public void RoundtripRSA512PKCS1() { NSError error; SecKey private_key; SecKey public_key; using (var record = new SecRecord(SecKind.Key)) { record.KeyType = SecKeyType.RSA; record.KeySizeInBits = 512; // it's not a performance test :) Assert.That(SecKey.GenerateKeyPair(record.ToDictionary(), out public_key, out private_key), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair"); byte [] plain = new byte [20] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; byte [] cipher; if (TestRuntime.CheckXcodeVersion(8, 0)) { Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Encrypt"); // I would have expect false Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Decrypt"); using (var pub = public_key.GetPublicKey()) { // a new native instance of the key is returned (so having a new managed SecKey is fine) Assert.That(pub.Handle, Is.Not.EqualTo(public_key.Handle), "public/GetPublicKey"); } using (var attrs = public_key.GetAttributes()) { Assert.That(attrs.Count, Is.GreaterThan(0), "public/GetAttributes"); } using (var data = public_key.GetExternalRepresentation(out error)) { Assert.Null(error, "public/error-1"); Assert.NotNull(data, "public/GetExternalRepresentation"); using (var key = SecKey.Create(data, SecKeyType.RSA, SecKeyClass.Public, 512, null, out error)) { Assert.Null(error, "public/Create/error-1"); } } } Assert.That(public_key.Encrypt(SecPadding.PKCS1, plain, out cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt"); byte[] result; if (TestRuntime.CheckXcodeVersion(8, 0)) { Assert.False(private_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Encrypt"); Assert.True(private_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Decrypt"); using (var pub2 = private_key.GetPublicKey()) { // a new native instance of the key is returned (so having a new managed SecKey is fine) Assert.That(pub2.Handle, Is.Not.EqualTo(public_key.Handle), "private/GetPublicKey"); } using (var attrs = private_key.GetAttributes()) { Assert.That(attrs.Count, Is.GreaterThan(0), "private/GetAttributes"); } using (var data2 = private_key.GetExternalRepresentation(out error)) { Assert.Null(error, "private/error-1"); Assert.NotNull(data2, "private/GetExternalRepresentation"); using (var key = SecKey.Create(data2, SecKeyType.RSA, SecKeyClass.Private, 512, null, out error)) { Assert.Null(error, "private/Create/error-1"); } } } public_key.Dispose(); Assert.That(private_key.Decrypt(SecPadding.PKCS1, cipher, out result), Is.EqualTo(SecStatusCode.Success), "Decrypt"); Assert.That(plain, Is.EqualTo(result), "match"); private_key.Dispose(); } }
public void RoundtripRSAMinPKCS1() { NSError error; SecKey private_key; SecKey public_key; var label = $"KeyTest.RoundtripRSAMinPKCS1-{CFBundle.GetMain ().Identifier}-{GetType ().FullName}-{Process.GetCurrentProcess ().Id}"; try { using (var record = new SecRecord(SecKind.Key)) { record.KeyType = SecKeyType.RSA; record.KeySizeInBits = MinRsaKeySize; // it's not a performance test :) record.Label = label; Assert.That(SecKey.GenerateKeyPair(record.ToDictionary(), out public_key, out private_key), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair"); byte [] plain = new byte [20] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; byte [] cipher; if (TestRuntime.CheckXcodeVersion(8, 0)) { Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Encrypt"); #if MONOMAC Assert.That(public_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), Is.EqualTo(TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 13)), "public/IsAlgorithmSupported/Decrypt"); using (var pub = public_key.GetPublicKey()) { // macOS behaviour is not consistent - but the test main goal is to check we get a key Assert.That(pub.Handle, Is.Not.EqualTo(IntPtr.Zero), "public/GetPublicKey"); } #else Assert.True(public_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "public/IsAlgorithmSupported/Decrypt"); using (var pub = public_key.GetPublicKey()) { // a new native instance of the key is returned (so having a new managed SecKey is fine) Assert.False(pub.Handle == public_key.Handle, "public/GetPublicKey"); } #endif using (var attrs = public_key.GetAttributes()) { Assert.That(attrs.Count, Is.GreaterThan((nuint)0), "public/GetAttributes"); } using (var data = public_key.GetExternalRepresentation(out error)) { Assert.Null(error, "public/error-1"); Assert.NotNull(data, "public/GetExternalRepresentation"); using (var key = SecKey.Create(data, SecKeyType.RSA, SecKeyClass.Public, MinRsaKeySize, null, out error)) { Assert.Null(error, "public/Create/error-1"); } } } Assert.That(public_key.Encrypt(SecPadding.PKCS1, plain, out cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt"); byte[] result; if (TestRuntime.CheckXcodeVersion(8, 0)) { Assert.False(private_key.IsAlgorithmSupported(SecKeyOperationType.Encrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Encrypt"); Assert.True(private_key.IsAlgorithmSupported(SecKeyOperationType.Decrypt, SecKeyAlgorithm.RsaEncryptionPkcs1), "private/IsAlgorithmSupported/Decrypt"); using (var pub2 = private_key.GetPublicKey()) { // a new native instance of the key is returned (so having a new managed SecKey is fine) Assert.That(pub2.Handle, Is.Not.EqualTo(public_key.Handle), "private/GetPublicKey"); } using (var attrs = private_key.GetAttributes()) { Assert.That(attrs.Count, Is.GreaterThan((nuint)0), "private/GetAttributes"); } using (var data2 = private_key.GetExternalRepresentation(out error)) { Assert.Null(error, "private/error-1"); Assert.NotNull(data2, "private/GetExternalRepresentation"); using (var key = SecKey.Create(data2, SecKeyType.RSA, SecKeyClass.Private, MinRsaKeySize, null, out error)) { Assert.Null(error, "private/Create/error-1"); } } } public_key.Dispose(); var expectedResult = SecStatusCode.Success; #if __MACOS__ if (!TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 8)) { expectedResult = SecStatusCode.InvalidData; } #endif Assert.That(private_key.Decrypt(SecPadding.PKCS1, cipher, out result), Is.EqualTo(expectedResult), "Decrypt"); if (expectedResult != SecStatusCode.InvalidData) { Assert.That(plain, Is.EqualTo(result), "match"); } private_key.Dispose(); } } finally { // Clean up after us DeleteKeysWithLabel(label); } }