Add an RSAFactory to the RSA test suite.

Implementors will need to define an IRSAProvider and assign it via a field initializer (s_provider) for the RSAFactory class.  This was chosen over RSA.Create() for two reasons:
1) RSA.Create() isn't part of the contract yet.
2) There will be 3 RSA implementations, but only two of them capable of being returned by RSA.Create(), so an alternate factory is required for long-term support of CAPI testing.

Author: bartonjs

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs

@@ -32,10 +32,10 @@ public static void DecryptSavedAnswer()
 
             byte[] output;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA1024Params);
-                output = rsa.Decrypt(cipherBytes, true);
+                output = rsa.Decrypt(cipherBytes, RSAEncryptionPadding.OaepSHA1);
             }
 
             Assert.Equal(TestData.HelloBytes, output);
@@ -66,10 +66,10 @@ public static void DecryptSavedAnswerUnusualExponent()
 
             byte[] output;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.UnusualExponentParameters);
-                output = rsa.Decrypt(cipherBytes, true);
+                output = rsa.Decrypt(cipherBytes, RSAEncryptionPadding.OaepSHA1);
             }
 
             Assert.Equal(TestData.HelloBytes, output);
@@ -81,10 +81,10 @@ public static void RsaCryptRoundtrip()
             byte[] crypt;
             byte[] output;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
-                crypt = rsa.Encrypt(TestData.HelloBytes, true);
-                output = rsa.Decrypt(crypt, true);
+                crypt = rsa.Encrypt(TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
+                output = rsa.Decrypt(crypt, RSAEncryptionPadding.OaepSHA1);
             }
 
             Assert.NotEqual(crypt, output);
@@ -96,13 +96,13 @@ public static void RsaDecryptAfterExport()
         {
             byte[] output;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
-                byte[] crypt = rsa.Encrypt(TestData.HelloBytes, true);
+                byte[] crypt = rsa.Encrypt(TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
 
                 // Export the key, this should not clear/destroy the key.
                 RSAParameters ignored = rsa.ExportParameters(true);
-                output = rsa.Decrypt(crypt, true);
+                output = rsa.Decrypt(crypt, RSAEncryptionPadding.OaepSHA1);
             }
 
             Assert.Equal(TestData.HelloBytes, output);
@@ -113,7 +113,7 @@ public static void LargeKeyCryptRoundtrip()
         {
             byte[] output;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 try
                 {
@@ -125,11 +125,11 @@ public static void LargeKeyCryptRoundtrip()
                     return;
                 }
 
-                byte[] crypt = rsa.Encrypt(TestData.HelloBytes, true);
+                byte[] crypt = rsa.Encrypt(TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
 
                 Assert.Equal(rsa.KeySize, crypt.Length * 8);
 
-                output = rsa.Decrypt(crypt, true);
+                output = rsa.Decrypt(crypt, RSAEncryptionPadding.OaepSHA1);
             }
 
             Assert.Equal(TestData.HelloBytes, output);
@@ -141,12 +141,12 @@ public static void UnusualExponentCryptRoundtrip()
             byte[] crypt;
             byte[] output;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.UnusualExponentParameters);
 
-                crypt = rsa.Encrypt(TestData.HelloBytes, true);
-                output = rsa.Decrypt(crypt, true);
+                crypt = rsa.Encrypt(TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
+                output = rsa.Decrypt(crypt, RSAEncryptionPadding.OaepSHA1);
             }
 
             Assert.NotEqual(crypt, output);

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs

@@ -14,7 +14,7 @@ public static void ExportAutoKey()
             RSAParameters publicParams;
             int keySize;
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 keySize = rsa.KeySize;
 
