public override string ToString()
{
StringBuilder sb = new StringBuilder();
if (Scheme == Ecc.P256)
{
sb.AppendLine("NIST P-256");
}
else if (Scheme == Ecc.P384)
{
sb.AppendLine("NIST P-384");
}
else
{
throw new ArgumentOutOfRangeException("Invalid scheme.");
}
GXByteBuffer pk = new GXByteBuffer(RawValue);
int size = pk.Size / 2;
sb.Append(" public x coord: ");
sb.AppendLine(new GXBigInteger(pk.SubArray(1, size)).ToString());
sb.Append(" public y coord: ");
sb.AppendLine(new GXBigInteger(pk.SubArray(1 + size, size)).ToString());
return(sb.ToString());
}
/// <summary>
/// Check that this is correct public key.
/// </summary>
/// <remarks>
/// This method can be used to verify that public and private key are on the curve.
/// </remarks>
public static void Validate(GXPublicKey publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException("Invalid public key.");
}
GXByteBuffer bb = new GXByteBuffer();
bb.Set(publicKey.RawValue);
int size = SchemeSize(publicKey.Scheme);
GXBigInteger x = new GXBigInteger(bb.SubArray(1, size));
GXBigInteger y = new GXBigInteger(bb.SubArray(1 + size, size));
GXCurve curve = new GXCurve(publicKey.Scheme);
y.Multiply(y);
y.Mod(curve.P);
GXBigInteger tmpX = new GXBigInteger(x);
tmpX.Multiply(x);
tmpX.Mod(curve.P);
tmpX.Add(curve.A);
tmpX.Multiply(x);
tmpX.Add(curve.B);
tmpX.Mod(curve.P);
if (y.Compare(tmpX) != 0)
{
throw new ArgumentException("Public key validate failed. Public key is not valid ECDSA public key.");
}
}
/// <summary>
/// Verify that signature matches the data.
/// </summary>
/// <param name="signature">Generated signature.</param>
/// <param name="data">Data to valuate.</param>
/// <returns></returns>
public bool Verify(byte[] signature, byte[] data)
{
GXBigInteger msg;
if (PublicKey == null)
{
if (PrivateKey == null)
{
throw new ArgumentNullException("Invalid private key.");
}
PublicKey = PrivateKey.GetPublicKey();
}
if (PublicKey.Scheme == Ecc.P256)
{
using (SHA256 sha = new SHA256CryptoServiceProvider())
{
msg = new GXBigInteger(sha.ComputeHash(data));
}
}
else
{
using (SHA384 sha = new SHA384CryptoServiceProvider())
{
msg = new GXBigInteger(sha.ComputeHash(data));
}
}
GXByteBuffer pk = new GXByteBuffer(PublicKey.RawValue);
GXByteBuffer bb = new GXByteBuffer(signature);
int size = SchemeSize(PublicKey.Scheme);
GXBigInteger sigR = new GXBigInteger(bb.SubArray(0, size));
GXBigInteger sigS = new GXBigInteger(bb.SubArray(size, size));
GXBigInteger inv = sigS;
inv.Inv(curve.N);
// Calculate u1 and u2.
GXEccPoint u1 = new GXEccPoint(curve.G.x, curve.G.y, new GXBigInteger(1));
GXEccPoint u2 = new GXEccPoint(new GXBigInteger(pk.SubArray(1, size)),
new GXBigInteger(pk.SubArray(1 + size, size)), new GXBigInteger(1));
GXBigInteger n = msg;
n.Multiply(inv);
n.Mod(curve.N);
Multiply(u1, n, curve.N, curve.A, curve.P);
n = new GXBigInteger(sigR);
n.Multiply(inv);
n.Mod(curve.N);
Multiply(u2, n, curve.N, curve.A, curve.P);
u1.z = new GXBigInteger(1);
u2.z = new GXBigInteger(1);
JacobianAdd(u1, u2, curve.A, curve.P);
FromJacobian(u1, curve.P);
return(sigR.Compare(u1.x) == 0);
}
/// <summary>
/// Verify that signature matches the data.
/// </summary>
/// <param name="signature">Generated signature.</param>
/// <param name="data">Data to valuate.</param>
/// <returns></returns>
public bool Verify(byte[] signature, byte[] data)
{
GXBigInteger msg;
using (SHA256 sha = new SHA256CryptoServiceProvider())
{
msg = new GXBigInteger(sha.ComputeHash(data));
}
if (PublicKey == null)
{
PublicKey = PrivateKey.GetPublicKey();
}
GXByteBuffer pk = new GXByteBuffer(PublicKey.RawValue);
GXByteBuffer bb = new GXByteBuffer(signature);
GXBigInteger sigR = new GXBigInteger(bb.SubArray(0, 32));
GXBigInteger sigS = new GXBigInteger(bb.SubArray(32, 32));
GXBigInteger inv = sigS;
inv.Inv(curve.N);
// Calculate u1 and u2.
GXEccPoint u1 = new GXEccPoint(curve.G.x, curve.G.y, new GXBigInteger(1));
GXEccPoint u2 = new GXEccPoint(new GXBigInteger(pk.SubArray(1, 32)), new GXBigInteger(pk.SubArray(33, 32)), new GXBigInteger(1));
GXBigInteger n = msg;
n.Multiply(inv);
n.Mod(curve.N);
Multiply(u1, n, curve.N, curve.A, curve.P);
n = new GXBigInteger(sigR);
n.Multiply(inv);
n.Mod(curve.N);
Multiply(u2, n, curve.N, curve.A, curve.P);
// add = Math.add(u1, u2, P = curve.P, A = curve.A)
u1.z = new GXBigInteger(1);
u2.z = new GXBigInteger(1);
JacobianAdd(u1, u2, curve.A, curve.P);
FromJacobian(u1, curve.P);
return(sigR.Compare(u1.x) == 0);
}
/// <summary>
/// Sign
/// </summary>
/// <param name="key">Private key. </param>
/// <param name="HashAlgorithm">Used algorithm for signing. </param>
void Sign(GXPrivateKey key, HashAlgorithm HashAlgorithm)
{
byte[] data = GXAsn1Converter.ToByteArray(GetData());
GXEcdsa e = new GXEcdsa(key);
SignatureAlgorithm = HashAlgorithm;
GXByteBuffer bb = new GXByteBuffer();
bb.Set(e.Sign(data));
int size = SignatureAlgorithm == HashAlgorithm.Sha256WithEcdsa ? 32 : 48;
object[] tmp = new object[] { new GXAsn1Integer(bb.SubArray(0, size)), new GXAsn1Integer(bb.SubArray(size, size)) };
Signature = GXAsn1Converter.ToByteArray(tmp);
}
/// <summary>
/// Generate shared secret from public and private key.
