/// <summary>
/// Returns implementation of specified digest algorithm
/// </summary>
/// <param name="algorithm">Digest algorithm</param>
/// <returns>Implementation of specified digest algorithm</returns>
private static IDigest GetHashGenerator(DigestAlgorithm algorithm)
{
IDigest digest;
switch (algorithm)
{
default:
throw new NotSupportedException("Unsupported hash algorithm");
case DigestAlgorithm.SHA1:
digest = new Sha1Digest();
break;
case DigestAlgorithm.SHA256:
digest = new Sha256Digest();
break;
case DigestAlgorithm.SHA384:
digest = new Sha384Digest();
break;
case DigestAlgorithm.SHA512:
digest = new Sha512Digest(); break;
}
return(digest);
}
private IDigest GetShaDigest()
{
IDigest shaDigest = null;
if (_shaBits == 1)
{
shaDigest = new Sha1Digest();
}
else if (_shaBits == 3)
{
shaDigest = new Sha3Digest();
}
else if (_shaBits == 224)
{
shaDigest = new Sha224Digest();
}
else if (_shaBits == 256)
{
shaDigest = new Sha256Digest();
}
else if (_shaBits == 384)
{
shaDigest = new Sha384Digest();
}
else
{
shaDigest = new Sha512Digest();
}
return(shaDigest);
}
/// <summary>
/// Gets the verifying stream.
/// </summary>
/// <returns></returns>
public VerifyingStream GetVerifyingStream(KeyczarBase keyczar)
{
IDigest digest;
if (Digest == DigestAlg.Sha256)
{
digest = new Sha256Digest();
}
else if (Digest == DigestAlg.Sha384)
{
digest = new Sha384Digest();
}
else if (Digest == DigestAlg.Sha512)
{
digest = new Sha512Digest();
}
else
{
throw new InvalidKeyTypeException($"Unsupported digest type :{Digest}");
}
var hmac = new HMac(digest);
hmac.Init(new KeyParameter(HmacKeyBytes));
return(new HmacStream(hmac, HashLength));
}
internal override ISigner GetSigner()
{
IDigest digest;
if (Digest == Sha224Digest)
{
digest = new Sha224Digest();
}
else if (Digest == Sha256Digest)
{
digest = new Sha256Digest();
}
else if (Digest == Sha384Digest)
{
digest = new Sha384Digest();
}
else if (Digest == Sha512Digest)
{
digest = new Sha512Digest();
}
else if (Digest == Sha1Digest)
{
digest = new Sha1Digest();
}
else
{
throw new InvalidKeyTypeException(string.Format("Unknown digest type :{0}", Digest));
}
if (Padding == PssPadding)
{
return(new PssSigner(new RsaBlindedEngine(), digest));
}
throw new InvalidKeyTypeException(string.Format("Unknown padding type :{0}", Padding));
}
public static byte[] ComputeSha384(byte[] data)
{
IDigest digest = new Sha384Digest();
byte[] buffer = new byte[digest.GetDigestSize()];
digest.BlockUpdate(data, 0, data.Length);
digest.DoFinal(buffer, 0);
return(buffer);
}
static byte[] Sha384(byte[] dat)
{
Sha384Digest digester = new Sha384Digest();
byte[] retValue = new byte[digester.GetDigestSize()];
digester.BlockUpdate(dat, 0, dat.Length);
digester.DoFinal(retValue, 0);
return(retValue);
}
public static byte[] Hash384(byte[] value)
{
var digest = new Sha384Digest();
var output = new byte[digest.GetDigestSize()];
digest.BlockUpdate(value, 0, value.Length);
digest.DoFinal(output, 0);
return(output);
}
public static byte[] Hash384(byte[] message)
{
var digest = new Sha384Digest();
var output = new byte[digest.GetDigestSize()];
byte[] msg = message ?? new byte[0];
digest.BlockUpdate(msg, 0, msg.Length);
digest.DoFinal(output, 0);
return(output);
}
/// <summary>
/// SHA384 computation
/// </summary>
/// <param name="data">the data to hash</param>
/// <param name="key">optional hmac key</param>
/// <returns>the hash value</returns>
private static byte[] ComputeSha384(byte[] data, byte[] key)
{
byte[] outData = new byte[16];
if (key != null)
{
var digest = new HMac(new Sha384Digest());
digest.Init(new KeyParameter(key));
digest.BlockUpdate(data, 0, data.Length);
digest.DoFinal(outData, 0);
}
else
{
var digest = new Sha384Digest();
digest.BlockUpdate(data, 0, data.Length);
digest.DoFinal(outData, 0);
}
return(outData);
}
private bool TryResumeSession(Stream stream, byte[] certSignatures, out Guid userToken)
{
#if SQLCLR
userToken = Guid.Empty;
return(false);
#else
//Resume Session:
// C => S
// byte ResumeSession
// byte TicketLength
// byte[] Ticket
// byte ClientChallengeLength
// byte[] ClientChallenge
// S <= C
// byte HashMethod
// byte ServerChallengeLength
// byte[] ServerChallenge
IDigest hash = new Sha384Digest();
byte[] serverChallenge = SaltGenerator.Create(16);
stream.WriteByte((byte)HashMethod.Sha384);
stream.WriteByte((byte)serverChallenge.Length);
stream.Write(serverChallenge);
stream.Flush();
// C => S
// byte ClientResponseLength
// byte[] ClientChallenge
byte[] ticket = stream.ReadBytes(stream.ReadNextByte());
byte[] clientChallenge = stream.ReadBytes(stream.ReadNextByte());
byte[] clientResponse = stream.ReadBytes(stream.ReadByte());
// S => C
// bool IsSuccessful
// byte ServerResponseLength
// byte[] ServerResponse
if (TryLoadTicket(ticket, out byte[] secret, out userToken))
internal override ISigner GetSigner()
{
IDigest digest;
if (Digest == DigestAlg.Sha224)
{
digest = new Sha224Digest();
}
else if (Digest == DigestAlg.Sha256)
{
digest = new Sha256Digest();
