public static void MultiExport()
{
DSAParameters imported = DSATestData.GetDSA1024Params();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(imported);
DSAParameters exportedPrivate = dsa.ExportParameters(true);
DSAParameters exportedPrivate2 = dsa.ExportParameters(true);
DSAParameters exportedPublic = dsa.ExportParameters(false);
DSAParameters exportedPublic2 = dsa.ExportParameters(false);
DSAParameters exportedPrivate3 = dsa.ExportParameters(true);
DSAParameters exportedPublic3 = dsa.ExportParameters(false);
AssertKeyEquals(imported, exportedPrivate);
ValidateParameters(ref exportedPublic);
AssertKeyEquals(exportedPrivate, exportedPrivate2);
AssertKeyEquals(exportedPrivate, exportedPrivate3);
AssertKeyEquals(exportedPublic, exportedPublic2);
AssertKeyEquals(exportedPublic, exportedPublic3);
}
}
public static void ReadWriteDsa2048EncryptedPkcs8()
{
ReadBase64EncryptedPkcs8(
@"
MIICkTAbBgkqhkiG9w0BBQMwDgQIiFvwvRtsR00CAggABIICcLdrPIpSA2oPwA7S
/SBV43oICErpXe3XIjXwWTCRD+xgzQ1IUxJRHau8kIqz+mYwmN4tG9QZp/kc1HYx
1b72PtNc/NaduA6eT3DNZO7SslpnXkXKdXhMRsyzwawI4QfPlTZsL7bUgn4/O/GQ
yN1gHns7AHk6HOO3fLujSSqrosLQOvHkgvsxLJhcBhGTKUZqwA6SFwvWsYKh7ML2
Rwx336Nlzf7wpd49l8meJyZReqJ8Fg4kIhhcJTDAhaxWEdIw1dolshz1FSyZIb75
dhNVrpHtp+fQbWZpMRLGB+6qmWHjfzrSdSRda898P9oLgXpKffXDuFFcW+opW3uV
QZ2kM2Xx6NzcvdP4Bp3NKQmaW6inaES/IJvOasJd1KLTKb5Q16kq/0hrRw2fhBoc
YxXkO34answHx3Oapx3tJ40fwxi0RjPdEY+qNpMlHLiZrV6/dK6jfo3i9MT7xbQE
XLVGx9Yqp2eHNLPKnHuEaeDmOkYhsjVgrVGhDydqrN+9R6K6LOgU2Gxo7M/vhQiL
TwE5xKbUF6u82nyjma7DR7P6YDDY/RNfGRBusiMn7xlJs7ssG3ZTa0BBwlh6C4Iw
ak2nknIOVBrzyh+FJhcKRyExSDUt39uz0h+HH2MHNBs3gJv/xmURDRmlhwcqF7ZA
EDVKgNkAxxCnPVjTUalttxCxTv7FC/vxfN7ulB2uKzicegsf6t/nS6i2dpJjUYDF
8SU3qholnkPCi+bN+pNLtHiTo6o/7dhUf+/Y0DclLakVTduuOBc0v5arTtOB1Qlc
/NbPGH1ELzGP6HO8JzNYWabsAuY4AYoXuaTa7F0ygo6t9FP90w==",
"Chicken Cannon",
new PbeParameters(
PbeEncryptionAlgorithm.TripleDes3KeyPkcs12,
HashAlgorithmName.SHA1,
0x0202),
DSATestData.GetDSA2048Params());
}
public static void TestRead1024Parameters_Public()
{
DSAParameters expectedParameters = DSATestData.GetDSA1024Params();
expectedParameters.X = null;
TestReadXml(
// Bonus trait of this XML: very odd whitespace
@"
<DSAKeyValue>
<P>
wW0mx01sFid5nAkYVI5VP+WMeIHaSEYpyvZDEfSyfP72vbDyEgaw/8SZmi/tU7Q7
nuKRDGjaLENqgBj0k49kcjafVkfQBbzJbiJZDMFePNTqDRMvXaWvaqoIB7DMTvNA
SvVC9FRrN73WpH5kETCDfbm
Tl8hFY1
1 9 w 2 0 F N + S o S z E =
</P>
<Q>2DwOy3NVHi/jDVH89CNsZRiDrdc=</Q>
<G>
a8NmtmNVVF4Jjx/pDlRptWfgn6edgX8rNntF3s1DAaWcgdaRH3aR03DhWsaSwEvB
GHLBcaf+ZU6WPX3aV1qemM4Cb7fTk0olhggTSo7F7WmirtyJQBtnrd5Cfxftrrct
evRdmrHVnhsT1O + 9F8dkMwJn3eNSwg4FuA2zwQn + i5w =
</G>
<Y>
aQuzepFF4F1ue0fEV4mKrt1yUBydFuebGtdahyzwF6qQu/uQ8bO39cA8h+RuhyVm
VSb9NBV7JvWWofCZf1nz5l78YVpVLV51acX
/
xFk9WgKZEQ5xyX4SIaWgP+mmk1rt
2I7ws7L3nTqZ7XX3uHHm6vJoDZbVdKX0
wTus47S0TeE=
</Y>
</DSAKeyValue>",
expectedParameters);
}
public static void NoPrivKeyFromPublicOnly()
{
using (DSA key = DSAFactory.Create())
{
DSAParameters dsaParameters = DSATestData.GetDSA1024Params();
dsaParameters.X = null;
key.ImportParameters(dsaParameters);
Assert.ThrowsAny <CryptographicException>(
() => key.ExportPkcs8PrivateKey());
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportPkcs8PrivateKey(Span <byte> .Empty, out _));
