Beispiel #1
0
        /// <summary>
        /// Шифрует общий секретный ключ.
        /// </summary>
        /// <param name="keyExchangeAlgorithm">Алгоритм шифрации общего секретного ключа.</param>
        /// <exception cref="ArgumentNullException"></exception>
        public GostKeyExchange CreateKeyExchangeInfo(SymmetricAlgorithm keyExchangeAlgorithm)
        {
            if (keyExchangeAlgorithm == null)
            {
                throw ExceptionUtility.ArgumentNull("keyExchangeAlgorithm");
            }

            var keyExchange           = new GostKeyExchange();
            var keyExchangeParameters = _publicKey.ExportParameters(false);

            using (var keyExchangeAsym = new Gost3410EphemeralAsymmetricAlgorithm(keyExchangeParameters))
            {
                byte[] encodedKeyExchangeInfo;

                using (var keyExchangeAlg = keyExchangeAsym.CreateKeyExchange(keyExchangeParameters))
                {
                    encodedKeyExchangeInfo = keyExchangeAlg.EncodeKeyExchange(keyExchangeAlgorithm, GostKeyExchangeExportMethod.CryptoProKeyExport);
                }

                var keyExchangeInfo = new GostKeyExchangeInfo();
                keyExchangeInfo.Decode(encodedKeyExchangeInfo);

                keyExchange.SessionEncryptedKey = keyExchangeInfo;
                keyExchange.TransportParameters = keyExchangeAsym.ExportParameters(false);
            }

            return(keyExchange);
        }
Beispiel #2
0
        public static byte[] EncodeEncryptionParamSet(string encryptionParamSet)
        {
            if (encryptionParamSet == null)
            {
                throw ExceptionUtility.ArgumentNull("encryptionParamSet");
            }

            byte[] data;

            try
            {
                var asnEncoder = new Asn1BerEncodeBuffer();
                var parameters = new Gost2814789BlobParameters {
                    EncryptionParamSet = CreateEncryptionParamSet(encryptionParamSet)
                };
                parameters.Encode(asnEncoder);

                data = asnEncoder.MsgCopy;
            }
            catch (Exception exception)
            {
                throw ExceptionUtility.CryptographicException(exception, Resources.Asn1EncodeError, typeof(Gost2814789BlobParameters).FullName);
            }

            return(data);
        }
        /// <summary>
        /// Зашифровать идентификатор OID параметров шифрования.
        /// </summary>
        public static byte[] EncodeEncryptionParamSet(string encryptionParamSet)
        {
            if (encryptionParamSet == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(encryptionParamSet));
            }

            byte[] data;

            try
            {
                var parameters = new Gost_28147_89_BlobParams {
                    EncryptionParamSet = Gost_28147_89_ParamSet.FromString(encryptionParamSet)
                };

                var asnEncoder = new Asn1BerEncodeBuffer();
                parameters.Encode(asnEncoder);
                data = asnEncoder.MsgCopy;
            }
            catch (Exception exception)
            {
                throw ExceptionUtility.CryptographicException(exception, Resources.Asn1EncodeError, nameof(Gost_28147_89_BlobParams));
            }

            return(data);
        }
Beispiel #4
0
        public static unsafe void HashData(SafeHashHandleImpl hashHandle, byte[] data, int dataOffset, int dataLength)
        {
            if (data == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(data));
            }

            if (dataOffset < 0)
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(dataOffset));
            }

            if (dataLength < 0)
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(dataLength));
            }

            if (data.Length < dataOffset + dataLength)
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(dataLength));
            }

            if (dataLength > 0)
            {
                fixed(byte *dataRef = data)
                {
                    var dataOffsetRef = dataRef + dataOffset;

                    if (!CryptoApi.CryptHashData(hashHandle, dataOffsetRef, (uint)dataLength, 0))
                    {
                        throw CreateWin32Error();
                    }
                }
            }
        }
Beispiel #5
0
        private bool VerifyHash(byte[] hash, byte[] signature)
        {
            if (hash == null)
            {
                throw ExceptionUtility.ArgumentNull("hash");
            }

            if (signature == null)
            {
                throw ExceptionUtility.ArgumentNull("signature");
            }

            if (hash.Length != 64)
            {
                throw ExceptionUtility.ArgumentOutOfRange("InvalidHashSize");
            }

            bool res = false;

