/// <summary>
/// Initializes a new instance of the <see cref="ECDHPublicKeyParameters" /> class.
/// </summary>
/// <param name="q">The q.</param>
/// <param name="parameters">The parameters.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECDHPublicKeyParameters(ECPoint q, ECDomainParameters parameters, HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base("ECDH", q, parameters)
{
this.HashAlgorithm = hashAlgorithm;
this.SymmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
/// <summary>
/// Initializes a new instance of the <see cref="ECKeyGenerationParameters"/> class.
/// </summary>
/// <param name="publicKeyParamSet">The public key param set.</param>
/// <param name="random">The random.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECKeyGenerationParameters(DerObjectIdentifier publicKeyParamSet, ISecureRandom random, HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: this(ECKeyParameters.LookupParameters(publicKeyParamSet), random)
{
_publicKeyParamSet = publicKeyParamSet;
_hashAlgorithm = hashAlgorithm;
_symmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
/// <summary>
/// Initializes a new instance of the <see cref="ECDHPublicKeyParameters" /> class.
/// </summary>
/// <param name="q">The q.</param>
/// <param name="publicKeyParamSet">The public key param set.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECDHPublicKeyParameters(ECPoint q, DerObjectIdentifier publicKeyParamSet, HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base("ECDH", q, publicKeyParamSet)
{
this.HashAlgorithm = hashAlgorithm;
this.SymmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
/// <summary>
/// Initializes a new instance of the <see cref="ECKeyGenerationParameters"/> class.
/// </summary>
/// <param name="domainParameters">The domain parameters.</param>
/// <param name="random">The random.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECKeyGenerationParameters(ECDomainParameters domainParameters, ISecureRandom random, HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(random, domainParameters.N.BitLength)
{
_domainParams = domainParameters;
_hashAlgorithm = hashAlgorithm;
_symmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
internal S2k(Stream inStr)
{
//IL_0069: Unknown result type (might be due to invalid IL or missing references)
type = inStr.ReadByte();
algorithm = (HashAlgorithmTag)inStr.ReadByte();
if (type != 101)
{
if (type != 0)
{
iv = new byte[8];
if (Streams.ReadFully(inStr, iv, 0, iv.Length) < iv.Length)
{
throw new EndOfStreamException();
}
if (type == 3)
{
itCount = inStr.ReadByte();
}
}
}
else
{
inStr.ReadByte();
inStr.ReadByte();
inStr.ReadByte();
protectionMode = inStr.ReadByte();
}
}
public static string GetSignatureName(
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm)
{
string encAlg;
switch (keyAlgorithm)
{
case PublicKeyAlgorithmTag.RsaGeneral:
case PublicKeyAlgorithmTag.RsaSign:
encAlg = "RSA";
break;
case PublicKeyAlgorithmTag.Dsa:
encAlg = "DSA";
break;
case PublicKeyAlgorithmTag.ECDH:
encAlg = "ECDH";
break;
case PublicKeyAlgorithmTag.ECDsa:
encAlg = "ECDSA";
break;
case PublicKeyAlgorithmTag.ElGamalEncrypt: // in some malformed cases.
case PublicKeyAlgorithmTag.ElGamalGeneral:
encAlg = "ElGamal";
break;
default:
throw new PgpException("unknown algorithm tag in signature:" + keyAlgorithm);
}
return GetDigestName(hashAlgorithm) + "with" + encAlg;
}
public static Task <string> SignData(byte[] data, HashAlgorithmTag hash = HashAlgorithmTag.Sha512)
{
if (masterPrivateKey == null)
{
throw new ErrorObject {
ErrorCode = ErrorCodes.SealedStatus,
ErrorField = "gpgkey",
Message = "The GPG Key is currently encrypted. Please decrypt it first with Unseal"
}.ToException();
}
return(Task.Run(() => {
using (var ms = new MemoryStream()) {
var s = new ArmoredOutputStream(ms);
using (var bOut = new BcpgOutputStream(s)) {
var sGen = new PgpSignatureGenerator(masterSecretKey.PublicKey.Algorithm, hash);
sGen.InitSign(PgpSignature.BinaryDocument, masterPrivateKey);
sGen.Update(data, 0, data.Length);
sGen.Generate().Encode(bOut);
s.Close();
ms.Seek(0, SeekOrigin.Begin);
return Tools.GPG2Quanto(Encoding.UTF8.GetString(ms.ToArray()), masterSecretKey.PublicKey.GetFingerprint().ToHexString(), hash);
}
}
}));
}
/// <summary>
/// Initializes a new instance of the <see cref="ECKeyGenerationParameters"/> class.
