Пример #1
0
 public void VerifyDataByteArraySpan_NegativeCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentOutOfRangeException>("count",
                                                 () => ecdsa.VerifyData(new byte[0], 0, -1, null, default(HashAlgorithmName)));
 }
Пример #2
0
 public void VerifyDataByteArraySpan_NullSignature_ThrowsArgumentNullException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentNullException>("signature",
                                           () => ecdsa.VerifyData(new byte[0], 0, 0, null, default(HashAlgorithmName)));
 }
Пример #3
0
 public void SignDataStream_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentNullException>("data",
                                           () => ecdsa.SignData((Stream)null, default(HashAlgorithmName)));
 }
Пример #4
0
 public void VerifyDataByteArray_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentException>("hashAlgorithm",
                                       () => ecdsa.VerifyData(new byte[0], new byte[0], default(HashAlgorithmName)));
 }
Пример #5
0
 public void SignDataByteArraySpan_NegativeOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentOutOfRangeException>("offset",
                                                 () => ecdsa.SignData(new byte[0], -1, -1, default(HashAlgorithmName)));
 }
Пример #6
0
 public void SignDataByteArraySpan_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentException>("hashAlgorithm",
                                       () => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName)));
 }
Пример #7
0
 protected override byte[] SignData(ECDsa ecdsa, byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) =>
 ecdsa.SignData(data, offset, count, hashAlgorithm);
Пример #8
0
 protected abstract bool VerifyData(ECDsa ecdsa, byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm);
Пример #9
0
 public void UseAfterDispose_NewKey(ECDsa ecdsa)
 {
     UseAfterDispose(ecdsa);
 }
Пример #10
0
 protected override bool VerifyData(ECDsa ecdsa, byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm) =>
 ecdsa.VerifyData(data, offset, count, signature, hashAlgorithm);
Пример #11
0
 public void UseAfterDispose_Import(ECDsa ecdsa)
 {
     ecdsa.ImportParameters(EccTestData.GetNistP256ReferenceKey());
     UseAfterDispose(ecdsa);
 }
Пример #12
0
 protected abstract byte[] SignData(ECDsa ecdsa, byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm);
Пример #13
0
 protected byte[] SignData(ECDsa ecdsa, byte[] data, HashAlgorithmName hashAlgorithm) =>
 SignData(ecdsa, data, 0, data.Length, hashAlgorithm);
Пример #14
0
        private static void Verify_ECDsaPrivateKey_WindowsPfx(ECDsa ecdsa)
        {
            Assert.NotNull(ecdsa);

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                AssertEccAlgorithm(ecdsa, "ECDSA_P256");
            }
        }
Пример #15
0
        public void SignVerify_InteroperableSameKeys_RoundTripsUnlessTampered(ECDsa ecdsa, HashAlgorithmName hashAlgorithm)
        {
            byte[] data = Encoding.UTF8.GetBytes("something to repeat and sign");

            // large enough to make hashing work though multiple iterations and not a multiple of 4KB it uses.
            byte[] dataArray = new byte[33333];

            byte[] dataArray2 = new byte[dataArray.Length + 2];
            dataArray.CopyTo(dataArray2, 1);

            HashAlgorithm halg;

            if (hashAlgorithm == HashAlgorithmName.MD5)
            {
                halg = MD5.Create();
            }
            else if (hashAlgorithm == HashAlgorithmName.SHA1)
            {
                halg = SHA1.Create();
            }
            else if (hashAlgorithm == HashAlgorithmName.SHA256)
            {
                halg = SHA256.Create();
            }
            else if (hashAlgorithm == HashAlgorithmName.SHA384)
            {
                halg = SHA384.Create();
            }
            else if (hashAlgorithm == HashAlgorithmName.SHA512)
            {
                halg = SHA512.Create();
            }
            else
            {
                throw new Exception("Hash algorithm not supported.");
            }

            List <byte[]> signatures = new List <byte[]>(6);

            // Compute a signature using each of the SignData overloads.  Then, verify it using each
            // of the VerifyData overloads, and VerifyHash overloads.
            //
            // Then, verify that VerifyHash fails if the data is tampered with.