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72),
Span <byte> .Empty,
out _));
}
}
public static void NoFuzzyPkcs8()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
int bytesRead = -1;
byte[] spki = key.ExportSubjectPublicKeyInfo();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportPkcs8PrivateKey(spki, out bytesRead));
Assert.Equal(-1, bytesRead);
ReadOnlySpan <byte> passwordBytes = spki.AsSpan(0, 15);
byte[] encryptedPkcs8 = key.ExportEncryptedPkcs8PrivateKey(
passwordBytes,
new PbeParameters(
PbeEncryptionAlgorithm.Aes256Cbc,
HashAlgorithmName.SHA512,
123));
Assert.ThrowsAny <CryptographicException>(
() => key.ImportPkcs8PrivateKey(encryptedPkcs8, out bytesRead));
Assert.Equal(-1, bytesRead);
}
}
public static void Import_2048()
{
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.Equal(2048, dsa.KeySize);
}
}
public static void Sign2048WithSha1()
{
byte[] data = { 1, 2, 3, 4 };
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
byte[] signature = dsa.SignData(data, HashAlgorithmName.SHA1);
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
}
}
public static void PublicKey_CannotSign()
{
DSAParameters keyParameters = DSATestData.GetDSA1024Params();
keyParameters.X = null;
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(keyParameters);
Assert.ThrowsAny <CryptographicException>(
() => dsa.SignData(DSATestData.HelloBytes, HashAlgorithmName.SHA1));
}
}
public static void ReadWriteDsa1024SubjectPublicKeyInfo()
{
ReadWriteBase64SubjectPublicKeyInfo(
@"
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAMFtJsdNbBYneZwJGFSOVT/ljHiB2khG
Kcr2QxH0snz+9r2w8hIGsP/EmZov7VO0O57ikQxo2ixDaoAY9JOPZHI2n1ZH0AW8
yW4iWQzBXjzU6g0TL12lr2qqCAewzE7zQEr1QvRUaze91qR+ZBEwg325k5fIRWNd
fcNtBTfkqEsxAhUA2DwOy3NVHi/jDVH89CNsZRiDrdcCgYBrw2a2Y1VUXgmPH+kO
VGm1Z+Cfp52Bfys2e0XezUMBpZyB1pEfdpHTcOFaxpLAS8EYcsFxp/5lTpY9fdpX
Wp6YzgJvt9OTSiWGCBNKjsXtaaKu3IlAG2et3kJ/F+2uty169F2asdWeGxPU770X
x2QzAmfd41LCDgW4DbPBCf6LnAOBhAACgYBpC7N6kUXgXW57R8RXiYqu3XJQHJ0W
55sa11qHLPAXqpC7+5Dxs7f1wDyH5G6HJWZVJv00FXsm9Zah8Jl/WfPmXvxhWlUt
XnVpxf/EWT1aApkRDnHJfhIhpaA/6aaTWu3YjvCzsvedOpntdfe4cebq8mgNltV0
pfTBO6zjtLRN4Q==",
DSATestData.GetDSA1024Params());
}
public static void VerifySignature_SHA1()
{
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA1024Params());
var formatter = new DSASignatureFormatter(dsa);
var deformatter = new DSASignatureDeformatter(dsa);
using (SHA1 alg = SHA1.Create())
{
VerifySignature(formatter, deformatter, alg, "SHA1");
VerifySignature(formatter, deformatter, alg, "sha1");
}
}
}
public static void ImportRoundTrip(bool includePrivate)
{
DSAParameters imported = DSATestData.GetDSA1024Params();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(imported);
DSAParameters exported = dsa.ExportParameters(includePrivate);
using (DSA dsa2 = DSAFactory.Create())
{
dsa2.ImportParameters(exported);
DSAParameters exported2 = dsa2.ExportParameters(includePrivate);
AssertKeyEquals(in exported, in exported2);
}
}
}
private static void UseAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] pkcs8Private;
byte[] pkcs8EncryptedPrivate;
byte[] subjectPublicKeyInfo;
string pwStr = "Hello";
// Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8.
byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr);
PbeParameters pbeParameters = new PbeParameters(
PbeEncryptionAlgorithm.Aes192Cbc,
HashAlgorithmName.SHA256,
3072);
// Ensure the key was loaded, then dispose it.
// Also ensures all of the inputs are valid for the disposed tests.
using (key)
{
pkcs8Private = key.ExportPkcs8PrivateKey();
pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters);
subjectPublicKeyInfo = key.ExportSubjectPublicKeyInfo();
}
Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey());
Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters));
Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo());
Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _));
// Check encrypted import with the wrong password.
// It shouldn't do enough work to realize it was wrong.
pwBytes = Array.Empty <byte>();
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _));
Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _));
}
public static void VerifyKnownSignature()
{
using (DSA dsa = DSAFactory.Create())
{
byte[] data;
byte[] signature;
DSAParameters dsaParameters;
DSATestData.GetDSA1024_186_2(out dsaParameters, out signature, out data);
dsa.ImportParameters(dsaParameters);
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
// Negative case
signature[signature.Length - 1] ^= 0xff;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1));
}
}
public static void ReadWriteDsa1024EncryptedPkcs8_Pbes2HighIterations()
{
// pkcs5PBES2 hmacWithSHA256 aes128-CBC with 600,001 iterations
ReadBase64EncryptedPkcs8(@"
MIIBtjBgBgkqhkiG9w0BBQ0wUzAyBgkqhkiG9w0BBQwwJQQQ+ZTlQ9PG0lKomeY4b7lpZgIDCSfB
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDoHELpGkGH/pPcq1/id3l4BIIBUHF74QMFkUdy
XZiUndRy+u2d5KNct89WYj8b3Fb7/VTZQwWRfoIZbC2Of769SMvd2R1ViWNG/ZPX7gxZ2keHFiNL
v/Dj6sNdfFGDF8RyPGOzFQSYu/PYteCHMCh4cYtLQqaGARbKQ1R46dfSyBgQ8IFh9Mnz7T57wSSt
Af3nJkTjfvS28hjtErrufv0XrLCy95+K/fX80GicWuAsC/sLDbbMiiKWzOlLhug4uX5/gSRM3Oqy
LGssZuyeza1fTIgU8NjijYQ/kJJUwEWjjn1PA7BWtDWYaqG5wLyz6z50S6pbpLRelvxV5s9dX1Yq
aylTdOmNGHG+7yEVFQ+sgvJJVIG9mz+YP9tBbzm65UvbzPrXSvNldgm2XUF0Z8LZMRqrurKLYjLE
+TA4wBPaTRUeF0/9Sgk7MXcKHEjhG+OlTP9MExv6Wq3mIREamzu+EtVcPg==",
"test",
new PbeParameters(
PbeEncryptionAlgorithm.Aes128Cbc,
HashAlgorithmName.SHA256,
600_001),
DSATestData.GetDSA1024Params());
}
public static void DecryptPkcs12WithBytes()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
string charBased = "hello";
byte[] byteBased = Encoding.UTF8.GetBytes(charBased);
byte[] encrypted = key.ExportEncryptedPkcs8PrivateKey(
charBased,
new PbeParameters(
PbeEncryptionAlgorithm.TripleDes3KeyPkcs12,
HashAlgorithmName.SHA1,
123));
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(byteBased, encrypted, out _));
}
}
public static void ReadWriteDsa1024EncryptedPkcs8()
{
// pbeWithSHA1AndDES-CBC (PBES1)
ReadBase64EncryptedPkcs8(
@"
MIIBcTAbBgkqhkiG9w0BBQowDgQIEibTj5fv8jUCAggABIIBUPDssHf/llBiWN/M
e3cyuqVHA89Zda1Myh/YcKmGWpQgflr2CKOrmsw7nin+9bWlZDYP795EEKSAkCZg
