Advanced-Systems · StefanGreve · Feb 9, 2025 · Feb 13, 2025 · Feb 15, 2025 · Feb 15, 2025
diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -22,6 +22,13 @@
         "certificate-tool"
       ],
       "rollForward": false
+    },
+    "docfx": {
+      "version": "2.78.2",
+      "commands": [
+        "docfx"
+      ],
+      "rollForward": false
     }
   }
 }
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -34,8 +34,10 @@ jobs:
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
-    - run: dotnet tool update -g docfx
-    - run: docfx docs/docfx.json
+    - name: Build Documentation
+      run: >
+        dotnet tool restore --configfile nuget.config
+        dotnet docfx docs/docfx.json
 
     - name: Upload Artifact
       uses: actions/upload-pages-artifact@v3.0.1

diff --git a/.husky/pre-commit b/.husky/pre-commit
diff --git a/.husky/pre-push b/.husky/pre-push
diff --git a/AdvancedSystems.Security.Abstractions/IHashService.cs b/AdvancedSystems.Security.Abstractions/IHashService.cs
@@ -28,7 +28,7 @@ public interface IHashService
     /// <exception cref="NotImplementedException">
     ///     Raised if the specified <paramref name="hashFunction"/> is not implemented.
     /// </exception>
-    byte[] Compute(HashFunction hashFunction, byte[] buffer);
+    Span<byte> Compute(HashFunction hashFunction, Span<byte> buffer);
 
     #endregion
 }
diff --git a/AdvancedSystems.Security.Abstractions/IKDFService.cs b/AdvancedSystems.Security.Abstractions/IKDFService.cs
@@ -1,4 +1,6 @@
-namespace AdvancedSystems.Security.Abstractions;
+using System;
+
+namespace AdvancedSystems.Security.Abstractions;
 
 /// <summary>
 ///     Represents a contract employing for key derivation functions.
@@ -51,7 +53,7 @@ public interface IKDFService
     ///     </list>
     ///     Additionally, some platforms may support SHA3-equivalent hash functions.
     /// </remarks>
-    bool TryComputePBKDF2(HashFunction hashFunction, byte[] password, byte[] salt, int hashSize, int iterations, out byte[]? pbkdf2);
+    bool TryComputePBKDF2(HashFunction hashFunction, Span<byte> password, Span<byte> salt, int hashSize, int iterations, out byte[]? pbkdf2);
 