/// </summary>
/// <param name="publicKey">Public key.</param>
/// <returns>Generated secret.</returns>
public byte[] GenerateSecret(GXPublicKey publicKey)
{
if (PrivateKey == null)
{
throw new ArgumentNullException("Invalid private key.");
}
if (PrivateKey.Scheme != publicKey.Scheme)
{
throw new ArgumentNullException("Private key scheme is different than public key.");
}
GXByteBuffer bb = new GXByteBuffer();
bb.Set(publicKey.RawValue);
int size = SchemeSize(PrivateKey.Scheme);
GXBigInteger x = new GXBigInteger(bb.SubArray(1, size));
GXBigInteger y = new GXBigInteger(bb.SubArray(1 + size, size));
GXBigInteger pk = new GXBigInteger(PrivateKey.RawValue);
GXCurve curve = new GXCurve(PrivateKey.Scheme);
GXEccPoint p = new GXEccPoint(x, y, new GXBigInteger(1));
p = JacobianMultiply(p, pk, curve.N, curve.A, curve.P);
FromJacobian(p, curve.P);
return(p.x.ToArray());
}
/// <summary>
/// Test is x509 file certified by the certifier.
/// </summary>
/// <param name="certifier">Public key of the certifier.</param>
/// <returns>True, if certifier has certified the certificate.</returns>
public bool IsCertified(GXPublicKey certifier)
{
if (certifier == null)
{
throw new ArgumentNullException(nameof(certifier));
}
//Get raw data
GXByteBuffer tmp2 = new GXByteBuffer();
tmp2.Set(Encoded);
GXAsn1Converter.GetNext(tmp2);
tmp2.Size = tmp2.Position;
tmp2.Position = 1;
GXCommon.GetObjectCount(tmp2);
GXEcdsa e = new GXEcdsa(certifier);
GXAsn1Sequence tmp3 = (GXAsn1Sequence)GXAsn1Converter.FromByteArray(Signature);
GXByteBuffer bb = new GXByteBuffer();
int size = SignatureAlgorithm == HashAlgorithm.Sha256WithEcdsa ? 32 : 48;
//Some implementations might add extra byte. It must removed.
bb.Set(((GXAsn1Integer)tmp3[0]).Value, ((GXAsn1Integer)tmp3[0]).Value.Length == size ? 0 : 1, size);
bb.Set(((GXAsn1Integer)tmp3[1]).Value, ((GXAsn1Integer)tmp3[1]).Value.Length == size ? 0 : 1, size);
return(e.Verify(bb.Array(), tmp2.SubArray(tmp2.Position, tmp2.Available)));
}
object IGXDLMSBase.GetValue(GXDLMSSettings settings, ValueEventArgs e)
{
if (e.Index == 1)
{
return(GXCommon.LogicalNameToBytes(LogicalName));
}
if (e.Index == 2)
{
return(GetObjects(settings, e).Array());
}
if (e.Index == 3)
{
GXByteBuffer data = new GXByteBuffer();
data.SetUInt8((byte)DataType.Structure);
//Add count
data.SetUInt8(2);
data.SetUInt8((byte)DataType.Int8);
data.SetUInt8(ClientSAP);
data.SetUInt8((byte)DataType.UInt16);
data.SetUInt16(ServerSAP);
return(data.Array());
}
if (e.Index == 4)
{
GXByteBuffer data = new GXByteBuffer();
data.SetUInt8((byte)DataType.Structure);
//Add count
data.SetUInt8(0x7);
GXCommon.SetData(settings, data, DataType.UInt8, ApplicationContextName.JointIsoCtt);
GXCommon.SetData(settings, data, DataType.UInt8, ApplicationContextName.Country);
GXCommon.SetData(settings, data, DataType.UInt16, ApplicationContextName.CountryName);
GXCommon.SetData(settings, data, DataType.UInt8, ApplicationContextName.IdentifiedOrganization);
GXCommon.SetData(settings, data, DataType.UInt8, ApplicationContextName.DlmsUA);
GXCommon.SetData(settings, data, DataType.UInt8, ApplicationContextName.ApplicationContext);
GXCommon.SetData(settings, data, DataType.UInt8, ApplicationContextName.ContextId);
return(data.Array());
}
if (e.Index == 5)
{
GXByteBuffer data = new GXByteBuffer();
data.SetUInt8((byte)DataType.Structure);
data.SetUInt8(6);
GXByteBuffer bb = new GXByteBuffer();
bb.SetUInt32((UInt32)XDLMSContextInfo.Conformance);
GXCommon.SetData(settings, data, DataType.BitString, bb.SubArray(1, 3));
GXCommon.SetData(settings, data, DataType.UInt16, XDLMSContextInfo.MaxReceivePduSize);
GXCommon.SetData(settings, data, DataType.UInt16, XDLMSContextInfo.MaxSendPduSize);
GXCommon.SetData(settings, data, DataType.UInt8, XDLMSContextInfo.DlmsVersionNumber);
GXCommon.SetData(settings, data, DataType.Int8, XDLMSContextInfo.QualityOfService);
GXCommon.SetData(settings, data, DataType.OctetString, XDLMSContextInfo.CypheringInfo);
return(data.Array());
}
if (e.Index == 6)
{
GXByteBuffer data = new GXByteBuffer();
data.SetUInt8((byte)DataType.Structure);
//Add count
data.SetUInt8(0x7);
GXCommon.SetData(settings, data, DataType.UInt8, AuthenticationMechanismName.JointIsoCtt);
GXCommon.SetData(settings, data, DataType.UInt8, AuthenticationMechanismName.Country);
GXCommon.SetData(settings, data, DataType.UInt16, AuthenticationMechanismName.CountryName);
GXCommon.SetData(settings, data, DataType.UInt8, AuthenticationMechanismName.IdentifiedOrganization);
GXCommon.SetData(settings, data, DataType.UInt8, AuthenticationMechanismName.DlmsUA);
GXCommon.SetData(settings, data, DataType.UInt8, AuthenticationMechanismName.AuthenticationMechanismName);
GXCommon.SetData(settings, data, DataType.UInt8, AuthenticationMechanismName.MechanismId);
return(data.Array());
}
if (e.Index == 7)
{
return(Secret);
}
if (e.Index == 8)
{
return(AssociationStatus);
}
if (e.Index == 9)
{
return(GXCommon.LogicalNameToBytes(SecuritySetupReference));
}
if (e.Index == 10)
{
return(GetUserList(settings, e).Array());
}
if (e.Index == 11)
{
GXByteBuffer data = new GXByteBuffer();
data.SetUInt8((byte)DataType.Structure);
//Add structure size.
