public static byte[] SignHash(byte[] hash, CngKey key)
{
using (ECDsaCng ecdsa = new ECDsaCng(key))
{
return(ecdsa.SignHash(hash));
}
}
/// <inheritdoc />
protected internal override byte[] SignHash(byte[] data)
{
using (var cng = new ECDsaCng(this.key))
{
return(cng.SignHash(data));
}
}
public static string SignHash(string hash, byte[] privateKey)
{
using (ECDsaCng dsa = new ECDsaCng(CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob)))
{
return(dsa.SignHash(hash.FromHex()).ToHex());
}
}
public static byte[] SignData(
this ECDsaCng ecdsaCng,
byte[] data,
int offset,
int count)
{
Contract.Ensures(Contract.Result <byte[]>() != null);
if (data == null)
{
throw new ArgumentNullException("data");
}
if (offset < 0 || offset > data.Length)
{
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > data.Length - offset)
{
throw new ArgumentOutOfRangeException("count");
}
using (var hashAlgorithm = new BCryptHashAlgorithm(CngAlgorithm.Sha256, BCryptNative.ProviderName.MicrosoftPrimitiveProvider))
{
hashAlgorithm.HashCore(data, offset, count);
byte[] hashValue = hashAlgorithm.HashFinal();
return(ecdsaCng.SignHash(hashValue));
}
}
public static string EnCDsa(this string data, CngKey key)
{
ECDsa ecdsa = new ECDsaCng(key);
SHA1 sha1 = System.Security.Cryptography.SHA1.Create();
byte[] result = ecdsa.SignHash(sha1.ComputeHash(Convert.FromBase64String(data)));
return(Convert.ToBase64String(result));
}
public byte[] Sign(byte[] hash)
{
using (ECDsaCng sig = new ECDsaCng(_cngKey))
{
sig.HashAlgorithm = CngAlgorithm.ECDsaP256;
return(sig.SignHash(hash));
}
}
public static byte[] Sign(CngKey priv, byte[] hash)
{
using (var ecdsa = new ECDsaCng(priv))
{
ecdsa.HashAlgorithm = CngAlgorithm.ECDsaP256;
var sig = ecdsa.SignHash(hash);
return(sig);
}
}
private static byte[] Sign(byte[] hash, byte[] privateKey)
{
using (var key = CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob))
{
using (var ecdsa = new ECDsaCng(key))
{
return(ecdsa.SignHash(hash));
}
}
}
/// <summary>
/// 根据传入的公私钥,对可签名的对象进行签名
/// </summary>
/// <param name="signable">要签名的数据</param>
/// <param name="prikey">私钥</param>
/// <param name="pubkey">公钥</param>
/// <returns>返回签名后的结果</returns>
internal static byte[] Sign(this ISignable signable, byte[] prikey, byte[] pubkey)
{
const int ECDSA_PRIVATE_P256_MAGIC = 0x32534345;
prikey = BitConverter.GetBytes(ECDSA_PRIVATE_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey).Concat(prikey).ToArray();
using (CngKey key = CngKey.Import(prikey, CngKeyBlobFormat.EccPrivateBlob))
using (ECDsaCng ecdsa = new ECDsaCng(key))
{
return(ecdsa.SignHash(signable.GetHashForSigning()));
}
}
public byte[] Sign(ISignable signable)
{
byte[] signature;
ProtectedMemory.Unprotect(key_exported, MemoryProtectionScope.SameProcess);
using (CngKey key = CngKey.Import(key_exported, CngKeyBlobFormat.EccPrivateBlob))
using (ECDsaCng ecdsa = new ECDsaCng(key))
{
signature = ecdsa.SignHash(signable.GetHashForSigning());
}
ProtectedMemory.Protect(key_exported, MemoryProtectionScope.SameProcess);
return(signature);
}
// 默认使用 180 天有效期
public string genSig(string identifier, int expireTime = 3600 *24 *180)
{
DateTime epoch = new DateTime(1970, 1, 1);
Int64 currTime = (Int64)(DateTime.UtcNow - epoch).TotalMilliseconds / 1000;
string rawData =
"TLS.appid_at_3rd:" + 0 + "\n" +
"TLS.account_type:" + 0 + "\n" +
"TLS.identifier:" + identifier + "\n" +
"TLS.sdk_appid:" + sdkappid + "\n" +
"TLS.time:" + currTime + "\n" +
"TLS.expire_after:" + expireTime + "\n";
byte[] rawDataHash = SHA256(rawData);
byte[] rawSig = ecdsa.SignHash(rawDataHash);
// .net 接口生成的 sig 与 openssl 的不一致
// 所以为了兼容需要吧 sig 进行转换
int halfLength = rawSig.Length / 2;
byte[][] rEncoded = SegmentedEncodeUnsignedInteger(rawSig, 0, halfLength);
