public Signature FromReader(BinaryReader reader, long reload_msg_size) {
var ascii = new ASCIIEncoding();
var hashAlg = (HashAlgorithm)reader.ReadByte();
var signatureAlg = (SignatureAlgorithm)reader.ReadByte();
algorithm = new SignatureAndHashAlgorithm(hashAlg, signatureAlg);
/* Read SignerIdentity */
var type = (SignerIdentityType)reader.ReadByte();
UInt16 length = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16());
/* Read SignerIdentityValue */
hashAlg = (HashAlgorithm)reader.ReadByte();
length -= 1;
ushort hashLen = (ushort)reader.ReadByte();
byte[] bHash = reader.ReadBytes(hashLen);
/* Create SignerIdentityValue */
var signerIdVal = new SignerIdentityValue(type, hashAlg, bHash);
/* Create SignerIdentity */
identity = new SignerIdentity(type, signerIdVal);
/* Read SignatureValue */
UInt16 sigLen = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16());
signatureValue = reader.ReadBytes(sigLen);
return this;
}
/// <summary>
/// Each StoredData element is individually signed. However, the
/// signature also must be self-contained and cover the Kind-ID and
/// Resource-ID even though they are not present in the StoredData
/// structure. The input to the signature algorithm is:
/// resource_id || kind || storage_time || StoredDataValue ||
/// SignerIdentity
/// </summary>
/// <param name="resId"></param>
/// <param name="kind"></param>
/// <param name="storageTime"></param>
/// <param name="storedDataValue"></param>
/// <param name="identity"></param>
public Signature(ResourceId resId, UInt32 kind, UInt64 storageTime,
StoredDataValue value, SignerIdentity signerIdentity,
ReloadConfig config) {
m_ReloadConfig = config;
var ascii = new ASCIIEncoding();
/* Set alogorithm and identity */
algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
ReloadGlobals.SignatureAlg);
identity = signerIdentity;
/* Get string of stored data value */
var ms = new MemoryStream();
var bw = new BinaryWriter(ms);
value.Dump(bw);
value.GetUsageValue.dump(bw);
ms.Position = 0;
var sr = new StreamReader(ms);
string strValue = sr.ReadToEnd();
sr.Close();
bw.Close();
/* Concatenate signature input */
String signaturInput = String.Format("{0}{1}{2}{3}{4}",
ascii.GetString(resId.Data, 0, resId.Data.Length), kind, storageTime,
strValue, identity.ToString());
signatureValue = Sign(signaturInput);
}
/// <summary>
/// For signatures over messages the input to the signature is computed
/// over the overlay and transaction_id come from the forwarding header
/// see RELOAD base -13 p.53
/// </summary>
/// <param name="overlay">overlay</param>
/// <param name="transaction_id">transaction_id</param>
/// <param name="messageContents">Message Contents</param>
/// <param name="signerIdentity">SignerIdentity</param>
public Signature(UInt32 overlay, string transactionId, string messageContents, SignerIdentity signerIdentity, ReloadConfig config) {
m_ReloadConfig = config;
algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
ReloadGlobals.SignatureAlg);
identity = signerIdentity;
/* Compute signature */
String signaturInput = String.Format("{0}{1}{2}{3}", overlay, transactionId, messageContents, identity.ToString());
signatureValue = Sign(signaturInput);
}
public Signature(UInt32 overlay, string transactionId, byte[] messageContents, SignerIdentity signerIdentity, ReloadConfig config)
{
m_ReloadConfig = config;
algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
ReloadGlobals.SignatureAlg);
identity = signerIdentity;
/* Compute signature */
byte[] bOverlay = BitConverter.GetBytes(overlay);
byte[] bTransId = Encoding.Unicode.GetBytes(transactionId);
byte[] bId = Encoding.Unicode.GetBytes(identity.ToString());
byte[] sig = new byte[bOverlay.Length + bTransId.Length + messageContents.Length + bId.Length];
System.Buffer.BlockCopy(bOverlay, 0, sig, 0, bOverlay.Length);
System.Buffer.BlockCopy(bTransId, 0, sig, bOverlay.Length, bTransId.Length);
System.Buffer.BlockCopy(messageContents, 0, sig, bOverlay.Length + bTransId.Length, messageContents.Length);
System.Buffer.BlockCopy(bId, 0, sig, bOverlay.Length + bTransId.Length + messageContents.Length, bId.Length);
signatureValue = Sign(sig);
}
public bool validateDataSignature(ResourceId resId, uint kind, StoredData sd) {
//FetchAns fetch_answer = (FetchAns)(reloadMsg.reload_message_body);
var ascii = new ASCIIEncoding();
/* Set alogorithm and identity */
SignatureAndHashAlgorithm algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg);
/* Covert Idenity to string */
String identity = sd.Signature.Identity.ToString();
/* Get string of stored data value */
var ms = new MemoryStream();
var bw = new BinaryWriter(ms);
sd.Value.Dump(bw);
sd.Value.GetUsageValue.dump(bw);
ms.Position = 0;
var sr = new StreamReader(ms);
string strValue = sr.ReadToEnd();
sr.Close();
bw.Close();
/* Concatenate signature input */
String strSignaturInput = String.Format("{0}{1}{2}{3}{4}",
ascii.GetString(resId.Data, 0, resId.Data.Length), kind, sd.StoreageTime,
strValue, identity);
byte[] signatureInput = ascii.GetBytes(strSignaturInput);
byte[] sigVal = sd.Signature.SignaureValue;
GenericCertificate gencert = GetPKC(sd.Signature.Identity);
byte[] bcert = gencert.Certificate; //TODO: TEST
X509Certificate2 signerCert = new X509Certificate2(bcert);
if (!Utils.X509Utils.VerifyCertificate(signerCert, m_ReloadConfig.RootCertificate))
{
m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_ERROR,
String.Format("validateDataSignatures: NodeID {0}, Certificate" +
"validation failed (CA Issuer {1})",
null, signerCert.Issuer));
//return false;
}
var cert = new X509Certificate2(bcert);
switch (sd.Signature.Algorithm.signature) {
case SignatureAlgorithm.rsa:
var cryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;
switch (sd.Signature.Algorithm.hash) {
case HashAlgorithm.sha256:
var sha256 = new SHA256CryptoServiceProvider();
if (!cryptoIPT.VerifyData(signatureInput, sha256, sigVal)) {
throw new InvalidOperationException("Invalid signature");
return false;
}
else {
m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_FORWARDING, "DATA SIGNATURE VALID!!");
return true;
}
break;
default:
throw new NotImplementedException("AccessController:" +
"hash algoritm not implemented!");
}
break;
case SignatureAlgorithm.dsa:
throw new NotImplementedException("AccessController:" +
"DSA encryption not implemented!");
default:
throw new NotImplementedException("AccessController:" +
"encryption not implemented!");
}
}
