/// <summary>
        /// Verify the buffer against the signature using the public key.
        /// </summary>
        ///
        /// <param name="buffer">The input buffer to verify.</param>
        /// <param name="signature">The signature bytes.</param>
        /// <param name="publicKey">The object containing the public key.</param>
        /// <param name="digestAlgorithm">The digest algorithm.</param>
        /// <returns>True if verification succeeds, false if verification fails.</returns>
        /// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception>
        public static bool verifySignature(ByteBuffer buffer, byte[] signature,
                                           PublicKey publicKey, DigestAlgorithm digestAlgorithm)
        {
            if (digestAlgorithm == net.named_data.jndn.security.DigestAlgorithm.SHA256)
            {
                if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
                {
                    try {
                        KeyFactory keyFactory = System.KeyFactory.getInstance("RSA");
                        System.SecurityPublicKey securityPublicKey = keyFactory
                                                                     .generatePublic(new X509EncodedKeySpec(publicKey
                                                                                                            .getKeyDer().getImmutableArray()));

                        System.SecuritySignature rsaSignature = System.SecuritySignature
                                                                .getInstance("SHA256withRSA");
                        rsaSignature.initVerify(securityPublicKey);
                        rsaSignature.update(buffer);
                        return(rsaSignature.verify(signature));
                    } catch (Exception ex) {
                        return(false);
                    }
                }
                else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC)
                {
                    try {
                        KeyFactory keyFactory_0 = System.KeyFactory.getInstance("EC");
                        System.SecurityPublicKey securityPublicKey_1 = keyFactory_0
                                                                       .generatePublic(new X509EncodedKeySpec(publicKey
                                                                                                              .getKeyDer().getImmutableArray()));

                        System.SecuritySignature ecdsaSignature = System.SecuritySignature
                                                                  .getInstance("SHA256withECDSA");
                        ecdsaSignature.initVerify(securityPublicKey_1);
                        ecdsaSignature.update(buffer);
                        return(ecdsaSignature.verify(signature));
                    } catch (Exception ex_2) {
                        return(false);
                    }
                }
                else
                {
                    throw new ArgumentException(
                              "verifySignature: Invalid key type");
                }
            }
            else
            {
                throw new ArgumentException(
                          "verifySignature: Invalid digest algorithm");
            }
        }
        /// <summary>
        /// Sign the data with this private key, returning a signature Blob.
        /// </summary>
        ///
        /// <param name="data">The input byte buffer.</param>
        /// <param name="digestAlgorithm">the digest algorithm.</param>
        /// <returns>The signature Blob, or an isNull Blob if this private key is not
        /// initialized.</returns>
        /// <exception cref="TpmPrivateKey.Error">for unrecognized digestAlgorithm or an errorin signing.</exception>
        public Blob sign(ByteBuffer data, DigestAlgorithm digestAlgorithm)
        {
            if (digestAlgorithm != net.named_data.jndn.security.DigestAlgorithm.SHA256)
            {
                throw new TpmPrivateKey.Error(
                          "TpmPrivateKey.sign: Unsupported digest algorithm");
            }

            System.SecuritySignature signature = null;
            if (keyType_ == net.named_data.jndn.security.KeyType.EC)
            {
                try {
                    signature = System.SecuritySignature
                                .getInstance("SHA256withECDSA");
                } catch (Exception e) {
                    // Don't expect this to happen.
                    throw new TpmPrivateKey.Error(
                              "SHA256withECDSA algorithm is not supported");
                }
            }
            else if (keyType_ == net.named_data.jndn.security.KeyType.RSA)
            {
                try {
                    signature = System.SecuritySignature
                                .getInstance("SHA256withRSA");
                } catch (Exception e_0) {
                    // Don't expect this to happen.
                    throw new TpmPrivateKey.Error(
                              "SHA256withRSA algorithm is not supported");
                }
            }
            else
            {
                return(new Blob());
            }

            try {
                signature.initSign(privateKey_);
            } catch (InvalidKeyException exception) {
                throw new TpmPrivateKey.Error("InvalidKeyException: "
                                              + exception.Message);
            }
            try {
                signature.update(data);
                return(new Blob(signature.sign(), false));
            } catch (SignatureException exception_1) {
                throw new TpmPrivateKey.Error("SignatureException: "
                                              + exception_1.Message);
            }
        }
Exemple #3
0
        /// <summary>
        /// Verify the ECDSA signature on the SignedBlob using the given public key.
        /// </summary>
        ///
        /// <param name="signature">The signature bits.</param>
        /// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
        /// <param name="publicKeyDer">The DER-encoded public key used to verify the signature.</param>
        /// <returns>true if the signature verifies, false if not.</returns>
        protected static internal bool verifySha256WithEcdsaSignature(Blob signature,
                                                                      SignedBlob signedBlob, Blob publicKeyDer)
        {
            KeyFactory keyFactory = null;

            try {
                keyFactory = System.KeyFactory.getInstance("EC");
            } catch (Exception exception) {
                // Don't expect this to happen.
                throw new SecurityException("EC is not supported: "
                                            + exception.Message);
            }

            System.SecurityPublicKey publicKey = null;
            try {
                publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(
                                                          publicKeyDer.getImmutableArray()));
            } catch (InvalidKeySpecException exception_0) {
                // Don't expect this to happen.
                throw new SecurityException("X509EncodedKeySpec is not supported: "
                                            + exception_0.Message);
            }

