Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

Commit faab40d

Browse files
hoyosjsbartonjs
hoyosjs
authored and
bartonjs
committed
Port tests from dev/cms_unix to master
This change is a squashed partial merge of tests added in the dev/cms_unix feature branch which should be brought to master and maintained. Tests were changed to normalize onto existing ConditionalFact property names which had been added to master independently, otherwise they should be as-is.
1 parent 3de3cd7 commit faab40d

File tree

10 files changed

+805
-38
lines changed

10 files changed

+805
-38
lines changed

src/System.Security.Cryptography.Pkcs/tests/Certificates.cs

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ internal static class Certificates
1111
public static readonly CertLoader RSAKeyTransfer1 = new CertLoaderFromRawData(RawData.s_RSAKeyTransfer1Cer, RawData.s_RSAKeyTransfer1Pfx, "1111");
1212
public static readonly CertLoader RSAKeyTransfer2 = new CertLoaderFromRawData(RawData.s_RSAKeyTransfer2Cer, RawData.s_RSAKeyTransfer2Pfx, "1111");
1313
public static readonly CertLoader RSAKeyTransfer3 = new CertLoaderFromRawData(RawData.s_RSAKeyTransfer3Cer, RawData.s_RSAKeyTransfer3Pfx, "1111");
14+
public static readonly CertLoader RSAKeyTransfer_ExplicitSki = new CertLoaderFromRawData(RawData.s_RSAKeyTransferCer_ExplicitSki, RawData.s_RSAKeyTransferPfx_ExplicitSki, "1111");
1415
public static readonly CertLoader RSAKeyTransferCapi1 = new CertLoaderFromRawData(RawData.s_RSAKeyTransferCapi1Cer, RawData.s_RSAKeyTransferCapi1Pfx, "1111");
1516
public static readonly CertLoader RSASha256KeyTransfer1 = new CertLoaderFromRawData(RawData.s_RSASha256KeyTransfer1Cer, RawData.s_RSASha256KeyTransfer1Pfx, "1111");
1617
public static readonly CertLoader RSASha384KeyTransfer1 = new CertLoaderFromRawData(RawData.s_RSASha384KeyTransfer1Cer, RawData.s_RSASha384KeyTransfer1Pfx, "1111");
@@ -378,6 +379,80 @@ private static class RawData
378379
+ "73aef677d25ae8657f81ca1cd5dd50404b70b9373eadcd2d276e263105c00607a86f0c10ab26d1aafd986313a36c70389a4d"
379380
+ "1a8e88").HexToByteArray();
380381