@@ -53,7 +53,7 @@ public static void PaddedExport()
             RSAParameters diminishedDPParamaters = TestData.DiminishedDPParamaters;
             RSAParameters exported;
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(diminishedDPParamaters);
                 exported = rsa.ExportParameters(true);
@@ -69,7 +69,7 @@ public static void LargeKeyImportExport()
         {
             RSAParameters imported = TestData.RSA16384Params;
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 try
                 {
@@ -106,7 +106,7 @@ public static void UnusualExponentImportExport()
             RSAParameters unusualExponentParameters = TestData.UnusualExponentParameters;
             RSAParameters exported;
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(unusualExponentParameters);
                 exported = rsa.ExportParameters(true);
@@ -120,7 +120,7 @@ public static void UnusualExponentImportExport()
         [Fact]
         public static void ImportReset()
         {
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 RSAParameters exported = rsa.ExportParameters(true);
                 RSAParameters imported;
@@ -152,7 +152,7 @@ public static void MultiExport()
         {
             RSAParameters imported = TestData.RSA1024Params;
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(imported);
 
@@ -187,7 +187,7 @@ public static void PublicOnlyPrivateExport()
                 Exponent = TestData.RSA1024Params.Exponent,
             };
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(imported);
                 Assert.Throws<CryptographicException>(() => rsa.ExportParameters(true));
@@ -202,7 +202,7 @@ public static void ImportNoExponent()
                 Modulus = TestData.RSA1024Params.Modulus,
             };
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 Assert.Throws<CryptographicException>(() => rsa.ImportParameters(imported));
             }
@@ -216,7 +216,7 @@ public static void ImportNoModulus()
                 Exponent = TestData.RSA1024Params.Exponent,
             };
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 Assert.Throws<CryptographicException>(() => rsa.ImportParameters(imported));
             }
@@ -230,7 +230,7 @@ public static void ImportNoDP()
             RSAParameters imported = TestData.RSA1024Params;
             imported.DP = null;
 
-            using (RSA rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 Assert.Throws<CryptographicException>(() => rsa.ImportParameters(imported));
             }

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs

@@ -46,12 +46,12 @@ private static void GenerateKey(Func<RSA, int> getSize)
         {
             int keySize;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 keySize = getSize(rsa);
             }
 
-            using (var rsa = new RSACryptoServiceProvider(keySize))
+            using (RSA rsa = RSAFactory.Create(keySize))
             {
                 Assert.Equal(keySize, rsa.KeySize);
 

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs

@@ -0,0 +1,24 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+namespace System.Security.Cryptography.Rsa.Tests
+{
+    public interface IRSAProvider
+    {
+        RSA Create();
+        RSA Create(int keySize);
+    }
+
+    public static partial class RSAFactory
+    {
+        public static RSA Create()
+        {
+            return s_provider.Create();
+        }
+
+        public static RSA Create(int keySize)
+        {
+            return s_provider.Create(keySize);
+        }
+    }
+}

src/Common/tests/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-using System.Collections;
 using System.Collections.Generic;
 using System.IO;
 using Test.IO.Streams;
@@ -147,10 +146,10 @@ public static void ExpectSignature_SHA256_1024_Stream()
             byte[] signature;
 
             using (Stream stream = new PositionValueStream(10))
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA1024Params);
-                signature = rsa.SignData(stream, "SHA256");
+                signature = rsa.SignData(stream, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
             }
 
             Assert.Equal(expectedSignature, signature);
@@ -287,11 +286,11 @@ public static void SignAndVerify_SHA256_1024()
         [Fact]
         public static void NegativeVerify_WrongAlgorithm()
         {
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA2048Params);
-                byte[] signature = rsa.SignData(TestData.HelloBytes, "SHA1");
-                bool signatureMatched = rsa.VerifyData(TestData.HelloBytes, "SHA256", signature);
+                byte[] signature = rsa.SignData(TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
+                bool signatureMatched = rsa.VerifyData(TestData.HelloBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
 
                 Assert.False(signatureMatched);
             }
@@ -300,27 +299,27 @@ public static void NegativeVerify_WrongAlgorithm()
         [Fact]
         public static void NegativeVerify_WrongSignature()
         {
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA2048Params);
-                byte[] signature = rsa.SignData(TestData.HelloBytes, "SHA1");
+                byte[] signature = rsa.SignData(TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
 
