public CipherSuite(ProtocolVersion version)
{
ProtocolVersion = version;
CipherSuiteID = 0x0000;
CipherSuiteName = "TLS_NULL_WITH_NULL_NULL";
_keyExchangeAlgorithm = new KeyExchangeAlgorithmNull();
_signatureAlgorithm = new SignatureAlgorithmNull();
_pseudoRandomFunction = null;
_bulkCipherAlgorithm = new BulkCipherAlgorithmNull();
_macAlgorithm = new MACAlgorithmNull();
}
public CngKey GetPublicKey(SignatureAlgorithm alg, string iid, string kid)
{
byte[] x, y;
if (iid == "1" && kid == "18")
{
x = Convert.FromBase64String("UabuaxndEdYE5Nr4fC5ETFcYe7YgyFn4fWqe1R/GB9w=");
y = Convert.FromBase64String("k/NCBB5W8ZuBqvxZ+GHkI3fS1QflEezF9EriGUVpsAk=");
return CreatePublicKey(x, y);
}
if (iid == _signingIid && kid == _signingKid)
{
x = Convert.FromBase64String("YtoaCnZ4QoXQFdfA0ofeVZYLHnTYUo0Q/mV8VPOI3k0=");
y = Convert.FromBase64String("Gq1o9SAQJ1VpCVelLOC+TuoJH1dFWXiQX7rwmjzoilw=");
return CreatePublicKey(x, y);
}
return null;
}
protected HashAlgorithm GetSignatureHashAlgorithm(SignatureAlgorithm signatureAlgorithm, byte hashAlgorithmType)
{
if (!signatureAlgorithm.SupportsHashAlgorithmType(hashAlgorithmType)) {
throw new AlertException(AlertDescription.IllegalParameter,
"Illegal hash algorithm type");
}
HashAlgorithm hashAlgorithm;
switch (hashAlgorithmType) {
case 1:
hashAlgorithm = new MD5CryptoServiceProvider();
break;
case 2:
hashAlgorithm = new SHA1CryptoServiceProvider();
break;
case 4:
hashAlgorithm = new SHA256Managed();
break;
case 5:
hashAlgorithm = new SHA384Managed();
break;
case 6:
hashAlgorithm = new SHA512Managed();
break;
default:
throw new AlertException(AlertDescription.InternalError,
"Unsupported hash algorithm type: " + hashAlgorithmType);
}
return hashAlgorithm;
}
public async Task <int> Run(VerifyOptions options, string httpMessage)
{
ISignatureAlgorithm signatureAlgorithmForVerification;
if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase))
{
RSAParameters rsaPublicKey;
using (var stream = File.OpenRead(options.PublicKey)) {
using (var reader = new PemReader(stream)) {
rsaPublicKey = reader.ReadRsaKey();
}
}
signatureAlgorithmForVerification = RSASignatureAlgorithm.CreateForVerification(HashAlgorithmName.SHA512, rsaPublicKey);
}
else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase))
{
ECParameters ecPublicKey;
using (var stream = File.OpenRead(options.PublicKey)) {
using (var reader = new StreamReader(stream)) {
var fileContents = reader.ReadToEnd();
var lines = fileContents.Split(new[] { '\n', '\r' }, StringSplitOptions.RemoveEmptyEntries);
lines = lines.Skip(1).Take(lines.Length - 2).ToArray();
var pem = string.Join("", lines);
var ecdsa = ECDsa.Create();
var derArray = Convert.FromBase64String(pem);
ecdsa.ImportSubjectPublicKeyInfo(derArray, out _);
ecPublicKey = ecdsa.ExportParameters(false);
}
}
signatureAlgorithmForVerification = ECDsaSignatureAlgorithm.CreateForVerification(HashAlgorithmName.SHA512, ecPublicKey);
}
else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithmForVerification = SignatureAlgorithm.CreateForVerification(options.PublicKey, HashAlgorithmName.SHA512);
}
else
{
throw new NotSupportedException("The specified key type is not supported.");
}
var serviceProvider = new ServiceCollection()
.AddHttpMessageSignatureVerification(provider => {
var clientStore = new InMemoryClientStore();
clientStore.Register(new Client(
new KeyId("test"),
"ConformanceClient",
signatureAlgorithmForVerification,
TimeSpan.FromSeconds(30),
TimeSpan.FromMinutes(1)));
return(clientStore);
})
.BuildServiceProvider();
var verifier = serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
var clientRequest = HttpRequestMessageParser.Parse(httpMessage);
var requestToVerify = await clientRequest.ToServerSideHttpRequest();
var verificationResult = await verifier.VerifySignature(requestToVerify, new SignedRequestAuthenticationOptions {
OnSignatureParsed = (request, signature) => {
if (!string.IsNullOrEmpty(options.Algorithm))
{
signature.Algorithm = options.Algorithm;
}
return(Task.CompletedTask);
}
});
return(verificationResult is RequestSignatureVerificationResultSuccess
? 0
: 1);
}
public JwsWrapper(byte[] token, SignatureAlgorithm algorithm, TokenValidationPolicy policy)
{
_token = token;
_algorithm = algorithm;
Policy = policy;
}
public Task <VerifyResult> VerifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, CancellationToken cancellationToken = default) => throw new CryptographicException(CRYPT_E_NO_PROVIDER);
