// https://tools.ietf.org/html/rfc4357#section-5.2 public byte[] Vko(EncryptedPrivateKey encPk, ECPublicKeyParameters sessionKey) { var privKey = (ECPrivateKeyParameters)_keyPair.Private; var ukmBytes = (byte[])encPk.UKM.Clone(); Array.Reverse(ukmBytes); var ukm = new BigInteger(1, ukmBytes); var p = ukm.Multiply(privKey.D).Mod(sessionKey.Parameters.Curve.Order); var kekPoint = sessionKey.Q.Multiply(p).Normalize(); var x = kekPoint.XCoord.ToBigInteger().ToByteArrayUnsigned(); var y = kekPoint.YCoord.ToBigInteger().ToByteArrayUnsigned(); var kekBytes = new byte[64]; Array.Copy(y, 0, kekBytes, 0, 32); Array.Copy(x, 0, kekBytes, 32, 32); Array.Reverse(kekBytes); var kek = new byte[32]; var dig = new Gost3411Digest(); dig.BlockUpdate(kekBytes, 0, kekBytes.Length); dig.DoFinal(kek, 0); return(kek); }
public BigInteger GetDigest(byte[] message) { Gost3411Digest gost3411Digest = new Gost3411Digest(); gost3411Digest.BlockUpdate(message, 0, message.Length); byte[] hashmessage = new byte[gost3411Digest.GetDigestSize()]; gost3411Digest.DoFinal(hashmessage, 0); return(new BigInteger(hashmessage)); }
private byte[] GetDecodeKey(byte[] salt, byte[] pin) { var pincode4 = new byte[pin.Length * 4]; for (int i = 0; i < pin.Length; ++i) { pincode4[i * 4] = pin[i]; } var digest = new Gost3411Digest(Gost28147Engine.GetSBox("D-A")); digest.BlockUpdate(salt, 0, salt.Length); if (pin.Length > 0) { digest.BlockUpdate(pincode4, 0, pincode4.Length); } var result = new byte[32]; digest.DoFinal(result, 0); var current = Encoding.ASCII.GetBytes("DENEFH028.760246785.IUEFHWUIO.EF"); var material36 = new byte[32]; var material5c = new byte[32]; int len = pin.Length > 0 ? 2000 : 2; for (int i = 0; i < len; ++i) { XorMaterial(material36, material5c, current); digest.Reset(); digest.BlockUpdate(material36, 0, 32); digest.BlockUpdate(result, 0, 32); digest.BlockUpdate(material5c, 0, 32); digest.BlockUpdate(result, 0, 32); digest.DoFinal(current, 0); } XorMaterial(material36, material5c, current); digest.Reset(); digest.BlockUpdate(material36, 0, 32); digest.BlockUpdate(salt, 0, 12); digest.BlockUpdate(material5c, 0, 32); if (pin.Length > 0) { digest.BlockUpdate(pincode4, 0, pincode4.Length); } digest.DoFinal(current, 0); var result_key = new byte[32]; digest.Reset(); digest.BlockUpdate(current, 0, 32); digest.DoFinal(result_key, 0); return(result_key); }
private byte[] generateKey(byte[] startkey) { byte[] newKey = new byte[Gost28147_KEY_LENGTH]; Gost3411Digest digest = new Gost3411Digest(); digest.BlockUpdate(startkey, 0, startkey.Length); digest.DoFinal(newKey, 0); return(newKey); }
/** * Test Sign and Verify with test parameters * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt * gostR3410-2001-TestParamSet P.46 */ private void ecGOST3410_TestParam() { SecureRandom random = new SecureRandom(); BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); //p BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619"); FpCurve curve = new FpCurve( mod_p, // p new BigInteger("7"), // a new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b mod_q, BigInteger.One); ECDomainParameters parameters = new ECDomainParameters( curve, curve.CreatePoint( new BigInteger("2"), // x new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), // y mod_q); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters( parameters, random); pGen.Init(genParam); AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair(); ParametersWithRandom param = new ParametersWithRandom(pair.Private, random); ECGost3410Signer ecgost3410 = new ECGost3410Signer(); ecgost3410.Init(true, param); //get hash message using the digest GOST3411. byte[] message = Encoding.ASCII.GetBytes("Message for sign"); Gost3411Digest gost3411 = new Gost3411Digest(); gost3411.BlockUpdate(message, 0, message.Length); byte[] hashmessage = new byte[gost3411.GetDigestSize()]; gost3411.DoFinal(hashmessage, 0); BigInteger[] sig = ecgost3410.GenerateSignature(hashmessage); ecgost3410.Init(false, pair.Public); if (!ecgost3410.VerifySignature(hashmessage, sig[0], sig[1])) { Fail("signature fails"); } }