382+
public static byte[] s_RSAKeyTransferCer_ExplicitSki =
383+
("3082033E30820226A003020102020900B5EFA7E1E80518B4300D06092A864886F70D01010B0500304D310B3009060355"
384+
+ "04061302515A310D300B060355040813044C616E643111300F060355040713084D7974686963616C311C301A06035504"
385+
+ "03131353656C662D5369676E6564204578616D706C65301E170D3136303632383030323034355A170D31363037323830"
386+
+ "30323034355A304D310B300906035504061302515A310D300B060355040813044C616E643111300F060355040713084D"
387+
+ "7974686963616C311C301A0603550403131353656C662D5369676E6564204578616D706C6530820122300D06092A8648"
388+
+ "86F70D01010105000382010F003082010A0282010100D95D63618741AD85354BA58242835CD69D7BC2A41173221E899E"
389+
+ "109F1354A87F5DC99EF898881293880D55F86E779E353C226CEA0D1FFCC2EE7227216DDC9116B7DF290A81EC9434CDA4"
390+
+ "408B7C06517B3AFF2C9D0FD458F9FCCDE414849C421402B39D97E197CA0C4F874D65A86EAD20E3041A0701F6ABA063AC"
391+
+ "B418186F9BF657C604776A6358C0F031608673278EFD702A07EE50B6DC1E090EEE5BB873284E6547F612017A26DEC5C2"
392+
+ "7533558F10C1894E899E9F8676D8C0E547B6B5C6EEEF23D06AA4A1532144CF104EB199C324F8E7998DB63B251C7E35A0"
393+
+ "4B7B5AFFD652F5AD228B099863C668772BEEEFF4F60EA753C8F5D0780AAED4CFA7860F1D3D490203010001A321301F30"
394+
+ "1D0603551D0E0416041401952851C55DB594B0C6167F5863C5B6B67AEFE6300D06092A864886F70D01010B0500038201"
395+
+ "0100BB7DDDC4EEC4E31163B84C5C3F4EA1B9314B75D4CCCA8F5339503DC6318E279E73826AD77AC6EA4344F2905D8792"
396+
+ "83D867A66319E1EA383B70CE997A98D545FE258E38C577554E3BBDF42349B98BED9C94B7CE55D51F740EF60ACC75D017"
397+
+ "F3D0D1438F8F86B2453F2308279521EE4AC09046498F60ECEC8867E7BF011C882A514BF85F6C915A70E0383AB5320034"
398+
+ "19A107A9FFEDBF34681AEEE57DF6A3DB3759D605A9269FB694D8EA56A90740529159D725BFD70C9141A38B98D4E88CDC"
399+
+ "31124ABBB4C3D3D49C220CCB6F2F94176B8225A0E2ADDB0F4A72E6B021601CD297AC45A0CAB95EBAC4001C8167899868"
400+
+ "3188DB9364AAD52D4E28169CC898B621FF84").HexToByteArray();
401+
402+
// password = "1111"
403+
public static byte[] s_RSAKeyTransferPfx_ExplicitSki =
404+
("308209810201033082094706092A864886F70D010701A08209380482093430820930308203E706092A864886F70D0107"
405+
+ "06A08203D8308203D4020100308203CD06092A864886F70D010701301C060A2A864886F70D010C0106300E0408101C5A"
406+
+ "3E2DBE2A9102020800808203A0F58476F5E4741F8834F50ED49D1A3A5B2FC8C345B54255C30556B1426C1BA1D9EE4440"
407+
+ "CD63CD48557B7BDC55D877D656183E2815DEDE92236E036E0D7FD93022174EFA179A85EF76DEE10950EE3BEB004FB118"
408+
+ "C58D4372A319575DB129F5912B385E63E1E83DC420A8FC8C23A283977480281EDDD745D97EC768328875D19FE414D7D9"