     #endregion
 }
diff --git a/AdvancedSystems.Security.Abstractions/IRSACryptoService.cs b/AdvancedSystems.Security.Abstractions/IRSACryptoService.cs
diff --git a/AdvancedSystems.Security.Abstractions/RSACryptoContract.cs b/AdvancedSystems.Security.Abstractions/RSACryptoContract.cs
@@ -0,0 +1,104 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace AdvancedSystems.Security.Abstractions;
+
+/// <summary>
+///     Represents a contract for performing RSA-based asymmetric operations.
+/// </summary>
+public abstract class RSACryptoContract
+{
+    #region Properties
+
+    /// <inheritdoc cref="X509Certificate2" path="/summary" />
+    public abstract X509Certificate2 Certificate { get; }
+
+    /// <inheritdoc cref="Abstractions.HashFunction" path="/summary" />
+    public abstract HashFunction HashFunction { get; set; }
+
+    /// <inheritdoc cref="RSAEncryptionPadding" path="/summary" />
+    public abstract RSAEncryptionPadding EncryptionPadding { get; set; }
+
+    /// <inheritdoc cref="RSASignaturePadding" path="/summary" />
+    public abstract RSASignaturePadding SignaturePadding { get; set; }
+
+    #endregion
+
+    #region Methods
+
+    /// <summary>
+    ///     Encrypts the input <paramref name="data"/>.
+    /// </summary>
+    /// <param name="data">
+    ///     The data to encrypt.
+    /// </param>
+    /// <returns>
+    ///     The encrypted data.
+    /// </returns>
+    /// <exception cref="ObjectDisposedException">
+    ///     Raised if this object has already been disposed.
+    /// </exception>
+    /// <exception cref="CryptographicException">
+    ///     Raised if the public key of the specified certificate is null.
+    /// </exception>
+    public abstract Span<byte> Encrypt(Span<byte> data);
+
+    /// <summary>
+    ///     Decrypts the <paramref name="cipher"/>.
+    /// </summary>
+    /// <param name="cipher">
+    ///     The data to decrypt.
+    /// </param>
+    /// <returns>
+    ///     The decrypted data.
+    /// </returns>
+    /// <exception cref="ObjectDisposedException">
+    ///     Raised if this object has already been disposed.
+    /// </exception>
+    /// <exception cref="CryptographicException">
+    ///     Raised if the private key of the specified certificate is null.
+    /// </exception>
+    public abstract Span<byte> Decrypt(Span<byte> cipher);
+
+    /// <summary>
+    ///     Computes the hash value of the specified data and signs it.
+    /// </summary>
+    /// <param name="data">
+    ///     The input data to hash and sign.
+    /// </param>
+    /// <returns>
+    ///     The RSA signature for the specified data.
+    /// </returns>
+    /// <exception cref="ObjectDisposedException">
+    ///     Raised if this object has already been disposed.
+    /// </exception>
+    /// <exception cref="CryptographicException">
+    ///     Raised if the private key of the specified certificate is null.
+    /// </exception>
+    public abstract Span<byte> SignData(Span<byte> data);
+
+    /// <summary>
+    ///     Verifies that a digital signature is valid by calculating the
+    ///     hash value of the specified data using the specified hash algorithm
+    ///     and padding, and comparing it to the provided signature.
+    /// </summary>
+    /// <param name="data">
+    ///     The signed data.
+    /// </param>
+    /// <param name="signature">
+    ///     The signature data to be verified.
+    /// </param>
+    /// <returns>
+    ///     <see langword="true"/> if the signature is valid; otherwise, <see langword="false"/>.
+    /// </returns>
+    /// <exception cref="ObjectDisposedException">
+    ///     Raised if this object has already been disposed.
+    /// </exception>
+    /// <exception cref="CryptographicException">
+    ///     Raised if the public key of the specified certificate is null.
+    /// </exception>
+    public abstract bool VerifyData(Span<byte> data, Span<byte> signature);
+
+    #endregion
+}
diff --git a/AdvancedSystems.Security.Tests/AdvancedSystems.Security.Tests.csproj b/AdvancedSystems.Security.Tests/AdvancedSystems.Security.Tests.csproj
@@ -10,23 +10,23 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.collector" Version="6.0.3">
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.12" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.18" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="xunit" Version="2.9.3" />
-    <PackageReference Include="xunit.analyzers" Version="1.19.0">
+    <PackageReference Include="xunit.analyzers" Version="1.23.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="xunit.runner.console" Version="2.9.3">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.3">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>

diff --git a/AdvancedSystems.Security.Tests/Cryptography/HMACTests.cs b/AdvancedSystems.Security.Tests/Cryptography/HMACTests.cs
@@ -44,11 +44,11 @@ public sealed class HMACTests
     public void TestHMAC_Value(HashFunction hashFunction, string text, string expectedMac)
     {
         // Arrange
-        byte[] key = "secret".GetBytes(Format.String);
-        byte[] buffer = text.GetBytes(Format.String);
+        Span<byte> key = "secret".GetBytes(Format.String);
+        Span<byte> buffer = text.GetBytes(Format.String);
 
         // Act
-        byte[] actualMac = HMACProvider.Compute(hashFunction, key, buffer);
+        Span<byte> actualMac = HMACProvider.Compute(hashFunction, key, buffer);
 
         // Assert
         Assert.Equal(expectedMac.GetBytes(Format.Hex), actualMac);
@@ -79,7 +79,7 @@ public void TestHMAC_Size(HashFunction hashFunction, string text)
     {
         // Arrange
         int keySize = 32;
-        byte[] buffer = text.GetBytes(Format.String);
+        Span<byte> buffer = text.GetBytes(Format.String);
         int expectedMacSize = hashFunction.GetSize();
 
         // Act

diff --git a/AdvancedSystems.Security.Tests/Cryptography/HashTests.cs b/AdvancedSystems.Security.Tests/Cryptography/HashTests.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using System;
+using System.Security.Cryptography;
 using System.Text;
 
 using AdvancedSystems.Security.Abstractions;
@@ -37,10 +38,10 @@ public void TestMD5Hash(string input, string expected, Format format)
     {
         // Arrange
         Encoding encoding = Encoding.UTF8;
-        byte[] buffer = encoding.GetBytes(input);
+        Span<byte> buffer = encoding.GetBytes(input);
 
         // Act
-        byte[] hash = HashProvider.Compute(HashFunction.MD5, buffer);
+        Span<byte> hash = HashProvider.Compute(HashFunction.MD5, buffer);
         string md5 = hash.ToString(format);
 
         // Assert
@@ -68,10 +69,10 @@ public void TestSHA1Hash(string input, string expected, Format format)
     {
         // Arrange
         Encoding encoding = Encoding.UTF8;
-        byte[] buffer = encoding.GetBytes(input);
+        Span<byte> buffer = encoding.GetBytes(input);
 
