assert.Throws <ArgumentNullException>(() => CoseSign1Message.Sign(content, (ECDsa)null !, HashAlgorithmName.SHA256));
Assert.Throws <ArgumentNullException>(() => CoseSign1Message.Sign(content, (RSA)null !, HashAlgorithmName.SHA256));
Assert.Throws <ArgumentNullException>(() => CoseSign1Message.Sign(content, (AsymmetricAlgorithm)null !, GetHashAlgorithmNameFromCoseAlgorithm((int)ECDsaAlgorithm.ES256)));
}
public void SignWithUnsupportedKey()
{
AsymmetricAlgorithm key = ECDiffieHellman.Create();
// Header still says that a supported combination of key-algorithm will be used.
Assert.Throws <CryptographicException>(() => CoseSign1Message.Sign(GetDummyContent(ContentTestCase.Small), key, DefaultHash, GetHeaderMapWithAlgorithm(), GetEmptyHeaderMap()));
}
public void DecodeSign1_VerifyUntagged()
{
// https://github.com/cose-wg/Examples/blob/master/ecdsa-examples/ecdsa-sig-01.json minus first byte.
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray("8445A201260300A10442313154546869732069732074686520636F6E74656E742E58406520BBAF2081D7E0ED0F95F76EB0733D667005F7467CEC4B87B9381A6BA1EDE8E00DF29F32A37230F39A842A54821FDD223092819D7728EFB9D3A0080B75380B"));
Assert.True(msg.VerifyEmbedded(DefaultKey));
}
public void TestVerify(int algorithm, string hexCborMessage)
{
ReplaceContentInHexCborMessage(ref hexCborMessage);
foreach (bool useNonPrivateKey in new[] { false, true })
{
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(hexCborMessage));
AsymmetricAlgorithm key = GetKeyHashPair <AsymmetricAlgorithm>((CoseAlgorithm)algorithm, useNonPrivateKey).Key;
Assert.True(Verify(msg, key, s_sampleContent), "Varification failed.");
if (UseDetachedContent)
{
Assert.Null(msg.Content);
}
else
{
AssertExtensions.SequenceEqual(s_sampleContent, msg.Content.GetValueOrDefault().Span);
}
Assert.True(msg.ProtectedHeaders.TryGetEncodedValue(CoseHeaderLabel.Algorithm, out ReadOnlyMemory <byte> encodedAlg),
"Algorithm header must be protected");
Assert.Equal(algorithm, new CborReader(encodedAlg).ReadInt32());
}
}
public void Verify(int algorithm, string hexCborMessage)
{
foreach (bool usePublicOnlyKey in new[] { false, true })
{
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(hexCborMessage));
bool verified;
if (Enum.IsDefined(typeof(ECDsaAlgorithm), algorithm))
{
var ecdsaAlgorithm = (ECDsaAlgorithm)algorithm;
ECDsa key = usePublicOnlyKey ? ECDsaKeysWithoutPrivateKey[ecdsaAlgorithm] : ECDsaKeys[ecdsaAlgorithm];
verified = msg.Verify(key);
}
else
{
RSA key = usePublicOnlyKey ? RSAKeyWithoutPrivateKey : RSAKey;
verified = msg.Verify(key);
}
Assert.True(verified, "CoseSign1Message.Verify(key)");
AssertExtensions.SequenceEqual(s_sampleContent, msg.Content.GetValueOrDefault().Span);
Assert.True(msg.ProtectedHeaders.TryGetEncodedValue(CoseHeaderLabel.Algorithm, out ReadOnlyMemory <byte> encodedAlg),
"Algorithm header must be protected");
Assert.Equal(algorithm, new CborReader(encodedAlg).ReadInt32());
}
}
public void VerifyThrowsWithUnknownAlgorithm(string hexCborMessage)
{
ReplaceContentInHexCborMessage(ref hexCborMessage);
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(hexCborMessage));
Assert.Throws <CryptographicException>(() => Verify(msg, DefaultKey, s_sampleContent));
}
public void DecodeSign1_VerifyDetachedContent()
{
// Content is replaced with CBOR null - https://github.com/cose-wg/Examples/blob/master/ecdsa-examples/ecdsa-sig-01.json.