            signatures.Add(SignData(ecdsa, dataArray, hashAlgorithm));

            signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataArray)));

            foreach (byte[] signature in signatures)
            {
                Assert.True(VerifyData(ecdsa, dataArray, signature, hashAlgorithm), "Verify 1");
                Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify 4");
            }

            int distinctSignatures = signatures.Distinct(new ByteArrayComparer()).Count();

            Assert.True(distinctSignatures == signatures.Count, "Signing should be randomized");

            foreach (byte[] signature in signatures)
            {
                signature[signature.Length - 1] ^= 0xFF; // flip some bits
                Assert.False(VerifyData(ecdsa, dataArray, signature, hashAlgorithm), "Verify Tampered 1");
                Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify Tampered 4");
            }
        }
Пример #16
0
        private static void VerifyExplicitCurve(ECParameters parameters, ECDsa ec, CurveDef curveDef)
        {
            Assert.True(parameters.Curve.IsExplicit);
            ECCurve curve = parameters.Curve;


            Assert.True(curveDef.IsCurveTypeEqual(curve.CurveType));
            Assert.True(
                curveDef.IncludePrivate && parameters.D.Length > 0 ||
                !curveDef.IncludePrivate && parameters.D == null);
            Assert.Equal(curveDef.KeySize, ec.KeySize);

            Assert.Equal(curve.A.Length, parameters.Q.X.Length);
            Assert.Equal(curve.A.Length, parameters.Q.Y.Length);
            Assert.Equal(curve.A.Length, curve.B.Length);
            Assert.Equal(curve.A.Length, curve.G.X.Length);
            Assert.Equal(curve.A.Length, curve.G.Y.Length);
            Assert.True(curve.Seed == null || curve.Seed.Length > 0);
            Assert.True(curve.Order == null || curve.Order.Length > 0);
            if (curve.IsPrime)
            {
                Assert.Equal(curve.A.Length,curve.Prime.Length);
            }

            if (curveDef.IncludePrivate)
                ec.Exercise();

            // Ensure the key doesn't get regenerated after export
            ECParameters paramSecondExport = ec.ExportExplicitParameters(curveDef.IncludePrivate);
            AssertEqual(parameters, paramSecondExport);
        }
Пример #17
0
 public void SignHash_InvalidArguments_Throws(ECDsa ecdsa)
 {
     AssertExtensions.Throws <ArgumentNullException>("hash", () => ecdsa.SignHash(null));
 }
Пример #18
0
        public void Create_InvalidECCurveFriendlyName_ThrowsPlatformNotSupportedException()
        {
            ECCurve curve = ECCurve.CreateFromFriendlyName("bad potato");
            PlatformNotSupportedException pnse = Assert.Throws <PlatformNotSupportedException>(() => ECDsa.Create(curve));