data.SetUInt8(2);
GXCommon.SetData(settings, data, DataType.UInt8, CurrentUser.Key);
GXCommon.SetData(settings, data, DataType.String, CurrentUser.Value);
return(data.Array());
}
e.Error = ErrorCode.ReadWriteDenied;
return(null);
}
private static void GetValue(GXByteBuffer bb, IList <object> objects, GXAsn1Settings s)
{
int len;
short type;
IList <object> tmp;
byte[] tmp2;
type = bb.GetUInt8();
len = GXCommon.GetObjectCount(bb);
if (len > bb.Available)
{
throw new OutOfMemoryException("GXAsn1Converter.GetValue");
}
int connectPos = 0;
if (s != null)
{
connectPos = s.XmlLength;
}
int start = bb.Position;
string tagString = null;
if (s != null)
{
s.AppendSpaces();
if (type == (byte)BerType.Integer)
{
if (len == 1 || len == 2 || len == 4 || len == 8)
{
tagString = s.GetTag((short)-len);
}
else
{
tagString = s.GetTag((byte)BerType.Integer);
}
}
else
{
tagString = s.GetTag(type);
}
s.Append("<" + tagString + ">");
}
switch (type)
{
case (byte)(BerType.Constructed | BerType.Context):
case ((byte)(BerType.Constructed | BerType.Context) | 1):
case ((byte)(BerType.Constructed | BerType.Context) | 2):
case ((byte)(BerType.Constructed | BerType.Context) | 3):
case ((byte)(BerType.Constructed | BerType.Context) | 4):
if (s != null)
{
s.Increase();
}
tmp = new GXAsn1Context()
{
Index = type & 0xF
};
objects.Add(tmp);
while (bb.Position < start + len)
{
GetValue(bb, tmp, s);
}
if (s != null)
{
s.Decrease();
}
break;
case (byte)(BerType.Constructed | BerType.Sequence):
if (s != null)
{
s.Increase();
}
tmp = new GXAsn1Sequence();
objects.Add(tmp);
int cnt = 0;
while (bb.Position < start + len)
{
++cnt;
GetValue(bb, tmp, s);
}
if (s != null)
{
// Append comment.
s.AppendComment(connectPos, Convert.ToString(cnt) + " elements.");
s.Decrease();
}
break;
case (byte)(BerType.Constructed | BerType.Set):
if (s != null)
{
s.Increase();
}
tmp = new List <object>();
GetValue(bb, tmp, s);
if (tmp[0] is GXAsn1Sequence)
{
tmp = (GXAsn1Sequence)tmp[0];
objects.Add(new KeyValuePair <object, object>(tmp[0], tmp[1]));
}
else
{
KeyValuePair <object, object> e = new KeyValuePair <object, object>(tmp, null);
objects.Add(e);
}
if (s != null)
{
s.Decrease();
}
break;
case (byte)BerType.ObjectIdentifier:
GXAsn1ObjectIdentifier oi = new GXAsn1ObjectIdentifier(bb, len);
objects.Add(oi);
if (s != null)
{
string str = oi.Description;
if (str != null)
{
s.AppendComment(connectPos, str);
}
s.Append(oi.ToString());
}
break;
case (byte)BerType.PrintableString:
objects.Add(bb.GetString(len));
if (s != null)
{
s.Append(Convert.ToString(objects[objects.Count - 1]));
}
break;
case (byte)BerType.Utf8StringTag:
objects.Add(new GXAsn1Utf8String(bb.GetString(bb.Position, len)));
bb.Position = bb.Position + len;
if (s != null)
{
s.Append(Convert.ToString(objects[objects.Count - 1]));
}
break;
case (byte)BerType.Ia5String:
objects.Add(new GXAsn1Ia5String(bb.GetString(len)));
if (s != null)
{
s.Append(Convert.ToString(objects[objects.Count - 1]));
}
break;
case (byte)BerType.Integer:
if (len == 1)
{
objects.Add(bb.GetInt8());
}
else if (len == 2)
{
objects.Add(bb.GetInt16());
}
else if (len == 4)
{
objects.Add(bb.GetInt32());
}
else
{
tmp2 = new byte[len];
bb.Get(tmp2);
objects.Add(new GXAsn1Integer(tmp2));
}
if (s != null)
{
s.Append(Convert.ToString(objects[objects.Count - 1]));
}
break;
case (byte)BerType.Null:
objects.Add(null);
break;
case (byte)BerType.BitString:
GXAsn1BitString tmp3 = new GXAsn1BitString(bb.SubArray(bb.Position, len));
objects.Add(tmp3);
bb.Position = bb.Position + len;
if (s != null)
{
// Append comment.