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray("D28445A201260300A104423131F658406520BBAF2081D7E0ED0F95F76EB0733D667005F7467CEC4B87B9381A6BA1EDE8E00DF29F32A37230F39A842A54821FDD223092819D7728EFB9D3A0080B75380B"));
Assert.Null(msg.Content);
Assert.True(msg.VerifyDetached(DefaultKey, s_sampleContent));
}
internal override byte[] Sign(
byte[] content,
AsymmetricAlgorithm key,
HashAlgorithmName hashAlgorithm,
CoseHeaderMap?protectedHeaders = null,
CoseHeaderMap?unprotectedHeaders = null,
bool isDetached = false)
=> CoseSign1Message.Sign(content, key, hashAlgorithm, protectedHeaders, unprotectedHeaders, isDetached);
public void SignWithUnsupportedHashAlgorithm(string hashAlgorithm)
{
byte[] content = GetDummyContent(ContentTestCase.Small);
Assert.Throws <CryptographicException>(() => CoseSign1Message.Sign(GetDummyContent(ContentTestCase.Small), DefaultKey, new HashAlgorithmName(hashAlgorithm)));
Assert.Throws <CryptographicException>(() => CoseSign1Message.Sign(GetDummyContent(ContentTestCase.Small), RSAKey, new HashAlgorithmName(hashAlgorithm)));
Assert.Throws <CryptographicException>(() => CoseSign1Message.Sign(GetDummyContent(ContentTestCase.Small), DefaultKey, DefaultHash, GetHeaderMapWithAlgorithm(-47 /*ES256K*/), GetEmptyHeaderMap()));
}
public void SignWithIsDetached(bool isDetached)
{
byte[] content = GetDummyContent(ContentTestCase.Small);
byte[] messageEncoded = CoseSign1Message.Sign(content, DefaultKey, DefaultHash, isDetached);
VerifyContentDetached(messageEncoded, content, isDetached);
messageEncoded = CoseSign1Message.Sign(content, DefaultKey, DefaultHash, isDetached);
VerifyContentDetached(messageEncoded, content, isDetached);
public void SignWithIsDetached(bool isDetached)
{
ReadOnlySpan <byte> messageEncoded = CoseSign1Message.Sign(s_sampleContent, DefaultKey, DefaultHash, isDetached: isDetached);
AssertSign1Message(messageEncoded, s_sampleContent, DefaultKey, DefaultAlgorithm, expectedDetachedContent: isDetached);
messageEncoded = Sign(s_sampleContent, DefaultKey, DefaultHash, isDetached: isDetached);
AssertSign1Message(messageEncoded, s_sampleContent, DefaultKey, DefaultAlgorithm, expectedDetachedContent: isDetached);
}
public void SignVerifyRSA(RSAAlgorithm algorithm)
{
HashAlgorithmName hashAlgorithm = GetHashAlgorithmNameFromCoseAlgorithm((int)algorithm);
byte[] coseMessageBytes = CoseSign1Message.Sign(s_sampleContent, RSAKey, hashAlgorithm);
CoseSign1Message msg = CoseMessage.DecodeSign1(coseMessageBytes);
Assert.True(msg.Verify(RSAKey));
}
public void VerifyWithUnreadableStream()
{
using Stream stream = GetTestStream(s_sampleContent);
byte[] encodedMsg = CoseSign1Message.Sign(stream, DefaultKey, DefaultHash);
CoseSign1Message msg = CoseMessage.DecodeSign1(encodedMsg);
using Stream unseekableStream = GetTestStream(s_sampleContent, StreamKind.Unreadable);
Assert.Throws <ArgumentException>("detachedContent", () => msg.Verify(DefaultKey, unseekableStream));
}
internal override bool Verify(CoseSign1Message msg, AsymmetricAlgorithm key, byte[] content)
{
if (content == null)
{
return(msg.Verify(key, (Stream)null !));
}
using Stream stream = GetTestStream(content);
return(msg.Verify(key, stream));
}