            Assert.Contains("'bad potato'", pnse.Message);
        }
Пример #19
0
 public void VerifyHash_InvalidArguments_Throws(ECDsa ecdsa)
 {
     AssertExtensions.Throws <ArgumentNullException>("hash", () => ecdsa.VerifyHash(null, null));
     AssertExtensions.Throws <ArgumentNullException>("signature", () => ecdsa.VerifyHash(new byte[0], null));
 }
Пример #20
0
 public void SignDataByteArraySpan_OffsetGreaterThanCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentOutOfRangeException>("offset",
                                                 () => ecdsa.SignData(new byte[0], 2, 1, default(HashAlgorithmName)));
 }
Пример #21
0
 /// <summary>
 ///     Sets the <see cref="ListenerProvider" /> on the <see cref="MinimalServer" /> to one that provides
 ///     <see cref="SslListener" />s with <see cref="TcpConnectionListener" />s, using the given
 ///     <see cref="X509Certificate2" /> and <see cref="ECDsa" /> private key.
 /// </summary>
 /// <param name="server">the server</param>
 /// <param name="certificate">the certificate</param>
 /// <param name="key">the private key</param>
 public static void AddSsl(this MinimalServer server, X509Certificate2 certificate, ECDsa key)
 {
     AddSsl(server, certificate.CopyWithPrivateKey(key));
 }
Пример #22
0
 public void SignDataByteArraySpan_EmptyHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentException>("hashAlgorithm",
                                       () => ecdsa.SignData(new byte[10], 0, 10, new HashAlgorithmName("")));
 }
Пример #23
0
 public void NoncompliantCreate()
 {
     var ec1 = ECDiffieHellman.Create(ECCurve.NamedCurves.brainpoolP192t1); // Noncompliant {{Use a key length of at least 224 bits for EC cipher algorithm.}}
     var ec2 = ECDsa.Create(ECCurve.NamedCurves.brainpoolP160r1);           // Noncompliant {{Use a key length of at least 224 bits for EC cipher algorithm.}}
 }
Пример #24
0
 public void SignDataStream_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentException>("hashAlgorithm",
                                       () => ecdsa.SignData(new MemoryStream(), default(HashAlgorithmName)));
 }
Пример #25
0
        public Apple()
        {
            validX5cStrings = new[] {
                "MIICRDCCAcmgAwIBAgIGAXUCfWGDMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA3MDk0NjEyWhcNMjAxMDA4MDk1NjEyWjCBkTFJMEcGA1UEAwxANjEyNzZmYzAyZDNmZThkMTZiMzNiNTU0OWQ4MTkyMzZjODE3NDZhODNmMmU5NGE2ZTRiZWUxYzcwZjgxYjViYzEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5/lkIu1EpyAk4t1TATSs0DvpmFbmHaYv1naTlPqPm/vsD2qEnDVgE6KthwVqsokNcfb82nXHKFcUjsABKG3W3o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIJxgAhVAs+GYNN/jfsYkRcieGylPeSzka5QTwyMO84aBMAoGCCqGSM49BAMCA2kAMGYCMQDaHBjrI75xAF7SXzyF5zSQB/Lg9PjTdyye+w7stiqy84K6lmo8d3fIptYjLQx81bsCMQCvC8MSN+aewiaU0bMsdxRbdDerCJJj3xJb3KZwloevJ3daCmCcrZrAPYfLp2kDOsg=",
                "MIICNDCCAbqgAwIBAgIQViVTlcen+0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1/VSQRN+b/hkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww+HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O+nAsmkaNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbY/HG1zAdBgNVHQ4EFgQU666CxP+hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ+/lVEV+9kiVDGMuXEg+cMECMCyKYETcIB/P5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wx/eLB6VxxugOBw=="
            };
            _attestationObject = CBORObject.NewMap().Add("fmt", "apple");
            var param = Fido2Tests._validCOSEParameters[0];
            X509Certificate2 root, attestnCert;
            DateTimeOffset   notBefore = DateTimeOffset.UtcNow;
            DateTimeOffset   notAfter  = notBefore.AddDays(2);
            var attDN = new X500DistinguishedName("CN=attest.apple.com, OU=Apple Authenticator Attestation, O=FIDO2-NET-LIB, C=US");

            using (var ecdsaRoot = ECDsa.Create())
            {
                var rootRequest = new CertificateRequest(rootDN, ecdsaRoot, HashAlgorithmName.SHA256);
                rootRequest.CertificateExtensions.Add(caExt);

                var     curve   = (COSE.EllipticCurve)param[2];
                ECCurve eCCurve = ECCurve.NamedCurves.nistP256;
                using (root = rootRequest.CreateSelfSigned(
                           notBefore,
                           notAfter))

                    using (var ecdsaAtt = ECDsa.Create(eCCurve))
                    {
                        var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);

                        byte[] serial = new byte[12];

                        using (var rng = RandomNumberGenerator.Create())
                        {
                            rng.GetBytes(serial);
                        }
                        using (X509Certificate2 publicOnly = attRequest.Create(
                                   root,
                                   notBefore,
                                   notAfter,
                                   serial))
                        {
                            attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
                        }

                        var ecparams = ecdsaAtt.ExportParameters(true);

                        var cpk = CBORObject.NewMap();
                        cpk.Add(COSE.KeyCommonParameter.KeyType, (COSE.KeyType)param[0]);
                        cpk.Add(COSE.KeyCommonParameter.Alg, (COSE.Algorithm)param[1]);
                        cpk.Add(COSE.KeyTypeParameter.X, ecparams.Q.X);
                        cpk.Add(COSE.KeyTypeParameter.Y, ecparams.Q.Y);
                        cpk.Add(COSE.KeyTypeParameter.Crv, (COSE.EllipticCurve)param[2]);