public static async Task <string> Run(SignOptions options)
{
var serviceProvider = new ServiceCollection()
.AddHttpMessageSigning()
.BuildServiceProvider();
var requestSignerFactory = serviceProvider.GetRequiredService <IRequestSignerFactory>();
ISignatureAlgorithm signatureAlgorithm;
if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = RSASignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, KeyReader.ReadRSA(options.PrivateKey));
}
else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = ECDsaSignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, KeyReader.ReadECDsaPrivate(options.PrivateKey));
}
else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = SignatureAlgorithm.CreateForSigning(options.PrivateKey, HashAlgorithmName.SHA512);
}
else
{
throw new NotSupportedException("The specified key type is not supported.");
}
if (!string.IsNullOrEmpty(options.Algorithm) &&
!options.Algorithm.StartsWith("rsa", StringComparison.OrdinalIgnoreCase) &&
!options.Algorithm.StartsWith("hmac", StringComparison.OrdinalIgnoreCase) &&
!options.Algorithm.StartsWith("ecdsa", StringComparison.OrdinalIgnoreCase))
{
signatureAlgorithm = new CustomSignatureAlgorithm(options.Algorithm);
}
var signingSettings = new SigningSettings {
SignatureAlgorithm = signatureAlgorithm,
EnableNonce = false,
DigestHashAlgorithm = HashAlgorithmName.SHA256,
AutomaticallyAddRecommendedHeaders = false,
Headers = options.Headers
?.Split(new[] { ' ', ',' }, StringSplitOptions.RemoveEmptyEntries)
.Select(h => new HeaderName(h))
.ToArray()
};
var signer = requestSignerFactory.Create(
new KeyId("test"),
signingSettings);
var created = DateTimeOffset.UtcNow;
if (!string.IsNullOrEmpty(options.Created))
{
var createdUnix = int.Parse(options.Created);
created = DateTimeOffset.FromUnixTimeSeconds(createdUnix);
}
var expires = signingSettings.Expires;
if (!string.IsNullOrEmpty(options.Expires))
{
var expiresUnix = int.Parse(options.Expires);
var expiresAbsolute = DateTimeOffset.FromUnixTimeSeconds(expiresUnix);
expires = expiresAbsolute - created;
}
await signer.Sign(options.Message, created, expires);
var serializedMessage = HttpMessageSerializer.Serialize(options.Message);
return(serializedMessage);
}
private ParamReadonlyStruct(long id, string name, int requiredKeySizeInBytes, SignatureAlgorithm hashAlgorithm, int requiredKeyWrappedSizeInBytes, EncryptionType encryptionType)
{
_id = id;
Name = name;
RequiredKeySizeInBytes = requiredKeySizeInBytes;
SignatureAlgorithm = hashAlgorithm;
RequiredKeyWrappedSizeInBytes = requiredKeyWrappedSizeInBytes;
Category = encryptionType;
}
public SignatureAndHashAlgorithm(HashAlgorithm hash,
SignatureAlgorithm signature) {
this.hash = hash;
this.signature = signature;
}
internal static byte[] CreatePublicKey(SignatureAlgorithm sigAlg, AssemblyHashAlgorithm hashAlg, byte[] modulus, byte[] publicExponent) {
if (sigAlg != SignatureAlgorithm.CALG_RSA_SIGN)
throw new ArgumentException("Signature algorithm must be RSA");
var outStream = new MemoryStream();
var writer = new BinaryWriter(outStream);
writer.Write((uint)sigAlg); // SigAlgID
writer.Write((uint)hashAlg); // HashAlgID
writer.Write(0x14 + modulus.Length);// cbPublicKey
writer.Write((byte)6); // bType (public key)
writer.Write((byte)2); // bVersion
writer.Write((ushort)0); // reserved
writer.Write((uint)sigAlg); // aiKeyAlg
writer.Write(RSA1_SIG); // magic (RSA1)
writer.Write(modulus.Length * 8); // bitlen
writer.WriteReverse(publicExponent);// pubexp
writer.WriteReverse(modulus); // modulus
return outStream.ToArray();
}
void Initialize(BinaryReader reader) {
try {
// Read PublicKeyBlob
signatureAlgorithm = (SignatureAlgorithm)reader.ReadUInt32();
hashAlgorithm = (AssemblyHashAlgorithm)reader.ReadUInt32();
int pkLen = reader.ReadInt32();
// Read PUBLICKEYSTRUC
if (reader.ReadByte() != 6)
throw new InvalidKeyException("Not a public key");
if (reader.ReadByte() != 2)
throw new InvalidKeyException("Invalid version");
reader.ReadUInt16(); // reserved
if ((SignatureAlgorithm)reader.ReadUInt32() != SignatureAlgorithm.CALG_RSA_SIGN)
throw new InvalidKeyException("Not RSA sign");
// Read RSAPUBKEY
if (reader.ReadUInt32() != RSA1_SIG) // magic = RSA1
throw new InvalidKeyException("Invalid RSA1 magic");
uint bitLength = reader.ReadUInt32();
publicExponent = reader.ReadBytesReverse(4);
modulus = reader.ReadBytesReverse((int)(bitLength / 8));
}
catch (IOException ex) {
throw new InvalidKeyException("Invalid public key", ex);