public async Task VerifyAsyncWithUnseekableStream()
{
using Stream stream = GetTestStream(s_sampleContent);
byte[] encodedMsg = await CoseSign1Message.SignAsync(stream, DefaultKey, DefaultHash);
CoseSign1Message msg = CoseMessage.DecodeSign1(encodedMsg);
using Stream unseekableStream = GetTestStream(s_sampleContent, StreamKind.Unseekable);
await Assert.ThrowsAsync <ArgumentException>("detachedContent", () => msg.VerifyAsync(DefaultKey, unseekableStream));
}
internal override bool Verify(CoseSign1Message msg, AsymmetricAlgorithm key, byte[] content)
{
if (content == null)
{
return(msg.VerifyAsync(key, null !).GetAwaiter().GetResult());
}
using Stream stream = GetTestStream(content);
return(msg.VerifyAsync(key, stream).GetAwaiter().GetResult());
}
internal override byte[] Sign(byte[] content, CoseSigner signer)
{
if (content == null)
{
return(CoseSign1Message.SignDetached((Stream)null !, signer));
}
using Stream stream = GetTestStream(content);
return(CoseSign1Message.SignDetached(stream, signer));
}
internal override byte[] Sign(byte[] content, CoseSigner signer)
{
if (content == null)
{
return(CoseSign1Message.SignDetachedAsync(null !, signer).GetAwaiter().GetResult());
}
using Stream stream = GetTestStream(content);
return(CoseSign1Message.SignDetachedAsync(stream, signer).GetAwaiter().GetResult());
}
public void SignWithValidContent(ContentTestCase @case)
{
byte[] content = GetDummyContent(@case);
AssertSign1Message(CoseSign1Message.Sign(content, DefaultKey, DefaultHash), content, DefaultKey);
AssertSign1Message(CoseSign1Message.Sign(content, RSAKey, DefaultHash), content, RSAKey, GetExpectedProtectedHeaders((int)RSAAlgorithm.PS256));
AssertSign1Message(CoseSign1Message.Sign(content, GetHeaderMapWithAlgorithm(), GetEmptyHeaderMap(), DefaultKey, DefaultHash), content, DefaultKey);
}
public void SignVerifyECDsa(ECDsaAlgorithm algorithm)
{
ECDsa ecdsa = ECDsaKeys[algorithm];
HashAlgorithmName hashAlgorithm = GetHashAlgorithmNameFromCoseAlgorithm((int)algorithm);
byte[] coseMessageBytes = CoseSign1Message.Sign(s_sampleContent, ecdsa, hashAlgorithm);
CoseSign1Message msg = CoseMessage.DecodeSign1(coseMessageBytes);
Assert.True(msg.Verify(ecdsa));
}
public void SignVerify()
{
foreach ((T key, HashAlgorithmName hashAlgorithm, CoseAlgorithm algorithm) in GetKeyHashAlgorithmTriplet())
{
ReadOnlySpan <byte> encodedMsg = Sign(s_sampleContent, key, hashAlgorithm);
AssertSign1Message(encodedMsg, s_sampleContent, key, algorithm);
CoseSign1Message msg = CoseMessage.DecodeSign1(encodedMsg);
Assert.True(Verify(msg, key));
}
}
internal override byte[] Sign(byte[] content, AsymmetricAlgorithm key, HashAlgorithmName hashAlgorithm, CoseHeaderMap?protectedHeaders = null, CoseHeaderMap?unprotectedHeaders = null, bool isDetached = false)
{
Assert.False(isDetached);
if (content == null)
{
return(CoseSign1Message.Sign(null !, key, hashAlgorithm, protectedHeaders, unprotectedHeaders));
}
using Stream stream = GetTestStream(content);
return(CoseSign1Message.Sign(stream, key, hashAlgorithm, protectedHeaders, unprotectedHeaders));
}
internal override bool Verify(CoseMessage msg, AsymmetricAlgorithm key, byte[] content, byte[]?associatedData = null)
{