}
else if (Digest == DigestAlg.Sha384)
{
digest = new Sha384Digest();
}
else if (Digest == DigestAlg.Sha512)
{
digest = new Sha512Digest();
}
else if (Digest == DigestAlg.Sha1)
{
digest = new Sha1Digest();
}
else
{
throw new InvalidKeyTypeException($"Unknown digest type :{Digest}");
}
if (Padding == PaddingAlg.Pss)
{
return(new PssSigner(new RsaBlindedEngine(), digest));
}
if (Padding == PaddingAlg.Pkcs15)
{
return(new RsaDigestSigner(digest));
}
throw new InvalidKeyTypeException($"Unknown padding type :{Padding}");
}
private IDigest GetDigest(THashAlgorithm hashAlgorithm)
{
IDigest result = null;
switch (hashAlgorithm)
{
case THashAlgorithm.None:
result = new NullDigest();
break;
case THashAlgorithm.MD5:
result = new MD5Digest();
break;
case THashAlgorithm.SHA1:
result = new Sha1Digest();
break;
case THashAlgorithm.SHA224:
result = new Sha224Digest();
break;
case THashAlgorithm.SHA256:
result = new Sha256Digest();
break;
case THashAlgorithm.SHA384:
result = new Sha384Digest();
break;
case THashAlgorithm.SHA512:
result = new Sha512Digest();
break;
default:
break;
}
return(result);
}
private byte[] Sign(byte[] bytesToBeSigned)
{
string alg = null; // Get the set algorithm or infer one
try {
alg = FindAttribute("alg").AsString();
}
catch (Exception) {
;
}
if (alg == null)
{
switch (keyToSign.AsString("kty"))
{
case "RSA":
alg = "PS256";
break;
case "EC":
switch (keyToSign.AsString("crv"))
{
case "P-256":
alg = "ES256";
break;
case "P-384":
alg = "ES384";
break;
case "P-521":
alg = "ES512";
break;
default:
throw new JOSE_Exception("Unknown curve");
}
break;
default:
throw new JOSE_Exception("Unknown or unsupported key type " + keyToSign.AsString("kty"));
}
objUnprotected.Add("alg", alg);
}
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JOSE_Exception("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")),
ConvertBigNum(keyToSign.AsBytes("e")),
ConvertBigNum(keyToSign.AsBytes("d")),
ConvertBigNum(keyToSign.AsBytes("p")),
ConvertBigNum(keyToSign.AsBytes("q")),
ConvertBigNum(keyToSign.AsBytes("dp")),
ConvertBigNum(keyToSign.AsBytes("dq")),
ConvertBigNum(keyToSign.AsBytes("qi")));
signer.Init(true, prv);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")),
ConvertBigNum(keyToSign.AsBytes("e")),
ConvertBigNum(keyToSign.AsBytes("d")),
ConvertBigNum(keyToSign.AsBytes("p")),
ConvertBigNum(keyToSign.AsBytes("q")),
ConvertBigNum(keyToSign.AsBytes("dp")),
ConvertBigNum(keyToSign.AsBytes("dq")),
ConvertBigNum(keyToSign.AsBytes("qi")));
ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG);
signer.Init(true, rnd);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "ES256":
case "ES384":
case "ES512": {
X9ECParameters p = NistNamedCurves.GetByName(keyToSign.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey =
new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign.AsBytes("d")), parameters);
ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(bytesToBeSigned);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
byte[] sigs = new byte[r.Length + s.Length];
Array.Copy(r, sigs, r.Length);
Array.Copy(s, 0, sigs, r.Length, s.Length);
return(sigs);
}
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter key = new KeyParameter(keyToSign.AsBytes("k"));
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.Init(key);
hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
hmac.DoFinal(resBuf, 0);
return(resBuf);
}
case "EdDSA":
switch (keyToSign.AsString("crv"))
{
case "Ed25519": {
ISigner eddsa;
Ed25519PrivateKeyParameters privKey =
new Ed25519PrivateKeyParameters(keyToSign.AsBytes("d"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(true, privKey);
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(eddsa.GenerateSignature());
}
}
break;
}
return(null);
}
public bool Validate(byte[] content, byte[] msgAttributes)
{
CBORObject alg = null; // Get the set algorithm or infer one
byte[] bytesToBeSigned = toBeSigned(content, msgAttributes);
alg = FindAttribute(HeaderKeys.Algorithm);
if (alg == null)
{
throw new Exception("No Signature algorithm known");
}
IDigest digest;
IDigest digest2;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "PS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
default:
throw new Exception("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Number)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
default:
throw new CoseException("Unknown signature algorith");
}
}
else
{
throw new CoseException("Algorthm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "PS384": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(true, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.VerifySignature(rgbSignature));
}
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Number)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(true, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.VerifySignature(rgbSignature));
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
