Skip to content
Closed
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Licensed under the MIT License. See License.txt in the project root for
// license information.

#if NET45
#if FullNetFx

using System;
using System.IO;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public byte[] Sign( byte[] digest )
if ( digest.Length != 32 )
throw new ArgumentOutOfRangeException( "digest", "The digest must be 32 bytes for SHA-256" );

#if NET45
#if FullNetFx
if ( _key is RSACryptoServiceProvider )
{
return ((RSACryptoServiceProvider)_key).SignHash( digest, OID_OIWSEC_SHA256 );
Expand All @@ -79,7 +79,7 @@ public bool Verify( byte[] digest, byte[] signature )
throw new ArgumentNullException( "signature" );


#if NET45
#if FullNetFx
if ( _key is RSACryptoServiceProvider )
{
return ((RSACryptoServiceProvider)_key).VerifyHash( digest, OID_OIWSEC_SHA256, signature );
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// license information.
//

#if NET45
#if FullNetFx

using System;
using System.Security.Cryptography;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public byte[] TransformFinalBlock( byte[] inputBuffer, int inputOffset, int inpu
{
byte[] block = inputBuffer.Skip( inputOffset ).Take( inputCount ).ToArray();

#if NET45
#if FullNetFx
if ( _csp is RSACryptoServiceProvider )
{
return ( ( RSACryptoServiceProvider )_csp ).Decrypt( block, false );
Expand Down Expand Up @@ -147,7 +147,7 @@ public byte[] TransformFinalBlock( byte[] inputBuffer, int inputOffset, int inpu
{
byte[] block = inputBuffer.Skip( inputOffset ).Take( inputCount ).ToArray();

#if NET45
#if FullNetFx
if ( _csp is RSACryptoServiceProvider )
{
return ( ( RSACryptoServiceProvider )_csp ).Encrypt( block, false );
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ public byte[] TransformFinalBlock( byte[] inputBuffer, int inputOffset, int inpu
{
byte[] block = inputBuffer.Skip( inputOffset ).Take( inputCount ).ToArray();

#if NET45
#if FullNetFx
if ( _csp is RSACryptoServiceProvider )
{
return ( ( RSACryptoServiceProvider )_csp ).Decrypt( block, true );
Expand Down Expand Up @@ -150,7 +150,7 @@ public byte[] TransformFinalBlock( byte[] inputBuffer, int inputOffset, int inpu
{
byte[] block = inputBuffer.Skip( inputOffset ).Take( inputCount ).ToArray();

#if NET45
#if FullNetFx
if ( _csp is RSACryptoServiceProvider )
{
return ( ( RSACryptoServiceProvider )_csp ).Encrypt( block, true );
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// license information.
//

#if NET45
#if FullNetFx

using System;
using System.Security.Cryptography;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// license information.
//

#if NET45
#if FullNetFx

using System;
using System.Threading.Tasks;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
//
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for
// license information.
//
using System;
using System.Linq;
using System.Security.Cryptography;
using Xunit;

// ReSharper disable InconsistentNaming

namespace Microsoft.Azure.KeyVault.WebKey.Tests
{
public class WebKeyEcValidationTest
{

// Encrypt and Decrypt methods used by the test cases.
private static byte[] _data = new byte[] { 1, 3, 2, 7 };
private static string[] signOperations = new[] { JsonWebKeyOperation.Sign, JsonWebKeyOperation.Verify };
private static CngKeyCreationParameters cngKeyCreationParameters = new CngKeyCreationParameters
{
ExportPolicy = CngExportPolicies.AllowPlaintextExport,
KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
KeyUsage = CngKeyUsages.Signing
};

private void SignVerify(ECDsa privateKey, ECDsa publicKey)
{
using (var sha256 = SHA256.Create())
{
byte[] hash = sha256.ComputeHash(_data);

var signedHash = privateKey.SignHash(hash);
var verifiedHash = publicKey.VerifyHash(hash, signedHash);
Assert.True(verifiedHash);
}
}

private void SignVerify(ECDsa ecdsa)
{
SignVerify(ecdsa, ecdsa);
}

[Fact]
public void RoundTripP256Test()
{
if (!IsECDsaSupported())
return;

var usePrivateKey = true;

using (var ecdsa = new ECDsaCng(CngKey.Create(CngAlgorithm.ECDsaP256, "P256ecdsa", cngKeyCreationParameters)))
{
var jwk = new JsonWebKey(ecdsa, usePrivateKey);
VerifyJsonWebKeyEcdsa(jwk, usePrivateKey, JsonWebKeyECCurve.P256, signOperations);

var ecdsa_jwk = jwk.ToECDsa(usePrivateKey);

Assert.Equal(ecdsa_jwk.KeySize, ecdsa.KeySize);
#if FullNetFx
Assert.Equal(ecdsa_jwk.SignatureAlgorithm, ecdsa.SignatureAlgorithm);
#endif
SignVerify(ecdsa_jwk);
}
}

[Fact]
public void RoundTripP384Test()
{
if (!IsECDsaSupported())
return;

var usePrivateKey = true;

using (var ecdsa = new ECDsaCng(CngKey.Create(CngAlgorithm.ECDsaP384, "P384ecdsa", cngKeyCreationParameters)))
{
var jwk = new JsonWebKey(ecdsa, usePrivateKey);
VerifyJsonWebKeyEcdsa(jwk, usePrivateKey, JsonWebKeyECCurve.P384, signOperations);

var ecdsa_jwk = jwk.ToECDsa(usePrivateKey);

