diff --git a/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs b/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs
index 4f1e13ede0eca1..d89f914191f0ee 100644
--- a/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs
+++ b/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs
@@ -6,7 +6,6 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.X509Certificates.Tests.Common;
-using Test.Cryptography;
namespace System.Net.Test.Common
{
diff --git a/src/libraries/Common/tests/System/Net/Configuration.Certificates.cs b/src/libraries/Common/tests/System/Net/Configuration.Certificates.cs
index d3b0cf224dae30..34599f1644bf1f 100644
--- a/src/libraries/Common/tests/System/Net/Configuration.Certificates.cs
+++ b/src/libraries/Common/tests/System/Net/Configuration.Certificates.cs
@@ -7,7 +7,6 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
-using Test.Cryptography;
using Xunit;
namespace System.Net.Test.Common
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/CngKeyWrapper.cs b/src/libraries/Common/tests/System/Security/Cryptography/CngKeyWrapper.cs
new file mode 100644
index 00000000000000..cba4da4a192770
--- /dev/null
+++ b/src/libraries/Common/tests/System/Security/Cryptography/CngKeyWrapper.cs
@@ -0,0 +1,75 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#nullable enable
+
+using Xunit;
+using System;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
+
+namespace Test.Cryptography
+{
+ internal sealed class CngKeyWrapper : IDisposable
+ {
+ private CngKeyWrapper(
+ CngAlgorithm algorithm,
+ CngKeyCreationParameters cngCreationParameters,
+ string? keySuffix = null,
+ [CallerMemberName] string? testName = null)
+ {
+ Key = CngKey.Create(algorithm, $"{testName}{algorithm.Algorithm}{keySuffix}", cngCreationParameters);
+ }
+
+ public static CngKeyWrapper CreateMicrosoftPlatformCryptoProvider(
+ CngAlgorithm algorithm,
+ string? keySuffix = null,
+ [CallerMemberName] string? testName = null,
+ CngKeyCreationOptions creationOption = CngKeyCreationOptions.None,
+ params CngProperty[] additionalParameters)
+ {
+ const string MicrosoftPlatformCryptoProvider = "Microsoft Platform Crypto Provider";
+
+#if NETFRAMEWORK
+ CngProvider cngProvider = new(MicrosoftPlatformCryptoProvider);
+#else
+ Assert.Equal(MicrosoftPlatformCryptoProvider, CngProvider.MicrosoftPlatformCryptoProvider.Provider);
+ CngProvider cngProvider = CngProvider.MicrosoftPlatformCryptoProvider;
+#endif
+ CngKeyCreationParameters cngCreationParameters = new()
+ {
+ Provider = cngProvider,
+ KeyCreationOptions = creationOption | CngKeyCreationOptions.OverwriteExistingKey,
+ };
+
+ foreach (CngProperty parameter in additionalParameters)
+ {
+ cngCreationParameters.Parameters.Add(parameter);
+ }
+
+ return new CngKeyWrapper(algorithm, cngCreationParameters, keySuffix, testName);
+ }
+
+ public static CngKeyWrapper CreateMicrosoftSoftwareKeyStorageProvider(
+ CngAlgorithm algorithm,
+ CngKeyCreationOptions creationOption,
+ string? keySuffix = null,
+ [CallerMemberName] string? testName = null)
+ {
+ CngKeyCreationParameters cngCreationParameters = new()
+ {
+ Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
+ KeyCreationOptions = creationOption | CngKeyCreationOptions.OverwriteExistingKey,
+ };
+
+ return new CngKeyWrapper(algorithm, cngCreationParameters, keySuffix, testName);
+ }
+
+ public CngKey Key { get; }
+
+ public void Dispose()
+ {
+ Key.Delete();
+ }
+ }
+}
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/CngPlatformProviderKey.cs b/src/libraries/Common/tests/System/Security/Cryptography/CngPlatformProviderKey.cs
deleted file mode 100644
index b33636ae957855..00000000000000
--- a/src/libraries/Common/tests/System/Security/Cryptography/CngPlatformProviderKey.cs
+++ /dev/null
@@ -1,39 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-
-using System;
-using System.Runtime.CompilerServices;
-using System.Security.Cryptography;
-
-namespace Test.Cryptography
-{
- internal sealed class CngPlatformProviderKey : IDisposable
- {
- public CngPlatformProviderKey(
- CngAlgorithm algorithm,
- string keySuffix = null,