X9ECParameters p = keyToSign.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPoint point = keyToSign.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, param);
BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2);
BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2);
return(ecdsa.VerifySignature(digestedMessage, r, s));
}
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
private byte[] Sign(byte[] bytesToBeSigned)
{
CBORObject alg = null; // Get the set algorithm or infer one
alg = FindAttribute(HeaderKeys.Algorithm);
if (alg == null)
{
if (keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Number)
{
switch ((GeneralValuesInt)keyToSign[CoseKeyKeys.KeyType].AsInt32())
{
case GeneralValuesInt.KeyType_RSA:
alg = CBORObject.FromObject("PS256");
break;
case GeneralValuesInt.KeyType_EC2:
if (keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number)
{
switch ((GeneralValuesInt)keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32())
{
case GeneralValuesInt.P256:
alg = AlgorithmValues.ECDSA_256;
break;
case GeneralValuesInt.P384:
alg = AlgorithmValues.ECDSA_384;
break;
case GeneralValuesInt.P521:
alg = AlgorithmValues.ECDSA_512;
break;
default:
throw new CoseException("Unknown curve");
}
}
else if (keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString)
{
switch (keyToSign[CoseKeyParameterKeys.EC_Curve].AsString())
{
default:
throw new CoseException("Unknown curve");
}
}
else
{
throw new CoseException("Curve is incorrectly encoded");
}
break;
default:
throw new Exception("Unknown or unsupported key type " + keyToSign.AsString("kty"));
}
}
else if (keyToSign[CoseKeyKeys.KeyType].Type == CBORType.TextString)
{
throw new CoseException("Unknown or unsupported key type " + keyToSign[CoseKeyKeys.KeyType].AsString());
}
else
{
throw new CoseException("Key type is not correctly encoded");
}
objUnprotected.Add(HeaderKeys.Algorithm, alg);
}
IDigest digest;
IDigest digest2;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "PS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
default:
throw new Exception("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Number)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
default:
throw new CoseException("Unknown signature algorith");
}
}
else
{
throw new CoseException("Algorthm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "PS384":
{
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(true, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Number)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_512:
{
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(true, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512:
{
SecureRandom random = Message.GetPRNG();
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
X9ECParameters p = keyToSign.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign[CoseKeyParameterKeys.EC_D]), parameters);
ParametersWithRandom param = new ParametersWithRandom(privKey, random);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
int cbR = (p.Curve.FieldSize + 7) / 8;
byte[] sigs = new byte[cbR * 2];
Array.Copy(r, 0, sigs, cbR - r.Length, r.Length);
Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length);
return(sigs);
}
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
internal bool ValidateMac(byte[] toBeSigned, byte[] signature, string alg)
{
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (this.AsString("kty") != "RSA")
{
throw new JoseException("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, this.AsBigInteger("n"), this.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, this.AsBigInteger("n"), this.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
if (this.AsString("kty") != "EC")
{
throw new JoseException("Wrong Key Type");
}
ICipherParameters pubKey = this.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JoseException("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(this.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JoseException("Signature did not validate");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (this.AsString("kty") != "OKP")
{
throw new JoseException("Wrong Key Type");
}
switch (this.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(this.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JoseException("Signature did not validate");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
return(true);
}
internal byte[] ComputeMac(byte[] bytesToBeSigned, string alg)
{
IDigest digest;
IDigest digest2;
byte[] signature;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")),
ConvertBigNum(this.AsString("e")),
ConvertBigNum(this.AsString("d")),
ConvertBigNum(this.AsString("p")),
ConvertBigNum(this.AsString("q")),
ConvertBigNum(this.AsString("dp")),
ConvertBigNum(this.AsString("dq")),
ConvertBigNum(this.AsString("qi")));
signer.Init(true, prv);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")),
ConvertBigNum(this.AsString("e")),
ConvertBigNum(this.AsString("d")),
ConvertBigNum(this.AsString("p")),
ConvertBigNum(this.AsString("q")),
