c
/
mono
spegling av https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279
							//
// InMemorySymmetricSecurityKeyTest.cs
//
// Author:
//	Atsushi Enomoto <[email protected]>
//
// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.IO;
using System.Text;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using NUnit.Framework;

using Key = System.IdentityModel.Tokens.InMemorySymmetricSecurityKey;
using AES = System.Security.Cryptography.RijndaelManaged;

namespace MonoTests.System.IdentityModel.Tokens
{
	[TestFixture]
	public class InMemorySymmetricSecurityKeyTest
	{
		static X509Certificate2 cert;
		static byte [] raw;
		static byte [] wssc_label = Encoding.UTF8.GetBytes ("WS-SecureConversationWS-SecureConversation");

		static InMemorySymmetricSecurityKeyTest ()
		{
			cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
			// randomly generated with RijndaelManaged
			// GenerateIV() and GenerateKey().
			raw = Convert.FromBase64String ("eX2EeE969RCv/5Lx8OIGLHtJrSD5PzVzO3tTy9JxU58=");
		}

		[Test]
		public void CreateSimple ()
		{
			Key key = new Key (raw);
			Assert.AreEqual (256, key.KeySize, "#1");
			// the returned value must be a clone.
			Assert.IsFalse (Object.ReferenceEquals (key.GetSymmetricKey (), raw), "#2");
		}

		[Test]
		public void GetSymmetricAlgorithmAES ()
		{
			byte [] bytes = new byte [32];
			Key key = new Key (bytes);
			SymmetricAlgorithm alg = key.GetSymmetricAlgorithm (
				SecurityAlgorithms.Aes128Encryption);
			Assert.AreEqual (256, alg.KeySize, "#1-1");
			Assert.AreEqual (CipherMode.CBC, alg.Mode, "#1-2");
			Assert.AreEqual (PaddingMode.PKCS7, alg.Padding, "#1-3");
			alg = key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes192Encryption);
			Assert.AreEqual (256, alg.KeySize, "#2-1");
			Assert.AreEqual (CipherMode.CBC, alg.Mode, "#2-2");
			Assert.AreEqual (PaddingMode.PKCS7, alg.Padding, "#2-3");
			alg = key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes256Encryption);
			Assert.AreEqual (256, alg.KeySize, "#3-1");
			Assert.AreEqual (CipherMode.CBC, alg.Mode, "#3-2");
			Assert.AreEqual (PaddingMode.PKCS7, alg.Padding, "#3-3");

			alg = key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes128KeyWrap);
			Assert.IsTrue (alg is AES, "#4");
			alg = key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes192KeyWrap);
			Assert.IsTrue (alg is AES, "#5");
			alg = key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes256KeyWrap);
			Assert.IsTrue (alg is AES, "#6");
			//alg = key.GetSymmetricAlgorithm (SecurityAlgorithms.TripleDesKeyWrap);
			//Assert.IsTrue (alg is TripleDES, "#7");
		}

		[Test]
		[ExpectedException (typeof (CryptographicException))]
		public void GetSymmetricAlgorithm3VulnerableTDESEnc ()
		{
			byte [] bytes = new byte [24];
			Key key = new Key (bytes);
			// strange, TripleDesEncryption works with 32bytes key,
			// but TripleDesKeyWrap doesn't.
			key.GetSymmetricAlgorithm (SecurityAlgorithms.TripleDesEncryption);
		}

		[Test]
		[ExpectedException (typeof (CryptographicException))]
		public void GetSymmetricAlgorithm3VulnerableTDESWrap ()
		{
			byte [] bytes = new byte [24];
			Key key = new Key (bytes);
			// strange, TripleDesEncryption works with 32bytes key,
			// but TripleDesKeyWrap doesn't.
			key.GetSymmetricAlgorithm (SecurityAlgorithms.TripleDesKeyWrap);
		}

		// ... so, after all what is the valid key size for TDES?