private byte[] GetDecryptionKey(string pin, VipNetContainer defence) { var passwordData = Encoding.ASCII.GetBytes(pin ?? ""); if (DefenceKeyInfo.KeyClass.Value.IntValue == 64 && DefenceKeyInfo.KeyType.Value.IntValue == 24622) { // Контейнер зашифрован ключом, лежащим в ещё одном контейнере if (defence == null) { throw new CryptographicException("Закрытый ключ зашифрован секретным ключом, расположенным в отдельном вспомогательном контейнере. Используйте опцию --defence"); } return(defence.Entries[0].GetProtectionKey(pin)); } if (DefenceKeyInfo.Algorithm != null && DefenceKeyInfo.Algorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdPbkdf2)) { // PBKDF2 используется в контейнерах ViPNet Jcrypto SDK // Самое смешное, что сам десктопный ViPNet CSP не понимает такие контейнеры // А мы понимаем! var p = Pbkdf2Params.GetInstance(DefenceKeyInfo.Algorithm.Parameters); return(PBKDF2( MacUtilities.GetMac(p.Prf.Algorithm), passwordData, p.GetSalt(), p.IterationCount.IntValue, p.KeyLength.IntValue )); } var digest = new Gost3411Digest(); var keyData = new byte[digest.GetDigestSize()]; var unwrappingKey = new byte[digest.GetDigestSize()]; digest.BlockUpdate(passwordData, 0, passwordData.Length); digest.DoFinal(keyData, 0); digest.Reset(); var secodeData = passwordData.Concat(keyData).ToArray(); digest.BlockUpdate(secodeData, 0, secodeData.Length); digest.DoFinal(unwrappingKey, 0); var tmp = new int[keyData.Length / 4]; for (int i = 0; i < keyData.Length; i += 4) { tmp[i / 4] = BitConverter.ToInt32(keyData, i) - BitConverter.ToInt32(unwrappingKey, i); } return(tmp.SelectMany(x => BitConverter.GetBytes(x)).ToArray()); }
public void Reset(IMemoable other) { Gost3411Digest gost3411Digest = (Gost3411Digest)other; sBox = gost3411Digest.sBox; cipher.Init(forEncryption: true, new ParametersWithSBox(null, sBox)); Reset(); Array.Copy(gost3411Digest.H, 0, H, 0, gost3411Digest.H.Length); Array.Copy(gost3411Digest.L, 0, L, 0, gost3411Digest.L.Length); Array.Copy(gost3411Digest.M, 0, M, 0, gost3411Digest.M.Length); Array.Copy(gost3411Digest.Sum, 0, Sum, 0, gost3411Digest.Sum.Length); Array.Copy(gost3411Digest.C[1], 0, C[1], 0, gost3411Digest.C[1].Length); Array.Copy(gost3411Digest.C[2], 0, C[2], 0, gost3411Digest.C[2].Length); Array.Copy(gost3411Digest.C[3], 0, C[3], 0, gost3411Digest.C[3].Length); Array.Copy(gost3411Digest.xBuf, 0, xBuf, 0, gost3411Digest.xBuf.Length); xBufOff = gost3411Digest.xBufOff; byteCount = gost3411Digest.byteCount; }
/// <summary> /// Вычисление хэша по заданным на сервере параметрам сертификата /// </summary> /// <param name="data"></param> /// <returns></returns> public static byte[] ComputeDigest(byte[] data) { IDigest digest; if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro256) { digest = new GOST3411_2012_256Digest(); } else if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro512) { digest = new GOST3411_2012_512Digest(); } else { digest = new Gost3411Digest(); } return(ComputeDigest(digest, data)); }
private bool VerifyGost(byte[] buffer, int length, byte[] signature) { ECDomainParameters dParams = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); byte[] reversedPublicKey = PublicKey.Reverse().ToArray(); ECPoint q = dParams.Curve.CreatePoint(new BigInteger(1, reversedPublicKey, 32, 32), new BigInteger(1, reversedPublicKey, 0, 32), false); ECPublicKeyParameters parameters = new ECPublicKeyParameters(q, dParams); var signer = new ECGost3410Signer(); signer.Init(false, parameters); var digest = new Gost3411Digest(); digest.BlockUpdate(buffer, 0, length); byte[] hash = new byte[digest.GetDigestSize()]; digest.DoFinal(hash, 0); return(signer.VerifySignature(hash, new BigInteger(1, signature, 32, 32), new BigInteger(1, signature, 0, 32))); }
private byte[] SignGost(byte[] buffer, int length) { ECGost3410Signer signer = new ECGost3410Signer(); signer.Init(true, new ParametersWithRandom(PrivateKeyFactory.CreateKey(PrivateKey), _secureRandom)); var digest = new Gost3411Digest(); digest.BlockUpdate(buffer, 0, length); byte[] hash = new byte[digest.GetDigestSize()]; digest.DoFinal(hash, 0); var signature = signer.GenerateSignature(hash); byte[] res = new byte[64]; signature[0].ToByteArrayUnsigned().CopyTo(res, 32); signature[1].ToByteArrayUnsigned().CopyTo(res, 0); return(res); }
/// <summary> /// Вычисление хэша по сертификату /// </summary> /// <param name="data"></param> /// <param name="cert"></param> /// <returns></returns> public static byte[] ComputeDigest(byte[] data, byte[] cert) { var c = new X509Certificates.X509Certificate(cert); var oid = c.PublicKey.Oid.Value; IDigest digest; if (oid == Constants.OID_GR3410_12_256) { digest = new GOST3411_2012_256Digest(); } else if (oid == Constants.OID_GR3410_12_512) { digest = new GOST3411_2012_512Digest(); } else { digest = new Gost3411Digest(); } return(ComputeDigest(digest, data)); }
