// https://tools.ietf.org/html/rfc4357#section-5.2
public byte[] Vko(EncryptedPrivateKey encPk, ECPublicKeyParameters sessionKey)
{
var privKey = (ECPrivateKeyParameters)_keyPair.Private;
var ukmBytes = (byte[])encPk.UKM.Clone();
Array.Reverse(ukmBytes);
var ukm = new BigInteger(1, ukmBytes);
var p = ukm.Multiply(privKey.D).Mod(sessionKey.Parameters.Curve.Order);
var kekPoint = sessionKey.Q.Multiply(p).Normalize();
var x = kekPoint.XCoord.ToBigInteger().ToByteArrayUnsigned();
var y = kekPoint.YCoord.ToBigInteger().ToByteArrayUnsigned();
var kekBytes = new byte[64];
Array.Copy(y, 0, kekBytes, 0, 32);
Array.Copy(x, 0, kekBytes, 32, 32);
Array.Reverse(kekBytes);
var kek = new byte[32];
var dig = new Gost3411Digest();
dig.BlockUpdate(kekBytes, 0, kekBytes.Length);
dig.DoFinal(kek, 0);
return(kek);
}
public BigInteger GetDigest(byte[] message)
{
Gost3411Digest gost3411Digest = new Gost3411Digest();
gost3411Digest.BlockUpdate(message, 0, message.Length);
byte[] hashmessage = new byte[gost3411Digest.GetDigestSize()];
gost3411Digest.DoFinal(hashmessage, 0);
return(new BigInteger(hashmessage));
}
private byte[] GetDecodeKey(byte[] salt, byte[] pin)
{
var pincode4 = new byte[pin.Length * 4];
for (int i = 0; i < pin.Length; ++i)
{
pincode4[i * 4] = pin[i];
}
var digest = new Gost3411Digest(Gost28147Engine.GetSBox("D-A"));
digest.BlockUpdate(salt, 0, salt.Length);
if (pin.Length > 0)
{
digest.BlockUpdate(pincode4, 0, pincode4.Length);
}
var result = new byte[32];
digest.DoFinal(result, 0);
var current = Encoding.ASCII.GetBytes("DENEFH028.760246785.IUEFHWUIO.EF");
var material36 = new byte[32];
var material5c = new byte[32];
int len = pin.Length > 0 ? 2000 : 2;
for (int i = 0; i < len; ++i)
{
XorMaterial(material36, material5c, current);
digest.Reset();
digest.BlockUpdate(material36, 0, 32);
digest.BlockUpdate(result, 0, 32);
digest.BlockUpdate(material5c, 0, 32);
digest.BlockUpdate(result, 0, 32);
digest.DoFinal(current, 0);
}
XorMaterial(material36, material5c, current);
digest.Reset();
digest.BlockUpdate(material36, 0, 32);
digest.BlockUpdate(salt, 0, 12);
digest.BlockUpdate(material5c, 0, 32);
if (pin.Length > 0)
{
digest.BlockUpdate(pincode4, 0, pincode4.Length);
}
digest.DoFinal(current, 0);
var result_key = new byte[32];
digest.Reset();
digest.BlockUpdate(current, 0, 32);
digest.DoFinal(result_key, 0);
return(result_key);
}
private byte[] generateKey(byte[] startkey)
{
byte[] newKey = new byte[Gost28147_KEY_LENGTH];
Gost3411Digest digest = new Gost3411Digest();
digest.BlockUpdate(startkey, 0, startkey.Length);
digest.DoFinal(newKey, 0);
return(newKey);
}
/**
* Test Sign and Verify with test parameters
* see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
* gostR3410-2001-TestParamSet P.46
*/
private void ecGOST3410_TestParam()
{
SecureRandom random = new SecureRandom();
BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); //p
BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619");
FpCurve curve = new FpCurve(
mod_p, // p
new BigInteger("7"), // a
new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b
mod_q, BigInteger.One);
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("2"), // x
new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), // y
mod_q);
ECKeyPairGenerator pGen = new ECKeyPairGenerator();
ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(
parameters,
random);
pGen.Init(genParam);
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
ECGost3410Signer ecgost3410 = new ECGost3410Signer();
ecgost3410.Init(true, param);
//get hash message using the digest GOST3411.