            System.SecuritySignature ecSignature = null;
            try {
                ecSignature = System.SecuritySignature
                              .getInstance("SHA256withECDSA");
            } catch (Exception e) {
                // Don't expect this to happen.
                throw new SecurityException(
                          "SHA256withECDSA algorithm is not supported");
            }

            try {
                ecSignature.initVerify(publicKey);
            } catch (InvalidKeyException exception_1) {
                throw new SecurityException("InvalidKeyException: "
                                            + exception_1.Message);
            }
            try {
                ecSignature.update(signedBlob.signedBuf());
                return(ecSignature.verify(signature.getImmutableArray()));
            } catch (SignatureException exception_2) {
                throw new SecurityException("SignatureException: "
                                            + exception_2.Message);
            }
        }
        /// <summary>
        /// Fetch the private key for keyName and sign the data, returning a signature
        /// Blob.
        /// </summary>
        ///
        /// <param name="data">Pointer the input byte buffer to sign.</param>
        /// <param name="keyName">The name of the signing key.</param>
        /// <param name="digestAlgorithm">the digest algorithm.</param>
        /// <returns>The signature Blob.</returns>
        /// <exception cref="System.Security.SecurityException"></exception>
        public override Blob sign(ByteBuffer data, Name keyName,
                                  DigestAlgorithm digestAlgorithm)
        {
            if (digestAlgorithm != net.named_data.jndn.security.DigestAlgorithm.SHA256)
            {
                throw new SecurityException(
                          "MemoryPrivateKeyStorage.sign: Unsupported digest algorithm");
            }

            // Find the private key and sign.
            MemoryPrivateKeyStorage.PrivateKey privateKey = (MemoryPrivateKeyStorage.PrivateKey)ILOG.J2CsMapping.Collections.Collections.Get(privateKeyStore_, keyName
                                                                                                                                             .toUri());
            if (privateKey == null)
            {
                throw new SecurityException(
                          "MemoryPrivateKeyStorage: Cannot find private key "
                          + keyName.toUri());
            }

            System.SecuritySignature signature = null;
            if (privateKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
            {
                try {
                    signature = System.SecuritySignature
                                .getInstance("SHA256withRSA");
                } catch (Exception e) {
                    // Don't expect this to happen.
                    throw new SecurityException(
                              "SHA256withRSA algorithm is not supported");
                }
            }
            else if (privateKey.getKeyType() == net.named_data.jndn.security.KeyType.ECDSA)
            {
                try {
                    signature = System.SecuritySignature
                                .getInstance("SHA256withECDSA");
                } catch (Exception e_0) {
                    // Don't expect this to happen.
                    throw new SecurityException(
                              "SHA256withECDSA algorithm is not supported");
                }
            }
            else
            {
                // We don't expect this to happen.
                throw new SecurityException("Unrecognized private key type");
            }

            try {
                signature.initSign(privateKey.getPrivateKey());
            } catch (InvalidKeyException exception) {
                throw new SecurityException("InvalidKeyException: "
                                            + exception.Message);
            }
            try {
                signature.update(data);
                return(new Blob(signature.sign(), false));
            } catch (SignatureException exception_1) {
                throw new SecurityException("SignatureException: "
                                            + exception_1.Message);
            }
        }
Exemple #5
0
        /// <summary>
        /// Fetch the private key for keyName and sign the data, returning a signature
        /// Blob.
        /// </summary>
        ///
        /// <param name="data">Pointer the input byte buffer to sign.</param>
        /// <param name="keyName">The name of the signing key.</param>
        /// <param name="digestAlgorithm">the digest algorithm.</param>
        /// <returns>The signature Blob.</returns>
        /// <exception cref="System.Security.SecurityException"></exception>
        public sealed override Blob sign(ByteBuffer data, Name keyName,
                                         DigestAlgorithm digestAlgorithm)
        {
            if (!doesKeyExist(keyName, net.named_data.jndn.security.KeyClass.PRIVATE))
            {
                throw new SecurityException(
                          "FilePrivateKeyStorage.sign: private key doesn't exist");
            }

            if (digestAlgorithm != net.named_data.jndn.security.DigestAlgorithm.SHA256)
            {
                throw new SecurityException(
                          "FilePrivateKeyStorage.sign: Unsupported digest algorithm");
            }

            // Retrieve the private key.
            KeyType[]  keyType    = new KeyType[1];
            PrivateKey privateKey = getPrivateKey(keyName, keyType);

            // Sign.
            System.SecuritySignature signature = null;
            if (keyType[0] == net.named_data.jndn.security.KeyType.RSA)
            {
                try {
                    signature = System.SecuritySignature
                                .getInstance("SHA256withRSA");
                } catch (Exception e) {
                    // Don't expect this to happen.
                    throw new SecurityException(
                              "FilePrivateKeyStorage: The SHA256withRSA algorithm is not supported");
                }
            }
            else if (keyType[0] == net.named_data.jndn.security.KeyType.EC)
            {
                try {
                    signature = System.SecuritySignature
                                .getInstance("SHA256withECDSA");
                } catch (Exception e_0) {
                    // Don't expect this to happen.
                    throw new SecurityException(
                              "FilePrivateKeyStorage: The SHA256withECDSA algorithm is not supported");
                }
            }
            else
            {
                // We don't expect this to happen since getPrivateKey checked it.
                throw new SecurityException(
                          "FilePrivateKeyStorage: Unsupported signature key type "
                          + keyType[0]);
            }

            try {
                signature.initSign(privateKey);
            } catch (InvalidKeyException exception) {
                throw new SecurityException(
                          "FilePrivateKeyStorage: InvalidKeyException: "
                          + exception.Message);
            }
            try {
                signature.update(data);
                return(new Blob(signature.sign(), false));
            } catch (SignatureException exception_1) {
                throw new SecurityException(
                          "FilePrivateKeyStorage: SignatureException: "
                          + exception_1.Message);
            }
        }