409+
+ "9D3B0AAA2FBA77346F82E4E1357C54E142B2F5E929CBD6057801F49ED08A8BD2456918CCEDAD6DAD9A7281C4EFD2FCF5"
410+
+ "6F04EDC5E62E79741024AF8BE401141AA9A9CE08F5D51D4636D8B25F9B3C59B4BC2DD7E60FBABA0A7E8FE15EAECB7221"
411+
+ "3BC22D8CE56987427B41A79333FB4B9BC5DB6E79C2AE4E954F975C343D155C5587BD7206414B9C0529D00C6DB1470C33"
412+
+ "A51D2A9BBDE5CC2352C61B0FB9945487FDB0E26981426BE7CCF44CF494E695D4760060468B7D23BA3C6F9B1762AC4B3A"
413+
+ "428B23A36F275F3FDFD7BAB236197C7C7FB6466A11B05DB39F947FB19EFE9BFED2B18308E2BBD0AB00AA399508194CB2"
414+
+ "1073B1B278BE389A8AA843B610B439AFA056A0EC81EBDF4061D2AB87C9CB840C3E6B92BB2FC30815D5744593862CC34A"
415+
+ "EF1C4B7BBCF640CBA2D1E15E13D3B571FD3C403BC927812B291E53EAE6721C994E343148C10A16053AE560A55DFA5695"
416+
+ "33CA35D83D81643CC7788E7F94C6592F99C09AFB770E9FE1380A1212A646A936BE531BF85F89D19EF57C180E8E3F1F4F"
417+
+ "BD266032095862E3A0F8394E93CEFF2B8ADAD374DFCB8A041DB498618D1D71765EFD1CD5B024AC13B9FF0F96F975B443"
418+
+ "08C14AC60965082CC409AE43D033512CF1B83458D475D2E06A49131894F1D4BFAF5FC4CBADA8566B6312E8DA31D8A397"
419+
+ "273BE77B8395F4CAB4428B22DFE18FD4365C134B7724220D2DCE31938EFCF8E4DFC321E02CF15476BF5EB675F2055205"
420+
+ "9662166A4549904BC6A5E4B8353C43DAC225317F4B4FA963C900F0B0D0E7FC854BE91A1CFF330FE77B03776EABD0326B"
421+
+ "0FB37AC5176CF82530960F423B13299E037285C9324E0A872414ECF35735F58463506EBFB2CC91D790FC0D67E2714287"
422+
+ "960C68FB43A7EE42A14F5397F07E055E75EE4F7D047634907702EEC8ABB08D82C82CEBE2B042B1F20367DFDB839B82AF"
423+
+ "88F72272AE91DA94CD9B334343196889381FE307A76BE0B627EE32D827582A7CD68BF467D954805030753FA8DABFCC21"
424+
+ "E68A77E2A76F9E95E61A2FBCA1C8FFC2CE272E9D125E5C65759529BF3FDD2E28722EC9B7B57BD9819BAAC01556002D88"
425+
+ "3B8BD842C3EB3BCC4A54B4D0B1DB32ECEBA8DD668D67C859A6EB0BAE293082054106092A864886F70D010701A0820532"
426+
+ "0482052E3082052A30820526060B2A864886F70D010C0A0102A08204EE308204EA301C060A2A864886F70D010C010330"
427+
+ "0E0408482E476C7712FD7202020800048204C8AF5357D64578320D963917F44B2B7714334AAE6571554F03A599913275"
428+
+ "4BA03892316159385225C4EEA7C958091BC8A32A9433AECA3A07F791ACE431217F0DFBD53DC15D257069B99DA04EF719"
429+
+ "892004FD307E151EBB359C1D69AE8FF78A1CC1654470B0862CDAC1AED521608C29AA8D30E81A4015D54F75421B9BDB29"
430+
+ "5036D79E4535F28D4A2ABF4F203BC67065A709AEF6EAF4D6A3DC7387CB3459D82399F4797CE53FD2BD0A19B1A9566F74"
431+
+ "246D6B6C50BD2777B6F6DE1A8C469F69D7EBF230018D56DF4C1764862CD982E81F56A543DA4ADB63EF8612A1BB561471"
432+
+ "56035541B0B41F06BBE2CD47DC402A75023558205870060438CF99D8BFC7CAADDE0583311FE4B854051C83638420BC5E"