byte[] message = Encoding.ASCII.GetBytes("Message for sign");
Gost3411Digest gost3411 = new Gost3411Digest();
gost3411.BlockUpdate(message, 0, message.Length);
byte[] hashmessage = new byte[gost3411.GetDigestSize()];
gost3411.DoFinal(hashmessage, 0);
BigInteger[] sig = ecgost3410.GenerateSignature(hashmessage);
ecgost3410.Init(false, pair.Public);
if (!ecgost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
Fail("signature fails");
}
}
private byte[] GetDecryptionKey(string pin, VipNetContainer defence)
{
var passwordData = Encoding.ASCII.GetBytes(pin ?? "");
if (DefenceKeyInfo.KeyClass.Value.IntValue == 64 && DefenceKeyInfo.KeyType.Value.IntValue == 24622)
{
// Контейнер зашифрован ключом, лежащим в ещё одном контейнере
if (defence == null)
{
throw new CryptographicException("Закрытый ключ зашифрован секретным ключом, расположенным в отдельном вспомогательном контейнере. Используйте опцию --defence");
}
return(defence.Entries[0].GetProtectionKey(pin));
}
if (DefenceKeyInfo.Algorithm != null &&
DefenceKeyInfo.Algorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdPbkdf2))
{
// PBKDF2 используется в контейнерах ViPNet Jcrypto SDK
// Самое смешное, что сам десктопный ViPNet CSP не понимает такие контейнеры
// А мы понимаем!
var p = Pbkdf2Params.GetInstance(DefenceKeyInfo.Algorithm.Parameters);
return(PBKDF2(
MacUtilities.GetMac(p.Prf.Algorithm),
passwordData,
p.GetSalt(),
p.IterationCount.IntValue,
p.KeyLength.IntValue
));
}
var digest = new Gost3411Digest();
var keyData = new byte[digest.GetDigestSize()];
var unwrappingKey = new byte[digest.GetDigestSize()];
digest.BlockUpdate(passwordData, 0, passwordData.Length);
digest.DoFinal(keyData, 0);
digest.Reset();
var secodeData = passwordData.Concat(keyData).ToArray();
digest.BlockUpdate(secodeData, 0, secodeData.Length);
digest.DoFinal(unwrappingKey, 0);
var tmp = new int[keyData.Length / 4];
for (int i = 0; i < keyData.Length; i += 4)
{
tmp[i / 4] = BitConverter.ToInt32(keyData, i) - BitConverter.ToInt32(unwrappingKey, i);
}
return(tmp.SelectMany(x => BitConverter.GetBytes(x)).ToArray());
}
public void Reset(IMemoable other)
{
Gost3411Digest gost3411Digest = (Gost3411Digest)other;
sBox = gost3411Digest.sBox;
cipher.Init(forEncryption: true, new ParametersWithSBox(null, sBox));
Reset();
Array.Copy(gost3411Digest.H, 0, H, 0, gost3411Digest.H.Length);
Array.Copy(gost3411Digest.L, 0, L, 0, gost3411Digest.L.Length);
Array.Copy(gost3411Digest.M, 0, M, 0, gost3411Digest.M.Length);
Array.Copy(gost3411Digest.Sum, 0, Sum, 0, gost3411Digest.Sum.Length);
Array.Copy(gost3411Digest.C[1], 0, C[1], 0, gost3411Digest.C[1].Length);
Array.Copy(gost3411Digest.C[2], 0, C[2], 0, gost3411Digest.C[2].Length);
Array.Copy(gost3411Digest.C[3], 0, C[3], 0, gost3411Digest.C[3].Length);
Array.Copy(gost3411Digest.xBuf, 0, xBuf, 0, gost3411Digest.xBuf.Length);
xBufOff = gost3411Digest.xBufOff;
byteCount = gost3411Digest.byteCount;
}
/// <summary>
/// Вычисление хэша по заданным на сервере параметрам сертификата
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public static byte[] ComputeDigest(byte[] data)
{
IDigest digest;
if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro256)
{
digest = new GOST3411_2012_256Digest();
}
else if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro512)
{
digest = new GOST3411_2012_512Digest();
}
else
{
digest = new Gost3411Digest();
}
return(ComputeDigest(digest, data));
}
private bool VerifyGost(byte[] buffer, int length, byte[] signature)
{
ECDomainParameters dParams = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA);
byte[] reversedPublicKey = PublicKey.Reverse().ToArray();
ECPoint q = dParams.Curve.CreatePoint(new BigInteger(1, reversedPublicKey, 32, 32), new BigInteger(1, reversedPublicKey, 0, 32), false);
ECPublicKeyParameters parameters = new ECPublicKeyParameters(q, dParams);
var signer = new ECGost3410Signer();
signer.Init(false, parameters);
var digest = new Gost3411Digest();
digest.BlockUpdate(buffer, 0, length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return(signer.VerifySignature(hash, new BigInteger(1, signature, 32, 32), new BigInteger(1, signature, 0, 32)));
}
private byte[] SignGost(byte[] buffer, int length)
{
ECGost3410Signer signer = new ECGost3410Signer();
signer.Init(true, new ParametersWithRandom(PrivateKeyFactory.CreateKey(PrivateKey), _secureRandom));
var digest = new Gost3411Digest();
digest.BlockUpdate(buffer, 0, length);
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
var signature = signer.GenerateSignature(hash);
byte[] res = new byte[64];
signature[0].ToByteArrayUnsigned().CopyTo(res, 32);