ABHwJlTI9BKMUiXQUW8AwM5zqBJb/P/JOG2bFNXsZHUYUNh9g7I5mBwdCAih4D+R
QT4YuclwLvQmTewyjLtDGiDF/mC+4kpyBePeO9kfkRUDHiwSNk/efN4ug1xQgwhu
2RXvjJaAYu3JVTp9Gp86suix1gRWMOg+pHCamtCjC4B+91q3LLMdseAoSHmy25/x
qE3Db1UI4anCCnyEj/jDA8R6hZTFDjxu6bG0Z66g7I2GBDEYaaB+8x0vtiyu5LXo
6UZ53SX6S+jfIqJoF5YME9zVMoO2kwS/EGvc64+epCGcee1Nx4SGgUcr5HJYz1P4
CU+l4wPQR0rRmYHIJJIvFh5OXk84pV0crsOrekw7tHeNU6DMzw==",
"Password > cipher",
new PbeParameters(
PbeEncryptionAlgorithm.Aes192Cbc,
HashAlgorithmName.SHA256,
12345),
DSATestData.GetDSA1024Params());
}
public static void VerifyKnownSignature()
{
using (DSA dsa = DSAFactory.Create())
{
byte[] data;
byte[] signature;
DSAParameters dsaParameters;
DSATestData.GetDSA1024_186_2(out dsaParameters, out signature, out data);
byte[] hash = SHA1.HashData(data);
dsa.ImportParameters(dsaParameters);
var deformatter = new DSASignatureDeformatter(dsa);
deformatter.VerifySignature(hash, signature);
// Negative case
signature[signature.Length - 1] ^= 0xff;
Assert.False(deformatter.VerifySignature(hash, signature));
}
}
public static void Verify2048WithSha1()
{
byte[] data = { 1, 2, 3, 4 };
byte[] signature = (
"28DC05B452C8FC0E0BFE9DA067D11147D31B1F3C63E5CF95046A812417C64844868D04D3A1D23" +
"13E5DD07DE757B3A836E70A1C85DDC90CB62DE2E44746C760F2").HexToByteArray();
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Untampered data verifies");
data[0] ^= 0xFF;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Tampered data verifies");
data[0] ^= 0xFF;
signature[signature.Length - 1] ^= 0xFF;
Assert.False(dsa.VerifyData(data, signature, HashAlgorithmName.SHA1), "Tampered signature verifies");
}
}
public static void ExportAfterDispose(bool importKey)
{
DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024);
byte[] hash = new byte[20];
// Ensure that the key got created, and then Dispose it.
using (key)
{
try
{
key.CreateSignature(hash);
}
catch (PlatformNotSupportedException) when(!SupportsKeyGeneration)
{
}
}
Assert.Throws <ObjectDisposedException>(() => key.ExportParameters(false));
Assert.Throws <ObjectDisposedException>(() => key.ExportParameters(true));
Assert.Throws <ObjectDisposedException>(() => key.ImportParameters(DSATestData.GetDSA1024Params()));
}
public static void VerifyKnown_2048_SHA256()
{
byte[] signature =
{
0x92, 0x06, 0x0B, 0x57, 0xF1, 0x35, 0x20, 0x28,
0xC6, 0x54, 0x4A, 0x0F, 0x08, 0x48, 0x5F, 0x5D,
0x55, 0xA8, 0x42, 0xFB, 0x05, 0xA7, 0x3E, 0x32,
0xCA, 0xC6, 0x91, 0x77, 0x70, 0x0A, 0x68, 0x44,
0x60, 0x63, 0xF7, 0xE7, 0x96, 0x54, 0x8F, 0x4A,
0x6D, 0x47, 0x10, 0xEE, 0x9A, 0x9F, 0xC2, 0xC8,
0xDD, 0x74, 0xAE, 0x1A, 0x68, 0xF3, 0xA9, 0xB8,
0x62, 0x14, 0x50, 0xA3, 0x01, 0x1D, 0x2A, 0x22,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
}
}
public static void VerifyKnown_2048_SHA512()
{
byte[] signature =
{
0x6F, 0x44, 0x68, 0x1F, 0x74, 0xF7, 0x90, 0x2F,
0x38, 0x43, 0x9B, 0x00, 0x15, 0xDA, 0xF6, 0x8F,
0x97, 0xB4, 0x4A, 0x52, 0xF7, 0xC1, 0xEC, 0x21,
0xE2, 0x44, 0x48, 0x71, 0x0F, 0xEC, 0x5E, 0xB3,