433+
+ "93F999E67EDBBC266F519609E2BE9FC1BC3C7FEE54DBAB04DAC8A94BB347F3DC28DDAB7D28DD3BBFFB44C84E6F23A8E0"
434+
+ "1CAB36382723DB94CD8973A303D8D4C7A22B9F811C07ED9A78E06135E0426FC93BB408F1DC915DF4ADBF048D22C201D8"
435+
+ "0FDC0EF942D1E2AC0F39F8A95BA849C07BB0DA165B3F0317478870F704B8A34B7D5816BC4F8CA0C6BDB5346F2211416C"
436+
+ "79D7117AD1B86E44E0BC0C3793F9895638E5B7A2A5B957E0E691819AC7FA1F05E8D05ED99E4E286C96E3E31DF99633E8"
437+
+ "CB73CA135109AE727CB047641726A1599492B6F3E8E62195A79239279B2A9FBF47B31FEFF3C20DEC2DFBDB0CE98B183D"
438+
+ "BA773561DEE404BA1A5BEF5AB9729DBE22FB1C17EFD4D3AC81F04F49F9855CEACECB202090A1290C10E9D676F0658F3D"
439+
+ "E4C43DCD5A17B88881893DA87060C5F56D5CC9A92E6B1A47A6D16FB32C09925606F6D5C7CAFBC7A82D8E441A05DFBEE0"
440+
+ "BEC92D89264B62D5DECC342D29D9A7727BBDE4E63EEB7CAED7C76953F6AC8CB570619C7607B753FD46889C76D29C9AC6"
441+
+ "6F56CB3848323FA9CD16578EA5C6D876AE63D95F65E2CDEF68A1CF3D2FC3DF91D0055B0CDBD1510E291C0E7AC6EAA0D2"
442+
+ "AB5E8FAD44108C94A592251447926DB7139BC2A433D61711C6DA5EF82A8E18CEBF99AF753E33FFF65126B7D3D3D09FF0"
443+
+ "C50EFF7822FA8797BAC52383B94E8FE602E62577994ACA6A2150F60A31CA0E79FE6DF3405D6918EADC2231558FB29045"
444+
+ "034EB9DA9FB87BD71996C6AB6EA71A70EBFBC99BC292338A363176516C14EC92E174C59C6BE82F5BC0296525109C9A7F"
445+
+ "C9D9E654955992A5C9EDFD39ED9889BEAF105B2EF62B041789F20A6AB26563FCFA1A1482EE2A20E8C1A2F0931ACBA7F8"
446+
+ "756EE4C9119D29817ACA7D2B81FE736FD7A33D20EC333AC5123D29345647B734DB24B5C56B4576ABBF9B02F782DDE0B4"
447+
+ "BA277080F28F3D86DEC35F0F19B2B5DB0BD7A59B7C4B2BAE08E8584449BD3685F371F6A24F5F91EA6843DC6ABA89976E"
448+
+ "589511EB23A733D23F6CE076C952E9E7190ED78D5A34387F93418A87CB02270941F19DD35E1DB5836E67296A7F28A5EB"
449+
+ "8F32DA73EA7A47D5CEB292E767468CDF938A44B3CEEE6276A34705606A8F7496D7310DA1A0468A604B8A9E7AB50450A6"
450+
+ "DFE0C4540CEA058CD7919E823D8A32FB811C6BF8754C65D7A9723018ADE95AED5C30978A8DBA185CF0BA36346456CD3E"
451+
+ "15C511FAD71B445DDFA7C5455A3597FE536E3BB87518C0725D6BE673D05DC5E74B4FF442711D242A37D0CCB88E6D19BD"
452+
+ "6B7299207D7036EB87D5E86189768CB14AE4F8886BB5AB7864BDA9757D0C26BFFF3FAA4001258557D394313125302306"
453+
+ "092A864886F70D01091531160414080FB9AAB81BD67FD85C2186B359054CEB13D2D730313021300906052B0E03021A05"
454+
+ "0004142C205F0B1E9B99B0ED14E83F13D84BC683F66D3B04080D22E45D6A657CC602020800").HexToByteArray();
455+
381456
public static byte[] s_Rsa2048SignatureOnlyCer = (
382457
"3082032C30820214A003020102020900E0D8AB6819D7306E300D06092A864886" +
383458
"F70D01010B05003038313630340603550403132D54776F2074686F7573616E64" +