ConvertBigNum(this.AsString("dp")),
ConvertBigNum(this.AsString("dq")),
ConvertBigNum(this.AsString("qi")));
ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG);
signer.Init(true, rnd);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
X9ECParameters p = NistNamedCurves.GetByName(this.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey =
new ECPrivateKeyParameters("ECDSA", ConvertBigNum(this.AsString("d")), parameters);
ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(o1);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
int cbR = (p.Curve.FieldSize + 7) / 8;
byte[] sigs = new byte[cbR * 2];
Array.Copy(r, 0, sigs, cbR - r.Length, r.Length);
Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length);
signature = sigs;
return(sigs);
}
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter key = new KeyParameter(this.AsBytes("k"));
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.Init(key);
hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
hmac.DoFinal(resBuf, 0);
signature = resBuf;
return(resBuf);
}
case "EdDSA":
switch (this.AsString("crv"))
{
case "Ed25519": {
ISigner eddsa;
Ed25519PrivateKeyParameters privKey =
new Ed25519PrivateKeyParameters(this.AsBytes("d"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(true, privKey);
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
signature = eddsa.GenerateSignature();
return(signature);
}
}
break;
}
return(null);
}
private byte[] _Sign(byte[] bytesToBeSigned)
{
CBORObject alg; // Get the set algorithm or infer one
if (rgbContent == null)
{
throw new CoseException("No Content Specified");
}
alg = FindAttribute(HeaderKeys.Algorithm);
if (alg == null)
{
if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Integer)
{
switch ((GeneralValuesInt)_keyToSign[CoseKeyKeys.KeyType].AsInt32())
{
case GeneralValuesInt.KeyType_RSA:
alg = AlgorithmValues.RSA_PSS_256;
break;
case GeneralValuesInt.KeyType_EC2:
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer)
{
switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32())
{
case GeneralValuesInt.P256:
alg = AlgorithmValues.ECDSA_256;
break;
case GeneralValuesInt.P521:
alg = AlgorithmValues.ECDSA_512;
break;
default:
throw new CoseException("Unknown curve");
}
}
else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString)
{
switch (_keyToSign[CoseKeyParameterKeys.EC_Curve].AsString())
{
case "P-384":
alg = CBORObject.FromObject("ES384");
break;
default:
throw new CoseException("Unknown curve");
}
}
else
{
throw new CoseException("Curve is incorrectly encoded");
}
break;
case GeneralValuesInt.KeyType_OKP:
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer)
{
switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32())
{
case GeneralValuesInt.Ed25519:
alg = AlgorithmValues.EdDSA;
break;
case GeneralValuesInt.Ed448:
alg = AlgorithmValues.EdDSA;
break;
default:
throw new CoseException("Unknown curve");
}
}
else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString)
{
switch (_keyToSign[CoseKeyParameterKeys.EC_Curve].AsString())
{
default:
throw new CoseException("Unknown curve");
}
}
else
{
throw new CoseException("Curve is incorrectly encoded");
}
break;
default:
throw new CoseException("Unknown or unsupported key type " + _keyToSign.AsString("kty"));
}
}
else if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.TextString)
{
throw new CoseException("Unknown or unsupported key type " + _keyToSign[CoseKeyKeys.KeyType].AsString());
}
else
{
throw new CoseException("Key type is not correctly encoded");
}
UnprotectedMap.Add(HeaderKeys.Algorithm, alg);
}
IDigest digest = null;
IDigest digest2 = null;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "ES384":
case "PS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "HSS-LMS":
break;
default:
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case AlgorithmValuesInt.EdDSA:
break;
default:
throw new CoseException("Unknown Algorithm Specified");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
HashSig sig = new HashSig(_keyToSign[CoseKeyParameterKeys.Lms_Private].AsString());
byte[] signBytes = sig.Sign(bytesToBeSigned);
_keyToSign.Replace(CoseKeyParameterKeys.Lms_Private, CBORObject.FromObject(sig.PrivateKey));
return(signBytes);
default:
throw new CoseException("Unknown Algorithm Specified");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ),
_keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG());
signer.Init(true, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
CBORObject privateKeyD = _keyToSign[CoseKeyParameterKeys.EC_D];
if (privateKeyD == null)
{
throw new CoseException("Private key required to sign");
}
SecureRandom random = GetPRNG();
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
X9ECParameters p = _keyToSign.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey =
new ECPrivateKeyParameters("ECDSA", ConvertBigNum(privateKeyD), parameters);
ParametersWithRandom param = new ParametersWithRandom(privKey, random);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
