/// <summary>
/// Read RSA public and private key from file or create new even if one of keys not exist.
/// </summary>
private static void SetRsaKeys()
{
string rsaPrivateKeyJson = File.ReadAllText(AppPaths.RsaPrivateKeyFilePath);
string rsaPublicKeyJson = File.ReadAllText(AppPaths.RsaPublicKeyFilePath);
if (string.IsNullOrEmpty(rsaPrivateKeyJson) || string.IsNullOrEmpty(rsaPublicKeyJson))
{
using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider(RsaKeySize))
{
_rsaPrivateKey = csp.ExportParameters(true);
_rsaPublicKey = csp.ExportParameters(false);
csp.Dispose();
}
rsaPrivateKeyJson = _rsaPrivateKey.Serialize();
rsaPublicKeyJson = _rsaPublicKey.Serialize();
File.WriteAllText(AppPaths.RsaPrivateKeyFilePath, rsaPrivateKeyJson);
File.WriteAllText(AppPaths.RsaPublicKeyFilePath, rsaPublicKeyJson);
}
else
{
_rsaPrivateKey = ObjectToJson.Deserialize <RSAParameters>(rsaPrivateKeyJson);
_rsaPublicKey = ObjectToJson.Deserialize <RSAParameters>(rsaPublicKeyJson);
}
}
internal static string GetXmlString(byte[] bytes, bool includePrivateParameters)
{
if (bytes == null)
{
return(null);
}
RSAParameters?parameters = GetRsaParameters(bytes);
if (!parameters.HasValue)
{
return(null);
}
StringBuilder builder = new StringBuilder();
builder.Append("<RSAKeyValue>");
builder.Append("<Modulus>" + Convert.ToBase64String(parameters.Value.Modulus) + "</Modulus>");
builder.Append("<Exponent>" + Convert.ToBase64String(parameters.Value.Exponent) + "</Exponent>");
if (includePrivateParameters)
{
builder.Append("<P>" + Convert.ToBase64String(parameters.Value.P) + "</P>");
builder.Append("<Q>" + Convert.ToBase64String(parameters.Value.Q) + "</Q>");
builder.Append("<DP>" + Convert.ToBase64String(parameters.Value.DP) + "</DP>");
builder.Append("<DQ>" + Convert.ToBase64String(parameters.Value.DQ) + "</DQ>");
builder.Append("<InverseQ>" + Convert.ToBase64String(parameters.Value.InverseQ) + "</InverseQ>");
builder.Append("<D>" + Convert.ToBase64String(parameters.Value.D) + "</D>");
}
builder.Append("</RSAKeyValue>");
return(builder.ToString());
}
public void SetRSAParameters(RSAParameters rsa)
{
//if (this.rsa == null) {
this.rsa = rsa;
meta = new RSAEncryptingKeyValueStorage(eMeta, rsa);
symmetricKeys = new RSAEncryptingKeyValueStorage(eSymmetricKeys, rsa);
try {
eMeta.Get(System.Text.Encoding.Unicode.GetBytes("RepositoryConfigurationsKeyID").SHA256());
} catch {
byte[] id = new byte[32];
byte[] key = new byte[32];
RandomNumberGenerator rng = RandomNumberGenerator.Create();
rng.GetBytes(id);
rng.GetBytes(key);
symmetricKeys.Put(id, key);
meta.Put(System.Text.Encoding.Unicode.GetBytes("RepositoryConfigurationsKeyID").SHA256(), id);
}
if (rsa.InverseQ != null)
{
repositoryConfigurations = new AESEncryptingKeyValueStorage(eRepositoryConfigurations,
symmetricKeys.Get(meta.Get(System.Text.Encoding.Unicode.GetBytes("RepositoryConfigurationsKeyID").SHA256())));
}
//} else
// throw new InvalidOperationException ();
}
public RSAManager(int keySize = 2048)
{
Provider = new RSACryptoServiceProvider(keySize);
PublicKey = Provider.ExportParameters(false);
PrivateKey = Provider.ExportParameters(true);
}
private RSA loadPublicKey()
{
RSA rsa = null;
string key;
var assembly = GetType().GetTypeInfo().Assembly;