src/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/ContentEncryptionAlgorithmTests.cs

Lines changed: 138 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,22 @@ namespace System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests
1313
public static partial class ContentEncryptionAlgorithmTests
1414
{
1515
public static bool SupportsRc4 => PlatformDetection.IsWindows;
16+
public static bool DoesNotSupportRc4 => !SupportsRc4;
17+
18+
[Fact]
19+
public static void EncryptionAlgorithmRc2_InvalidKeyLength()
20+
{
21+
// For desktop compat, variable key length ciphers throw an error if the key length provided
22+
// is not a multiple of 8.
23+
AlgorithmIdentifier algorithm = new AlgorithmIdentifier(new Oid(Oids.Rc2), 3);
24+
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
25+
EnvelopedCms ecms = new EnvelopedCms(contentInfo, algorithm);
26+
using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
27+
{
28+
CmsRecipient cmsRecipient = new CmsRecipient(cert);
29+
Assert.ThrowsAny<CryptographicException>(() => ecms.Encrypt(cmsRecipient));
30+
}
31+
}
1632

1733
[Fact]
1834
public static void DecodeAlgorithmRc2_128_RoundTrip()
@@ -52,6 +68,88 @@ private static void VerifyAlgorithmRc2_128(byte[] encodedMessage)
5268
Assert.Equal(128, algorithm.KeyLength);
5369
}
5470

71+
[Fact]
72+
public static void DecodeAlgorithmRc2_40_FixedValue()
73+
{
74+
ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3, 4 });
75+
byte[] encodedMessage =
76+
("3082011806092A864886F70D010703A0820109308201050201003181CC3081C90201003032301E311C301A0"
77+
+ "60355040313135253414B65795472616E73666572436170693102105D2FFFF863BABC9B4D3C80AB178A4CCA"
78+
+ "300D06092A864886F70D010101050004818004E46A48651034B01134B0D4F665C9E85F6C45B58458ECDBAFE"
79+
+ "B6B55CBFA9AEBEFA52BCBEF3C8811B5118970562623FC35D4B733B55CBC50DA4F49822E1D198834897D3540"
80+
+ "7B329FECF49277159F2FEAB31173004776B03746381E0DA660B6D656A861E54E79186F36F450105DEB2714D"
81+
+ "02DB5500921EBE4F1A7D3DFB07E4EE9303106092A864886F70D010701301A06082A864886F70D0302300E02"
82+
+ "0200A00408D621253C94AF659B800802930ACE6A997122").HexToByteArray();
83+
EnvelopedCms ecms = new EnvelopedCms();
84+
ecms.Decode(encodedMessage);
85+
86+
AlgorithmIdentifier algorithm = ecms.ContentEncryptionAlgorithm;
87+
Assert.NotNull(algorithm.Oid);
88+
Assert.Equal(Oids.Rc2, algorithm.Oid.Value);
89+
Assert.Equal(40, algorithm.KeyLength);
90+
}
91+
92+
[Fact]
93+
[OuterLoop(/* Leaks key on disk if interrupted */)]
94+
public static void DecodeAlgorithmRc2_40_RoundTrip()
95+
{
96+
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3, 4 });
97+
EnvelopedCms ecms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new Oid(Oids.Rc2), 40));
98+
99+
using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.GetCertificate())
100+
{
101+
ecms.Encrypt(new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert));
102+
}
103+
104+
byte[] encodedMessage = ecms.Encode();
105+
106+
ecms = new EnvelopedCms();
107+
ecms.Decode(encodedMessage);
108+
109+
AlgorithmIdentifier algorithm = ecms.ContentEncryptionAlgorithm;
110+
Assert.NotNull(algorithm.Oid);
111+
Assert.Equal(Oids.Rc2, algorithm.Oid.Value);
112+
Assert.Equal(40, algorithm.KeyLength);
113+
}
114+
115+
[ConditionalFact(nameof(SupportsRc4))]
116+
[OuterLoop(/* Leaks key on disk if interrupted */)]
117+
public static void DecodeAlgorithmRc4_40_RoundTrip()
118+
{
119+
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3, 4 });
120+
EnvelopedCms ecms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new Oid(Oids.Rc4), 40));
121+
122+
using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.GetCertificate())
123+
{
124+
ecms.Encrypt(new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert));
125+
}
126+
127+
byte[] encodedMessage = ecms.Encode();
128+
129+
ecms = new EnvelopedCms();
130+
ecms.Decode(encodedMessage);
131+
132+
AlgorithmIdentifier algorithm = ecms.ContentEncryptionAlgorithm;
133+
Assert.NotNull(algorithm.Oid);
134+
Assert.Equal(Oids.Rc4, algorithm.Oid.Value);
135+
Assert.Equal(40, algorithm.KeyLength);
136+
}
137+
138+
139+
[ConditionalFact(nameof(DoesNotSupportRc4))]
140+
[OuterLoop(/* Leaks key on disk if interrupted */)]
141+
public static void DecodeAlgorithmRc4_40_PlatformNotSupported()
142+
{
143+
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3, 4 });
144+
EnvelopedCms ecms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(new Oid(Oids.Rc4), 40));
145+
146+
using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.GetCertificate())
147+
{
148+
CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert);
149+
Assert.Throws<PlatformNotSupportedException>(() => ecms.Encrypt(recipient));
150+
}
151+
}
152+
55153
[Fact]
56154
public static void DecodeAlgorithmDes_RoundTrip()
57155
{
@@ -165,6 +263,46 @@ private static void VerifyAlgorithmRc4(byte[] encodedMessage)
165263
Assert.Equal(128, algorithm.KeyLength);
166264
}
167265