CoseSign1Message sign1Msg = Assert.IsType <CoseSign1Message>(msg);
if (content == null)
{
return(sign1Msg.VerifyDetached(key, (Stream)null !, associatedData));
}
using Stream stream = GetTestStream(content);
return(sign1Msg.VerifyDetached(key, stream, associatedData));
}
public void VerifyThrowsIfMessageWasDetachedAndContentWasNotSupplied()
{
if (UseDetachedContent)
{
return;
}
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray("D28445A201260300A104423131F658406520BBAF2081D7E0ED0F95F76EB0733D667005F7467CEC4B87B9381A6BA1EDE8E00DF29F32A37230F39A842A54821FDD223092819D7728EFB9D3A0080B75380B"));
Assert.Null(msg.Content);
Assert.Throws <InvalidOperationException>(() => Verify(msg, DefaultKey, s_sampleContent));
}
public void VerifyThrowsIfMessageWasEmbeddedAndContentWasSupplied()
{
if (!UseDetachedContent)
{
return;
}
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray("D28443A10126A10442313154546869732069732074686520636F6E74656E742E58408EB33E4CA31D1C465AB05AAC34CC6B23D58FEF5C083106C4D25A91AEF0B0117E2AF9A291AA32E14AB834DC56ED2A223444547E01F11D3B0916E5A4C345CACB36"));
Assert.NotNull(msg.Content);
Assert.Throws <InvalidOperationException>(() => Verify(msg, DefaultKey, s_sampleContent));
}
internal override byte[] Sign(
byte[] content,
CoseSigner signer,
CoseHeaderMap?protectedHeaders = null,
CoseHeaderMap?unprotectedHeaders = null,
byte[]?associatedData = null,
bool isDetached = false)
{
return(isDetached ?
CoseSign1Message.SignDetached(content, signer, associatedData) :
CoseSign1Message.SignEmbedded(content, signer, associatedData));
}
public void VerifyReturnsFalseWithWrongSignature(string hexCborMessage, bool corruptContent)
{
if (corruptContent && UseDetachedContent)
{
return;
}
ReplaceContentInHexCborMessage(ref hexCborMessage);
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(hexCborMessage));
Assert.False(Verify(msg, DefaultKey, s_sampleContent));
}
internal override bool Verify(CoseSign1Message msg, AsymmetricAlgorithm key, byte[] content)
{
Assert.True(!OnlySupportsDetachedContent || msg.Content == null);
if (msg.Content != null)
{
return(key is ECDsa ecdsa?msg.Verify(ecdsa) : msg.Verify((RSA)key));
}
else
{
return(key is ECDsa ecdsa?msg.Verify(ecdsa, content) : msg.Verify((RSA)key, content));
}
}
public void VerifyReturnsFalseWithDataNotMatchingSignature()
{
string encodedMsg = "D28445A201260300A10442313154546869732069732074686520636F6E74656E742E58406520BBAF2081D7E0ED0F95F76EB0733D667005F7467CEC4B87B9381A6BA1EDE8E00DF29F32A37230F39A842A54821FDD223092819D7728EFB9D3A0080B75380B";
CoseSign1Message msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(encodedMsg));
Assert.True(msg.Verify(DefaultKey), "msg.Verify(ES256)");
encodedMsg = ReplaceFirst(encodedMsg, "45A201260300", "45A201260301");
msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(encodedMsg));
Assert.False(msg.Verify(DefaultKey), "msg.Verify(ES256) - Corrupt protected header");
encodedMsg = ReplaceFirst(encodedMsg, "546869732069732074686520636F6E74656E742E", "546869732069732074686520636F6E74656E743E");
msg = CoseMessage.DecodeSign1(ByteUtils.HexToByteArray(encodedMsg));
Assert.False(msg.Verify(DefaultKey), "msg.Verify(ES256) - Corrupt content");