s.AppendComment(connectPos, Convert.ToString(tmp3.Length) + " bit.");
s.Append(tmp3.asString());
}
break;
case (byte)BerType.UtcTime:
tmp2 = new byte[len];
bb.Get(tmp2);
objects.Add(GetUtcTime(ASCIIEncoding.ASCII.GetString(tmp2)));
if (s != null)
{
s.Append(((DateTimeOffset)objects[objects.Count - 1]).UtcDateTime.ToString("yyyy-MM-dd HH:mm", CultureInfo.InvariantCulture));
}
break;
case (byte)BerType.GeneralizedTime:
tmp2 = new byte[len];
bb.Get(tmp2);
objects.Add(GXCommon.GetGeneralizedTime(ASCIIEncoding.ASCII.GetString(tmp2)));
if (s != null)
{
s.Append(Convert.ToString(objects[objects.Count - 1]));
}
break;
case (byte)BerType.Context:
case (byte)BerType.Context | 1:
case (byte)BerType.Context | 2:
case (byte)BerType.Context | 3:
tmp = new GXAsn1Context()
{
Constructed = false, Index = type & 0xF
};
tmp2 = new byte[len];
bb.Get(tmp2);
tmp.Add(tmp2);
objects.Add(tmp);
if (s != null)
{
s.Append(GXCommon.ToHex(tmp2, false));
}
break;
case (byte)BerType.OctetString:
int t = bb.GetUInt8(bb.Position);
switch (t)
{
case (byte)(BerType.Constructed | BerType.Sequence):
case (byte)BerType.BitString:
if (s != null)
{
s.Increase();
}
GetValue(bb, objects, s);
if (s != null)
{
s.Decrease();
}
break;
default:
tmp2 = new byte[len];
bb.Get(tmp2);
objects.Add(tmp2);
if (s != null)
{
s.Append(GXCommon.ToHex(tmp2, false));
}
break;
}
break;
case (byte)BerType.Boolean:
bool b = bb.GetUInt8() != 0;
objects.Add(b);
if (s != null)
{
s.Append(Convert.ToString(b));
}
break;
default:
throw new System.ArgumentException("Invalid type: " + type);
}
if (s != null)
{
s.Append("</" + tagString + ">\r\n");
}
}
/// <summary>
/// Decrypt data.
/// </summary>
/// <param name="p">Decryption parameters</param>
/// <returns>Decrypted data.</returns>
public static byte[] DecryptAesGcm(AesGcmParameter p, GXByteBuffer data)
{
if (data == null || data.Size < 2)
{
throw new ArgumentOutOfRangeException("cryptedData");
}
byte[] tmp;
int len;
Command cmd = (Command)data.GetUInt8();
switch (cmd)
{
case Command.GeneralGloCiphering:
case Command.GeneralDedCiphering:
len = GXCommon.GetObjectCount(data);
if (len != 0)
{
p.SystemTitle = new byte[len];
data.Get(p.SystemTitle);
if (p.Xml != null && p.Xml.Comments)
{
p.Xml.AppendComment(GXCommon.SystemTitleToString(Standard.DLMS, p.SystemTitle, true));
}
}
if (p.SystemTitle == null || p.SystemTitle.Length != 8)
{
if (p.Xml == null)
{
throw new ArgumentNullException("Invalid sender system title.");
}
else
{
p.Xml.AppendComment("Invalid sender system title.");
}
}
break;
case Command.GeneralCiphering:
case Command.GloInitiateRequest:
case Command.GloInitiateResponse:
case Command.GloReadRequest:
case Command.GloReadResponse:
case Command.GloWriteRequest:
case Command.GloWriteResponse:
case Command.GloGetRequest:
case Command.GloGetResponse:
case Command.GloSetRequest:
case Command.GloSetResponse:
case Command.GloMethodRequest:
case Command.GloMethodResponse:
case Command.GloEventNotification:
case Command.DedInitiateRequest:
case Command.DedInitiateResponse:
case Command.DedGetRequest:
case Command.DedGetResponse:
case Command.DedSetRequest:
case Command.DedSetResponse:
case Command.DedMethodRequest:
case Command.DedMethodResponse:
case Command.DedEventNotification:
case Command.DedReadRequest:
case Command.DedReadResponse:
case Command.DedWriteRequest:
case Command.DedWriteResponse:
case Command.GloConfirmedServiceError:
case Command.DedConfirmedServiceError:
break;
default:
throw new ArgumentOutOfRangeException("cryptedData");
}
int value = 0;
GXPrivateKey key = null;
GXPublicKey pub = null;
GXByteBuffer transactionId = null;
if (cmd == Command.GeneralCiphering)
{
transactionId = new GXByteBuffer();
len = GXCommon.GetObjectCount(data);
GXCommon.SetObjectCount(len, transactionId);
transactionId.Set(data, len);
p.TransactionId = transactionId.GetUInt64(1);
len = GXCommon.GetObjectCount(data);
if (len != 0)
{
tmp = new byte[len];
data.Get(tmp);
p.SystemTitle = tmp;
}
if (p.SystemTitle == null || p.SystemTitle.Length != 8)
{
if (p.Xml == null)
{
throw new ArgumentNullException("Invalid sender system title.");
}
else
{
p.Xml.AppendComment("Invalid sender system title.");
}
}
len = GXCommon.GetObjectCount(data);
tmp = new byte[len];
data.Get(tmp);
p.RecipientSystemTitle = tmp;
// Get date time.