System.IO.Stream resource = assembly.GetManifestResourceStream("Xceder.xcederRSA.pub");
StreamReader streamReader = new StreamReader(resource);
key = streamReader.ReadToEnd();
var pemkey = PemKeyUtils.DecodeOpenSSLPublicKey(key);
RSAParameters?rsaParam = PemKeyUtils.DecodeX509PublicKey(pemkey);
if (rsaParam != null)
{
rsa = RSA.Create();
rsa.ImportParameters((RSAParameters)rsaParam);
}
return(rsa);
}
/// <summary>
/// Called when a message has been received from the server
/// </summary>
/// <param name="bytes">The message as a byte array</param>
protected override void OnMessageReceived(byte[] bytes)
{
//base.OnMessageReceived(bytes);
if (_remotePublicKey != null) //then we're secure
{
base.OnMessageReceived(bytes);
//var obj = FormatReceived(bytes);
//MessageReceived?.Invoke(this, obj);
}
else
{
try
{
var json = bytes.AsString();//.FromBase64();
if (IsBase64Encoded(json))
{
System.Diagnostics.Debug.WriteLine("Remote public key is curiously Base64 encoded");
json = json.FromBase64(); //still not sure how this gets base64 encoded in the first place
}
_remotePublicKey = Newtonsoft.Json.JsonConvert.DeserializeObject <RSAParameters>(json);
System.Diagnostics.Debug.WriteLine("{0} received {1}'s public Key", IsServerSide ? "Server" : "Client", IsServerSide ? "client" : "server");
//bytes = null; //not a real message, so set it to null
IsConnectedResetEvent.Set();
Connected?.Invoke(this, Socket.RemoteEndPoint);
}
catch (Exception e)
{
//Log.e(e);
System.Diagnostics.Debug.WriteLine(e.ToString());
System.Diagnostics.Debugger.Break();
}
}
}
private void SetRSAParameters(RSAParameters parameters)
{
rsaParameters = parameters;
ModulusTextBox.Text = BytesToBigIntegerString(parameters.Modulus);
PublicKeyExponentTextBox.Text = BytesToBigIntegerString(parameters.Exponent);
PrivateKeyExponentTextBox.Text = BytesToBigIntegerString(parameters.D);
}
/// <summary>
/// Override to alter received data before exposing it via the MessageReceived callback
/// </summary>
/// <param name="message">The received data</param>
/// <returns>The original or modified data</returns>
protected override string FormatReceivedMessage(byte[] message)
{
string msg;
if (_remotePublicKey != null)
{
msg = base.FormatReceivedMessage(message); //Encoded left it base64 encoded, don't unencoded it as Decrypt requires the encoding
msg = _rsa.Decrypt(msg); //msg should be base64 encoded going into _rsa.Decrypt
}
else
{
try
{
msg = base.FormatReceivedMessage(message).FromBase64(); //was AsBase64 in FormatMessageToSend
_remotePublicKey = Newtonsoft.Json.JsonConvert.DeserializeObject <RSAParameters>(msg);
}
catch (Exception e)
{
Log.e(e);
System.Diagnostics.Debug.WriteLine(e.ToString());
}
Log.v("Received Public Key");
msg = null; //not a real message, so set it to null
IsSecuredEvent.Set();
ConnectionSecured?.Invoke(this);
}
return(msg);
}
internal static StrongNameKeys Create(ImmutableArray <byte> publicKey, RSAParameters?privateKey, bool hasCounterSignature, CommonMessageProvider messageProvider)
{
Debug.Assert(!publicKey.IsDefaultOrEmpty);
if (MetadataHelpers.IsValidPublicKey(publicKey))
{
return(new StrongNameKeys(keyPair: default, publicKey, privateKey, keyContainerName: null, keyFilePath: null, hasCounterSignature));
public async Task <bool> InitializeEncryption(RSAParameters?Parameters = null, int AESKeySize = 256)