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="modulus">Modulus</param>
/// <param name="publicExponent">Public exponent</param>
/// <param name="hashAlgorithm">Hash algorithm</param>
/// <param name="signatureAlgorithm">Signature algorithm</param>
public StrongNamePublicKey(byte[] modulus, byte[] publicExponent, AssemblyHashAlgorithm hashAlgorithm, SignatureAlgorithm signatureAlgorithm) {
this.signatureAlgorithm = signatureAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.modulus = modulus;
this.publicExponent = publicExponent;
}
/// <summary>
/// Parses the raw data in the record into the appropriate structures using the keyexhange and signature algorithms
/// provided.
/// </summary>
/// <param name="algo"></param>
/// <param name="sig"></param>
public void ParseRawData(KeyExchangeAlgorithm algo, SignatureAlgorithm sig)
{
KeyExchangeAlgorithm = algo;
SignatureAlgorithm = sig;
int nAt = 0;
// Parse our RawData block into the structures below
if (KeyExchangeAlgorithm == TLS.KeyExchangeAlgorithm.rsa)
{
RSAModulusLength = ByteHelper.ReadUshortBigEndian(RawData, nAt); nAt += 2;
rsa_modulus = ByteHelper.ReadByteArray(RawData, nAt, RSAModulusLength); nAt += RSAModulusLength;
RSAExponentLength = ByteHelper.ReadUshortBigEndian(RawData, nAt); nAt += 2;
rsa_exponent = ByteHelper.ReadByteArray(RawData, nAt, RSAExponentLength); nAt += RSAExponentLength;
}
else if (KeyExchangeAlgorithm == TLS.KeyExchangeAlgorithm.rsa)
{
dh_p_length = ByteHelper.ReadUshortBigEndian(RawData, nAt); nAt += 2;
dh_p = ByteHelper.ReadByteArray(RawData, nAt, dh_p_length); nAt += dh_p_length;
dh_g_length = ByteHelper.ReadUshortBigEndian(RawData, nAt); nAt += 2;
dh_g = ByteHelper.ReadByteArray(RawData, nAt, dh_g_length); nAt += dh_g_length;
dh_Ys_length = ByteHelper.ReadUshortBigEndian(RawData, nAt); nAt += 2;
dh_Ys = ByteHelper.ReadByteArray(RawData, nAt, dh_Ys_length); nAt += dh_Ys_length;
}
if ((SignatureAlgorithm == TLS.SignatureAlgorithm.dsa) || (SignatureAlgorithm == TLS.SignatureAlgorithm.rsa))
{
HashDigitalSignatureLength = ByteHelper.ReadUshortBigEndian(RawData, nAt); nAt += 2;
DigitalSignatureOfHash = ByteHelper.ReadByteArray(RawData, nAt, HashDigitalSignatureLength); nAt += HashDigitalSignatureLength;
}
}
private async Task <KeyVaultKey> CreateTestKeyWithKeyMaterial(SignatureAlgorithm algorithm)
{
string keyName = Recording.GenerateId();
JsonWebKey keyMaterial = null;
switch (algorithm.ToString())
{
case SignatureAlgorithm.PS256Value:
case SignatureAlgorithm.PS384Value:
case SignatureAlgorithm.PS512Value:
case SignatureAlgorithm.RS256Value:
case SignatureAlgorithm.RS384Value:
case SignatureAlgorithm.RS512Value:
using (RSA rsa = RSA.Create())
{
RSAParameters rsaParameters = new RSAParameters
{
D = new byte[] { 0x8a, 0x5a, 0x7f, 0x16, 0x29, 0x95, 0x8b, 0x84, 0xeb, 0x8c, 0xba, 0x93, 0xad, 0xbf, 0x40, 0xa2,
0xcc, 0xb9, 0xe9, 0xf8, 0xaa, 0x42, 0x78, 0x24, 0x5d, 0xdf, 0x99, 0xa1, 0x51, 0xd5, 0x1b, 0xaa,
0xfe, 0x0a, 0xa2, 0x82, 0x49, 0xd3, 0x19, 0x9c, 0xfd, 0x48, 0x92, 0xcc, 0x44, 0x98, 0xaf, 0xbf,
0x09, 0xf9, 0x4f, 0xff, 0xcc, 0x49, 0x75, 0x71, 0x27, 0xe1, 0xd8, 0xe2, 0xf2, 0xb7, 0x75, 0x5f,
0x5b, 0x75, 0x75, 0xff, 0x9f, 0xaa, 0x0d, 0xb5, 0x9a, 0x49, 0xff, 0x0b, 0x85, 0xb7, 0x05, 0xb6,
0x8b, 0xfb, 0x1c, 0x7b, 0x2b, 0xf8, 0xf7, 0x9d, 0xad, 0x4b, 0xe7, 0x30, 0x89, 0x13, 0x9d, 0x2b,
0x7f, 0x40, 0x34, 0x3d, 0x8e, 0x38, 0x43, 0x84, 0x19, 0x67, 0xae, 0xab, 0x65, 0xa3, 0xfd, 0x01,
0xcd, 0x2d, 0x5c, 0x87, 0x9f, 0xb7, 0x07, 0x98, 0x82, 0x74, 0x13, 0x69, 0xd1, 0xba, 0x6c, 0xea,
0xf9, 0x54, 0x59, 0xa1, 0x3d, 0x8a, 0xaf, 0x4c, 0xa6, 0x22, 0xde, 0x2a, 0xe3, 0xc1, 0x68, 0x4e,
0xc4, 0x5f, 0x49, 0xe6, 0x78, 0xb6, 0x7c, 0xa7, 0x90, 0xeb, 0xa2, 0x78, 0x93, 0xb4, 0xbb, 0xd2,
0x59, 0x13, 0xe9, 0x20, 0xf5, 0x1a, 0xe5, 0x27, 0x27, 0x6c, 0x98, 0x9e, 0x20, 0x73, 0xc6, 0x61,
0x4f, 0x01, 0x10, 0xf7, 0xb7, 0xe8, 0x17, 0x5f, 0x0e, 0x6b, 0x2b, 0x02, 0xf5, 0xe7, 0x4e, 0x16,
0xcb, 0xd7, 0x6d, 0xb3, 0x80, 0x17, 0xac, 0xad, 0x5c, 0x48, 0x16, 0xf1, 0x2a, 0xf2, 0xde, 0x14,
0xb4, 0x1b, 0x1a, 0x52, 0x11, 0x75, 0x05, 0xd8, 0x2e, 0x37, 0xe3, 0x31, 0xa5, 0x81, 0xa3, 0x29,
0x20, 0xae, 0x6f, 0x52, 0xf6, 0xe4, 0xd1, 0xc2, 0x73, 0x3f, 0x2e, 0x56, 0x8a, 0xa1, 0xc3, 0x0c,
0x4c, 0x1d, 0xb4, 0x77, 0xb9, 0x2a, 0xd4, 0x88, 0xc1, 0xb3, 0x3e, 0x2b, 0xd1, 0x98, 0x49, 0x8d },
DP = new byte[] { 0x05, 0x0c, 0x0c, 0xe9, 0x95, 0x77, 0x4d, 0x0f, 0x1e, 0x4a, 0x95, 0xbf, 0xcb, 0x0e, 0x03, 0x89,
