public void VerifyDataByteArraySpan_NegativeCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
Assert.Throws <ArgumentOutOfRangeException>("count",
() => ecdsa.VerifyData(new byte[0], 0, -1, null, default(HashAlgorithmName)));
}
public void VerifyDataByteArraySpan_NullSignature_ThrowsArgumentNullException(ECDsa ecdsa)
{
Assert.Throws <ArgumentNullException>("signature",
() => ecdsa.VerifyData(new byte[0], 0, 0, null, default(HashAlgorithmName)));
}
public void SignDataStream_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
{
Assert.Throws <ArgumentNullException>("data",
() => ecdsa.SignData((Stream)null, default(HashAlgorithmName)));
}
public void VerifyDataByteArray_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.VerifyData(new byte[0], new byte[0], default(HashAlgorithmName)));
}
public void SignDataByteArraySpan_NegativeOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
Assert.Throws <ArgumentOutOfRangeException>("offset",
() => ecdsa.SignData(new byte[0], -1, -1, default(HashAlgorithmName)));
}
public void SignDataByteArraySpan_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.SignData(new byte[0], 0, 0, default(HashAlgorithmName)));
}
protected override byte[] SignData(ECDsa ecdsa, byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) => ecdsa.SignData(data, offset, count, hashAlgorithm);
protected abstract bool VerifyData(ECDsa ecdsa, byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm);
public void UseAfterDispose_NewKey(ECDsa ecdsa)
{
UseAfterDispose(ecdsa);
}
protected override bool VerifyData(ECDsa ecdsa, byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm) => ecdsa.VerifyData(data, offset, count, signature, hashAlgorithm);
public void UseAfterDispose_Import(ECDsa ecdsa)
{
ecdsa.ImportParameters(EccTestData.GetNistP256ReferenceKey());
UseAfterDispose(ecdsa);
}
protected abstract byte[] SignData(ECDsa ecdsa, byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm);
protected byte[] SignData(ECDsa ecdsa, byte[] data, HashAlgorithmName hashAlgorithm) => SignData(ecdsa, data, 0, data.Length, hashAlgorithm);
private static void Verify_ECDsaPrivateKey_WindowsPfx(ECDsa ecdsa)
{
Assert.NotNull(ecdsa);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
AssertEccAlgorithm(ecdsa, "ECDSA_P256");
}
}
public void SignVerify_InteroperableSameKeys_RoundTripsUnlessTampered(ECDsa ecdsa, HashAlgorithmName hashAlgorithm)
{
byte[] data = Encoding.UTF8.GetBytes("something to repeat and sign");
// large enough to make hashing work though multiple iterations and not a multiple of 4KB it uses.
byte[] dataArray = new byte[33333];
byte[] dataArray2 = new byte[dataArray.Length + 2];
dataArray.CopyTo(dataArray2, 1);
HashAlgorithm halg;
if (hashAlgorithm == HashAlgorithmName.MD5)
{
halg = MD5.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA1)
{
halg = SHA1.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA256)
{
halg = SHA256.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA384)
{
halg = SHA384.Create();
}
else if (hashAlgorithm == HashAlgorithmName.SHA512)
{
halg = SHA512.Create();
}
else
{
throw new Exception("Hash algorithm not supported.");
}
List <byte[]> signatures = new List <byte[]>(6);
// Compute a signature using each of the SignData overloads. Then, verify it using each
// of the VerifyData overloads, and VerifyHash overloads.
//
// Then, verify that VerifyHash fails if the data is tampered with.
signatures.Add(SignData(ecdsa, dataArray, hashAlgorithm));
signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataArray)));
foreach (byte[] signature in signatures)
{
Assert.True(VerifyData(ecdsa, dataArray, signature, hashAlgorithm), "Verify 1");
Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify 4");
}
int distinctSignatures = signatures.Distinct(new ByteArrayComparer()).Count();
Assert.True(distinctSignatures == signatures.Count, "Signing should be randomized");
foreach (byte[] signature in signatures)
{
signature[signature.Length - 1] ^= 0xFF; // flip some bits
Assert.False(VerifyData(ecdsa, dataArray, signature, hashAlgorithm), "Verify Tampered 1");
Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify Tampered 4");
}
}
private static void VerifyExplicitCurve(ECParameters parameters, ECDsa ec, CurveDef curveDef)
{
Assert.True(parameters.Curve.IsExplicit);
ECCurve curve = parameters.Curve;
Assert.True(curveDef.IsCurveTypeEqual(curve.CurveType));
Assert.True(