            UsingKey(h =>
            {
                res = CryptoApiHelper.VerifySign(_providerHandle, h, hash, signature, GostAlgorithmType.Gost2012_512);
            });
            return(res);
        }
        public override byte[] GetDecryptionIV(EncryptedData encryptedData, string symmetricAlgorithmUri)
        {
            if (encryptedData == null)
            {
                throw ExceptionUtility.ArgumentNull("encryptedData");
            }

            if (symmetricAlgorithmUri == null)
            {
                if (encryptedData.EncryptionMethod == null)
                {
                    return(base.GetDecryptionIV(encryptedData, null));
                }

                symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm;
            }

            if (string.Equals(symmetricAlgorithmUri, GostEncryptedXml.XmlEncGost28147Url, StringComparison.OrdinalIgnoreCase))
            {
                var iv = new byte[8];
                Buffer.BlockCopy(GetCipherValue(encryptedData.CipherData), 0, iv, 0, iv.Length);

                return(iv);
            }

            return(base.GetDecryptionIV(encryptedData, symmetricAlgorithmUri));
        }
        private static SymmetricAlgorithm DecryptKeyClass(byte[] keyData, RSA algorithm, bool useOaep, string symmetricAlgorithmUri)
        {
            if (keyData == null)
            {
                throw ExceptionUtility.ArgumentNull("keyData");
            }

            if (algorithm == null)
            {
                throw ExceptionUtility.ArgumentNull("algorithm");
            }

            SymmetricAlgorithm decryptionKey = null;

            var decryptionKeyBytes = DecryptKey(keyData, algorithm, useOaep);

            if (decryptionKeyBytes != null)
            {
                decryptionKey     = (SymmetricAlgorithm)GostCryptoConfig.CreateFromName(symmetricAlgorithmUri);
                decryptionKey.Key = decryptionKeyBytes;
            }

            if (decryptionKey == null)
            {
                throw ExceptionUtility.CryptographicException(Resources.XmlMissingAlgorithm);
            }

            return(decryptionKey);
        }
        private Gost_R3411_PRF(ProviderType providerType, Gost_28147_89_SymmetricAlgorithm key, byte[] label, byte[] seed) : base(providerType)
        {
            if (label == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(label));
            }

            if (seed == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(seed));
            }

            _key  = key;
            _hmac = CreateHMAC(key);

            var labelAndSeed = new byte[label.Length + seed.Length];

            label.CopyTo(labelAndSeed, 0);
            seed.CopyTo(labelAndSeed, label.Length);

            _labelAndSeed = labelAndSeed;
            _buffer       = new byte[labelAndSeed.Length + (_hmac.HashSize / 8)];

            _value    = labelAndSeed;
            _keyIndex = 0;
        }
        public static Gost_28147_89_SymmetricAlgorithm CreateFromPassword(HashAlgorithm hashAlgorithm, byte[] password)
        {
            if (hashAlgorithm == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(hashAlgorithm));
            }

            if (!(hashAlgorithm is IGostAlgorithm gostHashAlgorithm))
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(hashAlgorithm));
            }

            if (!(hashAlgorithm is ISafeHandleProvider <SafeHashHandleImpl> hashHandleProvider))
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(hashAlgorithm));
            }

            if (password == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(password));
            }

            hashAlgorithm.TransformBlock(password, 0, password.Length, password, 0);

            var providerType   = gostHashAlgorithm.ProviderType;
            var providerHandle = CryptoApiHelper.GetProviderHandle(providerType);
            var symKeyHandle   = CryptoApiHelper.DeriveSymKey(providerHandle, hashHandleProvider.SafeHandle);

            return(new Gost_28147_89_SymmetricAlgorithm(providerType, providerHandle, symKeyHandle));
        }
Beispiel #10
0
        private byte[] SignHash(byte[] hash)
        {
            if (hash == null)
            {
                throw ExceptionUtility.ArgumentNull("hash");
            }

            if (hash.Length != 32)
            {
                throw ExceptionUtility.ArgumentOutOfRange("hash", Resources.InvalidHashSize);
            }

            if (IsPublicKeyOnly)
            {
                throw ExceptionUtility.CryptographicException(Resources.NoPrivateKey);
            }