byte[][] sEncoded = SegmentedEncodeUnsignedInteger(rawSig, halfLength, halfLength);
List <byte[][]> items = new List <byte[][]>()
{
rEncoded, sEncoded
};
byte[] opensslSig = ConstructSequence(items);
string base64sig = Convert.ToBase64String(opensslSig);
// 没有引入 json 库,所以这里手动进行组装
string jsonData = String.Format("{{"
+ "\"TLS.account_type\":" + "\"0\","
+ "\"TLS.identifier\":" + "\"{0}\","
+ "\"TLS.appid_at_3rd\":" + "\"0\","
+ "\"TLS.sdk_appid\":" + "\"{1}\","
+ "\"TLS.expire_after\":" + "\"{2}\","
+ "\"TLS.time\":" + "\"{3}\","
+ "\"TLS.sig\":" + "\"{4}\""
+ "}}", identifier, sdkappid, expireTime, currTime, base64sig);
byte[] buffer = Encoding.UTF8.GetBytes(jsonData);
// 下面的压缩调用 zlib.net 类库的接口,请予以引入
return(Convert.ToBase64String(compressBytes(buffer))
.Replace('+', '*').Replace('/', '-').Replace('=', '_'));
}
public void TryWithRaw()
{
var pubHex = "046A347F0488ABC7D92E2208794E327ECA15B0C2B27018B2B5B89DD8CB736FD7CC38F37D2D10822530AD97359ACBD837A65C2CA62D44B0CE569BD222C2DABF268F";
var privBytes = "48 119 2 1 1 4 32 36 32 85 234 114 73 227 18 64 63 130 39 155 80 70 109 242 211 48 21 9 238 238 96 191 178 8 11 9 221 183 246 160 10 6 8 42 134 72 206 61 3 1 7 161 68 3 66 0 4 106 52 127 4 136 171 199 217 46 34 8 121 78 50 126 202 21 176 194 178 112 24 178 181 184 157 216 203 115 111 215 204 56 243 125 45 16 130 37 48 173 151 53 154 203 216 55 166 92 44 166 45 68 176 206 86 155 210 34 194 218 191 38 143".FromIntList();
var pubBytes = pubHex.FromHex();
var msgBytes = "time for beer".StringToBytes();
var d = Asn1Node.ReadNode(privBytes);
//Console.WriteLine(privBytes.ToHex());
var pk = d.Nodes.First(n => n.NodeType == Asn1UniversalNodeType.OctetString).GetBytes().Skip(2).ToArray();
// var oid = d.Nodes.First(n => n.NodeType == Asn1UniversalNodeType.ObjectId);
//Console.WriteLine(pk.Length);
//var npb = new List<byte>();
//npb.AddRange("45435332".FromHex());
//npb.AddRange("20000000".FromHex());
//var keyType = new byte[] {0x45, 0x43, 0x53, 0x31};
//var keyLength = new byte[] {0x20, 0x00, 0x00, 0x00};
//var key = pubBytes.Skip(1);
//var keyImport = keyType.Concat(keyLength).Concat(key).ToArray();
//var cngKey = CngKey.Import(keyImport, CngKeyBlobFormat.EccPublicBlob);
var keyType = new byte[] { 0x45, 0x43, 0x53, 0x32 };
var keyLength = new byte[] { 0x20, 0x00, 0x00, 0x00 };
var key = pubBytes.Skip(1);
var keyImport = keyType.Concat(keyLength).Concat(key).Concat(pk.Take(32)).ToArray();
var cngKey = CngKey.Import(keyImport, CngKeyBlobFormat.EccPrivateBlob);
// Console.WriteLine(msgBytes.ToIntList());
// Console.WriteLine(cngKey.Algorithm);
using (var ecdsa = new ECDsaCng(cngKey))
{
;
var sig = ecdsa.SignHash(msgBytes);
var r = sig.Take(32).ToArray().ToIntList();
var s = sig.Skip(32).ToArray().ToIntList();
// Console.WriteLine($"r={r}");
//Console.WriteLine($"s={s}");
}
var sm = new List <byte>();
var rb = "4 125 215 32 233 142 70 85 201 154 76 249 192 224 47 110 137 143 196 200 134 41 40 215 145 53 16 48 70 137 141 220".FromIntList();
var sb = "13 204 63 209 196 150 249 28 161 192 197 238 187 28 49 93 64 81 111 132 87 13 150 77 41 62 144 197 244 173 110 176".FromIntList();
var ri = new BigInteger(rb.Reverse().ToArray());
Console.WriteLine(ri);
var bi = BigInteger.Parse("2031592040209509309444738411503462520448943330036365867913793138397723332060");
var bib = bi.ToByteArray();
Console.WriteLine(bib.ToIntList());
sm.AddRange(rb);
sm.AddRange(sb);
//Console.WriteLine(sm.Count);
using (var ecdsa = new ECDsaCng(cngKey))
{
Assert.True(ecdsa.VerifyHash(msgBytes, sm.ToArray()));
}
//npb.AddRange(pubBytes.Skip(1));
//npb.AddRange(pk);
//var cngKey = CngKey.Import(npb.ToArray(), CngKeyBlobFormat.EccPrivateBlob);
}
public byte[] SignHash(byte[] hash) => innerSigner.SignHash(hash);