		[Test]
		public void GetSymmetricAlgorithmNullKey ()
		{
			Key key = new Key (raw);
			Assert.IsNotNull (key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes192Encryption));
		}

		[Test]
		// hmm, no error
		public void GetSymmetricAlgorithmWrongSize ()
		{
			Key key = new Key (new byte [32]);
			Assert.IsNotNull (key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes192Encryption));
		}

		[Test]
		// hmm, error?
		[ExpectedException (typeof (CryptographicException))]
		public void GetSymmetricAlgorithmWrongSizeDES ()
		{
			Key key = new Key (new byte [32]);
			Assert.IsNotNull (key.GetSymmetricAlgorithm (SecurityAlgorithms.TripleDesKeyWrap));
		}

		[Test]
		// no error???
		public void GetSymmetricAlgorithmWrongSize2 ()
		{
			AES aes = new AES ();
			aes.KeySize = 192;
			aes.GenerateKey ();
			Key key = new Key (aes.Key);
			Assert.IsNotNull (key.GetSymmetricAlgorithm (SecurityAlgorithms.Aes256Encryption));
		}

		[Test]
		public void GenerateDerivedKey ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			byte [] derived = key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				wssc_label, nonce, key.KeySize, 0);
			Assert.IsTrue (Convert.ToBase64String (derived) != Convert.ToBase64String (raw), "#4");
			// the precomputed derivation value.
			byte [] expected = Convert.FromBase64String ("50UfLeg58TbfADujVeafUAS8typGX9LvqLOXezK/eJY=");
			Assert.AreEqual (Convert.ToBase64String (expected), Convert.ToBase64String (derived), "#5");
		}

		[Test]
		[ExpectedException (typeof (InvalidOperationException))] // not ArgumentNullException?
		public void GenerateDerivedKeyNullAlgorithm ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (null, wssc_label, nonce, key.KeySize, 0);
		}

		[Test]
		[ExpectedException (typeof (InvalidOperationException))] // not ArgumentNullException?
		public void GenerateDerivedKeyUnsupportedAlgorithm ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey ("urn:my-own-way", wssc_label, nonce, key.KeySize, 0);
		}

		[Test]
		[ExpectedException (typeof (ArgumentNullException))]
		public void GenerateDerivedKeyNullLabel ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				null, nonce, key.KeySize, 0);
		}

		[Test]
		[ExpectedException (typeof (ArgumentNullException))]
		public void GenerateDerivedKeyNullNonce ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				wssc_label, null, key.KeySize, 0);
		}

		[Test]
		[ExpectedException (typeof (ArgumentOutOfRangeException))]
		public void GenerateDerivedKeyNegativeLength ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				wssc_label, nonce, -32, 0);
		}

		[Test]
		public void GenerateDerivedKeyUnusualLength ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				wssc_label, nonce, 5, 0);
		}

		[Test]
		[ExpectedException (typeof (ArgumentOutOfRangeException))]
		public void GenerateDerivedKeyNegativeOffset ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				wssc_label, nonce, -32, 0);
		}

		[Test]
		public void GenerateDerivedKeyUnusualOffset ()
		{
			Key key = new Key (raw);
			byte [] nonce = new byte [256];

			key.GenerateDerivedKey (
				SecurityAlgorithms.Psha1KeyDerivation,
				wssc_label, nonce, 5, 0);
		}

		[Test]
		public void IsAsymmetricAlgorithm ()
		{
			Key key = new Key (raw);
			Assert.IsFalse (key.IsAsymmetricAlgorithm (SecurityAlgorithms.Aes256KeyWrap), "#1");
			Assert.IsFalse (key.IsAsymmetricAlgorithm (SecurityAlgorithms.TripleDesEncryption), "#2");
			Assert.IsTrue (key.IsAsymmetricAlgorithm (SecurityAlgorithms.RsaOaepKeyWrap), "#3");
			Assert.IsFalse (key.IsAsymmetricAlgorithm (SecurityAlgorithms.Psha1KeyDerivation), "#4");
		}

		[Test]
		public void IsSymmetricAlgorithm ()
		{
			Key key = new Key (raw);
			Assert.IsTrue (key.IsSymmetricAlgorithm (SecurityAlgorithms.Aes256KeyWrap), "#1");
			Assert.IsTrue (key.IsSymmetricAlgorithm (SecurityAlgorithms.TripleDesEncryption), "#2");
			Assert.IsFalse (key.IsSymmetricAlgorithm (SecurityAlgorithms.RsaOaepKeyWrap), "#3");
			Assert.IsTrue (key.IsSymmetricAlgorithm (SecurityAlgorithms.Psha1KeyDerivation), "#4");
		}
	}
}