            GetKeyPair();

            if (!CspKeyContainerInfo.RandomlyGenerated)
            {
                var keyContainerPermission  = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
                var keyContainerAccessEntry = new KeyContainerPermissionAccessEntry(_providerParameters, KeyContainerPermissionFlags.Sign);
                keyContainerPermission.AccessEntries.Add(keyContainerAccessEntry);
                keyContainerPermission.Demand();
            }

            return(CryptoApiHelper.SignValue(_providerHandle, _providerParameters.KeyNumber, hash));
        }
Beispiel #11
0
        private static GostKeyExchangeParameters DecodePublicBlob(byte[] encodedPublicBlob, GostAlgorithmType algorithm)
        {
            if (encodedPublicBlob == null)
            {
                throw ExceptionUtility.ArgumentNull("encodedPublicBlob");
            }

            int size;

            switch (algorithm)
            {
            case GostAlgorithmType.Gost2001:
                size = 512;
                break;

            case GostAlgorithmType.Gost2012_256:
                size = 512;
                break;

            case GostAlgorithmType.Gost2012_512:
                size = 1024;
                break;

            default:
                throw new CryptographicException(Resources.AlgorithmNotAvailable);
            }

            if (encodedPublicBlob.Length < 16 + size / 8)
            {
                throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
            }

            var gostKeyMask = BitConverter.ToUInt32(encodedPublicBlob, 8);

            if (gostKeyMask != Constants.GR3410_1_MAGIC)
            {
                throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
            }

            var gostKeySize = BitConverter.ToUInt32(encodedPublicBlob, 12);

            if (gostKeySize != size)
            {
                throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
            }

            var publicKeyParameters = new GostKeyExchangeParameters();

            var encodeKeyParameters = new byte[(encodedPublicBlob.Length - 16) - size / 8];

            Array.Copy(encodedPublicBlob, 16, encodeKeyParameters, 0, (encodedPublicBlob.Length - 16) - size / 8);
            publicKeyParameters.DecodeParameters(encodeKeyParameters);

            var publicKey = new byte[64];

            Array.Copy(encodedPublicBlob, encodedPublicBlob.Length - size / 8, publicKey, 0, size / 8);
            publicKeyParameters.PublicKey = publicKey;

            return(publicKeyParameters);
        }
        private TKey CreateKeyExchangeInfo(SymmetricAlgorithm keyExchangeAlgorithm)
        {
            if (keyExchangeAlgorithm == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(keyExchangeAlgorithm));
            }

            var keyExchange           = new TKey();
            var keyExchangeParameters = _publicKey.ExportParameters(false);

            using (var keyExchangeAsym = CreateEphemeralAlgorithm(_publicKey.ProviderType, keyExchangeParameters))
            {
                byte[] encodedKeyExchangeInfo;

                using (var keyExchangeAlg = keyExchangeAsym.CreateKeyExchange(keyExchangeParameters))
                {
                    encodedKeyExchangeInfo = keyExchangeAlg.EncodeKeyExchange(keyExchangeAlgorithm, GostKeyExchangeExportMethod.CryptoProKeyExport);
                }

                var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo();
                keyExchangeInfo.Decode(encodedKeyExchangeInfo);

                keyExchange.SessionEncryptedKey = keyExchangeInfo;
                keyExchange.TransportParameters = keyExchangeAsym.ExportParameters(false);
            }

            return(keyExchange);
        }
        public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
        {
            if (inputBuffer == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(inputBuffer));
            }

            if (inputOffset < 0)
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(inputOffset));
            }

            if ((inputCount < 0) || (inputCount > inputBuffer.Length))
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(inputOffset), Resources.InvalidDataOffset);
            }

            if ((inputBuffer.Length - inputCount) < inputOffset)
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(inputOffset), Resources.InvalidDataOffset);
            }

            byte[] buffer = null;

            if (_transformMode == Gost_28147_89_CryptoTransformMode.Encrypt)
            {
                CryptoApiHelper.EncryptData(_providerType, _keyHandle, inputBuffer, inputOffset, inputCount, ref buffer, 0, _paddingValue, true, _isStreamModeValue);
                Reset();
                return(buffer);
            }

            if (_isStreamModeValue)
            {
                CryptoApiHelper.DecryptData(_keyHandle, inputBuffer, inputOffset, inputCount, ref buffer, 0, _paddingValue, true);
                Reset();
                return(buffer);
            }

            if ((inputCount % InputBlockSize) != 0)
            {
                throw ExceptionUtility.CryptographicException(Resources.DecryptInvalidDataSize);
            }

            if (_dataBuffer == null)
            {
                CryptoApiHelper.DecryptData(_keyHandle, inputBuffer, inputOffset, inputCount, ref buffer, 0, _paddingValue, true);
                Reset();
                return(buffer);
            }

            var destinationArray = new byte[_dataBuffer.Length + inputCount];

