Beispiel #1
0
        internal EcdsaCertificate(EVP_PKEY privateKey, X509 certificate, byte[] derCertData, string altNameString, byte[][] chain)
        {
            _certData      = derCertData;
            _key           = privateKey;
            _certificate   = certificate;
            _altNameString = altNameString;
            _chain         = chain ?? new byte[0][];

            _ecKey = EVP_PKEY_get0_EC_KEY(_key);
            var group     = EC_KEY_get0_group(_ecKey);
            var curveName = EC_GROUP_get_curve_name(group);

            _curveName = OBJ_nid2ln(curveName);
            switch (_curveName)
            {
            case "secp256r1":
                _scheme   = SignatureScheme.ecdsa_secp256r1_sha256;
                _hashType = HashType.SHA256;
                break;

            case "secp384r1":
                _scheme   = SignatureScheme.ecdsa_secp384r1_sha384;
                _hashType = HashType.SHA384;
                break;

            case "secp521r1":
                _scheme   = SignatureScheme.ecdsa_secp521r1_sha512;
                _hashType = HashType.SHA512;
                break;

            default:
                ExceptionHelper.ThrowException(new ArgumentException());
                break;
            }
        }
        private void InternalSetPeerKey(Span <byte> peerKey)
        {
            GenerateKeyPair();
            //Get0 methods mean that we do not own the object, and therefore should not free
            //as they belong to another structure so we only need to free the point
            var group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(_keyPair));
            var point = EC_POINT_new(group);

            try
            {
                EC_POINT_oct2point(group, point, peerKey);
                var ecKey = EC_KEY_new_by_curve_name(_curveNid);
                try
                {
                    EC_KEY_set_public_key(ecKey, point);
                    _peerKey = EVP_PKEY_new();
                    EVP_PKEY_assign_EC_KEY(_peerKey, ecKey);
                }
                catch
                {
                    //If the ec key was correctly assigned to the EVP_KEY
                    //then it will be freed when we free the EVP_KEY
                    //which now has ownship so we only release if there was an
                    //exception trying to transfer the ownership
                    ecKey.Free();
                    throw;
                }
            }
            finally
            {
                point.Free();
            }
        }
Beispiel #3
0
        public static unsafe int EVP_PKEY_derive(EVP_PKEY keyPair, EVP_PKEY peerKey, Span <byte> output)
        {
            var ctx = EVP_PKEY_CTX_new(keyPair, IntPtr.Zero);

            try
            {
                var result = EVP_PKEY_derive_init(ctx);
                ThrowOnErrorReturnCode(result);
                result = EVP_PKEY_derive_set_peer(ctx, peerKey);
                ThrowOnErrorReturnCode(result);

                var size = IntPtr.Zero;
                result = EVP_PKEY_derive(ctx, null, ref size);
                ThrowOnErrorReturnCode(result);
                if (size.ToInt32() > output.Length)
                {
                    throw new ArgumentOutOfRangeException(nameof(output));
                }
                fixed(void *outputPtr = &output.DangerousGetPinnableReference())
                {
                    size   = (IntPtr)output.Length;
                    result = EVP_PKEY_derive(ctx, outputPtr, ref size);
                    ThrowOnErrorReturnCode(result);
                    return(size.ToInt32());
                }
            }
            finally
            {
                ctx.Free();
            }
        }
Beispiel #4
0
        public unsafe void SetPeerKey(ReadableBuffer buffer)
        {
            if (buffer.Length != _keyExchangeSize)
            {
                Alerts.AlertException.ThrowAlert(Alerts.AlertLevel.Fatal, Alerts.AlertDescription.illegal_parameter, $"The peer key is not the length of the keyexchange size {buffer.Length} - {_keyExchangeSize}");
            }
            GCHandle handle;
            void *   ptr;

            if (buffer.IsSingleSpan)
            {
                ptr = buffer.First.GetPointer(out handle);
            }
            else
            {
                var tmpBuffer = stackalloc byte[buffer.Length];
                var span      = new Span <byte>(tmpBuffer, buffer.Length);
                buffer.CopyTo(span);
                ptr = tmpBuffer;
            }
            _peerKey = EVP_PKEY_new();
            ThrowOnError(EVP_PKEY_set_type(_peerKey, _nid));
            ThrowOnError(EVP_PKEY_set1_tls_encodedpoint(_peerKey, ptr, (UIntPtr)buffer.Length));

            if (!_publicPrivateKey.IsValid())
            {
                GenerateKeyset();
            }
            _hasPeerKey = true;
        }
 private void InternalSetPeerKey(Span <byte> peerKey)
 {
     _peerKey = EVP_PKEY_new();
     EVP_PKEY_set_type(_peerKey, _nid);
     EVP_PKEY_set1_tls_encodedpoint(_peerKey, peerKey);
     GenerateKeyPair();
 }
Beispiel #6
0
        public static unsafe void EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY pkey, Span <byte> point)
        {
            fixed(void *ptr = &point.DangerousGetPinnableReference())
            {
                var result = EVP_PKEY_set1_tls_encodedpoint(pkey, ptr, (UIntPtr)point.Length);