/// </summary>
/// <param name="domainParameters">The domain parameters.</param>
/// <param name="random">The random.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECKeyGenerationParameters(ECDomainParameters domainParameters, ISecureRandom random, HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(random, domainParameters.N.BitLength)
{
_domainParams = domainParameters;
_hashAlgorithm = hashAlgorithm;
_symmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
public static string GetSignatureName(PublicKeyAlgorithmTag keyAlgorithm, HashAlgorithmTag hashAlgorithm)
{
string text;
switch (keyAlgorithm)
{
case PublicKeyAlgorithmTag.RsaGeneral:
case PublicKeyAlgorithmTag.RsaSign:
text = "RSA";
break;
case PublicKeyAlgorithmTag.Dsa:
text = "DSA";
break;
case PublicKeyAlgorithmTag.EC:
text = "ECDH";
break;
case PublicKeyAlgorithmTag.ECDsa:
text = "ECDSA";
break;
case PublicKeyAlgorithmTag.ElGamalEncrypt:
case PublicKeyAlgorithmTag.ElGamalGeneral:
text = "ElGamal";
break;
default:
throw new PgpException(string.Concat((object)"unknown algorithm tag in signature:", (object)keyAlgorithm));
}
return(GetDigestName(hashAlgorithm) + "with" + text);
}
/// <summary>
/// Initializes a new instance of the <see cref="S2k"/> class.
/// </summary>
/// <param name="algorithm">The algorithm.</param>
/// <param name="iv">The iv.</param>
/// <param name="itCount">It count.</param>
public S2k(HashAlgorithmTag algorithm, byte[] iv, int itCount)
{
_type = 3;
_algorithm = algorithm;
_iv = iv;
_itCount = itCount;
}
public static string GetDigestName(
HashAlgorithmTag hashAlgorithm)
{
switch (hashAlgorithm)
{
case HashAlgorithmTag.Sha1:
return "SHA1";
case HashAlgorithmTag.MD2:
return "MD2";
case HashAlgorithmTag.MD5:
return "MD5";
case HashAlgorithmTag.RipeMD160:
return "RIPEMD160";
case HashAlgorithmTag.Sha224:
return "SHA224";
case HashAlgorithmTag.Sha256:
return "SHA256";
case HashAlgorithmTag.Sha384:
return "SHA384";
case HashAlgorithmTag.Sha512:
return "SHA512";
default:
throw new PgpException("unknown hash algorithm tag in GetDigestName: " + hashAlgorithm);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="ECKeyGenerationParameters"/> class.
/// </summary>
/// <param name="publicKeyParamSet">The public key param set.</param>
/// <param name="random">The random.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECKeyGenerationParameters(DerObjectIdentifier publicKeyParamSet, ISecureRandom random, HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: this(ECKeyParameters.LookupParameters(publicKeyParamSet), random)
{
_publicKeyParamSet = publicKeyParamSet;
_hashAlgorithm = hashAlgorithm;
_symmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
public static string GetSignatureName(
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm)
{
string encAlg;
switch (keyAlgorithm)
{
case PublicKeyAlgorithmTag.RsaGeneral:
case PublicKeyAlgorithmTag.RsaSign:
encAlg = "RSA";
break;
case PublicKeyAlgorithmTag.Dsa:
encAlg = "DSA";
break;
case PublicKeyAlgorithmTag.ElGamalEncrypt: // in some malformed cases.
case PublicKeyAlgorithmTag.ElGamalGeneral:
encAlg = "ElGamal";
break;
default:
throw new PgpException("unknown algorithm tag in signature:" + keyAlgorithm);
}
return(GetDigestName(hashAlgorithm) + "with" + encAlg);
}
/// <summary>
/// Create a new key ring generator.
/// </summary>
/// <remarks>
/// Allows the caller to handle the encoding of the passphrase to bytes.
/// </remarks>
/// <param name="certificationLevel">The certification level for keys on this ring.</param>
/// <param name="masterKey">The master key pair.</param>
/// <param name="id">The id to be associated with the ring.</param>
/// <param name="encAlgorithm">The algorithm to be used to protect secret keys.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="rawPassPhrase">The passPhrase to be used to protect secret keys.</param>
/// <param name="useSha1">Checksum the secret keys with SHA1 rather than the older 16 bit checksum.</param>
/// <param name="hashedPackets">Packets to be included in the certification hash.</param>
/// <param name="unhashedPackets">Packets to be attached unhashed to the certification.</param>
/// <param name="rand">input secured random.</param>
public PgpKeyRingGenerator(
int certificationLevel,
PgpKeyPair masterKey,
string id,
SymmetricKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
byte[] rawPassPhrase,
bool useSha1,
PgpSignatureSubpacketVector hashedPackets,
PgpSignatureSubpacketVector unhashedPackets,
SecureRandom rand)
{
this.certificationLevel = certificationLevel;
this.masterKey = masterKey;
this.id = id;
this.encAlgorithm = encAlgorithm;
this.rawPassPhrase = rawPassPhrase;
this.useSha1 = useSha1;
this.hashedPacketVector = hashedPackets;
this.unhashedPacketVector = unhashedPackets;
this.rand = rand;
this.hashAlgorithm = hashAlgorithm;
keys.Add(new PgpSecretKey(certificationLevel, masterKey, id, encAlgorithm, hashAlgorithm, rawPassPhrase, false, useSha1, hashedPackets, unhashedPackets, rand));
}
/// <summary>
/// Initializes a new instance of the <see cref="S2k"/> class.
/// </summary>
/// <param name="algorithm">The algorithm.</param>
/// <param name="iv">The iv.</param>
/// <param name="itCount">It count.</param>
public S2k(HashAlgorithmTag algorithm, byte[] iv, int itCount)
{
_type = 3;
_algorithm = algorithm;
_iv = iv;
_itCount = itCount;
}
internal S2k(
Stream inStr)
{
type = inStr.ReadByte();
algorithm = (HashAlgorithmTag) inStr.ReadByte();
//
// if this happens we have a dummy-S2k packet.
