diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs index 56d4978f756d6c..9a4b27348ab4a0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs @@ -11,6 +11,7 @@ public interface IRSAProvider bool SupportsLargeExponent { get; } bool SupportsSha2Oaep { get; } bool SupportsPss { get; } + bool SupportsSha1Signatures { get; } } public static partial class RSAFactory @@ -39,5 +40,7 @@ public static RSA Create(RSAParameters rsaParameters) public static bool SupportsSha2Oaep => s_provider.SupportsSha2Oaep; public static bool SupportsPss => s_provider.SupportsPss; + + public static bool SupportsSha1Signatures => s_provider.SupportsSha1Signatures; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSASignatureFormatter.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSASignatureFormatter.cs index d58ac86a4cbebe..c1ce8e1754b87a 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSASignatureFormatter.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSASignatureFormatter.cs @@ -10,7 +10,7 @@ namespace System.Security.Cryptography.Rsa.Tests [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")] public partial class RSASignatureFormatterTests : AsymmetricSignatureFormatterTests { - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public static void VerifySignature_SHA1() { using (RSA rsa = RSAFactory.Create()) @@ -66,7 +66,7 @@ public static void InvalidHashAlgorithm() } } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public static void VerifyKnownSignature() { byte[] hash = "012d161304fa0c6321221516415813022320620c".HexToByteArray(); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs index e78cea374bac53..0bbdd7db7372da 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using System.IO; +using Microsoft.DotNet.XUnitExtensions; using Test.Cryptography; using Test.IO.Streams; using Xunit; @@ -26,14 +27,14 @@ public void NullArray_Throws() { using (RSA rsa = RSAFactory.Create()) { - AssertExtensions.Throws("data", () => SignData(rsa, null, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); - AssertExtensions.Throws("hash", () => SignHash(rsa, null, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); + AssertExtensions.Throws("data", () => SignData(rsa, null, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); + AssertExtensions.Throws("hash", () => SignHash(rsa, null, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); - AssertExtensions.Throws("data", () => VerifyData(rsa, null, new byte[1], HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); - AssertExtensions.Throws("hash", () => VerifyHash(rsa, null, new byte[1], HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); + AssertExtensions.Throws("data", () => VerifyData(rsa, null, new byte[1], HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); + AssertExtensions.Throws("hash", () => VerifyHash(rsa, null, new byte[1], HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); - AssertExtensions.Throws("signature", () => VerifyData(rsa, new byte[1], null, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); - AssertExtensions.Throws("signature", () => VerifyHash(rsa, new byte[1], null, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); + AssertExtensions.Throws("signature", () => VerifyData(rsa, new byte[1], null, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); + AssertExtensions.Throws("signature", () => VerifyHash(rsa, new byte[1], null, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } } } @@ -72,10 +73,10 @@ public void NullPadding_Throws() { using (RSA rsa = RSAFactory.Create()) { - AssertExtensions.Throws("padding", () => SignData(rsa, new byte[1], HashAlgorithmName.SHA1, null)); - AssertExtensions.Throws("padding", () => SignHash(rsa, new byte[1], HashAlgorithmName.SHA1, null)); - AssertExtensions.Throws("padding", () => VerifyData(rsa, new byte[1], new byte[1], HashAlgorithmName.SHA1, null)); - AssertExtensions.Throws("padding", () => VerifyHash(rsa, new byte[1], new byte[1], HashAlgorithmName.SHA1, null)); + AssertExtensions.Throws("padding", () => SignData(rsa, new byte[1], HashAlgorithmName.SHA256, null)); + AssertExtensions.Throws("padding", () => SignHash(rsa, new byte[1], HashAlgorithmName.SHA256, null)); + AssertExtensions.Throws("padding", () => VerifyData(rsa, new byte[1], new byte[1], HashAlgorithmName.SHA256, null)); + AssertExtensions.Throws("padding", () => VerifyHash(rsa, new byte[1], new byte[1], HashAlgorithmName.SHA256, null)); } } @@ -87,7 +88,7 @@ public void UseAfterDispose(bool importKey) RSA rsa = importKey ? RSAFactory.Create(TestData.RSA2048Params) : RSAFactory.Create(1024); byte[] data = TestData.HelloBytes; byte[] sig; - HashAlgorithmName alg = HashAlgorithmName.SHA1; + HashAlgorithmName alg = HashAlgorithmName.SHA256; RSASignaturePadding padding = RSASignaturePadding.Pkcs1; using (rsa) @@ -115,12 +116,12 @@ public void InvalidKeySize_DoesNotInvalidateKey() { using (RSA rsa = RSAFactory.Create()) { - byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); // A 