            Array.Copy(_dataBuffer, 0, destinationArray, 0, _dataBuffer.Length);
            Array.Copy(inputBuffer, inputOffset, destinationArray, _dataBuffer.Length, inputCount);

            CryptoApiHelper.DecryptData(_keyHandle, destinationArray, 0, destinationArray.Length, ref buffer, 0, _paddingValue, true);
            Reset();
            return(buffer);
        }
Beispiel #14
0
        protected Gost_R3411_HMAC(Gost_28147_89_SymmetricAlgorithmBase keyAlgorithm, int hashSize) : base(keyAlgorithm.ProviderType, hashSize)
        {
            if (keyAlgorithm == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(keyAlgorithm));
            }

            InitDefaults(Gost_28147_89_SymmetricAlgorithm.CreateFromKey(keyAlgorithm));
        }
Beispiel #15
0
        /// <inheritdoc />
        public override void LoadXml(XmlElement element)
        {
            if (element == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(element));
            }

            PublicKey.FromXmlString(element.OuterXml);
        }
Beispiel #16
0
        /// <inheritdoc cref="SignedXml(XmlDocument)"/>
        public GostSignedXml(XmlDocument document)
        {
            if (document == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(document));
            }

            _signedXml = new GostSignedXmlImpl(document);
        }
        public Gost28147ImitHashAlgorithm(byte[] key) : this()
        {
            if (key == null)
            {
                throw ExceptionUtility.ArgumentNull("key");
            }

            _keyAlgorithm.Key = key;
        }
        public Gost3410EphemeralAsymmetricAlgorithm(Asn1.Common.GostKeyExchangeParameters keyParameters)
        {
            if (keyParameters == null)
            {
                throw ExceptionUtility.ArgumentNull("keyParameters");
            }

            _provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
            _keyHandle  = CryptoApiHelper.GenerateDhEphemeralKey(_provHandle, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
        }
        public Gost3410_2012_256EphemeralAsymmetricAlgorithm(GostKeyExchangeParameters keyParameters)
        {
            if (keyParameters == null)
            {
                throw ExceptionUtility.ArgumentNull("keyParameters");
            }

            _provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
            _keyHandle  = CryptoApiHelper.GenerateDhEphemeralKey(_provHandle, Constants.CALG_DH_GR3410_12_256_EPHEM, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
        }
        protected Gost_R3410_EphemeralAsymmetricAlgorithm(ProviderType providerType, TKeyParams keyParameters, int keySize) : base(providerType, keySize)
        {
            if (keyParameters == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(keyParameters));
            }

            _providerHandle = CryptoApiHelper.GetProviderHandle(ProviderType).DangerousAddRef();
            _keyHandle      = CryptoApiHelper.GenerateDhEphemeralKey(providerType, _providerHandle, ExchangeAlgId, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
        }
Beispiel #21
0
        public Gost_28147_89_ImitHashAlgorithm(Gost_28147_89_SymmetricAlgorithmBase key) : base(key.ProviderType, DefaultHashSize)
        {
            if (key == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(key));
            }

            KeyValue = null;

            _keyAlgorithm = Gost_28147_89_SymmetricAlgorithm.CreateFromKey(key);
        }
Beispiel #22
0
        public override void FromXmlString(string keyParametersXml)
        {
            if (string.IsNullOrEmpty(keyParametersXml))
            {
                throw ExceptionUtility.ArgumentNull("keyParametersXml");
            }

            var keyParameters = KeyParametersFromXml(keyParametersXml);

