larsw/WorksOnWin10.cs

## WorksOnWin10.cs
// reference xunit
// reference BouncyCastle
// reference Security.Cryptography.dll (CLR Security project @ Codeplex)

public static byte[] ConvertToNCryptEccPrivateBlob(BigInteger d, ECPoint q)
{
  // from bcrypt.h: #define BCRYPT_ECDSA_PRIVATE_P384_MAGIC 0x34534345  // ECS4
  var magic = new byte[] { 0x45, 0x43, 0x53, 0x34 };
  var len = new byte[] { 0x30, 0, 0, 0 }; // key length - 384 bit / 8

  var db = d.ToByteArrayUnsigned();
  var qx = q.AffineXCoord.GetEncoded();
  var qy = q.AffineYCoord.GetEncoded();

  return (new[] {magic, len, qx, qy, db}).SelectMany(_ => _).ToArray();
}

[Fact]
public void ShouldImportCustomBakedEccPrivateBlobIntoCng()
{
  // Generate ECDSA (X9.62) key pair (p384) with Bouncy Castle.
  var secureRandom = new SecureRandom();
  var ecKeyPairGenerator = new ECKeyPairGenerator("ECDSA");
  var keyGenParams = new ECKeyGenerationParameters(NistNamedCurves.GetOid("P-384"), secureRandom);
  ecKeyPairGenerator.Init(keyGenParams);
  var keyPair = ecKeyPairGenerator.GenerateKeyPair();
  var ecPublicKey = keyPair.Public as ECPublicKeyParameters;
  var privateBytes = ConvertToNCryptEccPrivateBlob(keyPair);
  // Import generated private key into a Cng Key Store & get reference.
  var cngPrivKey = CngKey.Import(privateBytes, CngKeyBlobFormat.EccPrivateBlob);
  Assert.NotNull(cngPrivKey);
}

## WorksOnWin7_and8_1_but_NotOnWin10.cs
// reference xunit
// reference Security.Cryptography.dll (CLR Security project @ Codeplex)
// reference Bouncycastle (patched to emit key usage as an attribute in the PKCS#8 PrivateKeyInfo structure (to get Windows to realize it's a ECDSA and not a ECDH key)

[Fact]
public void ShouldGenerateECKeyPairWithBouncyCastleAndImportIntoDefaultCngKeyStorageProvider_PukesInWin10WithUnknownError()
{
  // Generate ECDSA (X9.62) key pair (p384) with Bouncy Castle.
  var secureRandom = new SecureRandom();
  var ecKeyPairGenerator = new ECKeyPairGenerator("ECDSA");
  var keyGenParams = new ECKeyGenerationParameters(NistNamedCurves.GetOid("P-384"), secureRandom);
  ecKeyPairGenerator.Init(keyGenParams);
  var keyPair = ecKeyPairGenerator.GenerateKeyPair();
  var ecPublicKey = keyPair.Public as ECPublicKeyParameters;

  var pki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
  var privateBytes = pki.GetDerEncoded(); // incl custom attribute fix that adds Key Usage
  Console.WriteLine(Asn1Dump.DumpAsString(Asn1Object.FromByteArray(privateBytes)));
  // Import generated private key into a Cng Key Store & get reference.
  var cngPrivKey = CngKey.Import(privateBytes, CngKeyBlobFormat.Pkcs8PrivateBlob);
  Assert.NotNull(cngPrivKey);
}