0x6f, 0xe6, 0x56, 0x54, 0xb6, 0x5a, 0x19, 0xdd, 0x7e, 0xde, 0x06, 0xce, 0xdc, 0x1b, 0x76, 0xa1,
0xaa, 0x02, 0xa6, 0x77, 0x52, 0xa4, 0xbf, 0x4b, 0x18, 0x9a, 0x91, 0xc5, 0x86, 0x4a, 0xa2, 0x5f,
0xcc, 0x2c, 0x3e, 0x18, 0x75, 0x75, 0xb3, 0xb4, 0x85, 0xbd, 0x6a, 0x75, 0x01, 0x88, 0xd7, 0xb6,
0x63, 0xb8, 0x4e, 0xed, 0x69, 0x53, 0xb2, 0xb3, 0x80, 0xf3, 0x24, 0x4c, 0x18, 0x21, 0x18, 0xf5,
0xd0, 0xea, 0xf3, 0x53, 0x49, 0x74, 0x5a, 0xc5, 0x07, 0xe6, 0xbc, 0xe0, 0x48, 0x6b, 0xa0, 0xcf,
0x0e, 0x27, 0x80, 0xde, 0x3e, 0x65, 0x30, 0x1e, 0x8a, 0xcb, 0x7b, 0x55, 0xb1, 0xd4, 0x3e, 0xe8,
0x3d, 0xb0, 0xf1, 0x2a, 0x5d, 0x63, 0x33, 0x05, 0x04, 0xc0, 0x52, 0x4d, 0x68, 0xff, 0x28, 0xf9, },
DQ = new byte[] { 0xcc, 0xf9, 0x20, 0x49, 0xfd, 0x71, 0x7b, 0x95, 0xb4, 0x6e, 0xb6, 0xdb, 0x3f, 0x99, 0x5c, 0x2a,
0xf1, 0xf7, 0x17, 0x35, 0x29, 0xc7, 0x2a, 0x87, 0x6b, 0x0c, 0x8b, 0xad, 0x35, 0x00, 0xff, 0xa2,
0xd8, 0x22, 0x75, 0x35, 0x3e, 0x6d, 0xd9, 0x3d, 0x39, 0x1d, 0x06, 0x65, 0x26, 0x08, 0x19, 0xb0,
0xe7, 0xd7, 0x6d, 0xd0, 0xec, 0xc4, 0xe7, 0xcb, 0x2a, 0xe4, 0x2d, 0x78, 0x09, 0x9e, 0x5d, 0x86,
0x8c, 0x85, 0x27, 0xb7, 0x4f, 0xed, 0x22, 0xe3, 0xe5, 0x7a, 0x0a, 0xc0, 0xe0, 0x6d, 0xe7, 0x6a,
0x5c, 0x8c, 0xb6, 0x6a, 0x79, 0x72, 0x6d, 0x12, 0xa4, 0x65, 0x5b, 0xa0, 0xa9, 0xcb, 0x8d, 0x2b,
0xeb, 0x1b, 0x81, 0x84, 0x26, 0xf7, 0x00, 0x49, 0x25, 0x4a, 0xc9, 0xda, 0x43, 0x60, 0x15, 0x47,
0x65, 0x94, 0xe3, 0xb9, 0x0b, 0x00, 0xcb, 0x07, 0x3f, 0x5d, 0xdf, 0x19, 0x4b, 0x0f, 0x84, 0x17, },
Exponent = new byte[] { 0x01, 0x00, 0x01, },
InverseQ = new byte[] { 0xc2, 0xb4, 0x1c, 0x29, 0x19, 0x9e, 0x24, 0xe3, 0x38, 0xe0, 0x9b, 0x25, 0x12, 0x25, 0x5b, 0x5f,
0xdb, 0x45, 0x72, 0xe8, 0xbe, 0x25, 0x4e, 0xc7, 0x0d, 0x15, 0x05, 0x18, 0xa8, 0x47, 0xf7, 0x87,
0xa4, 0xa5, 0x02, 0xa5, 0xa0, 0x00, 0xd9, 0x98, 0xf2, 0xf4, 0x33, 0x64, 0x80, 0x30, 0xb9, 0x6c,
0xcc, 0x83, 0xc0, 0x7a, 0xf3, 0x32, 0xfd, 0x60, 0x91, 0x02, 0x61, 0x9e, 0x79, 0x68, 0xcd, 0x84,
0x6c, 0x39, 0x1e, 0x47, 0xb1, 0x13, 0xf9, 0xea, 0x2b, 0xc9, 0x65, 0xd5, 0x1d, 0x8a, 0x47, 0xf4,
0xa3, 0xf2, 0x01, 0x50, 0x0a, 0xad, 0x72, 0xcd, 0xe3, 0x19, 0x67, 0x3e, 0x15, 0x8d, 0x40, 0x7c,
0x8f, 0x30, 0xa0, 0xc9, 0x3b, 0xf9, 0x96, 0xba, 0x58, 0xae, 0xd6, 0xc8, 0x26, 0xa6, 0xa2, 0xa8,
0x0f, 0x96, 0x2b, 0x28, 0xf8, 0x39, 0x11, 0xa1, 0xf0, 0x6a, 0xc5, 0xdd, 0x99, 0x5b, 0x18, 0x1a, },
Modulus = new byte[] { 0xc7, 0x61, 0xab, 0x5f, 0xc0, 0x4c, 0x50, 0xdf, 0x3a, 0x21, 0x87, 0x41, 0x6b, 0x42, 0x3d, 0xbd,
0xd7, 0x81, 0xe5, 0xed, 0xc0, 0x59, 0xe6, 0xa0, 0xd0, 0xcc, 0x7e, 0xd7, 0xbe, 0x0f, 0xcd, 0xd5,
0x3d, 0x23, 0x08, 0xa2, 0x81, 0x94, 0xc8, 0x60, 0xd0, 0xfc, 0xe8, 0xf6, 0xdf, 0x22, 0xe8, 0xa1,
0xae, 0x4c, 0xab, 0x78, 0xe6, 0x7d, 0x65, 0x1c, 0x20, 0x1a, 0x7b, 0xf2, 0xd9, 0x10, 0xa2, 0x85,
0x28, 0x81, 0xc0, 0x1d, 0x4d, 0xc6, 0xf0, 0x4f, 0x36, 0xe0, 0x83, 0x14, 0x4c, 0x30, 0x5c, 0xef,
0x9c, 0x93, 0x26, 0x7f, 0xf4, 0x67, 0x93, 0x47, 0xe8, 0x3b, 0x27, 0x91, 0xfb, 0xe9, 0xfd, 0xbb,
0x67, 0x9a, 0xa6, 0x0f, 0x84, 0x47, 0xae, 0x55, 0x55, 0x38, 0x32, 0x68, 0xfc, 0x97, 0x42, 0xc1,
0x77, 0x4e, 0x7c, 0x8e, 0xc2, 0x24, 0xe9, 0x9c, 0x29, 0x12, 0xf6, 0xce, 0x90, 0xa3, 0x77, 0x05,
0xaa, 0xc7, 0x63, 0x62, 0x3b, 0x38, 0xf6, 0xee, 0x77, 0x46, 0x0b, 0xed, 0xca, 0xca, 0x6e, 0x6e,
0x08, 0xd1, 0x5e, 0xa9, 0xd1, 0x86, 0xea, 0xdf, 0xcc, 0x7c, 0x17, 0x9c, 0xf2, 0xae, 0x4c, 0x02,
0xe8, 0x47, 0xcf, 0x95, 0xf0, 0x7c, 0x2f, 0x6f, 0x9b, 0x97, 0x87, 0xe7, 0x98, 0xf4, 0x07, 0x4d,
0xd5, 0x2d, 0xf3, 0x5e, 0x91, 0x52, 0x57, 0x99, 0xbd, 0x54, 0xb5, 0x04, 0xef, 0xc8, 0x14, 0x0b,
0xe0, 0xb3, 0x0b, 0x72, 0xb8, 0x43, 0x0e, 0x1f, 0x13, 0x79, 0xa1, 0x88, 0xc9, 0x96, 0x39, 0x68,
0xcb, 0x16, 0x2c, 0xfd, 0xa4, 0x5f, 0x3a, 0x0d, 0x31, 0xd8, 0xc1, 0x12, 0x02, 0xf7, 0x3b, 0x6c,
0xa1, 0x30, 0xad, 0x6d, 0xa4, 0xcf, 0x42, 0xe2, 0xb6, 0x5c, 0xdc, 0x33, 0xf5, 0x17, 0xda, 0x3a,
0x66, 0xdf, 0xdf, 0x6a, 0x04, 0x51, 0x84, 0x8b, 0x3d, 0x8b, 0x7b, 0x9f, 0x7a, 0xd7, 0xdf, 0xad, },
P = new byte[] { 0xca, 0x2e, 0x9f, 0xdd, 0x52, 0x22, 0x31, 0xd3, 0x75, 0x50, 0x1f, 0xab, 0x00, 0x48, 0x62, 0xcf,
0x17, 0x1f, 0xa5, 0x17, 0xe4, 0x46, 0x22, 0xfc, 0xfc, 0x2b, 0x73, 0x4e, 0xb2, 0x1f, 0xb9, 0x72,
0xa4, 0xaa, 0x52, 0xee, 0x05, 0xa4, 0xeb, 0x51, 0xfa, 0xa0, 0x9b, 0x3d, 0xf9, 0xc4, 0x04, 0x22,
0xd2, 0xf0, 0xb4, 0xff, 0xee, 0x2f, 0xc0, 0x81, 0x2a, 0x3d, 0x5e, 0xe4, 0x75, 0x55, 0xf2, 0x1c,
0x13, 0xd3, 0x59, 0x26, 0x38, 0x81, 0x91, 0xb6, 0xb6, 0x8e, 0x47, 0x3c, 0x27, 0x9e, 0x87, 0x07,
0x2d, 0xcf, 0xd7, 0xaa, 0x5f, 0x15, 0x50, 0xf5, 0xc7, 0x01, 0x5f, 0x9c, 0xae, 0x9d, 0xec, 0x63,