2049-bit key is hard to describe, none of the providers support it. Assert.ThrowsAny(() => rsa.KeySize = 2049); - Assert.True(VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); + Assert.True(VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } } @@ -143,11 +144,11 @@ public void SignEmptyHash() using (RSA rsa = RSAFactory.Create()) { Assert.ThrowsAny( - () => SignHash(rsa, Array.Empty(), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); + () => SignHash(rsa, Array.Empty(), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void ExpectedSignature_SHA1_384() { byte[] expectedSignature = @@ -178,7 +179,7 @@ public void ExpectedSignature_SHA1_384() } } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void ExpectedSignature_SHA1_1032() { byte[] expectedSignature = @@ -205,7 +206,7 @@ public void ExpectedSignature_SHA1_1032() ExpectSignature(expectedSignature, TestData.HelloBytes, "SHA1", TestData.RSA1032Parameters); } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void ExpectedSignature_SHA1_2048() { byte[] expectedSignature = new byte[] @@ -350,7 +351,7 @@ public void ExpectSignature_SHA256_1024_Stream() Assert.Equal(expectedSignature, signature); } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void VerifySignature_SHA1_384() { byte[] signature = @@ -366,7 +367,7 @@ public void VerifySignature_SHA1_384() VerifySignature(signature, TestData.HelloBytes, "SHA1", TestData.RSA384Parameters); } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void VerifySignature_SHA1_1032() { byte[] signature = @@ -393,7 +394,7 @@ public void VerifySignature_SHA1_1032() VerifySignature(signature, TestData.HelloBytes, "SHA1", TestData.RSA1032Parameters); } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void VerifySignature_SHA1_2048() { byte[] signature = new byte[] @@ -516,8 +517,12 @@ public static IEnumerable RoundTripTheories { foreach (RSAParameters rsaParameters in new[] { TestData.RSA1024Params, TestData.RSA2048Params }) { + if (RSAFactory.SupportsSha1Signatures) + { + yield return new object[] { nameof(HashAlgorithmName.SHA1), rsaParameters }; + } + yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters }; - yield return new object[] { nameof(HashAlgorithmName.SHA1), rsaParameters }; yield return new object[] { nameof(HashAlgorithmName.SHA256), rsaParameters }; } @@ -532,8 +537,8 @@ public void NegativeVerify_WrongAlgorithm() using (RSA rsa = RSAFactory.Create()) { rsa.ImportParameters(TestData.RSA2048Params); - byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); - bool signatureMatched = VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); + byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); + bool signatureMatched = VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA384, RSASignaturePadding.Pkcs1); Assert.False(signatureMatched); } @@ -545,12 +550,12 @@ public void NegativeVerify_WrongSignature() using (RSA rsa = RSAFactory.Create()) { rsa.ImportParameters(TestData.RSA2048Params); - byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); // Invalidate the signature. signature[0] = unchecked((byte)~signature[0]); - bool signatureMatched = VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + bool signatureMatched = VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Assert.False(signatureMatched); } } @@ -561,8 +566,8 @@ public void NegativeVerify_TamperedData() using (RSA rsa = RSAFactory.Create()) { rsa.ImportParameters(TestData.RSA2048Params); - byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); - bool signatureMatched = VerifyData(rsa, Array.Empty(), signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + byte[] signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); + bool signatureMatched = VerifyData(rsa, Array.Empty(), signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Assert.False(signatureMatched); } } @@ -575,13 +580,13 @@ public void NegativeVerify_BadKeysize() using (RSA rsa = RSAFactory.Create()) { rsa.ImportParameters(TestData.RSA2048Params); - signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + signature = SignData(rsa, TestData.HelloBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); } using (RSA rsa = RSAFactory.Create()) { rsa.ImportParameters(TestData.RSA1024Params); - bool signatureMatched = VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + bool signatureMatched = VerifyData(rsa, TestData.HelloBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Assert.False(signatureMatched); } @@ -610,7 +615,7 @@ public void PkcsSignHash_MismatchedHashSize() } } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void ExpectedHashSignature_SHA1_2048() { byte[] expectedHashSignature = new byte[] @@ -741,7 +746,7 @@ public void ExpectedHashSignature_SHA256_2048() ExpectHashSignature(expectedHashSignature, dataHash, "SHA256", TestData.RSA2048Params); } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public void VerifyHashSignature_SHA1_2048() { byte[] hashSignature = new byte[] @@ -872,7 +877,7 @@ public void VerifyHashSignature_SHA256_2048() VerifyHashSignature(hashSignature, dataHash, "SHA256", TestData.RSA2048Params); } - [Theory] + [ConditionalTheory] [InlineData("SHA256")] [InlineData("SHA384")] [InlineData("SHA512")] @@ -880,6 +885,11 @@ public void VerifyHashSignature_SHA256_2048() [InlineData("SHA1")] public void PssRoundtrip(string hashAlgorithmName) { + if (!RSAFactory.SupportsSha1Signatures && hashAlgorithmName == "SHA1") + { + throw new SkipTestException("Platform does not support RSA with SHA1 signatures."); + } + RSAParameters privateParameters = TestData.RSA2048Params; RSAParameters publicParameters = new RSAParameters { diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.netcoreapp.