signature[1].ToByteArrayUnsigned().CopyTo(res, 0);
return(res);
}
/// <summary>
/// Вычисление хэша по сертификату
/// </summary>
/// <param name="data"></param>
/// <param name="cert"></param>
/// <returns></returns>
public static byte[] ComputeDigest(byte[] data, byte[] cert)
{
var c = new X509Certificates.X509Certificate(cert);
var oid = c.PublicKey.Oid.Value;
IDigest digest;
if (oid == Constants.OID_GR3410_12_256)
{
digest = new GOST3411_2012_256Digest();
}
else if (oid == Constants.OID_GR3410_12_512)
{
digest = new GOST3411_2012_512Digest();
}
else
{
digest = new Gost3411Digest();
}
return(ComputeDigest(digest, data));
}
static void PKCS7()
{
GostCryptoConfig.ProviderType = ProviderTypes.VipNet;
Config.InitCommon();
BCX509.X509Certificate bcCert = null;
using (var g = GostCryptoConfig.CreateGost3410AsymmetricAlgorithm())
{
bool detached = false;
byte[] data = File.ReadAllBytes("test.xml");
var certBytes = g.ContainerCertificateRaw;
BCX509.X509CertificateParser _x509CertificateParser = new BCX509.X509CertificateParser();
bcCert = _x509CertificateParser.ReadCertificate(certBytes);
ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>();
certPath.Add(bcCert);
IDigest digest = new Gost3411Digest();
string hashOid = GostCryptoConfig.DefaultHashOid;
byte[] dataHash = ComputeDigest(digest, data);
// Construct SignerInfo.signedAttrs
Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector();
// Add PKCS#9 contentType signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier("1.2.840.113549.1.9.3"),
new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1"))));
// Add PKCS#9 messageDigest signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier("1.2.840.113549.1.9.4"),
new DerSet(new DerOctetString(dataHash))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier("1.2.840.113549.1.9.5"),
new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow)))));
DerSet signedAttributes = new DerSet(signedAttributesVector);
byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded());
byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid);
// hash
//var signature = g.CreateSignature(hash);
var formatter = new GostSignatureFormatter(g);
var signature = formatter.CreateSignature(pkcs1Digest);
// Construct SignerInfo
SignerInfo signerInfo = new SignerInfo(
new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)),
new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null),
signedAttributes,
new AlgorithmIdentifier(new DerObjectIdentifier(GostCryptoConfig.DefaultSignOid), null),
new DerOctetString(signature),
null);
// Construct SignedData.digestAlgorithms
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
new DerObjectIdentifier("1.2.840.113549.1.7.1"),
(detached) ? null : new DerOctetString(data));
// Construct SignedData.certificates
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
foreach (BCX509.X509Certificate cert in certPath)
{
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
}
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
new DerSet(digestAlgorithmsVector),
encapContentInfo,
new BerSet(certificatesVector),
null,
new DerSet(signerInfosVector));
// Construct top level ContentInfo
ContentInfo contentInfo = new ContentInfo(
new DerObjectIdentifier("1.2.840.113549.1.7.2"),
signedData);
var res = contentInfo.GetDerEncoded();
File.WriteAllBytes("test.p7", res);
CmsSignedData cms = new CmsSignedData(res);
var certStore = cms.GetCertificates("Collection");
SignerInformationStore signers = cms.GetSignerInfos();
var it = signers.GetSigners().GetEnumerator();
it.MoveNext();
var signer = it.Current as SignerInformation;
var b = signer.Verify(bcCert);
}
}
/// <summary>
/// Формирование сигнатуры для серверной подписи
/// </summary>
/// <param name="alg"></param>
/// <param name="data"></param>
/// <param name="detached"></param>
/// <returns></returns>
public static byte[] ComputeSignature(Gost3410 alg, byte[] data, bool detached = true)
{
var certBytes = alg.ContainerCertificateRaw;
var _x509CertificateParser = new BCX509.X509CertificateParser();
var bcCert = _x509CertificateParser.ReadCertificate(certBytes);
ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>();
certPath.Add(bcCert);
IDigest digest;
string hashOid;
string signOid;
if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro256)
{
digest = new GOST3411_2012_256Digest();
signOid = Constants.OID_GR3410_12_256;
hashOid = Constants.OID_GR3411_12_256;
}
else if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro512)
{
digest = new GOST3411_2012_512Digest();
signOid = Constants.OID_GR3410_12_512;