- [CallerMemberName] string testName = null,
- params CngProperty[] additionalParameters)
- {
- CngKeyCreationParameters cngCreationParameters = new CngKeyCreationParameters
- {
- Provider = CngProvider.MicrosoftPlatformCryptoProvider,
- KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
- };
-
- foreach (CngProperty parameter in additionalParameters)
- {
- cngCreationParameters.Parameters.Add(parameter);
- }
-
- Key = CngKey.Create(algorithm, $"{testName}{algorithm.Algorithm}{keySuffix}", cngCreationParameters);
- }
-
- internal CngKey Key { get; }
-
- public void Dispose()
- {
- Key.Delete();
- }
- }
-}
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs b/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs
index 7be1321023e2bf..6be4ed60277044 100644
--- a/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs
+++ b/src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs
@@ -37,19 +37,11 @@ static bool DetermineAlgorithmFunctional(CngAlgorithm algorithm)
return false;
}
#endif
-
- CngKey key = null;
-
try
{
- key = CngKey.Create(
+ using CngKeyWrapper key = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(
algorithm,
- $"{nameof(PlatformCryptoProviderFunctional)}{algorithm.Algorithm}Key",
- new CngKeyCreationParameters
- {
- Provider = new CngProvider("Microsoft Platform Crypto Provider"),
- KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
- });
+ keySuffix: $"{algorithm.Algorithm}Key");
return true;
}
@@ -57,10 +49,35 @@ static bool DetermineAlgorithmFunctional(CngAlgorithm algorithm)
{
return false;
}
- finally
- {
- key?.Delete();
- }
+ }
+ }
+
+ private static bool CheckIfVbsAvailable()
+ {
+#if !NETFRAMEWORK
+ if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+ {
+ return false;
+ }
+#endif
+
+ try
+ {
+ const CngKeyCreationOptions RequireVbs = (CngKeyCreationOptions)0x00020000;
+#if !NETFRAMEWORK
+ Assert.Equal(CngKeyCreationOptions.RequireVbs, RequireVbs);
+#endif
+
+ using CngKeyWrapper key = CngKeyWrapper.CreateMicrosoftSoftwareKeyStorageProvider(
+ CngAlgorithm.ECDsaP256,
+ RequireVbs,
+ keySuffix: $"{CngAlgorithm.ECDsaP256.Algorithm}Key");
+
+ return true;
+ }
+ catch (CryptographicException)
+ {
+ return false;
}
}
@@ -83,5 +100,8 @@ static bool DetermineAlgorithmFunctional(CngAlgorithm algorithm)
internal static bool PlatformCryptoProviderFunctionalP256 => PlatformCryptoProviderFunctional(CngAlgorithm.ECDsaP256);
internal static bool PlatformCryptoProviderFunctionalP384 => PlatformCryptoProviderFunctional(CngAlgorithm.ECDsaP384);
internal static bool PlatformCryptoProviderFunctionalRsa => PlatformCryptoProviderFunctional(CngAlgorithm.Rsa);
+
+ private static bool? s_isVbsAvailable;
+ internal static bool IsVbsAvailable => s_isVbsAvailable ??= CheckIfVbsAvailable();
}
}
diff --git a/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj b/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj
index a08fb7f599bd17..265d2a512e0e96 100644
--- a/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj
+++ b/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj
@@ -12,6 +12,8 @@
Link="CommonTest\System\Security\Cryptography\ByteUtils.cs" />
+
-
diff --git a/src/libraries/System.Net.Http.WinHttpHandler/tests/FunctionalTests/System.Net.Http.WinHttpHandler.Functional.Tests.csproj b/src/libraries/System.Net.Http.WinHttpHandler/tests/FunctionalTests/System.Net.Http.WinHttpHandler.Functional.Tests.csproj
index 89a7007b2f6f33..7640a70f87b4a6 100644
--- a/src/libraries/System.Net.Http.WinHttpHandler/tests/FunctionalTests/System.Net.Http.WinHttpHandler.Functional.Tests.csproj
+++ b/src/libraries/System.Net.Http.WinHttpHandler/tests/FunctionalTests/System.Net.Http.WinHttpHandler.Functional.Tests.csproj
@@ -133,8 +133,6 @@
Link="Common\System\Net\Http\SyncBlockingContent.cs" />
-
-
-
diff --git a/src/libraries/System.Net.Requests/tests/System.Net.Requests.Tests.csproj b/src/libraries/System.Net.Requests/tests/System.Net.Requests.Tests.csproj
index 35e9a3f81011f0..a1574b47b66267 100644
--- a/src/libraries/System.Net.Requests/tests/System.Net.Requests.Tests.csproj