0xfc, 0x04, 0xda, 0xb7, 0xe7, 0x80, 0x14, 0x9c, 0xef, 0x6a, 0xbd, 0x36, 0x02, 0xce, 0xaa, 0xf3,
0x93, 0x46, 0x8c, 0xb9, 0x0b, 0x82, 0xe1, 0x5d, 0x39, 0xcb, 0x46, 0x5f, 0xa7, 0xd5, 0xbe, 0xef, },
Q = new byte[] { 0xfc, 0x74, 0x33, 0xc3, 0x32, 0x64, 0x9f, 0x78, 0xe7, 0xfd, 0x79, 0xc0, 0xb0, 0x60, 0x1f, 0x94,
0xc3, 0x3d, 0xd9, 0xfc, 0x02, 0xf7, 0x16, 0x2d, 0x47, 0x88, 0xfc, 0xf4, 0x13, 0xa3, 0xbf, 0x25,
0x80, 0x3c, 0x1b, 0x1d, 0x12, 0x43, 0x5c, 0xce, 0x22, 0xa4, 0x01, 0x7e, 0x04, 0x7a, 0xf3, 0x11,
0x66, 0x36, 0x49, 0x3c, 0x3b, 0x6f, 0x49, 0x69, 0x74, 0xd5, 0x35, 0x23, 0x90, 0x47, 0xb3, 0x15,
0xe7, 0xa5, 0x26, 0x48, 0x9d, 0xb5, 0x38, 0xa0, 0x44, 0x58, 0x63, 0xb2, 0xdd, 0x94, 0xaf, 0x2e,
0x42, 0x08, 0x25, 0x19, 0x4a, 0x7b, 0xe5, 0x72, 0xbe, 0xd5, 0xa3, 0x92, 0x0b, 0xba, 0xf7, 0x5f,
0x0b, 0x18, 0xa6, 0x62, 0x19, 0x6d, 0x53, 0xc1, 0x8a, 0x86, 0x19, 0x43, 0x53, 0xa4, 0x3a, 0x53,
0x94, 0xd9, 0x99, 0x8b, 0x3a, 0xe4, 0x1e, 0xc5, 0x86, 0x15, 0x89, 0x53, 0xb5, 0x3d, 0x8b, 0x23, },
};
rsa.ImportParameters(rsaParameters);
keyMaterial = new JsonWebKey(rsa, includePrivateParameters: true);
}
break;
case SignatureAlgorithm.ES256Value:
case SignatureAlgorithm.ES256KValue:
case SignatureAlgorithm.ES384Value:
case SignatureAlgorithm.ES512Value:
#if NET461
Assert.Ignore("Creating JsonWebKey with ECDsa is not supported on net461.");
#else
KeyCurveName curveName = algorithm.GetEcKeyCurveName();
ECCurve curve = ECCurve.CreateFromOid(curveName.Oid);
using (ECDsa ecdsa = ECDsa.Create())
{
try
{
ecdsa.GenerateKey(curve);
keyMaterial = new JsonWebKey(ecdsa, includePrivateParameters: true);
}
catch (NotSupportedException)
{
Assert.Inconclusive("This platform does not support OID {0}", curveName.Oid);
}
}
#endif
break;
default:
throw new ArgumentException("Invalid Algorithm", nameof(algorithm));
}
KeyVaultKey key = await Client.ImportKeyAsync(keyName, keyMaterial);
keyMaterial.Id = key.Key.Id;
key.Key = keyMaterial;
return(key);
}
/// <summary>
/// Initializes a new instance of the <see cref="Cryptography.SignResult"/> for mocking purposes.
/// </summary>
/// <param name="keyId">Sets the <see cref="SignResult.KeyId"/> property.</param>
/// <param name="signature">Sets the <see cref="SignResult.Signature"/> property.</param>
/// <param name="algorithm">Sets the <see cref="SignResult.Algorithm"/> property.</param>
/// <returns>A new instance of the <see cref="Cryptography.SignResult"/> for mocking purposes.</returns>
public static SignResult SignResult(string keyId = default, byte[] signature = default, SignatureAlgorithm algorithm = default) => new SignResult
{
KeyId = keyId,
Signature = signature,
Algorithm = algorithm,
};
void genVerboseString(StringBuilder SB)
{
String n = Environment.NewLine;
SB.Append($"X509 Certificate Revocation List:{n}");
SB.Append($"Version: {Version}{n}");
SB.Append($"Issuer: {n}");
String[] tokens = Issuer.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
for (Int32 index = 0; index < tokens.Length; index++)
{
tokens[index] = " " + tokens[index].Trim();
}
SB.Append(String.Join(n, tokens) + n);
SB.Append($"This Update: {ThisUpdate}{n}");
if (NextUpdate == null)
{
SB.Append($"Next Update: Infinity{n}");
}
else
{
SB.Append($"Next Update: {NextUpdate}{n}");
}
if (RevokedCertificates == null)
{
SB.Append($"CRL Entries: 0{n}");
}
else
{
SB.Append($"CRL Entries: {RevokedCertificates.Count}{n}");
foreach (X509CRLEntry revcert in RevokedCertificates)
{
SB.Append($" Serial Number: {revcert.SerialNumber}{n}");
SB.Append($" Revocation Date: {revcert.RevocationDate}{n}");
if (revcert.ReasonCode != 0)
{
SB.Append($" Revocation Reason: {revcert.ReasonMessage} ({revcert.ReasonCode}){n}");
}
SB.Append(n);
}
}
if (Extensions == null)
{
SB.Append($"CRL Extensions: 0{n}");
}
else
{
SB.Append($"CRL Extensions: {Extensions.Count}{n}");
foreach (X509Extension ext in Extensions)
{
SB.Append($" OID={ext.Oid.Format(true)}");
SB.Append($"Critical={ext.Critical}, Length={ext.RawData.Length} ({ext.RawData.Length:x2}):{n}");
SB.Append($" {ext.Format(true).Replace(n, $"{n} ").TrimEnd()}{n}{n}");
}
}
SB.Append("Signature Algorithm:" + n);
SB.Append($" Algorithm ObjectId: {SignatureAlgorithm.Format(true)}{n}");
SB.Append($"Signature: Unused bits={sigUnused}{n} ");
String tempString = AsnFormatter.BinaryToString(signature, EncodingType.HexAddress);
SB.Append($"{tempString.Replace(n, $"{n} ").TrimEnd()}{n}");
}
/// <summary>
/// Initializes a new instance of the <see cref="Cryptography.VerifyResult"/> for mocking purposes.