0xA1, 0xCB, 0xE4, 0x42, 0xC8, 0x1E, 0xCD, 0x3C,
0xA8, 0x15, 0x51, 0xDE, 0x0C, 0xCC, 0xAE, 0x4D,
0xEB, 0x2A, 0xE9, 0x13, 0xBB, 0x7F, 0x3C, 0xFB,
0x69, 0x8A, 0x8E, 0x0F, 0x80, 0x87, 0x2E, 0xA6,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
}
}
public static void VerifyKnown_2048_SHA384()
{
byte[] signature =
{
0x56, 0xBA, 0x70, 0x48, 0x18, 0xBA, 0xE3, 0x43,
0xF0, 0x7F, 0x25, 0xFE, 0xEA, 0xF1, 0xDB, 0x49,
0x37, 0x15, 0xD3, 0xD0, 0x5B, 0x9D, 0x57, 0x19,
0x73, 0x44, 0xDA, 0x70, 0x8D, 0x44, 0x7D, 0xBA,
0x83, 0xDB, 0x8E, 0x8F, 0x39, 0x0F, 0x83, 0xD5,
0x0B, 0x73, 0x81, 0x77, 0x3D, 0x9B, 0x8D, 0xA4,
0xAD, 0x94, 0x3C, 0xAB, 0x7A, 0x6C, 0x81, 0x48,
0x2F, 0xCF, 0x50, 0xE3, 0x34, 0x0B, 0xEC, 0xF0,
};
using (DSA dsa = DSAFactory.Create())
{
dsa.ImportParameters(DSATestData.GetDSA2048Params());
Assert.True(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA384));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA256));
Assert.False(dsa.VerifyData(DSATestData.HelloBytes, signature, HashAlgorithmName.SHA512));
}
}
public static void TestWrite1024Parameters(bool includePrivateParameters)
{
TestWriteXml(
DSATestData.GetDSA1024Params(),
includePrivateParameters,
(
"wW0mx01sFid5nAkYVI5VP+WMeIHaSEYpyvZDEfSyfP72vbDyEgaw/8SZmi/tU7Q7" +
"nuKRDGjaLENqgBj0k49kcjafVkfQBbzJbiJZDMFePNTqDRMvXaWvaqoIB7DMTvNA" +
"SvVC9FRrN73WpH5kETCDfbmTl8hFY119w20FN+SoSzE="
),
"2DwOy3NVHi/jDVH89CNsZRiDrdc=",
(
"a8NmtmNVVF4Jjx/pDlRptWfgn6edgX8rNntF3s1DAaWcgdaRH3aR03DhWsaSwEvB" +
"GHLBcaf+ZU6WPX3aV1qemM4Cb7fTk0olhggTSo7F7WmirtyJQBtnrd5Cfxftrrct" +
"evRdmrHVnhsT1O+9F8dkMwJn3eNSwg4FuA2zwQn+i5w="
),
(
"aQuzepFF4F1ue0fEV4mKrt1yUBydFuebGtdahyzwF6qQu/uQ8bO39cA8h+RuhyVm" +
"VSb9NBV7JvWWofCZf1nz5l78YVpVLV51acX/xFk9WgKZEQ5xyX4SIaWgP+mmk1rt" +
"2I7ws7L3nTqZ7XX3uHHm6vJoDZbVdKX0wTus47S0TeE="
),
"wCZ4AHd55S42BoIhS9R/j69CvC0=");
}
public static void NoFuzzyEncryptedPkcs8()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
int bytesRead = -1;
byte[] spki = key.ExportSubjectPublicKeyInfo();
byte[] empty = Array.Empty <byte>();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(empty, spki, out bytesRead));
Assert.Equal(-1, bytesRead);
byte[] pkcs8 = key.ExportPkcs8PrivateKey();
Assert.ThrowsAny <CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey(empty, pkcs8, out bytesRead));
Assert.Equal(-1, bytesRead);
}
}
public static void ReadWriteDsa2048SubjectPublicKeyInfo()
{
ReadWriteBase64SubjectPublicKeyInfo(
@"
MIIDRjCCAjkGByqGSM44BAEwggIsAoIBAQCvj7mysUfJbzkjYGOb2qZUT/LNCGtg
SjMk9IVZXwLOrzLS1J8t062fU4TdCdAxgtuPCqBs4KD8ojZqWwMb0OL615e63IdK
DGeBUpwB4NaXBLQ983GuSps92B6wP12uKDeAESVoZjN7c6gk9+isphmBp8Z2STY9
LX0SzCMFMI0IS+xozDsbPvV3BTpeI0Sfujw+tvjNjqafEWs3SL0jf5f09+kRxBw5
TW99LVO3Z2GPDe1I571/MMZWiUgmSlTADTWKdumCbteRxrbL+MKcJFFzsdjSGUOO
WTc851VO9Jx4QKjFXOLl4sM8EKrY2Q8ox8su8UrV7YxOaZK0Hs7GUoj1AiEAyTqy
KSNygpl/I1QaOZu/dc7NML4L6VksBwQ+0wIh6ssCggEARKfSLeuinOGdZ40twR8R
i6oQ476pTeKcPsNsEKtNaIAEobf0OH/BzJYT5oUf7bvVRTGe3lRLlOT66cEGnnc0
+eavyKC4QGls3/4obhrxrW45Yp0MjGAWrGJfEAus9f90sjJcnZmm2LAxCyaPY+Nf
