public static void NoPrivKeyFromPublicOnly() { using (DSA key = DSAFactory.Create()) { DSAParameters dsaParameters = DSATestData.GetDSA1024Params(); dsaParameters.X = null; key.ImportParameters(dsaParameters); Assert.ThrowsAny <CryptographicException>( () => key.ExportPkcs8PrivateKey()); Assert.ThrowsAny <CryptographicException>( () => key.TryExportPkcs8PrivateKey(Span <byte> .Empty, out _)); Assert.ThrowsAny <CryptographicException>( () => key.ExportEncryptedPkcs8PrivateKey( ReadOnlySpan <byte> .Empty, new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72))); Assert.ThrowsAny <CryptographicException>( () => key.TryExportEncryptedPkcs8PrivateKey( ReadOnlySpan <byte> .Empty, new PbeParameters(PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 72), Span <byte> .Empty, out _)); } }
public static void NoFuzzySubjectPublicKeyInfo() { using (DSA key = DSAFactory.Create()) { key.ImportParameters(DSATestData.GetDSA1024Params()); int bytesRead = -1; byte[] pkcs8 = key.ExportPkcs8PrivateKey(); Assert.ThrowsAny <CryptographicException>( () => key.ImportSubjectPublicKeyInfo(pkcs8, out bytesRead)); Assert.Equal(-1, bytesRead); ReadOnlySpan <byte> passwordBytes = pkcs8.AsSpan(0, 15); byte[] encryptedPkcs8 = key.ExportEncryptedPkcs8PrivateKey( passwordBytes, new PbeParameters( PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA512, 123)); Assert.ThrowsAny <CryptographicException>( () => key.ImportSubjectPublicKeyInfo(encryptedPkcs8, out bytesRead)); Assert.Equal(-1, bytesRead); } }
private static void UseAfterDispose(bool importKey) { DSA key = importKey ? DSAFactory.Create(DSATestData.GetDSA1024Params()) : DSAFactory.Create(1024); byte[] pkcs8Private; byte[] pkcs8EncryptedPrivate; byte[] subjectPublicKeyInfo; string pwStr = "Hello"; // Because the PBE algorithm uses PBES2 the string->byte encoding is UTF-8. byte[] pwBytes = Encoding.UTF8.GetBytes(pwStr); PbeParameters pbeParameters = new PbeParameters( PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 3072); // Ensure the key was loaded, then dispose it. // Also ensures all of the inputs are valid for the disposed tests. using (key) { pkcs8Private = key.ExportPkcs8PrivateKey(); pkcs8EncryptedPrivate = key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters); subjectPublicKeyInfo = key.ExportSubjectPublicKeyInfo(); } Assert.Throws <ObjectDisposedException>(() => key.ImportPkcs8PrivateKey(pkcs8Private, out _)); Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwStr, pkcs8EncryptedPrivate, out _)); Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _)); Assert.Throws <ObjectDisposedException>(() => key.ImportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _)); Assert.Throws <ObjectDisposedException>(() => key.ExportPkcs8PrivateKey()); Assert.Throws <ObjectDisposedException>(() => key.TryExportPkcs8PrivateKey(pkcs8Private, out _)); Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters)); Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwStr, pbeParameters, pkcs8EncryptedPrivate, out _)); Assert.Throws <ObjectDisposedException>(() => key.ExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters)); Assert.Throws <ObjectDisposedException>(() => key.TryExportEncryptedPkcs8PrivateKey(pwBytes, pbeParameters, pkcs8EncryptedPrivate, out _)); Assert.Throws <ObjectDisposedException>(() => key.ExportSubjectPublicKeyInfo()); Assert.Throws <ObjectDisposedException>(() => key.TryExportSubjectPublicKeyInfo(subjectPublicKeyInfo, out _)); // Check encrypted import with the wrong password. // It shouldn't do enough work to realize it was wrong. pwBytes = Array.Empty <byte>(); Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey("", pkcs8EncryptedPrivate, out _)); Assert.Throws <ObjectDisposedException>(() => key.ImportEncryptedPkcs8PrivateKey(pwBytes, pkcs8EncryptedPrivate, out _)); }
public static void NoFuzzyEncryptedPkcs8() { using (DSA key = DSAFactory.Create()) { key.ImportParameters(DSATestData.GetDSA1024Params()); int bytesRead = -1; byte[] spki = key.ExportSubjectPublicKeyInfo(); byte[] empty = Array.Empty <byte>(); Assert.ThrowsAny <CryptographicException>( () => key.ImportEncryptedPkcs8PrivateKey(empty, spki, out bytesRead)); Assert.Equal(-1, bytesRead); byte[] pkcs8 = key.ExportPkcs8PrivateKey(); Assert.ThrowsAny <CryptographicException>( () => key.ImportEncryptedPkcs8PrivateKey(empty, pkcs8, out bytesRead)); Assert.Equal(-1, bytesRead); } }
private Renci.SshNet.SftpClient _getSFtpClientWithCertificate() { #if NETSTANDARD2_0 || NET472 throw new NotSupportedException($"ClientCertificate does not support X509 Certificate in NETCORE2.0 nor NET472"); #else var connInfo = _getConnectionInfo(); var cert = FtpConfig.ClientCertificate; string keyExchangeAlgorithm = null; byte[] privateKeyBytes = null; string privateKeyPemString; bool isKeyNull = false; switch (cert.PublicKey.Oid.Value) { case _rsa: { using RSA rsaKey = cert.GetRSAPrivateKey(); keyExchangeAlgorithm = rsaKey.KeyExchangeAlgorithm; if (rsaKey != null) { privateKeyBytes = rsaKey.ExportRSAPrivateKey(); } else { isKeyNull = true; } break; } case _dsa: { using DSA dsaKey = cert.GetDSAPrivateKey(); keyExchangeAlgorithm = dsaKey.KeyExchangeAlgorithm; if (dsaKey != null) { privateKeyBytes = dsaKey.ExportPkcs8PrivateKey(); } else { isKeyNull = true; } break; } case _ecdsa: { using ECDsa ecdsaKey = cert.GetECDsaPrivateKey(); keyExchangeAlgorithm = ecdsaKey.KeyExchangeAlgorithm; if (ecdsaKey != null) { privateKeyBytes = ecdsaKey.ExportPkcs8PrivateKey(); } else { isKeyNull = true; } break; } default: throw new NotSupportedException($"ClientCertificate does not support the given algorithm {cert.PublicKey.Oid.FriendlyName}"); } if (isKeyNull) { throw new ArgumentNullException($"ClientCertificate has a null Key"); } #if NET5_0_OR_GREATER var privateKeyPem = PemEncoding.Write($"{keyExchangeAlgorithm} PRIVATE KEY", privateKeyBytes); privateKeyPemString = new string(privateKeyPem); #else var builder = new StringBuilder(); builder.AppendLine($"-----BEGIN {keyExchangeAlgorithm} PRIVATE KEY-----"); builder.AppendLine( Convert.ToBase64String(privateKeyBytes, Base64FormattingOptions.InsertLineBreaks)); builder.AppendLine($"-----END {keyExchangeAlgorithm} PRIVATE KEY-----"); privateKeyPemString = builder.ToString(); #endif var byteArray = Encoding.UTF8.GetBytes(privateKeyPemString); using var ms = new MemoryStream(byteArray); using var privateKeyFile = new PrivateKeyFile(ms); return(new Renci.SshNet.SftpClient(connInfo.Host, connInfo.Username, new PrivateKeyFile[] { privateKeyFile }) { KeepAliveInterval = _keepAliveInterval, OperationTimeout = _operationTimeout, }); #endif }