/// </summary>
/// <param name="keyId">Sets the <see cref="VerifyResult.KeyId"/> property.</param>
/// <param name="isValid">Sets the <see cref="VerifyResult.IsValid"/> property.</param>
/// <param name="algorithm">Sets the <see cref="VerifyResult.Algorithm"/> property.</param>
/// <returns>A new instance of the <see cref="Cryptography.VerifyResult"/> for mocking purposes.</returns>
public static VerifyResult VerifyResult(string keyId = default, bool isValid = default, SignatureAlgorithm algorithm = default) => new VerifyResult
{
KeyId = keyId,
IsValid = isValid,
Algorithm = algorithm,
};
public byte[] Sign()
{
// no input because Write has already updated the hash
return(SignatureAlgorithm.Sign(new byte[0], HashAlgorithm));
}
public CompositionTests()
{
_rsa = new RSACryptoServiceProvider();
var services = new ServiceCollection();
services
.AddHttpMessageSigning("unit-test-app", settings => { settings.SignatureAlgorithm = SignatureAlgorithm.CreateForSigning("s3cr3t"); })
.AddHMACHttpMessageSigning("unit-test-app-hmac", "s3cr3t")
.AddRSAHttpMessageSigning("unit-test-app-rsa", _rsa);
_provider = services.BuildServiceProvider();
}
public static void SignWithSpanWrongSize(SignatureAlgorithm a)
{
using var k = new Key(a);
Assert.Throws <ArgumentException>("signature", () => a.Sign(k, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
/// <summary>Add configuration from the OIDC configuration, including issuer validation and signature requirement.</summary>
public static TokenValidationPolicyBuilder AddOpenIdConfiguration(this TokenValidationPolicyBuilder builder, string metadataAddress, SignatureAlgorithm algorithm)
{
return(builder.RequireMetadataConfiguration(metadataAddress, algorithm));
}
public SignResult Sign(SignatureAlgorithm algorithm, byte[] digest, CancellationToken cancellationToken = default) => throw new CryptographicException(CRYPT_E_NO_PROVIDER);
/// <summary>
/// Creates a new <see cref="CommonFrameHeader"/> from given <paramref name="buffer"/>.
/// </summary>
/// <param name="configurationFrame">IEC 61850-90-5 <see cref="ConfigurationFrame"/> if already parsed.</param>
/// <param name="useETRConfiguration">Determines if system should find associated ETR file using MSVID with same name for configuration.</param>
/// <param name="guessConfiguration">Determines if system should try to guess at a possible configuration given payload size.</param>
/// <param name="parseRedundantASDUs">Determines if system should expose redundantly parsed ASDUs.</param>
/// <param name="ignoreSignatureValidationFailures">Determines if system should ignore checksum signature validation errors.</param>
/// <param name="ignoreSampleSizeValidationFailures">Determines if system should ignore sample size validation errors.</param>
/// <param name="angleFormat">Allows customization of the angle parsing format.</param>
/// <param name="buffer">Buffer that contains data to parse.</param>
/// <param name="startIndex">Start index into buffer where valid data begins.</param>
/// <param name="length">Maximum length of valid data from offset.</param>
// ReSharper disable once UnusedParameter.Local
public CommonFrameHeader(ConfigurationFrame configurationFrame, bool useETRConfiguration, bool guessConfiguration, bool parseRedundantASDUs, bool ignoreSignatureValidationFailures, bool ignoreSampleSizeValidationFailures, AngleFormat angleFormat, byte[] buffer, int startIndex, int length)
{
const byte VersionNumberMask = (byte)IEC61850_90_5.FrameType.VersionNumberMask;
// Cache behavioral connection parameters
m_useETRConfiguration = useETRConfiguration;
m_guessConfiguration = guessConfiguration;
m_parseRedundantASDUs = parseRedundantASDUs;
m_ignoreSignatureValidationFailures = ignoreSignatureValidationFailures;
m_ignoreSampleSizeValidationFailures = ignoreSampleSizeValidationFailures;
m_angleFormat = angleFormat;
// Ignore the time base from configuration frame if available. The timebase is not adjustable for 61850.
m_timebase = Common.Timebase;
// See if frame is for a common IEEE C37.118 frame (e.g., for configuration or command)
if (buffer[startIndex] == PhasorProtocols.Common.SyncByte)
{
// Strip out frame type and version information...
m_frameType = (FrameType)(buffer[startIndex + 1] & ~VersionNumberMask);
m_version = (byte)(buffer[startIndex + 1] & VersionNumberMask);
m_frameLength = BigEndian.ToUInt16(buffer, startIndex + 2);
m_idCode = BigEndian.ToUInt16(buffer, startIndex + 4);
uint secondOfCentury = BigEndian.ToUInt32(buffer, startIndex + 6);
uint fractionOfSecond = BigEndian.ToUInt32(buffer, startIndex + 10);
// Without timebase, the best timestamp you can get is down to the whole second
m_timestamp = new UnixTimeTag((decimal)secondOfCentury).ToDateTime().Ticks;
// "Actual fractional seconds" are obtained by taking fractionOfSecond and dividing by timebase.
// Since we are converting to ticks, we need to multiply by Ticks.PerSecond.
// We do the multiplication first so that the whole operation can be done using integer arithmetic.