+++ b/src/libraries/System.Net.Requests/tests/System.Net.Requests.Tests.csproj
@@ -38,8 +38,6 @@
Link="Common\System\Net\Http\GenericLoopbackServer.cs" />
-
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj b/src/libraries/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
index 11dfd96afb0d66..bf809ed8e243de 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
@@ -89,8 +89,6 @@
Link="Common\System\Net\EventSourceTestLogging.cs" />
-
-
diff --git a/src/libraries/System.Net.WebSockets.Client/tests/System.Net.WebSockets.Client.Tests.csproj b/src/libraries/System.Net.WebSockets.Client/tests/System.Net.WebSockets.Client.Tests.csproj
index 35780f9d7497c4..0c07922eb10ec9 100644
--- a/src/libraries/System.Net.WebSockets.Client/tests/System.Net.WebSockets.Client.Tests.csproj
+++ b/src/libraries/System.Net.WebSockets.Client/tests/System.Net.WebSockets.Client.Tests.csproj
@@ -47,7 +47,6 @@
-
diff --git a/src/libraries/System.Net.WebSockets.Client/tests/wasm/System.Net.WebSockets.Client.Wasm.Tests.csproj b/src/libraries/System.Net.WebSockets.Client/tests/wasm/System.Net.WebSockets.Client.Wasm.Tests.csproj
index c4b8a5a4545e83..296136cf1c27cd 100644
--- a/src/libraries/System.Net.WebSockets.Client/tests/wasm/System.Net.WebSockets.Client.Wasm.Tests.csproj
+++ b/src/libraries/System.Net.WebSockets.Client/tests/wasm/System.Net.WebSockets.Client.Wasm.Tests.csproj
@@ -40,8 +40,6 @@
Link="Common\System\Net\Http\LoopbackServer.cs" />
-
diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/ECDiffieHellmanCngTests.cs b/src/libraries/System.Security.Cryptography.Cng/tests/ECDiffieHellmanCngTests.cs
index 488043a01ea44f..3ca8e6d9912ddf 100644
--- a/src/libraries/System.Security.Cryptography.Cng/tests/ECDiffieHellmanCngTests.cs
+++ b/src/libraries/System.Security.Cryptography.Cng/tests/ECDiffieHellmanCngTests.cs
@@ -193,8 +193,8 @@ public static void HashAlgorithm_SupportsOtherECDHImplementations()
[OuterLoop("Hardware backed key generation takes several seconds.")]
public static void PlatformCryptoProvider_DeriveKeyMaterial()
{
- using (CngPlatformProviderKey platformKey1 = new CngPlatformProviderKey(CngAlgorithm.ECDiffieHellmanP256, "key1"))
- using (CngPlatformProviderKey platformKey2 = new CngPlatformProviderKey(CngAlgorithm.ECDiffieHellmanP256, "key2"))
+ using (CngKeyWrapper platformKey1 = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(CngAlgorithm.ECDiffieHellmanP256, "key1"))
+ using (CngKeyWrapper platformKey2 = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(CngAlgorithm.ECDiffieHellmanP256, "key2"))
using (ECDiffieHellmanCng ecdhCng1 = new ECDiffieHellmanCng(platformKey1.Key))
using (ECDiffieHellmanCng ecdhCng2 = new ECDiffieHellmanCng(platformKey2.Key))
{
diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/PropertyTests.cs b/src/libraries/System.Security.Cryptography.Cng/tests/PropertyTests.cs
index eb3db7e26de787..41414361805964 100644
--- a/src/libraries/System.Security.Cryptography.Cng/tests/PropertyTests.cs
+++ b/src/libraries/System.Security.Cryptography.Cng/tests/PropertyTests.cs
@@ -17,7 +17,7 @@ public static void CreatePersisted_PlatformEccKeyHasKeySize_P256(string algorith
{
CngAlgorithm cngAlgorithm = new CngAlgorithm(algorithm);
- using (CngPlatformProviderKey platformKey = new CngPlatformProviderKey(cngAlgorithm))
+ using (CngKeyWrapper platformKey = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(cngAlgorithm))
{
Assert.Equal(256, platformKey.Key.KeySize);
}
@@ -31,7 +31,7 @@ public static void CreatePersisted_PlatformEccKeyHasKeySize_P384(string algorith
{
CngAlgorithm cngAlgorithm = new CngAlgorithm(algorithm);
- using (CngPlatformProviderKey platformKey = new CngPlatformProviderKey(cngAlgorithm))
+ using (CngKeyWrapper platformKey = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(cngAlgorithm))
{
Assert.Equal(384, platformKey.Key.KeySize);
}
@@ -44,7 +44,7 @@ public static void CreatePersisted_PlatformEccKeyHasKeySize_P384(string algorith
public static void CreatePersisted_PlatformRsaKeyHasKeySize(int keySize)
{
CngProperty keyLengthProperty = new CngProperty("Length", BitConverter.GetBytes(keySize), CngPropertyOptions.None);