//
if (type != GnuDummyS2K)
{
if (type != 0)
{
iv = new byte[8];
if (Streams.ReadFully(inStr, iv, 0, iv.Length) < iv.Length)
throw new EndOfStreamException();
if (type == 3)
{
itCount = inStr.ReadByte();
}
}
}
else
{
inStr.ReadByte(); // G
inStr.ReadByte(); // N
inStr.ReadByte(); // U
protectionMode = inStr.ReadByte(); // protection mode
}
}
/// <summary>
/// Initializes a new instance of the <see cref="ECDHPublicKeyParameters" /> class.
/// </summary>
/// <param name="q">The q.</param>
/// <param name="parameters">The parameters.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECDHPublicKeyParameters(ECPoint q, ECDomainParameters parameters, HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base("ECDH", q, parameters)
{
this.HashAlgorithm = hashAlgorithm;
this.SymmetricKeyAlgorithm = symmetricKeyAlgorithm;
}
public S2k(HashAlgorithmTag algorithm, byte[] iv, int itCount)
{
type = 3;
this.algorithm = algorithm;
this.iv = iv;
this.itCount = itCount;
}
public Task <string> SignData(string fingerPrint, byte[] data, HashAlgorithmTag hash = HashAlgorithmTag.Sha512)
{
if (fingerPrint.Length == 8 && FP8TO16.ContainsKey(fingerPrint))
{
fingerPrint = FP8TO16[fingerPrint];
}
if (!decryptedKeys.ContainsKey(fingerPrint))
{
throw new KeyNotDecryptedException(fingerPrint);
}
var pgpSec = privateKeys[fingerPrint];
var pgpPrivKey = decryptedKeys[fingerPrint];
return(Task.Run(() => {
using (var ms = new MemoryStream()) {
var s = new ArmoredOutputStream(ms);
using (var bOut = new BcpgOutputStream(s)) {
var sGen = new PgpSignatureGenerator(pgpSec.PublicKey.Algorithm, hash);
sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
sGen.Update(data, 0, data.Length);
sGen.Generate().Encode(bOut);
s.Close();
ms.Seek(0, SeekOrigin.Begin);
return Encoding.UTF8.GetString(ms.ToArray());
}
}
}));
}
public SignaturePacket(
int version,
int signatureType,
long keyId,
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm,
SignatureSubpacket[] hashedData,
SignatureSubpacket[] unhashedData,
byte[] fingerprint,
MPInteger[] signature)
{
this.version = version;
this.signatureType = signatureType;
this.keyId = keyId;
this.keyAlgorithm = keyAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.hashedData = hashedData;
this.unhashedData = unhashedData;
this.fingerprint = fingerprint;
this.signature = signature;
if (hashedData != null)
{
setCreationTime();
}
}
public PgpV3SignatureGenerator(PublicKeyAlgorithmTag keyAlgorithm, HashAlgorithmTag hashAlgorithm)
{
this.keyAlgorithm = keyAlgorithm;
this.hashAlgorithm = hashAlgorithm;
dig = DigestUtilities.GetDigest(PgpUtilities.GetDigestName(hashAlgorithm));
sig = SignerUtilities.GetSigner(PgpUtilities.GetSignatureName(keyAlgorithm, hashAlgorithm));
}
/// <summary>
/// Initializes a new instance of the <see cref="S2k"/> class.
/// </summary>
/// <param name="inStr">The in STR.</param>
/// <exception cref="System.IO.EndOfStreamException"></exception>
internal S2k(Stream inStr)
{
_type = inStr.ReadByte();
_algorithm = (HashAlgorithmTag)inStr.ReadByte();
//
// if this happens we have a dummy-S2k packet.
//
if (_type != GnuDummyS2K)
{
if (_type != 0)
{
_iv = new byte[8];
if (Streams.ReadFully(inStr, _iv, 0, _iv.Length) < _iv.Length)
{
throw new EndOfStreamException();
}
if (_type == 3)
{
_itCount = inStr.ReadByte();
}
}
}
else
{
inStr.ReadByte(); // G
inStr.ReadByte(); // N
inStr.ReadByte(); // U
_protectionMode = inStr.ReadByte(); // protection mode
}
}
internal S2k(Stream inStr)
{
this.type = inStr.ReadByte();
this.algorithm = (HashAlgorithmTag)inStr.ReadByte();
if (this.type != 101)
{
if (this.type != 0)
{
this.iv = new byte[8];
if (Streams.ReadFully(inStr, this.iv, 0, this.iv.Length) < this.iv.Length)
{
throw new EndOfStreamException();
}
if (this.type == 3)
{
this.itCount = inStr.ReadByte();
return;
}
}
}
else
{
inStr.ReadByte();
inStr.ReadByte();
inStr.ReadByte();
this.protectionMode = inStr.ReadByte();
}
}
public static string GetDigestName(
HashAlgorithmTag hashAlgorithm)
{
switch (hashAlgorithm)
{
case HashAlgorithmTag.Sha1:
return("SHA1");
case HashAlgorithmTag.MD2:
return("MD2");
case HashAlgorithmTag.MD5:
return("MD5");
case HashAlgorithmTag.RipeMD160:
return("RIPEMD160");
case HashAlgorithmTag.Sha224:
return("SHA224");
case HashAlgorithmTag.Sha256:
return("SHA256");
case HashAlgorithmTag.Sha384:
return("SHA384");
case HashAlgorithmTag.Sha512:
return("SHA512");
default:
throw new PgpException("unknown hash algorithm tag in GetDigestName: " + hashAlgorithm);
}
}
/// <summary>
/// Add a subkey with specific hashed and unhashed packets associated with it and
/// default certification.