                 // Invalidate the signature.
                 signature[0] = (byte)~signature[0];
 
-                bool signatureMatched = rsa.VerifyData(TestData.HelloBytes, "SHA1", signature);
+                bool signatureMatched = rsa.VerifyData(TestData.HelloBytes, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
                 Assert.False(signatureMatched);
             }
         }
 
         [Fact]
         public static void NegativeVerify_TamperedData()
         {
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA2048Params);
-                byte[] signature = rsa.SignData(TestData.HelloBytes, "SHA1");
-                bool signatureMatched = rsa.VerifyData(Array.Empty<byte>(), "SHA1", signature);
+                byte[] signature = rsa.SignData(TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
+                bool signatureMatched = rsa.VerifyData(Array.Empty<byte>(), signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
                 Assert.False(signatureMatched);
             }
         }
@@ -330,16 +329,16 @@ public static void NegativeVerify_BadKeysize()
         {
             byte[] signature;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA2048Params);
-                signature = rsa.SignData(TestData.HelloBytes, "SHA1");
+                signature = rsa.SignData(TestData.HelloBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
             }
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(TestData.RSA1024Params);
-                bool signatureMatched = rsa.VerifyData(TestData.HelloBytes, "SHA1", signature);
+                bool signatureMatched = rsa.VerifyData(TestData.HelloBytes, signature, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
 
                 Assert.False(signatureMatched);
             }
@@ -619,10 +618,10 @@ private static void ExpectSignature(
             // the signature is deterministic, so we can safely verify it here.
             byte[] signature;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(rsaParameters);
-                signature = rsa.SignData(data, hashAlgorithmName);
+                signature = rsa.SignData(data, new HashAlgorithmName(hashAlgorithmName), RSASignaturePadding.Pkcs1);
             }
 
             Assert.Equal(expectedSignature, signature);
@@ -640,10 +639,10 @@ private static void ExpectHashSignature(
             // the signature is deterministic, so we can safely verify it here.
             byte[] signature;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(rsaParameters);
-                signature = rsa.SignHash(dataHash, hashAlgorithmName);
+                signature = rsa.SignHash(dataHash, new HashAlgorithmName(hashAlgorithmName), RSASignaturePadding.Pkcs1);
             }
 
             Assert.Equal(expectedSignature, signature);
@@ -663,10 +662,10 @@ private static void VerifySignature(
 
             bool signatureMatched;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(publicOnly);
-                signatureMatched = rsa.VerifyData(data, hashAlgorithmName, signature);
+                signatureMatched = rsa.VerifyData(data, signature, new HashAlgorithmName(hashAlgorithmName), RSASignaturePadding.Pkcs1);
             }
 
             Assert.True(signatureMatched);
@@ -686,22 +685,22 @@ private static void VerifyHashSignature(
 
             bool signatureMatched;
 
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(publicOnly);
-                signatureMatched = rsa.VerifyHash(dataHash, hashAlgorithmName, signature);
+                signatureMatched = rsa.VerifyHash(dataHash, signature, new HashAlgorithmName(hashAlgorithmName), RSASignaturePadding.Pkcs1);
             }
 
             Assert.True(signatureMatched);
         }
 
         private static void SignAndVerify(byte[] data, string hashAlgorithmName, RSAParameters rsaParameters)
         {
-            using (var rsa = new RSACryptoServiceProvider())
+            using (RSA rsa = RSAFactory.Create())
             {
                 rsa.ImportParameters(rsaParameters);
-                byte[] signature = rsa.SignData(data, hashAlgorithmName);
-                bool signatureMatched = rsa.VerifyData(data, hashAlgorithmName, signature);
+                byte[] signature = rsa.SignData(data, new HashAlgorithmName(hashAlgorithmName), RSASignaturePadding.Pkcs1);
+                bool signatureMatched = rsa.VerifyData(data, signature, new HashAlgorithmName(hashAlgorithmName), RSASignaturePadding.Pkcs1);
                 Assert.True(signatureMatched);
             }
         }