- CngPlatformProviderKey platformKey = new CngPlatformProviderKey(
+ CngKeyWrapper platformKey = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(
CngAlgorithm.Rsa,
keySuffix: keySize.ToString(),
additionalParameters: keyLengthProperty);
diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj b/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj
index 18e8462a5c6eff..045b1640017a19 100644
--- a/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj
+++ b/src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj
@@ -39,8 +39,8 @@
Link="CommonTest\System\Security\Cryptography\AlgorithmImplementations\ECDiffieHellman\ECDiffieHellmanFactory.cs" />
-
+
+
+
+
diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj b/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj
index b8ad085cbadc1f..865209228719e6 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj
@@ -7,6 +7,8 @@
+
diff --git a/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs b/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
index c19cedc9ff4519..11409ac9857c14 100644
--- a/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
+++ b/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
@@ -427,6 +427,9 @@ public enum CngKeyCreationOptions
None = 0,
MachineKey = 32,
OverwriteExistingKey = 128,
+ PreferVbs = 65536,
+ RequireVbs = 131072,
+ UsePerBootKey = 262144,
}
public sealed partial class CngKeyCreationParameters
{
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs
index 338076d1dbc057..f3f3e7fb423219 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs
@@ -15,5 +15,8 @@ public enum CngKeyCreationOptions : int
None = 0x00000000,
MachineKey = 0x00000020, // NCRYPT_MACHINE_KEY_FLAG
OverwriteExistingKey = 0x00000080, // NCRYPT_OVERWRITE_KEY_FLAG
+ PreferVbs = 0x00010000, // NCRYPT_PREFER_VBS_FLAG
+ RequireVbs = 0x00020000, // NCRYPT_REQUIRE_VBS_FLAG
+ UsePerBootKey = 0x00040000, // NCRYPT_USE_PER_BOOT_KEY_FLAG
}
}
diff --git a/src/libraries/System.Security.Cryptography/tests/CngKeyTests.cs b/src/libraries/System.Security.Cryptography/tests/CngKeyTests.cs
new file mode 100644
index 00000000000000..1fd515beac292b
--- /dev/null
+++ b/src/libraries/System.Security.Cryptography/tests/CngKeyTests.cs
@@ -0,0 +1,118 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using Test.Cryptography;
+using Xunit;
+
+namespace System.Security.Cryptography.Tests
+{
+ public class CngKeyTests
+ {
+ [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsVbsAvailable))]
+ [InlineData(CngKeyCreationOptions.PreferVbs)]
+ [InlineData(CngKeyCreationOptions.RequireVbs)]
+ [InlineData(CngKeyCreationOptions.UsePerBootKey)]
+ public void CreateVbsKey_SignAndVerify(CngKeyCreationOptions creationOption)
+ {
+ using (CngKeyWrapper key = CngKeyWrapper.CreateMicrosoftSoftwareKeyStorageProvider(
+ CngAlgorithm.ECDsaP256,
+ creationOption,
+ keySuffix: creationOption.ToString()))
+ {
+ SignAndVerifyECDsa(key.Key);
+ }
+ }
+
+ [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsVbsAvailable))]
+ [InlineData(CngKeyCreationOptions.PreferVbs)]
+ [InlineData(CngKeyCreationOptions.RequireVbs)]
+ [InlineData(CngKeyCreationOptions.UsePerBootKey)]
+ public void CreateVbsKey_KeyIsNotExportable(CngKeyCreationOptions creationOption)
+ {
+ using (CngKeyWrapper key = CngKeyWrapper.CreateMicrosoftSoftwareKeyStorageProvider(
+ CngAlgorithm.ECDsaP256,
+ creationOption,
+ keySuffix: creationOption.ToString()))
+ {
+ using (ECDsaCng ecdsa = new ECDsaCng(key.Key))
+ {
+ Assert.ThrowsAny(() => ecdsa.ExportExplicitParameters(includePrivateParameters: true));
+ }
+ }
+ }
+
+ [ConditionalTheory(typeof(PlatformSupport), nameof(PlatformSupport.IsVbsAvailable))]
+ [InlineData(CngKeyCreationOptions.PreferVbs)]
+ [InlineData(CngKeyCreationOptions.RequireVbs)]
+ [InlineData(CngKeyCreationOptions.UsePerBootKey)]
+ [InlineData(CngKeyCreationOptions.PreferVbs | CngKeyCreationOptions.UsePerBootKey)]
+ [InlineData(CngKeyCreationOptions.RequireVbs | CngKeyCreationOptions.UsePerBootKey)]
+ public void CreateVbsKey_SoftwareKeyStorageProviderFlagsOnWrongProvider(CngKeyCreationOptions creationOption)