                ThrowOnErrorReturnCode(result);
            }
        }
Beispiel #7
0
        private void GenerateKeyset()
        {
            var keyGenCtx = EVP_PKEY_CTX_new_id((EVP_PKEY_type)_nid, IntPtr.Zero);

            try
            {
                ThrowOnError(EVP_PKEY_keygen_init(keyGenCtx));
                EVP_PKEY keyPair;
                ThrowOnError(EVP_PKEY_keygen(keyGenCtx, out keyPair));
                _publicPrivateKey = keyPair;
            }
            finally
            {
                keyGenCtx.Free();
            }
        }
Beispiel #8
0
        public static void EVP_PKEY_keygen(EVP_PKEY keyParameters, out EVP_PKEY generatedKey)
        {
            var keyGenCtx = EVP_PKEY_CTX_new(keyParameters, IntPtr.Zero);

            try
            {
                var result = EVP_PKEY_keygen_init(keyGenCtx);
                ThrowOnErrorReturnCode(result);
                result = EVP_PKEY_keygen(keyGenCtx, out generatedKey);
                ThrowOnErrorReturnCode(result);
            }
            finally
            {
                keyGenCtx.Free();
            }
        }
Beispiel #9
0
        private static ICertificate GetCertificate(EVP_PKEY key, X509 x509, byte[] derCertificateData, string altName, byte[][] certChain)
        {
            var name = OBJ_nid2ln(EVP_PKEY_base_id(key));

            switch (name)
            {
            case "id-ecPublicKey":
                return(new EcdsaCertificate(key, x509, derCertificateData, altName, certChain));

            case "rsaEncryption":
                return(new RsaCertificate(key, x509, derCertificateData, altName));

            default:
                throw new NotImplementedException();
            }
        }
Beispiel #10
0
        public static void EVP_PKEY_keygen_function(int functionNid, out EVP_PKEY generatedKey)
        {
            var keyGenCtx = EVP_PKEY_CTX_new_id((EVP_PKEY_type)functionNid, IntPtr.Zero);

            try
            {
                var result = EVP_PKEY_keygen_init(keyGenCtx);
                ThrowOnErrorReturnCode(result);

                result = EVP_PKEY_keygen(keyGenCtx, out generatedKey);
                ThrowOnErrorReturnCode(result);
            }
            finally
            {
                keyGenCtx.Free();
            }
        }
Beispiel #11
0
        public unsafe void SetPeerKey(ReadableBuffer peerKey)
        {
            GenerateECKeySet();

            var group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(_eKey));
            var point = EC_POINT_new(group);

            try
            {
                var handle = default(GCHandle);
                try
                {
                    void *ptr;
                    if (peerKey.IsSingleSpan)
                    {
                        ptr = peerKey.First.GetPointer(out handle);
                    }
                    else
                    {
                        var tmpBuffer = stackalloc byte[peerKey.Length];
                        var span      = new Span <byte>(tmpBuffer, peerKey.Length);
                        peerKey.CopyTo(span);
                        ptr = tmpBuffer;
                    }
                    ThrowOnError(EC_POINT_oct2point(group, point, ptr, (IntPtr)peerKey.Length, null));
                }
                finally
                {
                    if (handle.IsAllocated)
                    {
                        handle.Free();
                    }
                }
                var ecClientKey = EC_KEY_new_by_curve_name(_curveNid);
                ThrowOnError(EC_KEY_set_public_key(ecClientKey, point));
                _clientKey = EVP_PKEY_new();
                ThrowOnError(EVP_PKEY_assign_EC_KEY(_clientKey, ecClientKey));
                _hasPeerKey = true;
            }
            finally
            {
                point.Free();
            }
        }
Beispiel #12
0
        public static unsafe int EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY pkey, Span <byte> output)
        {
            var buffSize = (int)ThrowOnError(EVP_PKEY_get1_tls_encodedpoint(pkey, out IntPtr ptr));