{
RSA RSAEncryption = RSA.Create();
RSAParameters PublicParameters;
RSAEncryption.KeySize = Parameters?.D?.Length * 8 ?? 4096;
if (Parameters != null)
{
RSAEncryption.ImportParameters(Parameters.Value);
}
PublicParameters = RSAEncryption.ExportParameters(false);
KeyExchangeRequest Request = new KeyExchangeRequest()
{
RSAKeySize = RSAEncryption.KeySize, AESKeySize = AESKeySize, RSAExponent = PublicParameters.Exponent, RSAModulus = PublicParameters.Modulus
};
KeyExchangeResponse Response = await Send <KeyExchangeResponse>(Request);
if (Response?.Accepted ?? false)
{
Cryptor = new AesManaged();
Cryptor.KeySize = AESKeySize;
Cryptor.IV = RSAEncryption.Decrypt(Response.EncryptedAESIV, RSAEncryptionPadding.Pkcs1);
Cryptor.Key = RSAEncryption.Decrypt(Response.EncryptedAESKey, RSAEncryptionPadding.Pkcs1);
Cryptor.Mode = CipherMode.CBC;
Cryptor.Padding = PaddingMode.PKCS7;
return(true);
}
return(false);
}
static RsaCertificate createWithEmbeddedDataAndSignature(
RSAParameters?parameters = null,
IEnumerable <byte> embeddedData = null, bool makeEmbeddedDataNull = false,
RsaSignature signature = null, bool makeSignatureNull = false)
=> new RsaCertificate(
parameters: parameters ?? ScenarioRsa.DefaultRsaParameters,
embeddedData: embeddedData ?? (makeEmbeddedDataNull ? null : ScenarioRsa.DefaultEmbeddedData),
signature: signature ?? (makeSignatureNull ? null : ScenarioRsa.DefaultSignature));
static RsaCertificate createWithEmbeddedDataAndSignatureCallback(
RSAParameters?parameters = null,
IEnumerable <byte> embeddedData = null, bool makeEmbeddedDataNull = false,
Func <IHash, RsaSignature> signCertificateCallback = null, bool makeSignCertificateCallbackNull = false)
=> new RsaCertificate(
parameters: parameters ?? ScenarioRsa.DefaultRsaParameters,
embeddedData: embeddedData ?? (makeEmbeddedDataNull ? null : ScenarioRsa.DefaultEmbeddedData),
signCertificateCallback: signCertificateCallback ?? (makeSignCertificateCallbackNull ? (Func <IHash, RsaSignature>)null : (_hash) => createRsaSignature()));
public RSAParameters GetPrivateKey()
{
if (_privateKey == null)
{
var provider = new RSACryptoServiceProvider();
_privateKey = provider.ExportParameters(true);
}
return(_privateKey.Value);
}
/// <summary>
/// Gets data for serialization.
/// </summary>
/// <param name="info">The <see cref="SerializationInfo"/>.</param>
/// <param name="context">The <see cref="StreamingContext"/>.</param>
public virtual void GetObjectData(SerializationInfo info, StreamingContext context)
{
string responseJson = ResponseObject == null ? null : JsonConvert.SerializeObject(ResponseObject);
info.AddValue("ResponseObject", responseJson);
RSAParameters?rsaParameters = SignerKey == null ? (RSAParameters?)null : SignerKey.ExportParameters(false);
info.AddValue("SignerKey", rsaParameters);
}
public static bool Verify(byte[] data, string signature, RSAParameters?keys = null)
{
using var service = new RSACryptoServiceProvider();
service.ImportParameters(keys ?? Data.ServerPublicKey);
service.PersistKeyInCsp = false;
var signatureData = Convert.FromBase64String(signature);
return(service.VerifyData(data, CryptoConfig.MapNameToOID("SHA512"), signatureData));
}
/// <summary>
/// Gets data for serialization.