curveDef.IncludePrivate && parameters.D.Length > 0 ||
!curveDef.IncludePrivate && parameters.D == null);
Assert.Equal(curveDef.KeySize, ec.KeySize);
Assert.Equal(curve.A.Length, parameters.Q.X.Length);
Assert.Equal(curve.A.Length, parameters.Q.Y.Length);
Assert.Equal(curve.A.Length, curve.B.Length);
Assert.Equal(curve.A.Length, curve.G.X.Length);
Assert.Equal(curve.A.Length, curve.G.Y.Length);
Assert.True(curve.Seed == null || curve.Seed.Length > 0);
Assert.True(curve.Order == null || curve.Order.Length > 0);
if (curve.IsPrime)
{
Assert.Equal(curve.A.Length,curve.Prime.Length);
}
if (curveDef.IncludePrivate)
ec.Exercise();
// Ensure the key doesn't get regenerated after export
ECParameters paramSecondExport = ec.ExportExplicitParameters(curveDef.IncludePrivate);
AssertEqual(parameters, paramSecondExport);
}
public void SignHash_InvalidArguments_Throws(ECDsa ecdsa)
{
AssertExtensions.Throws <ArgumentNullException>("hash", () => ecdsa.SignHash(null));
}
public void Create_InvalidECCurveFriendlyName_ThrowsPlatformNotSupportedException()
{
ECCurve curve = ECCurve.CreateFromFriendlyName("bad potato");
PlatformNotSupportedException pnse = Assert.Throws <PlatformNotSupportedException>(() => ECDsa.Create(curve));
Assert.Contains("'bad potato'", pnse.Message);
}
public void VerifyHash_InvalidArguments_Throws(ECDsa ecdsa)
{
AssertExtensions.Throws <ArgumentNullException>("hash", () => ecdsa.VerifyHash(null, null));
AssertExtensions.Throws <ArgumentNullException>("signature", () => ecdsa.VerifyHash(new byte[0], null));
}
public void SignDataByteArraySpan_OffsetGreaterThanCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
Assert.Throws <ArgumentOutOfRangeException>("offset",
() => ecdsa.SignData(new byte[0], 2, 1, default(HashAlgorithmName)));
}
/// <summary>
/// Sets the <see cref="ListenerProvider" /> on the <see cref="MinimalServer" /> to one that provides
/// <see cref="SslListener" />s with <see cref="TcpConnectionListener" />s, using the given
/// <see cref="X509Certificate2" /> and <see cref="ECDsa" /> private key.
/// </summary>
/// <param name="server">the server</param>
/// <param name="certificate">the certificate</param>
/// <param name="key">the private key</param>
public static void AddSsl(this MinimalServer server, X509Certificate2 certificate, ECDsa key)
{
AddSsl(server, certificate.CopyWithPrivateKey(key));
}
public void SignDataByteArraySpan_EmptyHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.SignData(new byte[10], 0, 10, new HashAlgorithmName("")));
}
public void NoncompliantCreate()
{
var ec1 = ECDiffieHellman.Create(ECCurve.NamedCurves.brainpoolP192t1); // Noncompliant {{Use a key length of at least 224 bits for EC cipher algorithm.}}
var ec2 = ECDsa.Create(ECCurve.NamedCurves.brainpoolP160r1); // Noncompliant {{Use a key length of at least 224 bits for EC cipher algorithm.}}
}
public void SignDataStream_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
{
Assert.Throws <ArgumentException>("hashAlgorithm",
() => ecdsa.SignData(new MemoryStream(), default(HashAlgorithmName)));
}
public Apple()
{
validX5cStrings = new[] {
"MIICRDCCAcmgAwIBAgIGAXUCfWGDMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA3MDk0NjEyWhcNMjAxMDA4MDk1NjEyWjCBkTFJMEcGA1UEAwxANjEyNzZmYzAyZDNmZThkMTZiMzNiNTU0OWQ4MTkyMzZjODE3NDZhODNmMmU5NGE2ZTRiZWUxYzcwZjgxYjViYzEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5/lkIu1EpyAk4t1TATSs0DvpmFbmHaYv1naTlPqPm/vsD2qEnDVgE6KthwVqsokNcfb82nXHKFcUjsABKG3W3o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIJxgAhVAs+GYNN/jfsYkRcieGylPeSzka5QTwyMO84aBMAoGCCqGSM49BAMCA2kAMGYCMQDaHBjrI75xAF7SXzyF5zSQB/Lg9PjTdyye+w7stiqy84K6lmo8d3fIptYjLQx81bsCMQCvC8MSN+aewiaU0bMsdxRbdDerCJJj3xJb3KZwloevJ3daCmCcrZrAPYfLp2kDOsg=",
"MIICNDCCAbqgAwIBAgIQViVTlcen+0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1/VSQRN+b/hkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww+HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O+nAsmkaNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbY/HG1zAdBgNVHQ4EFgQU666CxP+hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ+/lVEV+9kiVDGMuXEg+cMECMCyKYETcIB/P5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wx/eLB6VxxugOBw=="
};
_attestationObject = CBORObject.NewMap().Add("fmt", "apple");
var param = Fido2Tests._validCOSEParameters[0];
X509Certificate2 root, attestnCert;
DateTimeOffset notBefore = DateTimeOffset.UtcNow;
DateTimeOffset notAfter = notBefore.AddDays(2);