[Fact]
public void ShouldGetCngKeyAssociatedWithImportedCertificatePlusPrivateKeyReadFromPkcs12File_PukesInWin10_KeySetNotFound()
{
  var nc = new NetworkCredential("", "Passw0rd");
  var cert = new X509Certificate2(File.ReadAllBytes(@"c:\temp\self-signed.p12"), nc.SecurePassword, X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
  var cngPrivateKey = cert.GetCngPrivateKey();
  Assert.NotNull(cngPrivateKey);
}
	// reference xunit
	// reference BouncyCastle
	// reference Security.Cryptography.dll (CLR Security project @ Codeplex)

	public static byte[] ConvertToNCryptEccPrivateBlob(BigInteger d, ECPoint q)
	{
	// from bcrypt.h: #define BCRYPT_ECDSA_PRIVATE_P384_MAGIC 0x34534345 // ECS4
	var magic = new byte[] { 0x45, 0x43, 0x53, 0x34 };
	var len = new byte[] { 0x30, 0, 0, 0 }; // key length - 384 bit / 8

	var db = d.ToByteArrayUnsigned();
	var qx = q.AffineXCoord.GetEncoded();
	var qy = q.AffineYCoord.GetEncoded();

	return (new[] {magic, len, qx, qy, db}).SelectMany(_ => _).ToArray();
	}

	[Fact]
	public void ShouldImportCustomBakedEccPrivateBlobIntoCng()
	{
	// Generate ECDSA (X9.62) key pair (p384) with Bouncy Castle.
	var secureRandom = new SecureRandom();
	var ecKeyPairGenerator = new ECKeyPairGenerator("ECDSA");
	var keyGenParams = new ECKeyGenerationParameters(NistNamedCurves.GetOid("P-384"), secureRandom);
	ecKeyPairGenerator.Init(keyGenParams);
	var keyPair = ecKeyPairGenerator.GenerateKeyPair();
	var ecPublicKey = keyPair.Public as ECPublicKeyParameters;
	var privateBytes = ConvertToNCryptEccPrivateBlob(keyPair);
	// Import generated private key into a Cng Key Store & get reference.
	var cngPrivKey = CngKey.Import(privateBytes, CngKeyBlobFormat.EccPrivateBlob);
	Assert.NotNull(cngPrivKey);
	}
	// reference xunit
	// reference Security.Cryptography.dll (CLR Security project @ Codeplex)
	// reference Bouncycastle (patched to emit key usage as an attribute in the PKCS#8 PrivateKeyInfo structure (to get Windows to realize it's a ECDSA and not a ECDH key)

	[Fact]
	public void ShouldGenerateECKeyPairWithBouncyCastleAndImportIntoDefaultCngKeyStorageProvider_PukesInWin10WithUnknownError()
	{
	// Generate ECDSA (X9.62) key pair (p384) with Bouncy Castle.
	var secureRandom = new SecureRandom();
	var ecKeyPairGenerator = new ECKeyPairGenerator("ECDSA");
	var keyGenParams = new ECKeyGenerationParameters(NistNamedCurves.GetOid("P-384"), secureRandom);
	ecKeyPairGenerator.Init(keyGenParams);
	var keyPair = ecKeyPairGenerator.GenerateKeyPair();
	var ecPublicKey = keyPair.Public as ECPublicKeyParameters;

	var pki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
	var privateBytes = pki.GetDerEncoded(); // incl custom attribute fix that adds Key Usage
	Console.WriteLine(Asn1Dump.DumpAsString(Asn1Object.FromByteArray(privateBytes)));
	// Import generated private key into a Cng Key Store & get reference.
	var cngPrivKey = CngKey.Import(privateBytes, CngKeyBlobFormat.Pkcs8PrivateBlob);
	Assert.NotNull(cngPrivKey);
	}

	[Fact]
	public void ShouldGetCngKeyAssociatedWithImportedCertificatePlusPrivateKeyReadFromPkcs12File_PukesInWin10_KeySetNotFound()
	{
	var nc = new NetworkCredential("", "Passw0rd");
	var cert = new X509Certificate2(File.ReadAllBytes(@"c:\temp\self-signed.p12"), nc.SecurePassword, X509KeyStorageFlags.UserKeySet \| X509KeyStorageFlags.Exportable \| X509KeyStorageFlags.PersistKeySet);
	var cngPrivateKey = cert.GetCngPrivateKey();
	Assert.NotNull(cngPrivateKey);
	}