/// </summary>
/// <param name="info">The <see cref="SerializationInfo"/>.</param>
/// <param name="context">The <see cref="StreamingContext"/>.</param>
public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
base.GetObjectData(info, context);
info.AddValue("RedirectUri", RedirectUri);
info.AddValue("AuthzUri", AuthzUri);
info.AddValue("Issuer", Issuer);
RSAParameters?rsaParameters = SignerKey == null ? (RSAParameters?)null : SignerKey.ExportParameters(false);
info.AddValue("SignerKey", rsaParameters);
}
internal StrongNameKeys(ImmutableArray <byte> keyPair, ImmutableArray <byte> publicKey, RSAParameters?privateKey, string keyContainerName, string keyFilePath)
{
Debug.Assert(keyContainerName == null || keyPair.IsDefault);
Debug.Assert(keyPair.IsDefault || keyFilePath != null);
this.KeyPair = keyPair;
this.PublicKey = publicKey;
this.PrivateKey = privateKey;
this.KeyContainer = keyContainerName;
this.KeyFilePath = keyFilePath;
}
public SecureClientSlim() : base()
{
base.Connected += (client, remoteEndPoint) =>
{
_rsa = new Encryption.RSA();
SecureTheConnection().Wait();
};
base.Disconnected += (client, remoteEndPoint, exception) =>
{
_remotePublicKey = null;
};
}
public void Start(string swid, string guestControllerAccessToken, Action<MixSessionStartResult> successCallback, Action failureCallback)
{
RSAParameters? rSAParameters = database.GetRsaParameters();
if (rSAParameters.HasValue)
{
Start(swid, guestControllerAccessToken, rSAParameters.Value, successCallback, failureCallback);
}
else
{
coroutineManager.Start(GenerateKeychainCoroutine(swid, guestControllerAccessToken, successCallback, failureCallback));
}
}
private async Task <bool> SecureTheConnection()
{
SendPublicKey();
var ready = await WaitForMessageReady(10000);
if (ready)
{
var data = GetNextMessage();
var json = data.AsString();
_remotePublicKey = Newtonsoft.Json.JsonConvert.DeserializeObject <RSAParameters>(json);
}
return(ready);
}
public RSA(byte[] pubkey, byte[] exponent)
{
RSAParameters rsaParams = new RSAParameters()
{
Exponent = GetCorrectExponent(exponent),
Modulus = pubkey
};
rsaProvider = new RSACryptoServiceProvider(KeySize * 8);
rsaProvider.ImportParameters(rsaParams);
rsaParameters = rsaParams;
}
internal static StrongNameKeys Create(ImmutableArray <byte> publicKey, RSAParameters?privateKey, bool hasCounterSignature, CommonMessageProvider messageProvider)
{
Debug.Assert(!publicKey.IsDefaultOrEmpty);
if (MetadataHelpers.IsValidPublicKey(publicKey))
{
return(new StrongNameKeys(default(ImmutableArray <byte>), publicKey, privateKey, null, null, hasCounterSignature));
}
else
{
return(new StrongNameKeys(messageProvider.CreateDiagnostic(messageProvider.ERR_BadCompilationOptionValue, Location.None,
nameof(CompilationOptions.CryptoPublicKey), BitConverter.ToString(publicKey.ToArray()))));
}
}
private IEnumerator generateKeyPairCoroutine(Action <RSAParameters> successCallback, System.Action failureCallback)
{
Thread thread = new Thread((ThreadStart) delegate
{
rsaParameters = RsaEncryptor.GenerateKeypair();
});
thread.Start();
while (!rsaParameters.HasValue)
{
yield return(null);
}
successCallback(rsaParameters.Value);
}
/// <summary>
/// Initializes a new instance of the <see cref="AccessTokenResponse"/> class from serialized representation.