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.netcoreapp.cs index e79beb71246b95..fcb06908e91620 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.netcoreapp.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.netcoreapp.cs @@ -56,7 +56,7 @@ public static void VerifyDefaultSpanHash() byte[] signature = new byte[2048 / 8]; Assert.False( - rsa.VerifyHash(ReadOnlySpan.Empty, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); + rsa.VerifyHash(ReadOnlySpan.Empty, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); if (RSAFactory.SupportsPss) { diff --git a/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs b/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs new file mode 100644 index 00000000000000..abdbabb14b8433 --- /dev/null +++ b/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs @@ -0,0 +1,51 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +namespace System.Security.Cryptography.Tests +{ + internal static class SignatureSupport + { + internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) + { + // We expect all non-Linux platforms to support SHA1 signatures, currently. + if (!OperatingSystem.IsLinux()) + { + return true; + } + + switch (algorithm) + { + case ECDsa ecdsa: + try + { + ecdsa.SignData(Array.Empty(), HashAlgorithmName.SHA1); + return true; + } + catch (CryptographicException) + { + return false; + } + finally + { + algorithm.Dispose(); + } + case RSA rsa: + try + { + rsa.SignData(Array.Empty(), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + return true; + } + catch (CryptographicException) + { + return false; + } + finally + { + algorithm.Dispose(); + } + default: + throw new NotSupportedException($"Algorithm type {algorithm.GetType()} is not supported."); + } + } + } +} diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs b/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs index 76854a55f07b64..963bd925d800c7 100644 --- a/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs +++ b/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs @@ -34,6 +34,8 @@ public bool Supports384PrivateKey public bool SupportsSha2Oaep => true; public bool SupportsPss => true; + + public bool SupportsSha1Signatures => true; } public partial class RSAFactory diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj b/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj index b2c8ebf7aab8a9..aaec2eb1c432cb 100644 --- a/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj @@ -15,6 +15,8 @@ + AlgorithmIdentifiers() { - return new[] + yield return new object[] { "MD5", MD5.Create() }; + yield return new object[] { "MD5", typeof(MD5) }; + yield return new object[] { "MD5", "1.2.840.113549.2.5" }; + + if (RSAFactory.SupportsSha1Signatures) { - new object[] { "MD5", MD5.Create() }, - new object[] { "MD5", typeof(MD5) }, - new object[] { "MD5", "1.2.840.113549.2.5" }, - new object[] { "SHA1", SHA1.Create() }, - new object[] { "SHA1", typeof(SHA1) }, - new object[] { "SHA1", "1.3.14.3.2.26" }, - new object[] { "SHA256", SHA256.Create() }, - new object[] { "SHA256", typeof(SHA256) }, - new object[] { "SHA256", "2.16.840.1.101.3.4.2.1" }, - new object[] { "SHA384", SHA384.Create() }, - new object[] { "SHA384", typeof(SHA384) }, - new object[] { "SHA384", "2.16.840.1.101.3.4.2.2" }, - new object[] { "SHA512", SHA512.Create() }, - new object[] { "SHA512", typeof(SHA512) }, - new object[] { "SHA512", "2.16.840.1.101.3.4.2.3" }, - }; + yield return new object[] { "SHA1", SHA1.Create() }; + yield return new object[] { "SHA1", typeof(SHA1) }; + yield return new object[] { "SHA1", "1.3.14.3.2.26" }; + } + + yield return new object[] { "SHA256", SHA256.Create() }; + yield return new object[] { "SHA256", typeof(SHA256) }; + yield return new object[] { "SHA256", "2.16.840.1.101.3.4.2.1" }; + yield return new object[] { "SHA384", SHA384.Create() }; + yield return new object[] { "SHA384", typeof(SHA384) }; + yield return new object[] { "SHA384", "2.16.840.1.101.3.4.2.2" }; + yield return new object[] { "SHA512", SHA512.Create() }; + yield return new object[] { "SHA512", typeof(SHA512) }; + yield return new object[] { "SHA512", "2.16.840.1.101.3.4.2.3" }; } } } diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs index 763925168a3933..7f4f3eb5b7d462 