len = GXCommon.GetObjectCount(data);
if (len != 0)
{
tmp = new byte[len];
data.Get(tmp);
p.DateTime = tmp;
}
// other-information
len = data.GetUInt8();
if (len != 0)
{
tmp = new byte[len];
data.Get(tmp);
p.OtherInformation = tmp;
}
// KeyInfo OPTIONAL
len = data.GetUInt8();
// AgreedKey CHOICE tag.
data.GetUInt8();
// key-parameters
len = data.GetUInt8();
value = data.GetUInt8();
p.KeyParameters = value;
if (value == (int)KeyAgreementScheme.OnePassDiffieHellman)
{
// key-ciphered-data
len = GXCommon.GetObjectCount(data);
GXByteBuffer bb = new GXByteBuffer();
bb.Set(data, len);
if (p.Xml != null)
{
p.KeyCipheredData = bb.Array();
//Find key agreement key using subject.
string subject = GXAsn1Converter.SystemTitleToSubject(p.SystemTitle);
foreach (KeyValuePair <GXPkcs8, GXx509Certificate> it in p.Settings.Keys)
{
if (it.Key != null && it.Value.KeyUsage == ASN.Enums.KeyUsage.KeyAgreement && it.Value.Subject.Contains(subject))
{
key = it.Key.PrivateKey;
//Get recipient Ephemeral public key.
subject = GXAsn1Converter.SystemTitleToSubject(p.RecipientSystemTitle);
foreach (KeyValuePair <GXPkcs8, GXx509Certificate> it2 in p.Settings.Keys)
{
if (it2.Value != null && it2.Value.KeyUsage == ASN.Enums.KeyUsage.KeyAgreement && it2.Value.Subject.Contains(subject))
{
pub = it2.Value.PublicKey;
break;
}
}
break;
}
}
if (key == null)
{
//Find key agreement key using subject.
subject = GXAsn1Converter.SystemTitleToSubject(p.RecipientSystemTitle);
foreach (KeyValuePair <GXPkcs8, GXx509Certificate> it in p.Settings.Keys)
{
if (it.Key != null && it.Value.KeyUsage == ASN.Enums.KeyUsage.KeyAgreement && it.Value.Subject.Contains(subject))
{
key = it.Key.PrivateKey;
break;
}
}
}
}
else
{
key = p.Settings.Cipher.KeyAgreementKeyPair.Key;
}
if (key != null && pub == null)
{
//Get Ephemeral public key.
int keySize = len / 2;
pub = GXPublicKey.FromRawBytes(bb.SubArray(0, keySize));
}
}
else if (value == (int)KeyAgreementScheme.StaticUnifiedModel)
{
len = GXCommon.GetObjectCount(data);
if (len != 0)
{
throw new ArgumentException("Invalid key parameters");
}
if (p.Xml != null)
{
//Find key agreement key using subject.
string subject = GXAsn1Converter.SystemTitleToSubject(p.RecipientSystemTitle);
foreach (KeyValuePair <GXPkcs8, GXx509Certificate> it in p.Settings.Keys)
{
if (it.Value.KeyUsage == ASN.Enums.KeyUsage.KeyAgreement && it.Value.Subject.Contains(subject))
{
key = it.Key.PrivateKey;
break;
}
}
if (key != null)
{
//Find key agreement key using subject.
subject = GXAsn1Converter.SystemTitleToSubject(p.Settings.SourceSystemTitle);
foreach (KeyValuePair <GXPkcs8, GXx509Certificate> it in p.Settings.Keys)
{
if (it.Value.KeyUsage == ASN.Enums.KeyUsage.KeyAgreement && it.Value.Subject.Contains(subject))
{
pub = it.Value.PublicKey;
break;
}
}
}
}
else
{
key = p.Settings.Cipher.KeyAgreementKeyPair.Key;
pub = p.Settings.Cipher.KeyAgreementKeyPair.Value;
}
}
else
{
throw new ArgumentException("key-parameters");
}
}
len = GXCommon.GetObjectCount(data);
if (len > data.Available)
{
throw new Exception("Not enought data.");
}
p.CipheredContent = data.Remaining();
byte sc = data.GetUInt8();
p.SecuritySuite = (SecuritySuite)(sc & 0x3);
p.Security = (Security)(sc & 0x30);
if ((sc & 0x80) != 0)
{
System.Diagnostics.Debug.WriteLine("Compression is used.");
}
if ((sc & 0x40) != 0)
{
System.Diagnostics.Debug.WriteLine("Error: Key_Set is used.");
}
if ((sc & 0x20) != 0)
{
System.Diagnostics.Debug.WriteLine("Encryption is applied.");
}
if (key != null)
{
if (value == (int)KeyAgreementScheme.OnePassDiffieHellman)
{
GXEcdsa c = new GXEcdsa(key);
//Get Ephemeral signing key and verify it.