         // Act
-        byte[] hash = HashProvider.Compute(HashFunction.SHA1, buffer);
+        Span<byte> hash = HashProvider.Compute(HashFunction.SHA1, buffer);
         string sha1 = hash.ToString(format);
 
         // Assert
@@ -99,10 +100,10 @@ public void TestSHA256Hash(string input, string expected, Format format)
     {
         // Arrange
         Encoding encoding = Encoding.UTF8;
-        byte[] buffer = encoding.GetBytes(input);
+        Span<byte> buffer = encoding.GetBytes(input);
 
         // Act
-        byte[] hash = HashProvider.Compute(HashFunction.SHA256, buffer);
+        Span<byte> hash = HashProvider.Compute(HashFunction.SHA256, buffer);
         string sha256 = hash.ToString(format);
 
         // Assert
@@ -130,10 +131,10 @@ public void TestSHA384Hash(string input, string expected, Format format)
     {
         // Arrange
         Encoding encoding = Encoding.UTF8;
-        byte[] buffer = encoding.GetBytes(input);
+        Span<byte> buffer = encoding.GetBytes(input);
 
         // Act
-        byte[] hash = HashProvider.Compute(HashFunction.SHA384, buffer);
+        Span<byte> hash = HashProvider.Compute(HashFunction.SHA384, buffer);
         string sha384 = hash.ToString(format);
 
         // Assert
@@ -161,10 +162,10 @@ public void TestSHA512Hash(string input, string expected, Format format)
     {
         // Arrange
         Encoding encoding = Encoding.UTF8;
-        byte[] buffer = encoding.GetBytes(input);
+        Span<byte> buffer = encoding.GetBytes(input);
 
         // Act
-        byte[] hash = HashProvider.Compute(HashFunction.SHA512, buffer);
+        Span<byte> hash = HashProvider.Compute(HashFunction.SHA512, buffer);
         string sha512 = hash.ToString(format);
 
         // Assert

diff --git a/AdvancedSystems.Security.Tests/Cryptography/RSACryptoProviderTests.cs b/AdvancedSystems.Security.Tests/Cryptography/RSACryptoProviderTests.cs
@@ -0,0 +1,67 @@
+using System;
+
+using AdvancedSystems.Security.Abstractions;
+using AdvancedSystems.Security.Cryptography;
+using AdvancedSystems.Security.Extensions;
+using AdvancedSystems.Security.Tests.Fixtures;
+
+using Xunit;
+
+namespace AdvancedSystems.Security.Tests.Cryptography;
+
+/// <summary>
+///     Tests the default implementation of <seealso cref="RSACryptoContract"/>
+///     as a provider class (<seealso cref="RSACryptoProvider"/>).
+/// </summary>
+public sealed class RSACryptoProviderTests : IClassFixture<RSACryptoProviderFixture>
+{
+    private readonly RSACryptoProviderFixture _sut;
+
+    public RSACryptoProviderTests(RSACryptoProviderFixture rsaCryptoProviderFixture)
+    {
+        this._sut = rsaCryptoProviderFixture;
+    }
+
+    #region Tests
+
+    /// <summary>
+    ///     Tests that <seealso cref="RSACryptoProvider"/> encrypts an array of bytes correctly
+    ///     by using a pre-configured certificate.
+    /// </summary>
+    [Fact]
+    public void TestEncryptionDecryption_Roundtrip()
+    {
+        // Arrange
+        string message = "Hello, World!";
+        Span<byte> buffer = message.GetBytes(Format.String);
+
+        // Act
+        Span<byte> cipher = this._sut.RSACryptoProvider.Encrypt(buffer);
+        Span<byte> source = this._sut.RSACryptoProvider.Decrypt(cipher);
+        string decryptedMessage = source.ToString(Format.String);
+
+        // Assert
+        Assert.Equal(message, decryptedMessage);
+    }
+
+    /// <summary>
+    ///     Tests that <seealso cref="RSACryptoProvider"/> signs and verifies an array of bytes
+    ///     correctly by using a pre-configured certificate.
+    /// </summary>
+    [Fact]
+    public void TestSigningVerification_Roundtrip()
+    {
+        // Arrange
+        string message = "Hello, World!";
+        Span<byte> buffer = message.GetBytes(Format.String);
+
+        // Act
+        Span<byte> signature = this._sut.RSACryptoProvider.SignData(buffer);
+        bool verified = this._sut.RSACryptoProvider.VerifyData(buffer, signature);
+
+        // Assert
+        Assert.True(verified);
+    }
+
+    #endregion
+}