/// </summary>
/// <param name="keyPair">Public/private key pair.</param>
/// <param name="hashedPackets">Hashed packet values to be included in certification.</param>
/// <param name="unhashedPackets">Unhashed packets values to be included in certification.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <exception cref="Org.BouncyCastle.Bcpg.OpenPgp.PgpException">exception adding subkey: </exception>
/// <exception cref="PgpException"></exception>
public void AddSubKey(
PgpKeyPair keyPair,
PgpSignatureSubpacketVector hashedPackets,
PgpSignatureSubpacketVector unhashedPackets,
HashAlgorithmTag hashAlgorithm)
{
try
{
PgpSignatureGenerator sGen = new PgpSignatureGenerator(masterKey.PublicKey.Algorithm, hashAlgorithm);
//
// Generate the certification
//
sGen.InitSign(PgpSignature.SubkeyBinding, masterKey.PrivateKey);
sGen.SetHashedSubpackets(hashedPackets);
sGen.SetUnhashedSubpackets(unhashedPackets);
IList subSigs = Platform.CreateArrayList();
subSigs.Add(sGen.GenerateCertification(masterKey.PublicKey, keyPair.PublicKey));
keys.Add(new PgpSecretKey(keyPair.PrivateKey, new PgpPublicKey(keyPair.PublicKey, null, subSigs), encAlgorithm,
rawPassPhrase, false, useSha1, rand, false));
}
catch (PgpException)
{
throw;
}
catch (Exception e)
{
throw new PgpException("exception adding subkey: ", e);
}
}
/// <summary>
/// Helper for creating a PgpSignatureGenerator from private key file and its password
/// </summary>
/// <param name="stream">Stream to use for signature initialization</param>
/// <param name="input">Encryption task input</param>
/// <returns>PgpSignatureGenerator to be used when signing a file</returns>
internal static PgpSignatureGenerator InitPgpSignatureGenerator(Stream stream, PgpEncryptInput input)
{
HashAlgorithmTag hashAlgorithm = input.SigningSettings.SignatureHashAlgorithm.ConvertEnum <HashAlgorithmTag>();
try
{
PgpSecretKey secretKey = ReadSecretKey(input.SigningSettings.PrivateKeyFile);
PgpPrivateKey privateKey = secretKey.ExtractPrivateKey(input.SigningSettings.PrivateKeyPassword.ToCharArray());
var pgpSignatureGenerator = new PgpSignatureGenerator(secretKey.PublicKey.Algorithm, hashAlgorithm);
pgpSignatureGenerator.InitSign(PgpSignature.BinaryDocument, privateKey);
foreach (string userId in secretKey.PublicKey.GetUserIds())
{
PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
spGen.SetSignerUserId(false, userId);
pgpSignatureGenerator.SetHashedSubpackets(spGen.Generate());
// Just the first one!
break;
}
pgpSignatureGenerator.GenerateOnePassVersion(false).Encode(stream);
return(pgpSignatureGenerator);
}
catch (PgpException e)
{
throw new Exception("Private key extraction failed, password might be incorrect", e);
}
}
public SignaturePacket(
int version,
int signatureType,
long keyId,
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm,
ISignatureSubpacket[] hashedData,
ISignatureSubpacket[] unhashedData,
byte[] fingerprint,
MPInteger[] signature)
{
this._version = version;
this._signatureType = signatureType;
this._keyId = keyId;
this._keyAlgorithm = keyAlgorithm;
this._hashAlgorithm = hashAlgorithm;
this._hashedData = hashedData;
this._unhashedData = unhashedData;
this._fingerprint = fingerprint;
this._signature = signature;
if (hashedData != null)
{
SetCreationTime();
}
}
public S2k(
HashAlgorithmTag algorithm,
byte[] iv)
{
this.type = 1;
this.algorithm = algorithm;
this.iv = iv;
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
public PgpSignatureGenerator(PublicKeyAlgorithmTag keyAlgorithm, HashAlgorithmTag hashAlgorithm)
{
_keyAlgorithm = keyAlgorithm;
_hashAlgorithm = hashAlgorithm;
_dig = DigestUtilities.GetDigest(PgpUtilities.GetDigestName(hashAlgorithm));
_sig = SignerUtilities.GetSigner(PgpUtilities.GetSignatureName(keyAlgorithm, hashAlgorithm));
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
public PgpSignatureGenerator(PublicKeyAlgorithmTag keyAlgorithm, HashAlgorithmTag hashAlgorithm)
{
_keyAlgorithm = keyAlgorithm;
_hashAlgorithm = hashAlgorithm;
_dig = DigestUtilities.GetDigest(PgpUtilities.GetDigestName(hashAlgorithm));
_sig = SignerUtilities.GetSigner(PgpUtilities.GetSignatureName(keyAlgorithm, hashAlgorithm));
}
/// <summary>
/// Creates a ECDH public key parameters from the given encoded point.