266+
[Fact]
267+
public static void DecodeAlgorithmRc4_40_FixedValue()
268+
{
269+
byte[] encodedMessage =
270+
("3082011006092A864886F70D010703A08201013081FE0201003181CC3081C90201003032301E311C301A060"
271+
+ "355040313135253414B65795472616E73666572436170693102105D2FFFF863BABC9B4D3C80AB178A4CCA30"
272+
+ "0D06092A864886F70D01010105000481809D242C1517B82A58335E0337B0B2CE97B2789AF31A6B31311417B"
273+
+ "A069D0D76FD08AE5B4F58C290116667FFD00319AA7AFED4EEAD9D5031C0D17A48E6CB39A5EB62C8BD7F4C2C"
274+
+ "BE8E581EF8B7FF7BA9376923A367B9B7E031F630E4CA6ADCB31209B04B03E64076FB0465E7E437B13D4AEA2"
275+
+ "70CA89EB58C1A598F0AC88DCB4024302A06092A864886F70D010701301706082A864886F70D0304040B4B5A"
276+
+ "8F64D714F933642D4A8004C68A936F").HexToByteArray();
277+
278+
EnvelopedCms ecms = new EnvelopedCms();
279+
ecms.Decode(encodedMessage);
280+
AlgorithmIdentifier algorithm = ecms.ContentEncryptionAlgorithm;
281+
Assert.NotNull(algorithm.Oid);
282+
Assert.Equal(Oids.Rc4, algorithm.Oid.Value);
283+
Assert.Equal(40, algorithm.KeyLength);
284+
}
285+
286+
[Fact]
287+
public static void EncryptionAlgorithmAes128_IgnoresKeyLength()
288+
{
289+
// For desktop compat, static key length ciphers ignore the key lengths supplied
290+
AlgorithmIdentifier algorithm = new AlgorithmIdentifier(new Oid(Oids.Aes128), 3);
291+
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
292+
EnvelopedCms ecms = new EnvelopedCms(contentInfo, algorithm);
293+
using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
294+
{
295+
CmsRecipient cmsRecipient = new CmsRecipient(cert);
296+
ecms.Encrypt(cmsRecipient);
297+
}
298+
byte[] encodedMessage = ecms.Encode();
299+
300+
ecms.Decode(encodedMessage);
301+
302+
Assert.Equal(Oids.Aes128, ecms.ContentEncryptionAlgorithm.Oid.Value);
303+
Assert.Equal(0, ecms.ContentEncryptionAlgorithm.KeyLength);
304+
}
305+
168306
[Fact]
169307
public static void DecodeAlgorithmAes128_RoundTrip()
170308
{

0 commit comments

Comments
 (0)