// m_timebase / 2L is added before dividing by timebase in order to round the result.
long ticksBeyondSecond = (fractionOfSecond & ~Common.TimeQualityFlagsMask) * Ticks.PerSecond;
m_timestamp += (ticksBeyondSecond + m_timebase / 2L) / m_timebase;
if (configurationFrame is not null)
{
// Hang on to configured frame rate and ticks per frame
m_framesPerSecond = configurationFrame.FrameRate;
m_ticksPerFrame = Ticks.PerSecond / (double)m_framesPerSecond;
}
m_timeQualityFlags = fractionOfSecond & Common.TimeQualityFlagsMask;
}
else if (buffer[startIndex + 1] == Common.CltpTag)
{
// Make sure there is enough data to parse session header from frame
if (length > Common.SessionHeaderSize)
{
// Manually assign frame type - this is an IEC 61850-90-5 data frame
m_frameType = IEC61850_90_5.FrameType.DataFrame;
// Calculate CLTP tag length
int cltpTagLength = buffer[startIndex] + 1;
// Initialize buffer parsing index starting past connectionless transport protocol header
int index = startIndex + cltpTagLength;
// Start calculating total frame length
int frameLength = cltpTagLength;
// Get session type (Goose, sampled values, etc.)
SessionType sessionType = (SessionType)buffer[index++];
// Make sure session type is sampled values
if (sessionType == SessionType.SampledValues)
{
byte headerSize = buffer[index];
// Make sure header size is standard
if (headerSize == Common.SessionHeaderSize)
{
// Skip common header tag
index += 3;
// Get SPDU length
SpduLength = BigEndian.ToUInt32(buffer, index);
index += 4;
// Add SPDU length to total frame length (updated as of 10/3/2012 to accommodate extra 6 bytes)
frameLength += (int)SpduLength + 8;
// Make sure full frame of data is available - cannot calculate full frame length needed for check sum
// without the entire frame since signature algorithm calculation length varies by type and size
if (length > SpduLength + 13)
{
// Get SPDU packet number
m_packetNumber = BigEndian.ToUInt32(buffer, index);
// Get security algorithm type
m_securityAlgorithm = (SecurityAlgorithm)buffer[index + 12];
// Get signature algorithm type
m_signatureAlgorithm = (SignatureAlgorithm)buffer[index + 13];
// Get current key ID
m_keyID = BigEndian.ToUInt32(buffer, index + 14);
// Add signature calculation result length to total frame length
switch (m_signatureAlgorithm)
{
case SignatureAlgorithm.None:
break;
case SignatureAlgorithm.Sha80:
frameLength += 11;
break;
case SignatureAlgorithm.Sha128:
case SignatureAlgorithm.Aes128:
frameLength += 17;
break;
case SignatureAlgorithm.Sha256:
frameLength += 33;
break;
case SignatureAlgorithm.Aes64:
frameLength += 9;
break;
default:
throw new InvalidOperationException($"Invalid IEC 61850-90-5 signature algorithm detected: 0x{buffer[index].ToString("X").PadLeft(2, '0')}");
}
// Check signature algorithm packet checksum here, this step is skipped in data frame parsing due to non-standard location...
if (m_signatureAlgorithm != SignatureAlgorithm.None)
{
int packetIndex = startIndex + cltpTagLength;
int hmacIndex = (int)(packetIndex + SpduLength + 2);
// Check for signature tag
if (buffer[hmacIndex++] == 0x85)
{
// KeyID is technically a lookup into derived rotating keys, but all these are using dummy key for now
HMAC hmac = m_signatureAlgorithm <= SignatureAlgorithm.Sha256 ? new ShaHmac(Common.DummyKey) : (HMAC) new AesHmac(Common.DummyKey);
int result = 0;
switch (m_signatureAlgorithm)
{
case SignatureAlgorithm.None:
break;
case SignatureAlgorithm.Aes64:
m_sourceHash = buffer.BlockCopy(hmacIndex, 8);
m_calculatedHash = hmac.ComputeHash(buffer, packetIndex, (int)SpduLength).BlockCopy(0, 8);
result = m_sourceHash.CompareTo(0, m_calculatedHash, 0, 8);
break;
case SignatureAlgorithm.Sha80:
m_sourceHash = buffer.BlockCopy(hmacIndex, 10);
m_calculatedHash = hmac.ComputeHash(buffer, packetIndex, (int)SpduLength).BlockCopy(0, 10);
result = m_sourceHash.CompareTo(0, m_calculatedHash, 0, 10);
break;
case SignatureAlgorithm.Sha128:
case SignatureAlgorithm.Aes128:
m_sourceHash = buffer.BlockCopy(hmacIndex, 16);
m_calculatedHash = hmac.ComputeHash(buffer, packetIndex, (int)SpduLength).BlockCopy(0, 16);
result = m_sourceHash.CompareTo(0, m_calculatedHash, 0, 16);
break;
case SignatureAlgorithm.Sha256:
m_sourceHash = buffer.BlockCopy(hmacIndex, 32);
m_calculatedHash = hmac.ComputeHash(buffer, packetIndex, (int)SpduLength).BlockCopy(0, 32);
result = m_sourceHash.CompareTo(0, m_calculatedHash, 0, 32);
break;
default:
throw new NotSupportedException($"IEC 61850-90-5 signature algorithm \"{m_signatureAlgorithm}\" is not currently supported: ");
}
if (result != 0 && !m_ignoreSignatureValidationFailures)
{
throw new CrcException("Invalid binary image detected - IEC 61850-90-5 check sum does not match.");
}
}
else
{
throw new CrcException("Invalid binary image detected - expected IEC 61850-90-5 check sum does not exist.");
}
}
// Get payload length
index += 18;
m_dataLength = (ushort)BigEndian.ToUInt32(buffer, index);
index += 4;
// Confirm payload type tag is sampled values
if (buffer[index] != 0x82)
{
throw new InvalidOperationException($"Encountered a payload that is not tagged 0x82 for sampled values: 0x{buffer[index].ToString("X").PadLeft(2, '0')}");
}
index++;
// Get simulated bit value
m_simulatedData = buffer[index++] != 0;
// Get application ID
m_applicationID = BigEndian.ToUInt16(buffer, index);
index += 2;
// Get ASDU payload size
m_payloadSize = BigEndian.ToUInt16(buffer, index);
index += 2;
// Validate sampled value PDU tag exists and skip past it
buffer.ValidateTag(SampledValueTag.SvPdu, ref index);
// Parse number of ASDUs tag
m_asduCount = buffer.ParseByteTag(SampledValueTag.AsduCount, ref index);
if (m_asduCount == 0)
{
throw new InvalidOperationException("Total number of ADSUs must be greater than zero.");
}
// Validate sequence of ASDU tag exists and skip past it
buffer.ValidateTag(SampledValueTag.SequenceOfAsdu, ref index);
// Set header length
m_headerLength = (ushort)(index - startIndex);
// Set calculated frame length
m_frameLength = (ushort)frameLength;
}
}
else
{
throw new InvalidOperationException($"Bad data stream, encountered an invalid session header size: {headerSize}");
}
}
else
{