int cbR = (p.Curve.FieldSize + 7) / 8;
byte[] sigs = new byte[cbR * 2];
Array.Copy(r, 0, sigs, cbR - r.Length, r.Length);
Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length);
return(sigs);
}
#if true
case AlgorithmValuesInt.EdDSA: {
ISigner eddsa;
if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519))
{
Ed25519PrivateKeyParameters privKey =
new Ed25519PrivateKeyParameters(_keyToSign[CoseKeyParameterKeys.OKP_D].GetByteString(), 0);
eddsa = new Ed25519Signer();
eddsa.Init(true, privKey);
}
else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448))
{
Ed448PrivateKeyParameters privKey =
new Ed448PrivateKeyParameters(_keyToSign[CoseKeyParameterKeys.OKP_D].GetByteString(), 0);
eddsa = new Ed448Signer(new byte[0]);
eddsa.Init(true, privKey);
}
else
{
throw new CoseException("Unrecognized curve");
}
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(eddsa.GenerateSignature());
}
#endif
default:
throw new CoseException("Unknown Algorithm Specified");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
protected byte[] HMAC(CBORObject alg, byte[] K)
{
int cbitKey;
int cbResult;
IDigest digest;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
default:
throw new Exception("Unrecognized algorithm");
}
}
else if (alg.Type == CBORType.Number)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.HMAC_SHA_256:
cbitKey = 256;
cbResult = 256 / 8;
digest = new Sha256Digest();
break;
case AlgorithmValuesInt.HMAC_SHA_256_64:
cbitKey = 256;
digest = new Sha256Digest();
cbResult = 64 / 8;
break;
case AlgorithmValuesInt.HMAC_SHA_384:
cbitKey = 384;
digest = new Sha384Digest();
cbResult = cbitKey / 8;
break;
case AlgorithmValuesInt.HMAC_SHA_512:
cbitKey = 512;
digest = new Sha512Digest();
cbResult = cbitKey / 8;
break;
default:
throw new CoseException("Unknown or unsupported algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
if (K == null)
{
throw new CoseException("No Key value");
}
HMac hmac = new HMac(digest);
KeyParameter key = new KeyParameter(K);
byte[] resBuf = new byte[hmac.GetMacSize()];
byte[] toDigest = BuildContentBytes();
hmac.Init(key);
hmac.BlockUpdate(toDigest, 0, toDigest.Length);
hmac.DoFinal(resBuf, 0);
byte[] rgbOut = new byte[cbResult];
Array.Copy(resBuf, rgbOut, cbResult);
return(rgbOut);
}
public Sha384Digest(Sha384Digest t)
: base(t)
{
}
public static bool Validate(byte[] content, CBORObject alg, OneKey signKey, byte[] rgbSignature)
{
IDigest digest = null;
IDigest digest2 = null;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
break;
default:
throw new Exception("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case AlgorithmValuesInt.EdDSA:
break;
default:
throw new CoseException("Unknown signature algorith");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
return(HashSig.Validate(content,
signKey[CoseKeyParameterKeys.Lms_Public].GetByteString(),
rgbSignature));
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
ICipherParameters prv = signKey.AsPublicKey();
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(false, param);
signer.BlockUpdate(content, 0, content.Length);
return(signer.VerifySignature(rgbSignature));
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
if (signKey.GetKeyType() != GeneralValuesInt.KeyType_EC2)
{
throw new CoseException("Key is not correctly constructed.");
}
digest.BlockUpdate(content, 0, content.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
ICipherParameters param = signKey.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, param);
BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2);
BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2);
return(ecdsa.VerifySignature(digestedMessage, r, s));
}
#if true
case AlgorithmValuesInt.EdDSA: {
ISigner eddsa;
if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519))
{
ICipherParameters privKey = signKey.AsPublicKey();
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
}
else if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448))
{
Ed448PublicKeyParameters privKey =
new Ed448PublicKeyParameters(signKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0);
eddsa = new Ed448Signer(new byte[0]);
eddsa.Init(false, privKey);
}
else
{
throw new CoseException("Unrecognized curve");
}
eddsa.BlockUpdate(content, 0, content.Length);
return(eddsa.VerifySignature(rgbSignature));
}
#endif
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
public static IDigest GetDigest(string algorithm)
{
string text = Platform.ToUpperInvariant(algorithm);
string text2 = (string)DigestUtilities.algorithms[text];
if (text2 == null)
{
text2 = text;
}
try
{
switch ((DigestUtilities.DigestAlgorithm)Enums.GetEnumValue(typeof(DigestUtilities.DigestAlgorithm), text2))
{
case DigestUtilities.DigestAlgorithm.GOST3411:
{
IDigest result = new Gost3411Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.MD2:
{
IDigest result = new MD2Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.MD4:
{
IDigest result = new MD4Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.MD5:
{
IDigest result = new MD5Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD128:
{
IDigest result = new RipeMD128Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD160:
{
IDigest result = new RipeMD160Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD256:
{
IDigest result = new RipeMD256Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.RIPEMD320:
{
IDigest result = new RipeMD320Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_1:
{
IDigest result = new Sha1Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_224:
{
IDigest result = new Sha224Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_256:
{
IDigest result = new Sha256Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_384:
{
IDigest result = new Sha384Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_512:
{
IDigest result = new Sha512Digest();
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_512_224:
{
IDigest result = new Sha512tDigest(224);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA_512_256:
{
IDigest result = new Sha512tDigest(256);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_224:
{
IDigest result = new Sha3Digest(224);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_256:
{
IDigest result = new Sha3Digest(256);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_384:
{
IDigest result = new Sha3Digest(384);
return(result);
}
case DigestUtilities.DigestAlgorithm.SHA3_512:
{
IDigest result = new Sha3Digest(512);
return(result);
}
case DigestUtilities.DigestAlgorithm.TIGER:
{
IDigest result = new TigerDigest();
return(result);
}
case DigestUtilities.DigestAlgorithm.WHIRLPOOL:
{
IDigest result = new WhirlpoolDigest();
return(result);
}
}
}
catch (ArgumentException)
{
}
throw new SecurityUtilityException("Digest " + text2 + " not recognised.");
}
/// <summary>
/// Creates a new signing key pair
/// </summary>
/// <param name="name">The name of the key or zone</param>
/// <param name="recordClass">The record class of the DnsKeyRecord</param>
/// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param>
/// <param name="flags">The Flags of the DnsKeyRecord</param>
/// <param name="protocol">The protocol version</param>
/// <param name="algorithm">The key algorithm</param>
/// <param name="keyStrength">The key strength or 0 for default strength</param>
/// <returns></returns>
public static DnsKeyRecord CreateSigningKey(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, int keyStrength = 0)
{
byte[] privateKey;
byte[] publicKey;
switch (algorithm)
{
case DnsSecAlgorithm.RsaSha1:
case DnsSecAlgorithm.RsaSha1Nsec3Sha1:
case DnsSecAlgorithm.RsaSha256:
case DnsSecAlgorithm.RsaSha512:
if (keyStrength == 0)
{
keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024;
}
RsaKeyPairGenerator rsaKeyGen = new RsaKeyPairGenerator();
rsaKeyGen.Init(new KeyGenerationParameters(_secureRandom, keyStrength));
var rsaKey = rsaKeyGen.GenerateKeyPair();
privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded();
var rsaPublicKey = (RsaKeyParameters)rsaKey.Public;
var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned();
var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned();
int offset = 1;
if (rsaExponent.Length > 255)
{
publicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length];
DnsMessageBase.EncodeUShort(publicKey, ref offset, (ushort)publicKey.Length);
}
else
{
publicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length];
publicKey[0] = (byte)rsaExponent.Length;
}
DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaExponent);
DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaModulus);
break;
case DnsSecAlgorithm.Dsa:
case DnsSecAlgorithm.DsaNsec3Sha1:
if (keyStrength == 0)
{
keyStrength = 1024;
}
DsaParametersGenerator dsaParamsGen = new DsaParametersGenerator();
dsaParamsGen.Init(keyStrength, 12, _secureRandom);
DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator();
dsaKeyGen.Init(new DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters()));
var dsaKey = dsaKeyGen.GenerateKeyPair();
privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded();
var dsaPublicKey = (DsaPublicKeyParameters)dsaKey.Public;
var dsaY = dsaPublicKey.Y.ToByteArrayUnsigned();
var dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned();
var dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned();
var dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned();
var dsaT = (byte)((dsaY.Length - 64) / 8);
publicKey = new byte[21 + 3 * dsaY.Length];
publicKey[0] = dsaT;
dsaQ.CopyTo(publicKey, 1);
dsaP.CopyTo(publicKey, 21);
dsaG.CopyTo(publicKey, 21 + dsaY.Length);
dsaY.CopyTo(publicKey, 21 + 2 * dsaY.Length);
break;
case DnsSecAlgorithm.EccGost:
ECDomainParameters gostEcDomainParameters = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA);
var gostKeyGen = new ECKeyPairGenerator();
gostKeyGen.Init(new ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom));
var gostKey = gostKeyGen.GenerateKeyPair();
privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded();
var gostPublicKey = (ECPublicKeyParameters)gostKey.Public;
publicKey = new byte[64];
gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32);
gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0);
publicKey = publicKey.Reverse().ToArray();
break;
case DnsSecAlgorithm.EcDsaP256Sha256:
case DnsSecAlgorithm.EcDsaP384Sha384:
int ecDsaDigestSize;
X9ECParameters ecDsaCurveParameter;
if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256)
{
ecDsaDigestSize = new Sha256Digest().GetDigestSize();
ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP256r1);
}
else
{
ecDsaDigestSize = new Sha384Digest().GetDigestSize();
ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP384r1);
}
ECDomainParameters ecDsaP384EcDomainParameters = new ECDomainParameters(
ecDsaCurveParameter.Curve,
ecDsaCurveParameter.G,
ecDsaCurveParameter.N,
ecDsaCurveParameter.H,
ecDsaCurveParameter.GetSeed());
var ecDsaKeyGen = new ECKeyPairGenerator();
ecDsaKeyGen.Init(new ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom));
var ecDsaKey = ecDsaKeyGen.GenerateKeyPair();
privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded();
var ecDsaPublicKey = (ECPublicKeyParameters)ecDsaKey.Public;
publicKey = new byte[ecDsaDigestSize * 2];
ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0);
ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize);
break;
default:
throw new NotSupportedException();
}
return(new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, privateKey));
}
public bool Verify(SignMessage msg)
{
string alg = FindAttribute("alg").AsString();
JWK key = keyToSign;
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
//
byte[] toBeSigned;
string str = "";
string body = Encoding.UTF8.GetString(msg.payloadB64);
if (ProtectedMap.ContainsKey("b64") && ProtectedMap["b64"].AsBoolean() == false)
{
str += protectedB64 + "." + body;
}
else
{
str += protectedB64 + "." + body;
}
toBeSigned = Encoding.UTF8.GetBytes(str);
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (key.AsString("kty") != "RSA")
{
throw new JoseException("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
if (key.AsString("kty") != "EC")
{
throw new JoseException("Wrong Key Type");
}
ICipherParameters pubKey = keyToSign.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JoseException("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JoseException("Signature did not validate");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (key.AsString("kty") != "OKP")
{
throw new JoseException("Wrong Key Type");
}
switch (key.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(key.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JoseException("Signature did not validate");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
return(true);
}
public void Verify(Key key, SignMessage msg)
{
string alg = FindAttr("alg", msg).AsString();
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JOSE_Exception("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (key.AsString("kty") != "RSA")
{
throw new JOSE_Exception("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(protectedB64, 0, protectedB64.Length);
signer.BlockUpdate(rgbDot, 0, 1);
signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
if (!signer.VerifySignature(signature))
{
throw new JOSE_Exception("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(protectedB64, 0, protectedB64.Length);
signer.BlockUpdate(rgbDot, 0, 1);
signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
if (!signer.VerifySignature(signature))
{
throw new JOSE_Exception("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
if (key.AsString("kty") != "EC")
{
throw new JOSE_Exception("Wrong Key Type");
}
X9ECParameters p = NistNamedCurves.GetByName(key.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPoint point = p.Curve.CreatePoint(key.AsBigInteger("x"
), key.AsBigInteger("y"));
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(point, parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
digest.BlockUpdate(protectedB64, 0, protectedB64.Length);
digest.BlockUpdate(rgbDot, 0, rgbDot.Length);
digest.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JOSE_Exception("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(protectedB64, 0, protectedB64.Length);
hmac.BlockUpdate(rgbDot, 0, rgbDot.Length);
hmac.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JOSE_Exception("Signature did not validte");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (key.AsString("kty") != "OKP")
{
throw new JOSE_Exception("Wrong Key Type");
}
switch (key.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(key.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
byte[] toVerify = new byte[protectedB64.Length + rgbDot.Length + msg.payloadB64.Length];
Array.Copy(protectedB64, 0, toVerify, 0, protectedB64.Length);
Array.Copy(rgbDot, 0, toVerify, protectedB64.Length, rgbDot.Length);
Array.Copy(msg.payloadB64, 0, toVerify, protectedB64.Length + rgbDot.Length, msg.payloadB64.Length);