Assert.Equal(ecdsa_jwk.KeySize, ecdsa.KeySize);
#if FullNetFx
Assert.Equal(ecdsa_jwk.SignatureAlgorithm, ecdsa.SignatureAlgorithm);
#endif
SignVerify(ecdsa_jwk);
}
}

[Fact]
public void RoundTripP521Test()
{
if (!IsECDsaSupported())
return;

var usePrivateKey = true;

using (var ecdsa = new ECDsaCng(CngKey.Create(CngAlgorithm.ECDsaP521, "P521ecdsa", cngKeyCreationParameters)))
{
var jwk = new JsonWebKey(ecdsa, usePrivateKey);
VerifyJsonWebKeyEcdsa(jwk, usePrivateKey, JsonWebKeyECCurve.P521, signOperations);

var ecdsa_jwk = jwk.ToECDsa(usePrivateKey);

Assert.Equal(ecdsa_jwk.KeySize, ecdsa.KeySize);
#if FullNetFx
Assert.Equal(ecdsa_jwk.SignatureAlgorithm, ecdsa.SignatureAlgorithm);
#endif
SignVerify(ecdsa_jwk);
}
}

[Fact]
public void PublicOnlyKeyTest()
{
if (!IsECDsaSupported())
return;

var usePrivateKey = false;

using (var ecdsa = new ECDsaCng(CngKey.Create(CngAlgorithm.ECDsaP256, "P256ecdsa", cngKeyCreationParameters)))
{
var jwk = new JsonWebKey(ecdsa, usePrivateKey);
VerifyJsonWebKeyEcdsa(jwk, usePrivateKey, JsonWebKeyECCurve.P256, signOperations);

var ecdsa_jwk = jwk.ToECDsa(usePrivateKey);

Assert.Equal(ecdsa_jwk.KeySize, ecdsa.KeySize);
#if FullNetFx
Assert.Equal(ecdsa_jwk.SignatureAlgorithm, ecdsa.SignatureAlgorithm);
// Private key doesn't exist. Sign should fail with Key is missing.
Assert.Throws<CryptographicException>(()=>SignVerify(ecdsa_jwk));
#endif
}
}

[Fact]
public void PrivateSignPublicVerifyTest()
{
if (!IsECDsaSupported())
return;

using (var ecdsa = new ECDsaCng(CngKey.Create(CngAlgorithm.ECDsaP256, "P256ecdsa", cngKeyCreationParameters)))
{
var publicKey = new JsonWebKey(ecdsa, false);
var privateKey = new JsonWebKey(ecdsa, true);
SignVerify(privateKey.ToECDsa(true), publicKey.ToECDsa(false));
}
}

[Fact]
public void PublicSignPrivateVerifyTest()
{
if (!IsECDsaSupported())
return;

using (var ecdsa = new ECDsaCng(CngKey.Create(CngAlgorithm.ECDsaP256, "P256ecdsa", cngKeyCreationParameters)))
{
var publicKey = new JsonWebKey(ecdsa, false);
Assert.Throws<CryptographicException>(() => publicKey.ToECDsa(true));
}
}

/// <summary>
/// Temporary hack to make build pass on Linux with .NET Core.
/// </summary>
private static bool IsECDsaSupported()
{
try
{
Console.WriteLine("Attempting to access property {0}...", CngAlgorithm.ECDsaP256);
return true;
} catch (PlatformNotSupportedException)
{
return false;
}
}

private void VerifyJsonWebKeyEcdsa(JsonWebKey jwk, bool usePrivateKey, string eccurve, string[] ops)
{
if(usePrivateKey)
Assert.NotNull(jwk.D);
else
Assert.Null(jwk.D);

Assert.NotNull(jwk.X);
Assert.NotNull(jwk.Y);
Assert.Equal(jwk.ECCurve, eccurve);
Assert.True(ops.SequenceEqual(jwk.KeyOps));
Assert.Equal(jwk.Kty, JsonWebKeyType.EllipticCurve);

Assert.Null(jwk.DP);
Assert.Null(jwk.DQ);
Assert.Null(jwk.E);
Assert.Null(jwk.K);
Assert.Null(jwk.N);
Assert.Null(jwk.P);
Assert.Null(jwk.Q);
Assert.Null(jwk.QI);
Assert.Null(jwk.T);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,6 @@
//

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Security.Cryptography;
using Xunit;

namespace Microsoft.Azure.KeyVault.WebKey.Tests
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ private static void CheckInstance(object key, string kty)
switch (kty)
{
case JsonWebKeyType.Octet:
case JsonWebKeyType.EllipticCurve:
case JsonWebKeyType.EllipticCurveHsm:
case JsonWebKeyType.Rsa:
case JsonWebKeyType.RsaHsm:
// Supported types must have ClearMemory() implemented.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ private static byte[] Decrypt( RSA key, byte[] cipherText )
{
byte[] plainText = null;

#if NET452
#if FullNetFx
if ( key is RSACryptoServiceProvider )
{
plainText = ( ( RSACryptoServiceProvider )key ).Decrypt( cipherText, true );
Expand All @@ -52,7 +52,7 @@ private static byte[] Encrypt( RSA key )
{
byte[] cipherText = null;

#if NET452
#if FullNetFx
if ( key is RSACryptoServiceProvider )
{
cipherText = ( ( RSACryptoServiceProvider )key ).Encrypt( _plainText, true );
Expand Down
Loading