                        var x = cpk[CBORObject.FromObject(COSE.KeyTypeParameter.X)].GetByteString();
                        var y = cpk[CBORObject.FromObject(COSE.KeyTypeParameter.Y)].GetByteString();

                        _credentialPublicKey = new CredentialPublicKey(cpk);
                        var X5c = CBORObject.NewArray()
                                  .Add(CBORObject.FromObject(attestnCert.RawData))
                                  .Add(CBORObject.FromObject(root.RawData));

                        _attestationObject.Add("attStmt", CBORObject.NewMap().Add("x5c", X5c));
                    }
            }
        }
Пример #26
0
 public void VerifyDataByteArraySpan_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentNullException>("data",
                                           () => ecdsa.VerifyData((byte[])null, -1, -1, null, default(HashAlgorithmName)));
 }
Пример #27
0
 /// <summary>
 /// Creates an instance of <see cref="ES512Algorithm" /> using the provided pair of public and private keys.
 /// </summary>
 /// <param name="publicKey">The public key for verifying the data.</param>
 /// <param name="privateKey">The private key for signing the data.</param>
 public ES512Algorithm(ECDsa publicKey, ECDsa privateKey)
     : base(publicKey, privateKey)
 {
 }
Пример #28
0
 public void VerifyDataByteArraySpan_CountGreaterThanLengthMinusOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
 {
     Assert.Throws <ArgumentOutOfRangeException>("count",
                                                 () => ecdsa.VerifyData(new byte[0], 0, 1, null, default(HashAlgorithmName)));
 }
Пример #29
0
 /// <summary>
 /// Creates an instance of <see cref="ES512Algorithm" /> using the provided public key only.
 /// </summary>
 /// <remarks>
 /// An instance created using this constructor can only be used for verifying the data, not for signing it.
 /// </remarks>
 /// <param name="publicKey">The public key for verifying the data.</param>
 public ES512Algorithm(ECDsa publicKey)
     : base(publicKey)
 {
 }
Пример #30
0
 internal static void Verify256(ECDsa e, bool expected)
 {
     byte[] sig = ("998791331eb2e1f4259297f5d9cb82fa20dec98e1cb0900e6b8f014a406c3d02cbdbf5238bde471c3155fc25565524301429"
                 + "d8713dad9a67eb0a5c355e9e23dc").HexToByteArray();
     bool verified = e.VerifyHash(ECDsaTestData.s_hashSha512, sig);
     Assert.Equal(expected, verified);
 }
Пример #31
0
 public void Create_InvalidArgument_Throws()
 {
     AssertExtensions.Throws <ArgumentNullException>("algorithm", () => ECDsa.Create(null));
     Assert.Null(ECDsa.Create(Guid.NewGuid().ToString("N")));
 }
Пример #32
0
        private static void VerifyNamedCurve(ECParameters parameters, ECDsa ec, int keySize, bool includePrivate)
        {
            parameters.Validate();
            Assert.True(parameters.Curve.IsNamed);
            Assert.Equal(keySize, ec.KeySize);
            Assert.True(
                includePrivate && parameters.D.Length > 0 ||
                !includePrivate && parameters.D == null);

            if (includePrivate)
                ec.Exercise();

            // Ensure the key doesn't get regenerated after export
            ECParameters paramSecondExport = ec.ExportParameters(includePrivate);
            paramSecondExport.Validate();
            AssertEqual(parameters, paramSecondExport);
        }
Пример #33
0
 public OverrideAbstractECDsa(ECDsa ecdsa) => _ecdsa = ecdsa;
Пример #34
0
        // Keep the ECDsaCng-ness contained within this helper method so that it doesn't trigger a
        // FileNotFoundException on Unix.
        private static void AssertEccAlgorithm(ECDsa ecdsa, string algorithmId)
        {
            ECDsaCng cng = ecdsa as ECDsaCng;

            if (cng != null)
            {
                Assert.Equal(algorithmId, cng.Key.Algorithm.Algorithm);
            }
        }
Пример #35
0
 protected bool VerifyData(ECDsa ecdsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm) =>
 VerifyData(ecdsa, data, 0, data.Length, signature, hashAlgorithm);