/// </summary>
/// <param name="encodedPoint">The encoded point.</param>
/// <param name="publicKeyParamSet">The public key param set.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
/// <returns></returns>
public static ECDHPublicKeyParameters Create(IBigInteger encodedPoint, DerObjectIdentifier publicKeyParamSet,
HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
{
var curve = ECKeyPairGenerator.FindECCurveByOid(publicKeyParamSet);
var point = curve.Curve.DecodePoint(encodedPoint.ToByteArrayUnsigned());
return new ECDHPublicKeyParameters(point, publicKeyParamSet, hashAlgorithm, symmetricKeyAlgorithm);
}
public S2k(
HashAlgorithmTag algorithm,
byte[] iv)
{
this.type = 1;
this.algorithm = algorithm;
this.iv = iv;
}
/// <summary>
/// Creates a ECDH public key parameters from the given encoded point.
/// </summary>
/// <param name="encodedPoint">The encoded point.</param>
/// <param name="publicKeyParamSet">The public key param set.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
/// <returns></returns>
public static ECDHPublicKeyParameters Create(IBigInteger encodedPoint, DerObjectIdentifier publicKeyParamSet,
HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
{
var curve = ECKeyPairGenerator.FindECCurveByOid(publicKeyParamSet);
var point = curve.Curve.DecodePoint(encodedPoint.ToByteArrayUnsigned());
return(new ECDHPublicKeyParameters(point, publicKeyParamSet, hashAlgorithm, symmetricKeyAlgorithm));
}
public ECDHPublicBcpgKey(DerObjectIdentifier oid, ECPoint point, HashAlgorithmTag hashAlgorithm, SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(oid, point)
{
reserved = 1;
hashFunctionId = hashAlgorithm;
symAlgorithmId = symmetricKeyAlgorithm;
VerifyHashAlgorithm();
VerifySymmetricKeyAlgorithm();
}
private void verifySignature(
byte[] encodedSig,
HashAlgorithmTag hashAlgorithm,
PgpPublicKey pubKey,
byte[] original)
{
PgpObjectFactory pgpFact = new PgpObjectFactory(encodedSig);
PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject();
PgpOnePassSignature ops = p1[0];
PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject();
Stream dIn = p2.GetInputStream();
ops.InitVerify(pubKey);
int ch;
while ((ch = dIn.ReadByte()) >= 0)
{
ops.Update((byte)ch);
}
PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject();
PgpSignature sig = p3[0];
DateTime creationTime = sig.CreationTime;
// Check creationTime is recent
if (creationTime.CompareTo(DateTime.UtcNow) > 0 ||
creationTime.CompareTo(DateTime.UtcNow.AddMinutes(-10)) < 0)
{
Fail("bad creation time in signature: " + creationTime);
}
if (sig.KeyId != pubKey.KeyId)
{
Fail("key id mismatch in signature");
}
if (!ops.Verify(sig))
{
Fail("Failed generated signature check - " + hashAlgorithm);
}
sig.InitVerify(pubKey);
for (int i = 0; i != original.Length; i++)
{
sig.Update(original[i]);
}
sig.Update(original);
if (!sig.Verify())
{
Fail("Failed generated signature check against original data");
}
}
public OnePassSignaturePacket(int sigType, HashAlgorithmTag hashAlgorithm, PublicKeyAlgorithmTag keyAlgorithm, long keyId, bool isNested)
{
version = 3;
this.sigType = sigType;
this.hashAlgorithm = hashAlgorithm;
this.keyAlgorithm = keyAlgorithm;
this.keyId = keyId;
nested = ((!isNested) ? 1 : 0);
}
public SigWithDigestFactory(PublicKeyAlgorithmTag keyAlg, HashAlgorithmTag hashAlg, long keyId, AsymmetricRsaPrivateKey privateKey)
{
this.keyAlg = keyAlg;
this.hashAlg = hashAlg;
this.keyId = keyId;
this.privateKey = privateKey;
sigFact = CryptoServicesRegistrar.CreateService(privateKey, new SecureRandom()).CreateSignatureFactory(FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)PgpUtils.digests[hashAlg]));
digFact = CryptoServicesRegistrar.CreateService((FipsShs.Parameters)PgpUtils.digests[hashAlg]);
}
/// <summary>Add a PBE encryption method to the encrypted object.</summary>
public void AddMethod(char[] passPhrase, HashAlgorithmTag s2KDigest)
{
var iv = new byte[8];
_rand.NextBytes(iv);
var s2K = new S2k(s2KDigest, iv, 0x60);
_methods.Add(new PbeMethod(_defAlgorithm, s2K, PgpUtilities.MakeKeyFromPassPhrase(_defAlgorithm, s2K, passPhrase)));
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
public PgpV3SignatureGenerator(
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm)
{
this.keyAlgorithm = keyAlgorithm;
this.hashAlgorithm = hashAlgorithm;
dig = DigestUtilities.GetDigest(PgpUtilities.GetDigestName(hashAlgorithm));
sig = SignerUtilities.GetSigner(PgpUtilities.GetSignatureName(keyAlgorithm, hashAlgorithm));