XRyNpmP5SrqQJEzsz5qM5dtUebAG+RMeXqeCIqMuKhA8H+8WkpsVbjIwyVQpXNo+
X5H3G1Z/o7d0uELxKM0NND1UaNuQc0pngDXmXmohzHMB9PU+a2ZxioP/KFpv3onK
WuHRuWM6JaNKkm+dKAj5v3ldk2eH/0xyhrx/xKgq+psGyRJRCakjuvPjd1XxV0uv
tQOCAQUAAoIBAAEb2FmGosQTFf8BxVSkXlqcRbOOvcwmYLbReIlgToAKb96OAXzt
N5P0pvuvu3YT/re6h4QavVmTXRiFiTnACm5GGbZWJHWVXW1yshNL7PWrNBGPYNhL
H/JodT8YjoYSVRMthMoKq2gbhVGHM5Txjg2u9rX5V37HyiqmMoG1Oa9YlCg+P7bc
xVN9ksi/58ByOsIS7vO3cY01w/3Zn3rgkSzHxHUhpW+lEb4xcS2XmuZ/F6e8xOWB
DqnKE43u09eCOe7vI5p3KULSPCgQwpciGVJWRhJ/nEuBYSwSrtwtyR6BFTsKIHwf
vAB5Wz646GeWztKawSR/9xIqHq8IECV1FXI=",
DSATestData.GetDSA2048Params());
}
public static void SignAndVerifyDataExplicit2048()
{
SignAndVerify(DSATestData.HelloBytes, "SHA256", DSATestData.GetDSA2048Params(), 64);
}
public static void SignAndVerifyDataExplicit1024()
{
SignAndVerify(DSATestData.HelloBytes, "SHA1", DSATestData.GetDSA1024Params(), 40);
}
public static void BadPbeParameters()
{
using (DSA key = DSAFactory.Create())
{
key.ImportParameters(DSATestData.GetDSA1024Params());
Assert.ThrowsAny <ArgumentNullException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
null));
Assert.ThrowsAny <ArgumentNullException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> .Empty,
null));
Assert.ThrowsAny <ArgumentNullException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
null,
Span <byte> .Empty,
out _));
Assert.ThrowsAny <ArgumentNullException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> .Empty,
null,
Span <byte> .Empty,
out _));
// PKCS12 requires SHA-1
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA256, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA256, 72),
Span <byte> .Empty,
out _));
// PKCS12 requires SHA-1
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.MD5, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> .Empty,
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.MD5, 72),
Span <byte> .Empty,
out _));
// PKCS12 requires a char-based password
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(0, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(0, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm (negative enum value)
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)(-5), HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)(-5), HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown encryption algorithm (overly-large enum value)
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)15, HashAlgorithmName.SHA1, 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters((PbeEncryptionAlgorithm)15, HashAlgorithmName.SHA1, 72),
Span <byte> .Empty,
out _));
// Unknown hash algorithm
Assert.ThrowsAny <CryptographicException>(
() => key.ExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, new HashAlgorithmName("Potato"), 72)));
Assert.ThrowsAny <CryptographicException>(
() => key.TryExportEncryptedPkcs8PrivateKey(
new byte[3],
new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, new HashAlgorithmName("Potato"), 72),
Span <byte> .Empty,
out _));
}
}