            ImportParameters(keyParameters);
        }
        /// <summary>
        /// Шифрует общий секретный ключ.
        /// </summary>
        /// <param name="keyExchangeAlgorithm">Алгоритм шифрации общего секретного ключа.</param>
        /// <exception cref="ArgumentNullException"></exception>
        public byte[] CreateKeyExchangeData(SymmetricAlgorithm keyExchangeAlgorithm)
        {
            if (keyExchangeAlgorithm == null)
            {
                throw ExceptionUtility.ArgumentNull("keyExchangeAlgorithm");
            }

            var keyExchangeInfo = CreateKeyExchangeInfo(keyExchangeAlgorithm);

            return(keyExchangeInfo.Encode());
        }
Beispiel #24
0
        /// <summary>
        /// Дешифрует общий секретный ключ.
        /// </summary>
        /// <param name="encryptedKeyExchangeInfo">Зашифрованный общий секретный ключ.</param>
        /// <exception cref="ArgumentNullException"></exception>
        public SymmetricAlgorithm DecryptKeyExchangeAlgorithm(GostKeyExchange encryptedKeyExchangeInfo)
        {
            if (encryptedKeyExchangeInfo == null)
            {
                throw ExceptionUtility.ArgumentNull("encryptedKeyExchangeInfo");
            }

            var keyExchangeAlg         = _privateKey.CreateKeyExchange(encryptedKeyExchangeInfo.TransportParameters);
            var encodedKeyExchangeInfo = encryptedKeyExchangeInfo.SessionEncryptedKey.Encode();

            return(keyExchangeAlg.DecodeKeyExchange(encodedKeyExchangeInfo, GostKeyExchangeExportMethod.CryptoProKeyExport));
        }
        public static AsymmetricAlgorithm GetPrivateKeyAlgorithm(this X509Certificate2 certificate)
        {
            if (certificate == null)
            {
                throw ExceptionUtility.ArgumentNull("certificate");
            }

            var cspParameters = GetPrivateKeyInfo(certificate);
            var privateKey    = new Gost3410AsymmetricAlgorithm(cspParameters);

            return(privateKey);
        }
        public Gost28147ImitHashAlgorithm(Gost28147SymmetricAlgorithmBase key)
        {
            if (key == null)
            {
                throw ExceptionUtility.ArgumentNull("key");
            }

            KeyValue      = null;
            HashSizeValue = DefaultHashSize;

            _keyAlgorithm = DuplicateKeyAlg(key);
        }
Beispiel #27
0
        /// <inheritdoc />
        protected override void ValidateHashParameter(byte[] hash)
        {
            if (hash == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(hash));
            }

            if (hash.Length != Gost_R3411_2012_256_HashAlgorithm.DefaultHashSizeValue / 8)
            {
                throw ExceptionUtility.ArgumentOutOfRange(nameof(hash), Resources.InvalidHashSize, Gost_R3411_2012_256_HashAlgorithm.DefaultHashSizeValue / 8);
            }
        }
Beispiel #28
0
        /// <inheritdoc />
        public override SymmetricAlgorithm DecryptKeyExchangeAlgorithm(byte[] encryptedKeyExchangeData)
        {
            if (encryptedKeyExchangeData == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(encryptedKeyExchangeData));
            }

            var keyExchange = new TKey();

            keyExchange.Decode(encryptedKeyExchangeData);

            return(DecryptKeyExchangeAlgorithm(keyExchange));
        }
        public Gost3411Hmac(Gost28147 keyAlgorithm)
        {
            if (keyAlgorithm == null)
            {
                throw ExceptionUtility.ArgumentNull("keyAlgorithm");
            }

            HashName      = DefaultHashName;
            HashSizeValue = DefaultHashSize;

            _keyAlgorithm = DuplicateKeyAlg(keyAlgorithm);
            _hashHandle   = CryptoApiHelper.CreateHashHmac(CryptoApiHelper.ProviderHandle, _keyAlgorithm.InternalKeyHandle, GostCryptoConfig.ProviderType == ProviderTypes.VipNet ? Constants.CALG_GR3411_HMAC34 : Constants.CALG_GR3411_HMAC);
        }
        /// <inheritdoc />
        public override byte[] CreateSignature(byte[] hash)
        {
            if (hash == null)
            {
                throw ExceptionUtility.ArgumentNull(nameof(hash));
            }

            var reverseSignature = _privateKey.CreateSignature(hash);

            Array.Reverse(reverseSignature);

            return(reverseSignature);
        }