static void PKCS7() { GostCryptoConfig.ProviderType = ProviderTypes.VipNet; Config.InitCommon(); BCX509.X509Certificate bcCert = null; using (var g = GostCryptoConfig.CreateGost3410AsymmetricAlgorithm()) { bool detached = false; byte[] data = File.ReadAllBytes("test.xml"); var certBytes = g.ContainerCertificateRaw; BCX509.X509CertificateParser _x509CertificateParser = new BCX509.X509CertificateParser(); bcCert = _x509CertificateParser.ReadCertificate(certBytes); ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>(); certPath.Add(bcCert); IDigest digest = new Gost3411Digest(); string hashOid = GostCryptoConfig.DefaultHashOid; byte[] dataHash = ComputeDigest(digest, data); // Construct SignerInfo.signedAttrs Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector(); // Add PKCS#9 contentType signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier("1.2.840.113549.1.9.3"), new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1")))); // Add PKCS#9 messageDigest signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier("1.2.840.113549.1.9.4"), new DerSet(new DerOctetString(dataHash)))); // Add PKCS#9 signingTime signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier("1.2.840.113549.1.9.5"), new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow))))); DerSet signedAttributes = new DerSet(signedAttributesVector); byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded()); byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid); // hash //var signature = g.CreateSignature(hash); var formatter = new GostSignatureFormatter(g); var signature = formatter.CreateSignature(pkcs1Digest); // Construct SignerInfo SignerInfo signerInfo = new SignerInfo( new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)), new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null), signedAttributes, new AlgorithmIdentifier(new DerObjectIdentifier(GostCryptoConfig.DefaultSignOid), null), new DerOctetString(signature), null); // Construct SignedData.digestAlgorithms Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null)); // Construct SignedData.encapContentInfo ContentInfo encapContentInfo = new ContentInfo( new DerObjectIdentifier("1.2.840.113549.1.7.1"), (detached) ? null : new DerOctetString(data)); // Construct SignedData.certificates Asn1EncodableVector certificatesVector = new Asn1EncodableVector(); foreach (BCX509.X509Certificate cert in certPath) { certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); } // Construct SignedData.signerInfos Asn1EncodableVector signerInfosVector = new Asn1EncodableVector(); signerInfosVector.Add(signerInfo.ToAsn1Object()); // Construct SignedData SignedData signedData = new SignedData( new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(certificatesVector), null, new DerSet(signerInfosVector)); // Construct top level ContentInfo ContentInfo contentInfo = new ContentInfo( new DerObjectIdentifier("1.2.840.113549.1.7.2"), signedData); var res = contentInfo.GetDerEncoded(); File.WriteAllBytes("test.p7", res); CmsSignedData cms = new CmsSignedData(res); var certStore = cms.GetCertificates("Collection"); SignerInformationStore signers = cms.GetSignerInfos(); var it = signers.GetSigners().GetEnumerator(); it.MoveNext(); var signer = it.Current as SignerInformation; var b = signer.Verify(bcCert); } }
/// <summary> /// Формирование сигнатуры для серверной подписи /// </summary> /// <param name="alg"></param> /// <param name="data"></param> /// <param name="detached"></param> /// <returns></returns> public static byte[] ComputeSignature(Gost3410 alg, byte[] data, bool detached = true) { var certBytes = alg.ContainerCertificateRaw; var _x509CertificateParser = new BCX509.X509CertificateParser(); var bcCert = _x509CertificateParser.ReadCertificate(certBytes); ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>(); certPath.Add(bcCert); IDigest digest; string hashOid; string signOid; if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro256) { digest = new GOST3411_2012_256Digest(); signOid = Constants.OID_GR3410_12_256; hashOid = Constants.OID_GR3411_12_256; } else if (GostCryptoConfig.ProviderType == ProviderTypes.CryptoPro512) { digest = new GOST3411_2012_512Digest(); signOid = Constants.OID_GR3410_12_512; hashOid = Constants.OID_GR3411_12_512; } else { digest = new Gost3411Digest(); signOid = Constants.OID_GR3410_2001; hashOid = Constants.OID_GR3411_2001; } byte[] dataHash = ComputeDigest(digest, data); // Construct SignerInfo.signedAttrs Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector(); // Add PKCS#9 contentType signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(Constants.szOID_RSA_contentType), new