byte[] z = c.GenerateSecret(pub);
System.Diagnostics.Debug.WriteLine("Originator ephemeral public key: " + pub.ToHex());
System.Diagnostics.Debug.WriteLine("Recipient private agreement key: " + key.ToHex());
System.Diagnostics.Debug.WriteLine("Shared secret:" + GXCommon.ToHex(z, true));
GXByteBuffer kdf = new GXByteBuffer();
kdf.Set(GXSecure.GenerateKDF(p.SecuritySuite, z,
p.SecuritySuite == SecuritySuite.Ecdsa256 ? AlgorithmId.AesGcm128 : AlgorithmId.AesGcm256,
p.SystemTitle,
p.RecipientSystemTitle,
null, null));
System.Diagnostics.Debug.WriteLine("KDF:" + kdf.ToString());
p.BlockCipherKey = kdf.SubArray(0, 16);
}
else if (value == (int)KeyAgreementScheme.StaticUnifiedModel)
{
GXEcdsa c = new GXEcdsa(key);
byte[] z = c.GenerateSecret(pub);
System.Diagnostics.Debug.WriteLine("Shared secret:" + GXCommon.ToHex(z, true));
GXByteBuffer kdf = new GXByteBuffer();
kdf.Set(GXSecure.GenerateKDF(p.SecuritySuite, z,
p.SecuritySuite == SecuritySuite.Ecdsa256 ? AlgorithmId.AesGcm128 : AlgorithmId.AesGcm256,
p.SystemTitle,
transactionId.Array(),
p.RecipientSystemTitle,
null));
System.Diagnostics.Debug.WriteLine("KDF:" + kdf.ToString());
p.BlockCipherKey = kdf.SubArray(0, 16);
}
else
{
throw new ArgumentOutOfRangeException("Invalid Key-id value.");
}
}
UInt32 invocationCounter = data.GetUInt32();
p.InvocationCounter = invocationCounter;
System.Diagnostics.Debug.WriteLine("Decrypt settings: " + p.ToString());
System.Diagnostics.Debug.WriteLine("Encrypted: " + GXCommon.ToHex(data.Data,
false, data.Position, data.Size - data.Position));
byte[] tag = new byte[12];
byte[] encryptedData;
int length;
if (p.Security == Security.Authentication)
{
length = data.Size - data.Position - 12;
encryptedData = new byte[length];
data.Get(encryptedData);
data.Get(tag);
// Check tag.
EncryptAesGcm(p, encryptedData);
if (!GXDLMSChipperingStream.TagsEquals(tag, p.CountTag))
{
if (p.Xml == null)
{
throw new GXDLMSException("Decrypt failed. Invalid tag.");
}
else
{
p.Xml.AppendComment("Decrypt failed. Invalid tag.");
}
}
return(encryptedData);
}
byte[] ciphertext = null;
if (p.Security == Security.Encryption)
{
length = data.Size - data.Position;
ciphertext = new byte[length];
data.Get(ciphertext);
}
else if (p.Security == Security.AuthenticationEncryption)
{
length = data.Size - data.Position - 12;
ciphertext = new byte[length];
data.Get(ciphertext);
data.Get(tag);
}
byte[] aad = GetAuthenticatedData(p, ciphertext),
iv = GetNonse(invocationCounter, p.SystemTitle);
GXDLMSChipperingStream gcm = new GXDLMSChipperingStream(p.Security, true,
p.BlockCipherKey, aad, iv, tag);
gcm.Write(ciphertext);
byte[] decrypted = gcm.FlushFinalBlock();
System.Diagnostics.Debug.WriteLine("Decrypted: " + GXCommon.ToHex(decrypted, true));
if (p.Security != Security.Encryption)
{
if (!GXCommon.Compare(gcm.GetTag(), tag))
{
if (p.Xml == null)
{
throw new Exception("Decrypt failed. Invalid authentication tag.");
}
p.Xml.AppendComment("Decrypt failed. Invalid authentication tag.");
}
}
return(decrypted);
}
byte[] IGXDLMSBase.Invoke(GXDLMSSettings settings, ValueEventArgs e)
{
if (e.Index == 1)
{
SecurityPolicy = (SecurityPolicy)e.Parameters;
}
else if (e.Index == 2)
{
try
{
foreach (List <object> item in e.Parameters as List <object> )
{
GlobalKeyType type = (GlobalKeyType)Convert.ToInt32(item[0]);
byte[] data = (byte[])item[1];
//if settings.Cipher is null non secure server is used.
//Keys are take in action after reply is generated.
switch (type)
{
case GlobalKeyType.UnicastEncryption:
GXDLMSSecureClient.Decrypt(settings.Kek, data);
break;
case GlobalKeyType.BroadcastEncryption:
//Invalid type
e.Error = ErrorCode.ReadWriteDenied;
break;
case GlobalKeyType.Authentication:
GXDLMSSecureClient.Decrypt(settings.Kek, data);
break;
case GlobalKeyType.Kek:
GXDLMSSecureClient.Decrypt(settings.Kek, data);
break;
default:
//Invalid type
e.Error = ErrorCode.ReadWriteDenied;
break;
}
}
}
catch (Exception)
{
e.Error = ErrorCode.ReadWriteDenied;
}
}
else if (e.Index == 3)
{
// key_agreement
try
{
List <Object> tmp = (List <Object>)(e.Parameters as List <Object>)[0];
byte keyId = (byte)tmp[0];
if (keyId != 0)
{
e.Error = ErrorCode.InconsistentClass;
}
else
{
byte[] data = (byte[])tmp[0];
// ephemeral public key
GXByteBuffer data2 = new GXByteBuffer(65);
data2.SetUInt8(keyId);
data2.Set(data, 0, 64);
GXByteBuffer sign = new GXByteBuffer();
sign.Set(data, 64, 64);
GXPublicKey pk = null;
string subject = SystemTitleToSubject(settings.SourceSystemTitle);
foreach (GXx509Certificate it in settings.Cipher.Certificates)
{
if ((it.KeyUsage & KeyUsage.DigitalSignature) != 0 && it.Subject == subject)
{
pk = it.PublicKey;
break;
}
}
if (pk == null) //TODO:|| !GXSecure.ValidateEphemeralPublicKeySignature(data2.Array(), sign.Array(), pk))
{
e.Error = ErrorCode.InconsistentClass;
settings.TargetEphemeralKey = null;
}
else
{
settings.TargetEphemeralKey = GXPublicKey.FromRawBytes(data2.SubArray(1, 64));
// Generate ephemeral keys.