}
private void doTestSigV3(
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
PgpPublicKey pubKey,
PgpPrivateKey privKey)
{
byte[] bytes = generateV3BinarySig(privKey, encAlgorithm, hashAlgorithm);
verifySignature(bytes, hashAlgorithm, pubKey, TEST_DATA);
}
public S2k(
HashAlgorithmTag algorithm,
byte[] iv,
int itCount)
{
this.type = 3;
this.algorithm = algorithm;
this.iv = iv;
this.itCount = itCount;
}
/// <summary>
/// Sign a file with PGP signature. See documentation at https://github.com/CommunityHiQ/Frends.Community.PgpSignature Returns: Object {string FilePath}
/// </summary>
public static PgpSignatureResult SignFile(PgpSignatureInput input)
{
HashAlgorithmTag digest = input.HashFunction.ConvertEnum <HashAlgorithmTag>();
using (var privateKeyStream = File.OpenRead(input.PrivateKeyFile))
{
var pgpSecKey = PgpServices.SignatureReadSecretKey(privateKeyStream);
var pgpPrivKey = pgpSecKey.ExtractPrivateKey(input.Password.ToCharArray());
var signatureGenerator = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, digest);
var signatureSubpacketGenerator = new PgpSignatureSubpacketGenerator();
signatureGenerator.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
var enumerator = pgpSecKey.PublicKey.GetUserIds().GetEnumerator();
if (enumerator.MoveNext())
{
signatureSubpacketGenerator.SetSignerUserId(false, (string)enumerator.Current);
signatureGenerator.SetHashedSubpackets(signatureSubpacketGenerator.Generate());
}
using (var outputStream = File.Create(input.OutputFile))
{
var armoredOutputStream = new ArmoredOutputStream(outputStream);
var bcbgOutputStream = new BcpgOutputStream(armoredOutputStream);
signatureGenerator.GenerateOnePassVersion(false).Encode(bcbgOutputStream);
var file = new FileInfo(input.InputFile);
var literalDataGenerator = new PgpLiteralDataGenerator();
var literalDataOut = literalDataGenerator.Open(bcbgOutputStream, PgpLiteralData.Binary, file.Name, file.Length, DateTime.Now);
using (var fileIn = file.OpenRead())
{
int ch;
while ((ch = fileIn.ReadByte()) >= 0)
{
literalDataOut.WriteByte((byte)ch);
signatureGenerator.Update((byte)ch);
}
fileIn.Close();
literalDataGenerator.Close();
signatureGenerator.Generate().Encode(bcbgOutputStream);
armoredOutputStream.Close();
outputStream.Close();
var ret = new PgpSignatureResult
{
FilePath = input.OutputFile
};
return(ret);
}
}
}
}
/// <summary>Add a PBE encryption method to the encrypted object.</summary>
public void AddMethod(
char[] passPhrase,
HashAlgorithmTag s2kDigest)
{
byte[] iv = new byte[8];
rand.NextBytes(iv);
S2k s2k = new S2k(s2kDigest, iv, 0x60);
methods.Add(new PbeMethod(defAlgorithm, s2k, PgpUtilities.MakeKeyFromPassPhrase(defAlgorithm, s2k, passPhrase)));
}
/// <summary>
/// Initializes a new instance of the <see cref="ECDHPublicBcpgKey"/> class.
/// </summary>
/// <param name="point">The point.</param>
/// <param name="oid">The oid.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECDHPublicBcpgKey(ECPoint point, DerObjectIdentifier oid, HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(point, oid)
{
_reserved = 1;
_hashFunctionId = (byte)hashAlgorithm;
_symAlgorithmId = (byte)symmetricKeyAlgorithm;
this.VerifyHashAlgorithm();
this.VerifySymmetricKeyAlgorithm();
}
/// <summary>
/// Initializes a new instance of the <see cref="ECDHPublicBcpgKey"/> class.
/// </summary>
/// <param name="point">The point.</param>
/// <param name="oid">The oid.</param>
/// <param name="hashAlgorithm">The hash algorithm.</param>
/// <param name="symmetricKeyAlgorithm">The symmetric key algorithm.</param>
public ECDHPublicBcpgKey(ECPoint point, DerObjectIdentifier oid, HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(point, oid)
{
_reserved = 1;
_hashFunctionId = (byte)hashAlgorithm;
_symAlgorithmId = (byte)symmetricKeyAlgorithm;
this.VerifyHashAlgorithm();
this.VerifySymmetricKeyAlgorithm();
}
/**
* Generate a version 4 signature packet.
*
* @param signatureType
* @param keyAlgorithm
* @param hashAlgorithm
* @param hashedData
* @param unhashedData
* @param fingerprint
* @param signature
*/
public SignaturePacket(
int signatureType,
long keyId,
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm,
SignatureSubpacket[] hashedData,
SignatureSubpacket[] unhashedData,
byte[] fingerprint,
MPInteger[] signature)
: this(4, signatureType, keyId, keyAlgorithm, hashAlgorithm, hashedData, unhashedData, fingerprint, signature)
{
}
/**
* Generate a version 2/3 signature packet.