            try
            {
                if (buffSize > output.Length)
                {
                    throw new InvalidOperationException();
                }
                var span = new Span <byte>((byte *)ptr, buffSize);
                span.CopyTo(output);
            }
            finally
            {
                CRYPTO_clear_free(ptr, (UIntPtr)buffSize, $"OpenSslFunction.cs", 97);
            }
            return(buffSize);
        }
Beispiel #13
0
        public static void EVP_PKEY_paramgen_ECCurve(int curveNid, out EVP_PKEY curveParameters)
        {
            const EVP_PKEY_Ctrl_OP      op  = EVP_PKEY_Ctrl_OP.EVP_PKEY_OP_PARAMGEN | EVP_PKEY_Ctrl_OP.EVP_PKEY_OP_KEYGEN;
            const EVP_PKEY_Ctrl_Command cmd = EVP_PKEY_Ctrl_Command.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID;

            var ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_type.EVP_PKEY_EC, IntPtr.Zero);

            try
            {
                var result = EVP_PKEY_paramgen_init(ctx);
                ThrowOnErrorReturnCode(result);
                result = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_type.EVP_PKEY_EC, op, cmd, curveNid, IntPtr.Zero);
                ThrowOnErrorReturnCode(result);
                result = EVP_PKEY_paramgen(ctx, out curveParameters);
            }
            finally
            {
                ctx.Free();
            }
        }
Beispiel #14
0
        private void GenerateECKeySet()
        {
            if (_eKey.IsValid())
            {
                return;
            }
            var param     = CreateParams();
            var keyGenCtx = default(EVP_PKEY_CTX);

            try
            {
                keyGenCtx = EVP_PKEY_CTX_new(param, IntPtr.Zero);
                ThrowOnError(EVP_PKEY_keygen_init(keyGenCtx));
                EVP_PKEY keyPair;
                ThrowOnError(EVP_PKEY_keygen(keyGenCtx, out keyPair));
                _eKey = keyPair;
            }
            finally
            {
                keyGenCtx.Free();
                param.Free();
            }
        }
Beispiel #15
0
 private unsafe extern static int Internal_SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey);
Beispiel #16
0
        public static void SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY key)
        {
            var result = Internal_SSL_CTX_use_PrivateKey(ctx, key);

            ThrowOnErrorReturnCode(result);
        }
 internal static extern EVP_PKEY_CTX EVP_PKEY_CTX_new(EVP_PKEY pkey, IntPtr e);
Beispiel #18
0
 private static extern EVP_PKEY_CTX EVP_PKEY_CTX_new(EVP_PKEY pkey, IntPtr e);
 private static extern int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX ctx, EVP_PKEY peer);
Beispiel #20
0
        public static void EVP_PKEY_assign_EC_KEY(EVP_PKEY pkey, EC_KEY key)
        {
            var result = EVP_PKEY_assign(pkey, EVP_PKEY_type.EVP_PKEY_EC, key);

            ThrowOnErrorReturnCode(result);
        }
Beispiel #21
0
 private extern static int PKCS12_parse(PKCS12 p12, string pass, out EVP_PKEY pkey, out X509 cert, IntPtr ca);
Beispiel #22
0
 internal static extern unsafe int EVP_PKEY_set_type(EVP_PKEY key, int nid);
Beispiel #23
0
 internal RsaCertificate(EVP_PKEY privateKey, X509 certificate, byte[] derCertData, string altNameString)
 {
     _key           = privateKey;
     _altNameString = altNameString;
     _derCertData   = derCertData;
 }
Beispiel #24
0
 internal static extern unsafe int EVP_SignFinal(EVP_MD_CTX ctx, void *sig, ref int s, EVP_PKEY pkey);
Beispiel #25
0
 public static extern EC_KEY EVP_PKEY_get0_EC_KEY(EVP_PKEY key);
Beispiel #26
0
 internal static extern int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, out EVP_PKEY ppkey);
Beispiel #27
0
 internal static extern unsafe int EVP_PKEY_paramgen(EVP_PKEY_CTX ctx, out EVP_PKEY ppkey);
Beispiel #28
0
 internal static extern unsafe int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY pkey, void *pt, UIntPtr ptlen);
 internal static extern unsafe int EVP_DigestSignInit(EVP_MD_CTX ctx, EVP_PKEY_CTX *pctx, IntPtr type, IntPtr engine, EVP_PKEY pkey);
Beispiel #30
0
 private static extern int EVP_PKEY_assign(EVP_PKEY pkey, EVP_PKEY_type keyType, EC_KEY key);