KeyValuePair <GXPrivateKey, GXPublicKey> eKpS = settings.Cipher.EphemeralKeyPair;
if (eKpS.Key == null)
{
eKpS = GXEcdsa.GenerateKeyPair(GetEcc(SecuritySuite));
settings.Cipher.EphemeralKeyPair = eKpS;
}
// Generate shared secret.
return(null);
}
}
}
catch (Exception)
{
e.Error = ErrorCode.InconsistentClass;
}
}
else if (e.Index == 4)
{
// generate_key_pair
CertificateType key = (CertificateType)(int)e.Parameters;
KeyValuePair <GXPrivateKey, GXPublicKey> value = GXEcdsa.GenerateKeyPair(GetEcc(SecuritySuite));
switch (key)
{
case CertificateType.DigitalSignature:
settings.Cipher.SigningKeyPair = value;
break;
case CertificateType.KeyAgreement:
settings.Cipher.KeyAgreementKeyPair = value;
break;
default:
e.Error = ErrorCode.InconsistentClass;
break;
}
}
else if (e.Index == 5)
{
// generate_certificate_request
CertificateType key = (CertificateType)(int)e.Parameters;
try
{
KeyValuePair <GXPrivateKey, GXPublicKey> kp = default(KeyValuePair <GXPrivateKey, GXPublicKey>);
switch (key)
{
case CertificateType.DigitalSignature:
kp = settings.Cipher.SigningKeyPair;
break;
case CertificateType.KeyAgreement:
kp = settings.Cipher.KeyAgreementKeyPair;
break;
default:
break;
}
if (kp.Key != null)
{
GXPkcs10 pkc10 = GXPkcs10.CreateCertificateSigningRequest(kp, SystemTitleToSubject(settings.Cipher.SystemTitle));
return(pkc10.Encoded);
}
else
{
e.Error = ErrorCode.ReadWriteDenied;
}
}
catch (Exception)
{
e.Error = ErrorCode.ReadWriteDenied;
}
}
else if (e.Index == 6)
{
// import_certificate
GXx509Certificate cert = new GXx509Certificate((byte[])e.Parameters);
if (cert.KeyUsage == 0)
{
// At least one bit must be used.
e.Error = ErrorCode.InconsistentClass;
}
else
{
settings.Cipher.Certificates.Add(cert);
}
}
else if (e.Index == 7)
{
// export_certificate
List <Object> tmp = (List <Object>)e.Parameters;
short type = (short)tmp[0];
GXx509Certificate cert = null;
lock (settings.Cipher.Certificates)
{
if (type == 0)
{
tmp = (List <Object>)tmp[1];
cert = FindCertificateByEntity(settings, (CertificateEntity)tmp[0], (CertificateType)tmp[1], (byte[])tmp[2]);
}
else if (type == 1)
{
tmp = (List <Object>)tmp[1];
cert = FindCertificateBySerial(settings, (byte[])tmp[1], ASCIIEncoding.ASCII.GetString((byte[])tmp[2]));
}
if (cert == null)
{
e.Error = ErrorCode.InconsistentClass;
}
else
{
return(cert.Encoded);
}
}
}
else if (e.Index == 8)
{
// remove_certificate
List <Object> tmp = (List <Object>)((List <object>)e.Parameters)[0];
short type = (short)tmp[0];
GXx509Certificate cert = null;
lock (settings.Cipher.Certificates)
{
if (type == 0)
{
cert = FindCertificateByEntity(settings, (CertificateEntity)tmp[1], (CertificateType)tmp[2], (byte[])tmp[3]);
}
else if (type == 1)
{
cert = FindCertificateBySerial(settings, (byte[])tmp[1], ASCIIEncoding.ASCII.GetString((byte[])tmp[2]));
}
if (cert == null)
{
e.Error = ErrorCode.InconsistentClass;
}
else
{
settings.Cipher.Certificates.Remove(cert);
}
}
}
else
{
e.Error = ErrorCode.ReadWriteDenied;
}
//Return standard reply.
return(null);
}
/// <summary>
/// Update ephemeral keys.
/// </summary>
/// <param name="client">DLMS Client.</param>
/// <param name="value">Received reply from the server.</param>
/// <returns>List of Parsed key id and GUAK. This is for debugging purpose.</returns>
public List <KeyValuePair <GlobalKeyType, byte[]> > UpdateEphemeralKeys(GXDLMSSecureClient client, GXByteBuffer value)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (value.GetUInt8() != (byte)DataType.Array)
{
throw new ArgumentOutOfRangeException("Invalid tag.");
}
GXEcdsa c = new GXEcdsa(client.Ciphering.EphemeralKeyPair.Key);
int count = GXCommon.GetObjectCount(value);
List <KeyValuePair <GlobalKeyType, byte[]> > list = new List <KeyValuePair <GlobalKeyType, byte[]> >();
for (int pos = 0; pos != count; ++pos)
{
if (value.GetUInt8() != (byte)DataType.Structure)
{
throw new ArgumentOutOfRangeException("Invalid tag.");
}
if (value.GetUInt8() != 2)
{
throw new ArgumentOutOfRangeException("Invalid length.");
}
if (value.GetUInt8() != (byte)DataType.Enum)
{
throw new ArgumentOutOfRangeException("Invalid key id data type.");
}
int keyId = value.GetUInt8();
if (keyId > 4)
{
throw new ArgumentOutOfRangeException("Invalid key type.");
}
if (value.GetUInt8() != (byte)DataType.OctetString)
{
throw new ArgumentOutOfRangeException("Invalid tag.");
}
if (GXCommon.GetObjectCount(value) != 128)
{
throw new ArgumentOutOfRangeException("Invalid length.");
}
//Get ephemeral public key server.