*
* @param signatureType
* @param keyAlgorithm
* @param hashAlgorithm
* @param fingerprint
* @param signature
*/
public SignaturePacket(
int version,
int signatureType,
long keyId,
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm,
long creationTime,
byte[] fingerprint,
MPInteger[] signature)
: this(version, signatureType, keyId, keyAlgorithm, hashAlgorithm, null, null, fingerprint, signature)
{
this.creationTime = creationTime;
}
public ECDHPublicBcpgKey(
DerObjectIdentifier oid,
ECPoint point,
HashAlgorithmTag hashAlgorithm,
SymmetricKeyAlgorithmTag symmetricKeyAlgorithm)
: base(oid, point)
{
reserved = 1;
hashFunctionId = hashAlgorithm;
symAlgorithmId = symmetricKeyAlgorithm;
VerifyHashAlgorithm();
VerifySymmetricKeyAlgorithm();
}
public PgpSecretKey(
int certificationLevel,
PgpKeyPair keyPair,
string id,
SymmetricKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
char[] passPhrase,
bool useSha1,
PgpSignatureSubpacketVector hashedPackets,
PgpSignatureSubpacketVector unhashedPackets,
ISecureRandom rand)
: this(keyPair.PrivateKey, CertifiedPublicKey(certificationLevel, keyPair, id, hashedPackets, unhashedPackets, hashAlgorithm), encAlgorithm, passPhrase, useSha1, rand, true)
{
}
public OnePassSignaturePacket(
int sigType,
HashAlgorithmTag hashAlgorithm,
PublicKeyAlgorithmTag keyAlgorithm,
long keyId,
bool isNested)
{
this.version = 3;
this.sigType = sigType;
this.hashAlgorithm = hashAlgorithm;
this.keyAlgorithm = keyAlgorithm;
this.keyId = keyId;
this.nested = (isNested) ? 0 : 1;
}
/// <param name="bcpgIn">The stream to read the packet from.</param>
public ECDHPublicBcpgKey(
BcpgInputStream bcpgIn)
: base(bcpgIn)
{
int length = bcpgIn.ReadByte();
byte[] kdfParameters = new byte[length];
if (kdfParameters.Length != 3)
throw new InvalidOperationException("kdf parameters size of 3 expected.");
bcpgIn.ReadFully(kdfParameters);
reserved = kdfParameters[0];
hashFunctionId = (HashAlgorithmTag)kdfParameters[1];
symAlgorithmId = (SymmetricKeyAlgorithmTag)kdfParameters[2];
VerifyHashAlgorithm();
VerifySymmetricKeyAlgorithm();
}
internal OnePassSignaturePacket(
BcpgInputStream bcpgIn)
{
version = bcpgIn.ReadByte();
sigType = bcpgIn.ReadByte();
hashAlgorithm = (HashAlgorithmTag) bcpgIn.ReadByte();
keyAlgorithm = (PublicKeyAlgorithmTag) bcpgIn.ReadByte();
keyId |= (long)bcpgIn.ReadByte() << 56;
keyId |= (long)bcpgIn.ReadByte() << 48;
keyId |= (long)bcpgIn.ReadByte() << 40;
keyId |= (long)bcpgIn.ReadByte() << 32;
keyId |= (long)bcpgIn.ReadByte() << 24;
keyId |= (long)bcpgIn.ReadByte() << 16;
keyId |= (long)bcpgIn.ReadByte() << 8;
keyId |= (uint)bcpgIn.ReadByte();
nested = bcpgIn.ReadByte();
}
public SignaturePacket(
int version,
int signatureType,
long keyId,
PublicKeyAlgorithmTag keyAlgorithm,
HashAlgorithmTag hashAlgorithm,
SignatureSubpacket[] hashedData,
SignatureSubpacket[] unhashedData,
byte[] fingerprint,
MPInteger[] signature)
{
this.version = version;
this.signatureType = signatureType;
this.keyId = keyId;
this.keyAlgorithm = keyAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.hashedData = hashedData;
this.unhashedData = unhashedData;
this.fingerprint = fingerprint;
this.signature = signature;
}
internal S2k(
Stream inputStream)
{
//Stream dIn = inputStream;
BinaryReader dIn = new BinaryReader(inputStream);
type = dIn.ReadByte();
algorithm = (HashAlgorithmTag) dIn.ReadByte();
//
// if this happens we have a dummy-S2k packet.