var attDN = new X500DistinguishedName("CN=attest.apple.com, OU=Apple Authenticator Attestation, O=FIDO2-NET-LIB, C=US");
using (var ecdsaRoot = ECDsa.Create())
{
var rootRequest = new CertificateRequest(rootDN, ecdsaRoot, HashAlgorithmName.SHA256);
rootRequest.CertificateExtensions.Add(caExt);
var curve = (COSE.EllipticCurve)param[2];
ECCurve eCCurve = ECCurve.NamedCurves.nistP256;
using (root = rootRequest.CreateSelfSigned(
notBefore,
notAfter))
using (var ecdsaAtt = ECDsa.Create(eCCurve))
{
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
byte[] serial = new byte[12];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(serial);
}
using (X509Certificate2 publicOnly = attRequest.Create(
root,
notBefore,
notAfter,
serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
var ecparams = ecdsaAtt.ExportParameters(true);
var cpk = CBORObject.NewMap();
cpk.Add(COSE.KeyCommonParameter.KeyType, (COSE.KeyType)param[0]);
cpk.Add(COSE.KeyCommonParameter.Alg, (COSE.Algorithm)param[1]);
cpk.Add(COSE.KeyTypeParameter.X, ecparams.Q.X);
cpk.Add(COSE.KeyTypeParameter.Y, ecparams.Q.Y);
cpk.Add(COSE.KeyTypeParameter.Crv, (COSE.EllipticCurve)param[2]);
var x = cpk[CBORObject.FromObject(COSE.KeyTypeParameter.X)].GetByteString();
var y = cpk[CBORObject.FromObject(COSE.KeyTypeParameter.Y)].GetByteString();
_credentialPublicKey = new CredentialPublicKey(cpk);
var X5c = CBORObject.NewArray()
.Add(CBORObject.FromObject(attestnCert.RawData))
.Add(CBORObject.FromObject(root.RawData));
_attestationObject.Add("attStmt", CBORObject.NewMap().Add("x5c", X5c));
}
}
}
public void VerifyDataByteArraySpan_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
{
Assert.Throws <ArgumentNullException>("data",
() => ecdsa.VerifyData((byte[])null, -1, -1, null, default(HashAlgorithmName)));
}
/// <summary>
/// Creates an instance of <see cref="ES512Algorithm" /> using the provided pair of public and private keys.
/// </summary>
/// <param name="publicKey">The public key for verifying the data.</param>
/// <param name="privateKey">The private key for signing the data.</param>
public ES512Algorithm(ECDsa publicKey, ECDsa privateKey)
: base(publicKey, privateKey)
{
}
public void VerifyDataByteArraySpan_CountGreaterThanLengthMinusOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
{
Assert.Throws <ArgumentOutOfRangeException>("count",
() => ecdsa.VerifyData(new byte[0], 0, 1, null, default(HashAlgorithmName)));
}
/// <summary>
/// Creates an instance of <see cref="ES512Algorithm" /> using the provided public key only.
/// </summary>
/// <remarks>
/// An instance created using this constructor can only be used for verifying the data, not for signing it.
/// </remarks>
/// <param name="publicKey">The public key for verifying the data.</param>
public ES512Algorithm(ECDsa publicKey)
: base(publicKey)
{
}
internal static void Verify256(ECDsa e, bool expected)
{
byte[] sig = ("998791331eb2e1f4259297f5d9cb82fa20dec98e1cb0900e6b8f014a406c3d02cbdbf5238bde471c3155fc25565524301429"
+ "d8713dad9a67eb0a5c355e9e23dc").HexToByteArray();
bool verified = e.VerifyHash(ECDsaTestData.s_hashSha512, sig);
Assert.Equal(expected, verified);
}
public void Create_InvalidArgument_Throws()
{
AssertExtensions.Throws <ArgumentNullException>("algorithm", () => ECDsa.Create(null));
Assert.Null(ECDsa.Create(Guid.NewGuid().ToString("N")));
}
private static void VerifyNamedCurve(ECParameters parameters, ECDsa ec, int keySize, bool includePrivate)
{
parameters.Validate();
Assert.True(parameters.Curve.IsNamed);
Assert.Equal(keySize, ec.KeySize);
Assert.True(
includePrivate && parameters.D.Length > 0 ||
!includePrivate && parameters.D == null);
if (includePrivate)
ec.Exercise();
// Ensure the key doesn't get regenerated after export
ECParameters paramSecondExport = ec.ExportParameters(includePrivate);
paramSecondExport.Validate();
AssertEqual(parameters, paramSecondExport);
}
public OverrideAbstractECDsa(ECDsa ecdsa) => _ecdsa = ecdsa;
// Keep the ECDsaCng-ness contained within this helper method so that it doesn't trigger a
// FileNotFoundException on Unix.
private static void AssertEccAlgorithm(ECDsa ecdsa, string algorithmId)
{
ECDsaCng cng = ecdsa as ECDsaCng;
if (cng != null)
{
Assert.Equal(algorithmId, cng.Key.Algorithm.Algorithm);
}
}
protected bool VerifyData(ECDsa ecdsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm) => VerifyData(ecdsa, data, 0, data.Length, signature, hashAlgorithm);