/// </summary>
/// <param name="info">The <see cref="SerializationInfo"/>.</param>
/// <param name="context">The <see cref="StreamingContext"/>.</param>
protected AccessTokenResponse(SerializationInfo info, StreamingContext context)
{
string responseJson = info.GetString("ResponseObject");
ResponseObject = responseJson == null ? null : JsonConvert.DeserializeObject(responseJson);
RSAParameters?rsaParameters = info.GetValue("SignerKey", typeof(RSAParameters?)) as RSAParameters?;
if (rsaParameters != null)
{
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters.Value);
SignerKey = rsa;
}
}
public bool ValidateBlockIntegrity(RSAParameters?signerPublicKey)
{
if (signerPublicKey == null)
{
return(false);
}
var ret = true;
ret &= EncryptionHandler.VerifiySignature(AsString(includeHash: true), PublisherVerification, signerPublicKey.Value);
ret &= ValidateSequence();
return(ret);
}
private IEnumerator GenerateKeychainCoroutine(string swid, string guestControllerAccessToken, Action<MixSessionStartResult> successCallback, Action failureCallback)
{
Thread thread = new Thread((ThreadStart)delegate
{
rsaParameters = rsaEncryptor.GenerateKeypair();
});
thread.Start();
while (!rsaParameters.HasValue)
{
yield return null;
}
database.SetRsaParameters(rsaParameters.Value);
Start(swid, guestControllerAccessToken, rsaParameters.Value, successCallback, failureCallback);
}
/// <summary>
/// Initializes a new instance of the <see cref="BrowserBasedAuthorizationConfig"/> class.
/// </summary>
/// <param name="info">The <see cref="SerializationInfo"/>.</param>
/// <param name="context">The <see cref="StreamingContext"/>.</param>
protected BrowserBasedAuthorizationConfig(SerializationInfo info, StreamingContext context) : base(info, context)
{
RedirectUri = info.GetString("RedirectUri");
AuthzUri = info.GetString("AuthzUri");
Issuer = info.GetString("Issuer");
RSAParameters?rsaParameters = info.GetValue("SignerKey", typeof(RSAParameters?)) as RSAParameters?;
if (rsaParameters != null)
{
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters.Value);
SignerKey = rsa;
}
}
/// <summary>
/// Constructs a new SecureStringClient
/// </summary>
public SecureStringClient() : base()
{
_rsa = new W.Encryption.RSA();
Connected += (client, address) =>
{
IsSecuredEvent.Reset();
SendPublicKey(); //immediately send the public key
Log.v("Client Sent Public Key");
};
Disconnected += (socket, remoteEndPoint, e) =>
{
IsSecuredEvent.Reset();
_remotePublicKey = null;
};
}
public RSAManager(RSACryptoServiceProvider provider)
{
Provider = provider;
PublicKey = Provider.ExportParameters(false);
if (!Provider.PublicOnly)
{
PrivateKey = Provider.ExportParameters(true);
}
else
{
PrivateKey = null;
}
}
public GenericUserRepositoryCollection(DatabasePath path, RSAParameters?rsa)
{
if (path == null)
{
throw new ArgumentNullException("path");
}
this.path = path;
stores = new SortedDictionary <string, KeyValueStorage <byte[]> > ();
eSymmetricKeys = new BPlusKeyValueStorage(path, "SymmetricKeys");
eMeta = new BPlusKeyValueStorage(path, "Meta");
eRepositoryConfigurations = new BPlusKeyValueStorage(path, "RepositoryConfigurations");
if (rsa.HasValue)
{
SetRSAParameters(rsa.Value);
}
}
public async Task <RSAParameters> GetPublicKey()
{
if (_publicKey == null)
{
var scope = _serviceScope.CreateScope();
var archonAPI = scope.ServiceProvider.GetService <ArchonApiService>();
// Public key is from Archon API.
var key = await archonAPI.GetKey();
_publicKey = new RSAParameters
{
Modulus = key.Modulus.Base64ToBytes(),
Exponent = key.Exponent.Base64ToBytes()
};
}
return(_publicKey.Value);
}
/// <summary>
/// RSAs the sign create.