//
if (type != GnuDummyS2K)
{
if (type != 0)
{
iv = dIn.ReadBytes(8);
if (iv.Length < 8)
{
throw new EndOfStreamException();
}
}
if (type == 3)
{
itCount = dIn.ReadByte();
}
}
else
{
dIn.ReadByte(); // G
dIn.ReadByte(); // N
dIn.ReadByte(); // U
protectionMode = dIn.ReadByte(); // protection mode
}
}
private void verifySignature(
byte[] encodedSig,
HashAlgorithmTag hashAlgorithm,
IPgpPublicKey pubKey,
byte[] original)
{
PgpObjectFactory pgpFact = new PgpObjectFactory(encodedSig);
PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject();
PgpOnePassSignature ops = p1[0];
PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject();
Stream dIn = p2.GetInputStream();
ops.InitVerify(pubKey);
int ch;
while ((ch = dIn.ReadByte()) >= 0)
{
ops.Update((byte)ch);
}
PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject();
PgpSignature sig = p3[0];
DateTime creationTime = sig.CreationTime;
// Check creationTime is recent
if (creationTime.CompareTo(DateTime.UtcNow) > 0
|| creationTime.CompareTo(DateTime.UtcNow.AddMinutes(-10)) < 0)
{
Fail("bad creation time in signature: " + creationTime);
}
if (sig.KeyId != pubKey.KeyId)
{
Fail("key id mismatch in signature");
}
if (!ops.Verify(sig))
{
Fail("Failed generated signature check - " + hashAlgorithm);
}
sig.InitVerify(pubKey);
for (int i = 0; i != original.Length; i++)
{
sig.Update(original[i]);
}
sig.Update(original);
if (!sig.Verify())
{
Fail("Failed generated signature check against original data");
}
}
private byte[] generateV3BinarySig(
IPgpPrivateKey privKey,
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm)
{
MemoryStream bOut = new MemoryStream();
MemoryStream testIn = new MemoryStream(TEST_DATA, false);
PgpV3SignatureGenerator sGen = new PgpV3SignatureGenerator(encAlgorithm, hashAlgorithm);
sGen.InitSign(PgpSignature.BinaryDocument, privKey);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
Stream lOut = lGen.Open(
new UncloseableStream(bOut),
PgpLiteralData.Binary,
"_CONSOLE",
TEST_DATA.Length * 2,
DateTime.UtcNow);
int ch;
while ((ch = testIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte)ch);
sGen.Update((byte)ch);
}
lOut.Write(TEST_DATA, 0, TEST_DATA.Length);
sGen.Update(TEST_DATA);
lGen.Close();
sGen.Generate().Encode(bOut);
return bOut.ToArray();
}
private void doTestTextSigV3(
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
IPgpPublicKey pubKey,
IPgpPrivateKey privKey,
byte[] data,
byte[] canonicalData)
{
PgpV3SignatureGenerator sGen = new PgpV3SignatureGenerator(encAlgorithm, HashAlgorithmTag.Sha1);
MemoryStream bOut = new MemoryStream();
MemoryStream testIn = new MemoryStream(data, false);
sGen.InitSign(PgpSignature.CanonicalTextDocument, privKey);
sGen.GenerateOnePassVersion(false).Encode(bOut);
PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator();
Stream lOut = lGen.Open(
new UncloseableStream(bOut),
PgpLiteralData.Text,
"_CONSOLE",
data.Length * 2,
DateTime.UtcNow);
int ch;
while ((ch = testIn.ReadByte()) >= 0)
{
lOut.WriteByte((byte)ch);
sGen.Update((byte)ch);
}
lOut.Write(data, 0, data.Length);
sGen.Update(data);
lGen.Close();
PgpSignature sig = sGen.Generate();
if (sig.CreationTime == DateTimeUtilities.UnixMsToDateTime(0))
{
Fail("creation time not set in v3 signature");
}
sig.Encode(bOut);
verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, canonicalData);
}
private void doTestSigV3(
PublicKeyAlgorithmTag encAlgorithm,
HashAlgorithmTag hashAlgorithm,
IPgpPublicKey pubKey,
IPgpPrivateKey privKey)
{
byte[] bytes = generateV3BinarySig(privKey, encAlgorithm, hashAlgorithm);
verifySignature(bytes, hashAlgorithm, pubKey, TEST_DATA);
}
private static PgpPublicKey CertifiedPublicKey(
int certificationLevel,
PgpKeyPair keyPair,
string id,
PgpSignatureSubpacketVector hashedPackets,
PgpSignatureSubpacketVector unhashedPackets,
HashAlgorithmTag hashAlgorithm)
{
PgpSignatureGenerator sGen;
try
{
sGen = new PgpSignatureGenerator(keyPair.PublicKey.Algorithm, hashAlgorithm);
}
catch (Exception e)
{
throw new PgpException("Creating signature generator: " + e.Message, e);
}
//
// Generate the certification
//
sGen.InitSign(certificationLevel, keyPair.PrivateKey);
sGen.SetHashedSubpackets(hashedPackets);
sGen.SetUnhashedSubpackets(unhashedPackets);
try
{
PgpSignature certification = sGen.GenerateCertification(id, keyPair.PublicKey);
return PgpPublicKey.AddCertification(keyPair.PublicKey, id, certification);
}
catch (Exception e)
{
throw new PgpException("Exception doing certification: " + e.Message, e);
}
}
/**
* Start a clear text signed message.
* @param hashAlgorithm
*/
public void BeginClearText(HashAlgorithmTag hashAlgorithm)
{
string hash;
switch (hashAlgorithm)
{
case HashAlgorithmTag.Sha1:
hash = "SHA1";
break;
case HashAlgorithmTag.Sha256:
hash = "SHA256";
break;
case HashAlgorithmTag.Sha384:
hash = "SHA384";
break;
case HashAlgorithmTag.Sha512:
hash = "SHA512";
break;
case HashAlgorithmTag.MD2:
hash = "MD2";
break;
case HashAlgorithmTag.MD5:
hash = "MD5";
break;
case HashAlgorithmTag.RipeMD160:
hash = "RIPEMD160";
break;
default:
throw new IOException("unknown hash algorithm tag in beginClearText: " + hashAlgorithm);
}
DoWrite("-----BEGIN PGP SIGNED MESSAGE-----" + NewLine);
DoWrite("Hash: " + hash + NewLine + NewLine);
_clearText = true;
_newLine = true;
_lastb = 0;
}
