/// <summary> /// Encrypt the specified data using the specified salt. ///Encrypt uses provided salt, uses master key ///& salt to generate per-data key & nonce with the help of HKDF ///Salt is concatenated to the ciphertext /// </summary> /// <returns>The encrypted data bytes.</returns> /// <param name="data">Data to be encrypted.</param> public byte[] EncryptWithSalt(byte[] data, byte[] salt) { Validation.NotNull(data); Validation.NotNullOrEmptyByteArray(salt); var hkdf = new HkdfBytesGenerator(new Sha512Digest()); hkdf.Init(new HkdfParameters(this.key, salt, this.domain)); var keyNonce = new byte[SymKeyLen + SymNonceLen]; hkdf.GenerateBytes(keyNonce, 0, keyNonce.Length); var cipher = new GcmBlockCipher(new AesEngine()); var keyNonceSlice1 = ((Span <byte>)keyNonce).Slice(0, SymKeyLen); var keyNonceSlice2 = ((Span <byte>)keyNonce).Slice(SymKeyLen); var parameters = new AeadParameters( new KeyParameter(keyNonceSlice1.ToArray()), SymTagLen * 8, keyNonceSlice2.ToArray()); cipher.Init(true, parameters); var cipherText = new byte[cipher.GetOutputSize(data.Length)]; var len = cipher.ProcessBytes(data, 0, data.Length, cipherText, 0); cipher.DoFinal(cipherText, len); return(Bytes.Combine(salt, cipherText)); }
public void ExtraSignWithSignatureSnapshot_Should_AddValidSignature() { //STC-9 var rawSignedModel = faker.PredefinedRawSignedModel(null, true, false, false); var crypto = new VirgilCrypto(); var signer = new ModelSigner(new VirgilCardCrypto()); Assert.AreEqual(rawSignedModel.Signatures.Count, 1); var keyPair = crypto.GenerateKeys(); var signParams = new SignParams() { Signer = "test_id", SignerPrivateKey = keyPair.PrivateKey }; var signatureSnapshot = faker.Random.Bytes(32); signer.Sign(rawSignedModel, signParams, signatureSnapshot); Assert.AreEqual(rawSignedModel.Signatures.Count, 2); var extraSignature = rawSignedModel.Signatures.Last(); Assert.AreEqual(extraSignature.Signer, signParams.Signer); Assert.AreEqual(extraSignature.Snapshot, signatureSnapshot); var extendedSnapshot = Bytes.Combine(rawSignedModel.ContentSnapshot, signatureSnapshot); Assert.True(crypto.VerifySignature( extraSignature.Signature, extendedSnapshot, keyPair.PublicKey)); }
public void Combine() { var byte0 = new byte[] { 12, 34 }; var byte1 = new byte[] { 56, 78 }; var byte2 = new byte[] { 90 }; // action var combined = Bytes.Combine(byte0, byte1, byte2); // assert var expected = new byte[] { 12, 34, 56, 78, 90 }; CollectionAssert.AreEqual(expected, combined); }
static Domains() { commonPrefix = new byte[] { 0x56, 0x52, 0x47, 0x4c, 0x50, 0x48, 0x45 }; // VRGLPHE Dhc0 = Bytes.Combine(commonPrefix, new byte[] { 0x31 }); Dhc1 = Bytes.Combine(commonPrefix, new byte[] { 0x32 }); Dhs0 = Bytes.Combine(commonPrefix, new byte[] { 0x33 }); Dhs1 = Bytes.Combine(commonPrefix, new byte[] { 0x34 }); ProofOK = Bytes.Combine(commonPrefix, new byte[] { 0x35 }); ProofErr = Bytes.Combine(commonPrefix, new byte[] { 0x36 }); Encrypt = Bytes.Combine(commonPrefix, new byte[] { 0x37 }); KdfInfoZ = Bytes.Combine(commonPrefix, new byte[] { 0x38 }); KdfInfoClientKey = Bytes.Combine(commonPrefix, new byte[] { 0x39 }); }
/// <summary> /// Adds signature to the specified <see cref="RawSignedModel"/> using specified signer /// parameters included private key, signer type and additional raw bytes. /// </summary> /// <param name="model"> the instance of <see cref="RawSignedModel"/> to be signed.</param> /// <param name="@params"> the instance of <see cref="SignParams"/> to sign with.</param> /// <param name="signatureSnapshot"> Some additional raw bytes to be signed with model.</param> public void Sign(RawSignedModel model, SignParams @params, byte[] signatureSnapshot = null) { ValidateExtendedSignParams(model, @params); ThrowExceptionIfSignatureExists(@params, model.Signatures); var extendedSnapshot = signatureSnapshot != null? Bytes.Combine(model.ContentSnapshot, signatureSnapshot) : model.ContentSnapshot; var signatureBytes = Crypto.GenerateSignature(extendedSnapshot, @params.SignerPrivateKey); var signature = new RawSignature { Signer = @params.Signer, Signature = signatureBytes, Snapshot = signatureSnapshot }; model.Signatures.Add(signature); }
public void SelfSignWithSignatureSnapshot_Should_AddValidSignature() { //STC-9 var rawSignedModel = faker.PredefinedRawSignedModel(null, false, false, false); var crypto = new VirgilCrypto(); var signer = new ModelSigner(new VirgilCardCrypto()); Assert.AreEqual(rawSignedModel.Signatures.Count, 0); var signatureSnapshot = faker.Random.Bytes(32); signer.SelfSign(rawSignedModel, faker.PredefinedKeyPair().PrivateKey, signatureSnapshot); var selfSignature = rawSignedModel.Signatures.First(); Assert.AreEqual(selfSignature.Signer, ModelSigner.SelfSigner); Assert.AreEqual(selfSignature.Snapshot, signatureSnapshot); var extendedSnapshot = Bytes.Combine(rawSignedModel.ContentSnapshot, signatureSnapshot); Assert.True(crypto.VerifySignature( selfSignature.Signature, extendedSnapshot, faker.PredefinedKeyPair().PublicKey) ); }