/// </summary>
/// <param name="privateCertificate">The private certificate.</param>
/// <param name="inputCharset">The input charset.</param>
/// <param name="signcontent">The signcontent.</param>
/// <returns></returns>
public static string RsaSignCreate(string privateCertificate, string inputCharset, string signcontent)
{
if (!_rsaprivateParameters.HasValue)
{
_rsaprivateParameters = RsaParametersRead.RsaParasPrivateKey(privateCertificate);
}
string encodestr;
using (var oRsa1 = new RSACryptoServiceProvider())
{
oRsa1.ImportParameters(_rsaprivateParameters.Value);
var dataBytes = Encoding.GetEncoding(inputCharset).GetBytes(signcontent);
var signatureBytes = oRsa1.SignData(dataBytes, "SHA1");
encodestr = Convert.ToBase64String(signatureBytes);
}
return encodestr;
}
/// <summary>
/// Verifies the specified public certificate.
/// </summary>
/// <param name="publicCertificate">The public certificate.</param>
/// <param name="inputCharset">The input charset.</param>
/// <param name="orignsign">签名前的字符串.e:_input_charset=utf-8&body=精品视频包&it_b_pay=30m¬ify_url=.</param>
/// <param name="signencode">签名后的字符串.e:ALronrTVsOphXLF4T0BOyRrQaRdOZZLTVQsOmRVJ6gbOzIf3wBK/KWUKE/crXokotkK1TArIDQ2UDHWBxc2QnsAB2HIhquYAfVWLJd0M57GLr5ktnDj8Co7jmH3CJP9S3fS9f7lTkKRP/U3SOssHooleVRfJaR9YOEXifAqJAe4=</param>
/// <returns></returns>
public static bool Verify(string publicCertificate, string inputCharset, string orignsign, string signencode)
{
if (!_rsappublicParameters.HasValue)
{
_rsappublicParameters = RsaParametersRead.RsaParasPublicKey(publicCertificate);
}
using (var oRsa1 = new RSACryptoServiceProvider())
{
oRsa1.ImportParameters(_rsappublicParameters.Value);
var singdate = Encoding.GetEncoding(inputCharset).GetBytes(orignsign);
var dataBytes = Convert.FromBase64String(signencode);
return oRsa1.VerifyData(singdate, new SHA1CryptoServiceProvider(), dataBytes);
}
}
public void SetRSAParameters(RSAParameters rsa)
{
//if (this.rsa == null) {
this.rsa = rsa;
meta = new RSAEncryptingKeyValueStorage (eMeta, rsa);
symmetricKeys = new RSAEncryptingKeyValueStorage (eSymmetricKeys, rsa);
try {
eMeta.Get (System.Text.Encoding.Unicode.GetBytes ("RepositoryConfigurationsKeyID").SHA256 ());
} catch {
byte[] id = new byte[32];
byte[] key = new byte[32];
RandomNumberGenerator rng = RandomNumberGenerator.Create ();
rng.GetBytes (id);
rng.GetBytes (key);
symmetricKeys.Put (id, key);
meta.Put (System.Text.Encoding.Unicode.GetBytes ("RepositoryConfigurationsKeyID").SHA256 (), id);
}
if (rsa.InverseQ != null)
repositoryConfigurations = new AESEncryptingKeyValueStorage (eRepositoryConfigurations,
symmetricKeys.Get (meta.Get (System.Text.Encoding.Unicode.GetBytes ("RepositoryConfigurationsKeyID").SHA256 ())));
//} else
// throw new InvalidOperationException ();
}
public void Generate()
{
// This takes quite long on mobile devices.
Console.WriteLine("Generating RSA Keys ...");
rsaProvider = new RSACryptoServiceProvider(KeySize * 8);
rsaParameters = rsaProvider.ExportParameters(true);
Console.WriteLine("Finished generating RSA Keys.");
}