DerSet(new DerObjectIdentifier(Constants.szOID_RSA_data)))); // Add PKCS#9 messageDigest signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(Constants.szOID_RSA_messageDigest), new DerSet(new DerOctetString(dataHash)))); // Add PKCS#9 signingTime signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(Constants.szOID_RSA_signingTime), new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow))))); DerSet signedAttributes = new DerSet(signedAttributesVector); byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded()); //byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid); var formatter = new GostSignatureFormatter(alg); var signature = formatter.CreateSignature(pkcs1Digest); // Construct SignerInfo SignerInfo signerInfo = new SignerInfo( new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)), new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null), signedAttributes, new AlgorithmIdentifier(new DerObjectIdentifier(signOid), null), new DerOctetString(signature), null); // Construct SignedData.digestAlgorithms Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null)); // Construct SignedData.encapContentInfo ContentInfo encapContentInfo = new ContentInfo( new DerObjectIdentifier(Constants.szOID_RSA_data), (detached) ? null : new DerOctetString(data)); // Construct SignedData.certificates Asn1EncodableVector certificatesVector = new Asn1EncodableVector(); foreach (BCX509.X509Certificate cert in certPath) { certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); } // Construct SignedData.signerInfos Asn1EncodableVector signerInfosVector = new Asn1EncodableVector(); signerInfosVector.Add(signerInfo.ToAsn1Object()); // Construct SignedData SignedData signedData = new SignedData( new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(certificatesVector), null, new DerSet(signerInfosVector)); // Construct top level ContentInfo ContentInfo contentInfo = new ContentInfo( new DerObjectIdentifier(Constants.szOID_RSA_signedData), signedData); return(contentInfo.GetDerEncoded()); }
public static IDigest GetDigest(string algorithm) { string text = Platform.ToUpperInvariant(algorithm); string text2 = (string)DigestUtilities.algorithms[text]; if (text2 == null) { text2 = text; } try { switch ((DigestUtilities.DigestAlgorithm)Enums.GetEnumValue(typeof(DigestUtilities.DigestAlgorithm), text2)) { case DigestUtilities.DigestAlgorithm.GOST3411: { IDigest result = new Gost3411Digest(); return(result); } case DigestUtilities.DigestAlgorithm.MD2: { IDigest result = new MD2Digest(); return(result); } case DigestUtilities.DigestAlgorithm.MD4: { IDigest result = new MD4Digest(); return(result); } case DigestUtilities.DigestAlgorithm.MD5: { IDigest result = new MD5Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD128: { IDigest result = new RipeMD128Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD160: { IDigest result = new RipeMD160Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD256: { IDigest result = new RipeMD256Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD320: { IDigest result = new RipeMD320Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_1: { IDigest result = new Sha1Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_224: { IDigest result = new Sha224Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_256: { IDigest result = new Sha256Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_384: { IDigest result = new Sha384Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_512: { IDigest result = new Sha512Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_512_224: { IDigest result = new Sha512tDigest(224); return(result); } case DigestUtilities.DigestAlgorithm.SHA_512_256: { IDigest result = new Sha512tDigest(256); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_224: { IDigest result = new Sha3Digest(224); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_256: { IDigest result = new Sha3Digest(256); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_384: { IDigest result = new Sha3Digest(384); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_512: { IDigest result = new Sha3Digest(512); return(result); } case DigestUtilities.DigestAlgorithm.TIGER: { IDigest result = new TigerDigest(); return(result); } case DigestUtilities.DigestAlgorithm.WHIRLPOOL: { IDigest result = new WhirlpoolDigest(); return(result); } } } catch (ArgumentException) { } throw new SecurityUtilityException("Digest " + text2 + " not recognised."); }
public Gost3411Digest(Gost3411Digest t) { Reset(t); }