GXByteBuffer key = new GXByteBuffer();
key.SetUInt8(4);
key.Set(value, 64);
GXPublicKey targetEphemeralKey = GXPublicKey.FromRawBytes(key.Array());
//Get ephemeral public key signature server.
byte[] signature = new byte[64];
value.Get(signature);
key.SetUInt8(0, (byte)keyId);
//Verify signature.
if (!GXSecure.ValidateEphemeralPublicKeySignature(key.Array(), signature, client.Ciphering.SigningKeyPair.Value))
{
throw new GXDLMSCipherException("Invalid signature.");
}
byte[] z = c.GenerateSecret(targetEphemeralKey);
System.Diagnostics.Debug.WriteLine("Shared secret:" + GXCommon.ToHex(z, true));
GXByteBuffer kdf = new GXByteBuffer();
kdf.Set(GXSecure.GenerateKDF(client.SecuritySuite, z,
AlgorithmId.AesGcm128,
client.Ciphering.SystemTitle,
client.Settings.SourceSystemTitle, null, null));
System.Diagnostics.Debug.WriteLine("KDF:" + kdf.ToString());
list.Add(new KeyValuePair <GlobalKeyType, byte[]>((GlobalKeyType)keyId, kdf.SubArray(0, 16)));
}
//Update ephemeral keys.
foreach (KeyValuePair <GlobalKeyType, byte[]> it in list)
{
switch (it.Key)
{
case GlobalKeyType.UnicastEncryption:
client.Settings.EphemeralBlockCipherKey = it.Value;
break;
case GlobalKeyType.BroadcastEncryption:
client.Settings.EphemeralBroadcastBlockCipherKey = it.Value;
break;
case GlobalKeyType.Authentication:
client.Settings.EphemeralAuthenticationKey = it.Value;
break;
case GlobalKeyType.Kek:
client.Settings.EphemeralKek = it.Value;
break;
}
}
return(list);
}
private void Init(byte[] data)
{
rawData = data;
Attributes = new List <KeyValuePair <PkcsObjectIdentifier, object[]> >();
GXAsn1Sequence seq = (GXAsn1Sequence)GXAsn1Converter.FromByteArray(data);
if (seq.Count < 3)
{
throw new System.ArgumentException("Wrong number of elements in sequence.");
}
if (!(seq[0] is GXAsn1Sequence))
{
PkcsType type = GXAsn1Converter.GetCertificateType(data, seq);
switch (type)
{
case PkcsType.Pkcs8:
throw new GXDLMSCertificateException("Invalid Certificate. This is PKCS 8, not PKCS 10.");
case PkcsType.x509Certificate:
throw new GXDLMSCertificateException("Invalid Certificate. This is PKCS x509 certificate, not PKCS 10.");
}
throw new GXDLMSCertificateException("Invalid Certificate Version.");
}
/////////////////////////////
// CertificationRequestInfo ::= SEQUENCE {
// version INTEGER { v1(0) } (v1,...),
// subject Name,
// subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
// attributes [0] Attributes{{ CRIAttributes }}
// }
GXAsn1Sequence reqInfo = (GXAsn1Sequence)seq[0];
Version = (CertificateVersion)(sbyte)reqInfo[0];
Subject = GXAsn1Converter.GetSubject((GXAsn1Sequence)reqInfo[1]);
// subject Public key info.
GXAsn1Sequence subjectPKInfo = (GXAsn1Sequence)reqInfo[2];
if (reqInfo.Count > 3)
{
//PkcsObjectIdentifier
foreach (GXAsn1Sequence it in (GXAsn1Context)reqInfo[3])
{
List <object> values = new List <object>();
foreach (object v in (List <object>)((KeyValuePair <object, object>)it[1]).Key)
{
values.Add(v);
}
Attributes.Add(new KeyValuePair <PkcsObjectIdentifier, object[]>(PkcsObjectIdentifierConverter.FromString(it[0].ToString()), values.ToArray()));
}
}
GXAsn1Sequence tmp = (GXAsn1Sequence)subjectPKInfo[0];
Algorithm = X9ObjectIdentifierConverter.FromString(tmp[0].ToString());
if (Algorithm != X9ObjectIdentifier.IdECPublicKey)
{
object algorithm = Algorithm;
if (Algorithm == X9ObjectIdentifier.None)
{
algorithm = PkcsObjectIdentifierConverter.FromString(tmp[0].ToString());
if ((PkcsObjectIdentifier)algorithm == PkcsObjectIdentifier.None)
{
algorithm = tmp[0].ToString();
}
}
throw new Exception("Invalid PKCS #10 certificate algorithm. " + algorithm);
}
PublicKey = GXPublicKey.FromRawBytes(((GXAsn1BitString)subjectPKInfo[1]).Value);
GXEcdsa.Validate(PublicKey);
/////////////////////////////
// signatureAlgorithm
GXAsn1Sequence sign = (GXAsn1Sequence)seq[1];
SignatureAlgorithm = HashAlgorithmConverter.FromString(sign[0].ToString());
if (SignatureAlgorithm != HashAlgorithm.Sha256WithEcdsa && SignatureAlgorithm != HashAlgorithm.Sha384WithEcdsa)
{
throw new GXDLMSCertificateException("Invalid signature algorithm. " + sign[0].ToString());
}
if (sign.Count != 1)
{
SignatureParameters = sign[1];
}
/////////////////////////////
// signature
//Get raw data
GXByteBuffer tmp2 = new GXByteBuffer();
tmp2.Set(data);
GXAsn1Converter.GetNext(tmp2);
tmp2.Size = tmp2.Position;
tmp2.Position = 1;
GXCommon.GetObjectCount(tmp2);
//Get signature.
Signature = ((GXAsn1BitString)seq[2]).Value;
GXEcdsa e = new GXEcdsa(PublicKey);
GXAsn1Sequence tmp3 = (GXAsn1Sequence)GXAsn1Converter.FromByteArray(Signature);
GXByteBuffer bb = new GXByteBuffer();
int size = SignatureAlgorithm == HashAlgorithm.Sha256WithEcdsa ? 32 : 48;
//Some implementations might add extra byte. It must removed.
bb.Set(((GXAsn1Integer)tmp3[0]).Value, ((GXAsn1Integer)tmp3[0]).Value.Length == size ? 0 : 1, size);
bb.Set(((GXAsn1Integer)tmp3[1]).Value, ((GXAsn1Integer)tmp3[1]).Value.Length == size ? 0 : 1, size);
if (!e.Verify(bb.Array(), tmp2.SubArray(tmp2.Position, tmp2.Available)))
{
throw new ArgumentException("Invalid Signature.");
}
}