hashOid = Constants.OID_GR3411_12_512;
}
else
{
digest = new Gost3411Digest();
signOid = Constants.OID_GR3410_2001;
hashOid = Constants.OID_GR3411_2001;
}
byte[] dataHash = ComputeDigest(digest, data);
// Construct SignerInfo.signedAttrs
Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector();
// Add PKCS#9 contentType signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(Constants.szOID_RSA_contentType),
new DerSet(new DerObjectIdentifier(Constants.szOID_RSA_data))));
// Add PKCS#9 messageDigest signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(Constants.szOID_RSA_messageDigest),
new DerSet(new DerOctetString(dataHash))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(Constants.szOID_RSA_signingTime),
new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow)))));
DerSet signedAttributes = new DerSet(signedAttributesVector);
byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded());
//byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid);
var formatter = new GostSignatureFormatter(alg);
var signature = formatter.CreateSignature(pkcs1Digest);
// Construct SignerInfo
SignerInfo signerInfo = new SignerInfo(
new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)),
new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null),
signedAttributes,
new AlgorithmIdentifier(new DerObjectIdentifier(signOid), null),
new DerOctetString(signature),
null);
// Construct SignedData.digestAlgorithms
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
new DerObjectIdentifier(Constants.szOID_RSA_data),
(detached) ? null : new DerOctetString(data));
// Construct SignedData.certificates
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
foreach (BCX509.X509Certificate cert in certPath)
{
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
}
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
new DerSet(digestAlgorithmsVector),
encapContentInfo,
new BerSet(certificatesVector),
null,
new DerSet(signerInfosVector));
// Construct top level ContentInfo
ContentInfo contentInfo = new ContentInfo(
new DerObjectIdentifier(Constants.szOID_RSA_signedData),
signedData);
return(contentInfo.GetDerEncoded());
}
public static IDigest GetDigest(string algorithm)
{
string text = Platform.ToUpperInvariant(algorithm);
string text2 = (string)DigestUtilities.algorithms[text];
if (text2 == null)
{
text2 = text;
}
try
{
switch ((DigestUtilities.DigestAlgorithm)Enums.GetEnumValue(typeof(DigestUtilities.DigestAlgorithm), text2))
{
case DigestUtilities.DigestAlgorithm.GOST3411:
{
IDigest result = new Gost3411Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.MD2:
{
IDigest result = new MD2Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.MD4:
{
IDigest result = new MD4Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.MD5:
{
IDigest result = new MD5Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD128:
{
IDigest result = new RipeMD128Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD160:
{
IDigest result = new RipeMD160Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD256:
{
IDigest result = new RipeMD256Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD320:
{
IDigest result = new RipeMD320Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_1:
{
IDigest result = new Sha1Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_224:
{
IDigest result = new Sha224Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_256:
{
IDigest result = new Sha256Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_384:
{
IDigest result = new Sha384Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_512:
{
IDigest result = new Sha512Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_512_224:
{
IDigest result = new Sha512tDigest(224);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_512_256:
{
IDigest result = new Sha512tDigest(256);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_224:
{
IDigest result = new Sha3Digest(224);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_256:
{
IDigest result = new Sha3Digest(256);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_384:
{
IDigest result = new Sha3Digest(384);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_512:
{
IDigest result = new Sha3Digest(512);
return(result);
}
case DigestUtilities.DigestAlgorithm.TIGER:
{
IDigest result = new TigerDigest();
return(result);
}
case DigestUtilities.DigestAlgorithm.WHIRLPOOL:
{
IDigest result = new WhirlpoolDigest();
return(result);
}
}
}
catch (ArgumentException)
{
}
throw new SecurityUtilityException("Digest " + text2 + " not recognised.");
}
public Gost3411Digest(Gost3411Digest t)
{
Reset(t);
}