throw new InvalidOperationException($"This library can only parse IEC 61850-90-5 sampled value sessions, type \"{sessionType}\" is not supported.");
}
}
}
else
{
throw new InvalidOperationException($"Bad data stream, expected sync byte 0xAA or 0x01 as first byte in IEC 61850-90-5 frame, got 0x{buffer[startIndex].ToString("X").PadLeft(2, '0')}");
}
}
public override void IsSupportedSignature_Success(Jwk key, SignatureAlgorithm alg)
{
base.IsSupportedSignature_Success(key, alg);
}
public static void SignWithSpanSuccess(SignatureAlgorithm a)
{
using var k = new Key(a);
a.Sign(k, ReadOnlySpan <byte> .Empty, new byte[a.SignatureSize]);
}
public virtual void Dispose()
{
SignatureAlgorithm?.Dispose();
}
public static void VerifyWithNullKey(SignatureAlgorithm a)
{
Assert.Throws <ArgumentNullException>("publicKey", () => a.Verify(null !, ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty));
}
public override Signer CreateSigner_Failed(Jwk key, SignatureAlgorithm alg)
{
return(base.CreateSigner_Failed(key, alg));
}
public static void VerifyWithWrongKey(SignatureAlgorithm a)
{
using var k = new Key(KeyAgreementAlgorithm.X25519);
Assert.Throws <ArgumentException>("publicKey", () => a.Verify(k.PublicKey, ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty));
}
public virtual void IsSupportedSignature_Success(Jwk key, SignatureAlgorithm alg)
{
Assert.True(key.SupportSignature(alg));
}
public static void VerifyWithWrongSize(SignatureAlgorithm a)
{
using var k = new Key(a);
Assert.False(a.Verify(k.PublicKey, ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty));
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="modulus">Modulus</param>
/// <param name="publicExponent">Public exponent</param>
/// <param name="hashAlgorithm">Hash algorithm</param>
/// <param name="signatureAlgorithm">Signature algorithm</param>
public StrongNamePublicKey(byte[] modulus, byte[] publicExponent, AssemblyHashAlgorithm hashAlgorithm, SignatureAlgorithm signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.modulus = modulus;
this.publicExponent = publicExponent;
}
public static void Properties(SignatureAlgorithm a)
{
Assert.True(a.PublicKeySize > 0);
Assert.True(a.PrivateKeySize > 0);
Assert.True(a.SignatureSize > 0);
}
public InsecureAlgorithmError(SignatureAlgorithm value) => m_value = value;
public static void SignWithSpanWithNullKey(SignatureAlgorithm a)
{
Assert.Throws <ArgumentNullException>("key", () => a.Sign(null !, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
public static Generator GenPki(string cn, string org, string orgun, string city, string state, string country,
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.SHA256,
RsaKeyLength rsaKeyLength = RsaKeyLength.Length2048Bits)
{
Generator generator = new Generator();
// Determines Signature Algorithm
string signatureAlgorithmStr;
switch (signatureAlgorithm)
{
case SignatureAlgorithm.SHA1:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id;
break;
case SignatureAlgorithm.SHA256:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id;
break;
case SignatureAlgorithm.SHA512:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id;
break;
default:
signatureAlgorithmStr = PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id;
break;
}
// Cert Info
IDictionary attrs = new Hashtable();
attrs.Add(X509Name.CN, cn);
attrs.Add(X509Name.O, org);
attrs.Add(X509Name.OU, orgun);
attrs.Add(X509Name.L, city);
attrs.Add(X509Name.ST, state);
attrs.Add(X509Name.C, country);
X509Name subject = new X509Name(new ArrayList(attrs.Keys), attrs);
//Key Generator
//ECKeyPairGenerator ecKeyPairGenerator = new ECKeyPairGenerator();
//ecKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), (int)rsaKeyLength));
//AsymmetricCipherKeyPair pair = ecKeyPairGenerator.GenerateKeyPair();
X9ECParameters curve = ECNamedCurveTable.GetByName("secp256k1");
ECDomainParameters ecParam = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());
ECKeyPairGenerator ecKeyPairGenerator = new ECKeyPairGenerator();
ecKeyPairGenerator.Init(new ECKeyGenerationParameters(ecParam, new SecureRandom()));
AsymmetricCipherKeyPair pair = ecKeyPairGenerator.GenerateKeyPair();
//RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
//rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), (int)rsaKeyLength));
//AsymmetricCipherKeyPair pair = rsaKeyPairGenerator.GenerateKeyPair();
//CSR Generator
//Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithmStr, pair.Private);
Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHECDSA", pair.Private);
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest(signatureFactory, subject, pair.Public, null, pair.Private);
/***************************
****************************
**Convert to PEM and Output*
****************************
***************************/
//Private Key
StringBuilder privateKeyStrBuilder = new StringBuilder();
PemWriter privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyStrBuilder));
privateKeyPemWriter.WriteObject(pair.Private);
privateKeyPemWriter.Writer.Flush();
pkey = privateKeyStrBuilder.ToString();
//Public Key
StringBuilder publicKeyStrBuilder = new StringBuilder();
PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
publicKeyPemWriter.WriteObject(pair.Private);
publicKeyPemWriter.Writer.Flush();
generator.PublicKey = publicKeyStrBuilder.ToString();
//CSR
StringBuilder csrStrBuilder = new StringBuilder();
PemWriter csrPemWriter = new PemWriter(new StringWriter(csrStrBuilder));
csrPemWriter.WriteObject(csr);
csrPemWriter.Writer.Flush();
csR = csrStrBuilder.ToString();
return(generator);
}
public static void SignWithSpanWithWrongKey(SignatureAlgorithm a)
{
using var k = new Key(KeyAgreementAlgorithm.X25519);
Assert.Throws <ArgumentException>("key", () => a.Sign(k, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
public bool Verify(byte[] signature)
{
// no input because Write has already updated the hash
return(SignatureAlgorithm.Verify(new byte[0], signature, HashAlgorithm));
}
public IssuerSignatureHeader(SignatureAlgorithm algoritm, string issuerIdentidier, string keyIdentifier)
{
alg = algoritm;
iid = issuerIdentidier;
kid = keyIdentifier;
}