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs @@ -2,11 +2,14 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Runtime.InteropServices; +using System.Security.Cryptography.Tests; namespace System.Security.Cryptography.Rsa.Tests { public class RSACryptoServiceProviderProvider : IRSAProvider { + private bool? _supportsSha1Signatures; + public RSA Create() => new RSACryptoServiceProvider(); public RSA Create(int keySize) => new RSACryptoServiceProvider(keySize); @@ -18,6 +21,8 @@ public class RSACryptoServiceProviderProvider : IRSAProvider public bool SupportsSha2Oaep => false; public bool SupportsPss => false; + + public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create()); } public partial class RSAFactory diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderTests.cs index b16d5e66d39eef..89c9405d84b4d8 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderTests.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderTests.cs @@ -1,6 +1,7 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Security.Cryptography.Tests; using System.Security.Cryptography.Rsa.Tests; using Xunit; @@ -305,7 +306,7 @@ public static void ImportParameters_ExponentTooBig_Throws() } } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public static void SignHash_DefaultAlgorithm_Success() { byte[] hashVal = SHA1.HashData(TestData.HelloBytes); @@ -317,7 +318,7 @@ public static void SignHash_DefaultAlgorithm_Success() } } - [Fact] + [ConditionalFact(typeof(RSAFactory), nameof(RSAFactory.SupportsSha1Signatures))] public static void VerifyHash_DefaultAlgorithm_Success() { byte[] hashVal = SHA1.HashData(TestData.HelloBytes); @@ -352,7 +353,7 @@ public static void Sign_InvalidPaddingMode_Throws() { using (var rsa = new RSACryptoServiceProvider()) { - Assert.Throws(() => rsa.SignData(TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pss)); + Assert.Throws(() => rsa.SignData(TestData.HelloBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss)); } } @@ -361,8 +362,8 @@ public static void Verify_InvalidPaddingMode_Throws() { using (var rsa = new RSACryptoServiceProvider()) { - byte[] sig = rsa.SignData(TestData.HelloBytes, "SHA1"); - Assert.Throws(() => rsa.VerifyData(TestData.HelloBytes, sig, HashAlgorithmName.SHA1, RSASignaturePadding.Pss)); + byte[] sig = rsa.SignData(TestData.HelloBytes, "SHA256"); + Assert.Throws(() => rsa.VerifyData(TestData.HelloBytes, sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pss)); } } @@ -378,15 +379,15 @@ public static void SignatureAlgorithm_Success() [Fact] public static void SignData_VerifyHash_CaseInsensitive_Success() { - byte[] hashVal = SHA1.HashData(TestData.HelloBytes); + byte[] hashVal = SHA256.HashData(TestData.HelloBytes); using (var rsa = new RSACryptoServiceProvider()) { - byte[] signVal = rsa.SignData(TestData.HelloBytes, "SHA1"); - Assert.True(rsa.VerifyHash(hashVal, "SHA1", signVal)); + byte[] signVal = rsa.SignData(TestData.HelloBytes, "SHA256"); + Assert.True(rsa.VerifyHash(hashVal, "SHA256", signVal)); - signVal = rsa.SignData(TestData.HelloBytes, "sha1"); - Assert.True(rsa.VerifyHash(hashVal, "sha1", signVal)); + signVal = rsa.SignData(TestData.HelloBytes, "sha256"); + Assert.True(rsa.VerifyHash(hashVal, "sha256", signVal)); } } diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj b/src/libraries/System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj index 2343260ca112b0..ca7460db9b2d76 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj @@ -12,6 +12,8 @@ + new RSAOpenSsl(); public RSA Create(int keySize) => new RSAOpenSsl(keySize); @@ -16,6 +20,8 @@ public class RSAOpenSslProvider : IRSAProvider public bool SupportsSha2Oaep => true; public bool SupportsPss => true; + + public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create()); } public partial class RSAFactory diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/System.Security.Cryptography.OpenSsl.Tests.csproj b/src/libraries/System.Security.Cryptography.OpenSsl/tests/System.Security.Cryptography.OpenSsl.Tests.csproj index 676580f1349553..b9ca6fa4508f1a 100644 --- a/src/libraries/System.Security.Cryptography.OpenSsl/tests/System.Security.Cryptography.OpenSsl.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.OpenSsl/tests/System.Security.Cryptography.OpenSsl.Tests.csproj @@ -18,6 +18,8 @@ Link="CommonTest\System\Security\Cryptography\ByteUtils.cs" /> + RSA.Create(); @@ -38,6 +40,8 @@ public bool Supports384PrivateKey } } + public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create()); + public bool SupportsLargeExponent => true; public bool SupportsSha2Oaep { get; } = true; diff --git a/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj b/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj index b672db1d9ecd1f..6fa63793c4d82b 100644 --- a/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj +++ b/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj @@ -28,6 +28,8 @@ Link="ProductionCode\Common\System\Net\MultiArrayBuffer.cs" /> +