+ {
+ Assert.ThrowsAny(() => CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(
+ CngAlgorithm.ECDsaP256,
+ creationOption: creationOption,
+ keySuffix: creationOption.ToString()));
+ }
+
+ private static void SignAndVerifyECDsa(CngKey key)
+ {
+ using (ECDsaCng ecdsa = new ECDsaCng(key))
+ {
+ byte[] data = { 12, 11, 02, 08, 25, 14, 11, 18, 16 };
+
+ // using key directly
+ byte[] signature = ecdsa.SignData(data, HashAlgorithmName.SHA256);
+ VerifyTests(ecdsa, data, signature);
+
+ // through cert
+ CertificateRequest req = new CertificateRequest("CN=potato", ecdsa, HashAlgorithmName.SHA256);
+ DateTimeOffset now = DateTimeOffset.UtcNow;
+ using (X509Certificate2 cert = req.CreateSelfSigned(now, now.AddHours(1)))
+ using (ECDsa certKey = cert.GetECDsaPrivateKey())
+ using (ECDsa certPubKey = cert.GetECDsaPublicKey())
+ {
+ Assert.NotNull(certKey);
+ Assert.NotNull(certPubKey);
+
+ VerifyTests(certPubKey, data, signature);
+ VerifyTests(certKey, data, signature);
+
+ Assert.ThrowsAny(() => certPubKey.SignData(data, HashAlgorithmName.SHA256));
+ signature = certKey.SignData(data, HashAlgorithmName.SHA256);
+
+ VerifyTests(ecdsa, data, signature);
+ VerifyTests(certPubKey, data, signature);
+ VerifyTests(certKey, data, signature);
+ }
+
+ // we can still sign/verify after disposing the cert
+ signature = ecdsa.SignData(data, HashAlgorithmName.SHA256);
+ VerifyTests(ecdsa, data, signature);
+ }
+ }
+
+ private static void VerifyTests(ECDsa ecdsa, byte[] data, byte[] signature)
+ {
+ bool valid = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
+ Assert.True(valid, "signature is not valid");
+
+ signature[0] ^= 0xFF;
+ valid = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
+ Assert.False(valid, "tampered signature is valid");
+ signature[0] ^= 0xFF;
+
+ data[0] ^= 0xFF;
+ valid = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
+ Assert.False(valid, "tampered data is verified as valid");
+ data[0] ^= 0xFF;
+
+ // we call it second time and expect no issues with validation
+ valid = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
+ Assert.True(valid, "signature is not valid");
+ }
+ }
+}
diff --git a/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj b/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj
index 84f0fa2947c49c..0dea3f2b5f48b3 100644
--- a/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj
+++ b/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj
@@ -219,8 +219,8 @@
Link="CommonTest\System\Security\Cryptography\509Certificates\X509CertificateLoaderTests.cs" />
-
+
+
diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs
index 6f8a0b6c0bf871..64ded87aa4e041 100644
--- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs
+++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/CertTests.cs
@@ -864,7 +864,7 @@ public static void CertificateSha3Signed()
[OuterLoop("Hardware backed key generation takes several seconds.", ~TestPlatforms.Browser)]
public static void CreateCertificate_MicrosoftPlatformCryptoProvider_EcdsaKey()
{
- using (CngPlatformProviderKey platformKey = new CngPlatformProviderKey(CngAlgorithm.ECDsaP256))
+ using (CngKeyWrapper platformKey = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(CngAlgorithm.ECDsaP256))
using (ECDsaCng ecdsa = new ECDsaCng(platformKey.Key))
{
CertificateRequest req = new CertificateRequest("CN=potato", ecdsa, HashAlgorithmName.SHA256);
@@ -885,7 +885,7 @@ public static void CreateCertificate_MicrosoftPlatformCryptoProvider_EcdsaKey()
[OuterLoop("Hardware backed key generation takes several seconds.", ~TestPlatforms.Browser)]
public static void CreateCertificate_MicrosoftPlatformCryptoProvider_RsaKey()
{
- using (CngPlatformProviderKey platformKey = new CngPlatformProviderKey(CngAlgorithm.Rsa))
+ using (CngKeyWrapper platformKey = CngKeyWrapper.CreateMicrosoftPlatformCryptoProvider(CngAlgorithm.Rsa))
using (RSACng rsa = new RSACng(platformKey.Key))
{
CertificateRequest req = new CertificateRequest("CN=potato", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);