eddsa.BlockUpdate(toVerify, 0, toVerify.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JOSE_Exception("Signature did not validate");
}
break;
}
default:
throw new JOSE_Exception("Unknown algorithm");
}
break;
}
default:
throw new JOSE_Exception("Unknown algorithm");
}
}
public override void Reset(IMemoable other)
{
Sha384Digest t = (Sha384Digest)other;
CopyIn(t);
}
private bool TryResumeSession(Stream stream, byte[] certSignatures, out Guid userToken)
{
#if SQLCLR
userToken = Guid.Empty;
return(false);
#else
//Resume Session:
// C => S
// byte ResumeSession
// byte TicketLength
// byte[] Ticket
// byte ClientChallengeLength
// byte[] ClientChallenge
// S <= C
// byte HashMethod
// byte ServerChallengeLength
// byte[] ServerChallenge
IDigest hash = new Sha384Digest();
byte[] serverChallenge = SaltGenerator.Create(16);
stream.WriteByte((byte)HashMethod.Sha384);
stream.WriteByte((byte)serverChallenge.Length);
stream.Write(serverChallenge);
stream.Flush();
// C => S
// byte ClientResponseLength
// byte[] ClientChallenge
byte[] ticket = stream.ReadBytes(stream.ReadNextByte());
byte[] clientChallenge = stream.ReadBytes(stream.ReadNextByte());
byte[] clientResponse = stream.ReadBytes(stream.ReadByte());
byte[] secret;
// S => C
// bool IsSuccessful
// byte ServerResponseLength
// byte[] ServerResponse
if (TryLoadTicket(ticket, out secret, out userToken))
{
byte[] clientResponseCheck = hash.ComputeHash(serverChallenge, clientChallenge, secret, certSignatures);
if (clientResponse.SecureEquals(clientResponseCheck))
{
byte[] serverResponse = hash.ComputeHash(clientChallenge, serverChallenge, secret, certSignatures);
stream.Write(true);
stream.WriteByte((byte)serverResponse.Length);
stream.Write(serverResponse);
stream.Flush();
if (stream.ReadBoolean())
{
return(true);
}
return(false);
}
}
stream.Write(false);
userToken = default(Guid);
return(false);
#endif
}
public static byte[] Digest(byte[] data, String algo)
{
if (algo == null)
{
throw new ArgumentNullException("El algoritmo de huella digital no puede ser nulo");
}
if (data == null)
{
throw new ArgumentNullException("Los datos no pueden ser nulos");
}
switch (algo)
{
/**
* ALGORITMOS DE HASING
*/
case AOSignConstants.SIGN_ALGORITHM_SHA1:
{
Sha1Digest dig = new Sha1Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
case AOSignConstants.SIGN_ALGORITHM_SHA256:
{
Sha256Digest dig = new Sha256Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
case AOSignConstants.SIGN_ALGORITHM_SHA384:
{
Sha384Digest dig = new Sha384Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
case AOSignConstants.SIGN_ALGORITHM_SHA512:
{
Sha512Digest dig = new Sha512Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
case AOSignConstants.SIGN_ALGORITHM_RIPEMD160:
{
RipeMD160Digest dig = new RipeMD160Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
case AOSignConstants.SIGN_ALGORITHM_MD5:
{
MD5Digest dig = new MD5Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
case AOSignConstants.SIGN_ALGORITHM_MD2:
{
MD2Digest dig = new MD2Digest();
dig.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[dig.GetDigestSize()];
dig.DoFinal(result, 0);
return(result);
}
default:
// You can use the default case.
throw new ArgumentNullException("El algoritmo no es reconocido");
}
throw new ArgumentNullException("Algoritmo de hash no soportado: " + algo);
}
public static byte[] Sign(byte[] toBeSigned, CBORObject alg, OneKey keyToSign)
{
IDigest digest = null;
IDigest digest2 = null;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "PS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "HSS-LMS":
break;
default:
throw new Exception("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case AlgorithmValuesInt.EdDSA:
break;
default:
throw new CoseException("Unknown signature algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
HashSig sig = new HashSig(keyToSign[CoseKeyParameterKeys.Lms_Private].AsString());
byte[] signBytes = sig.Sign(toBeSigned);
keyToSign.Replace(CoseKeyParameterKeys.Lms_Private, CBORObject.FromObject(sig.PrivateKey));
return(signBytes);
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
ICipherParameters prv = keyToSign.AsPrivateKey();
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(true, param);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
return(signer.GenerateSignature());
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
SecureRandom random = Message.GetPRNG();
digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
ICipherParameters privKey = keyToSign.AsPrivateKey();
X9ECParameters p = keyToSign.GetCurve();
ParametersWithRandom param = new ParametersWithRandom(privKey, random);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
int cbR = (p.Curve.FieldSize + 7) / 8;
byte[] sigs = new byte[cbR * 2];
Array.Copy(r, 0, sigs, cbR - r.Length, r.Length);
Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length);
return(sigs);
}
case AlgorithmValuesInt.EdDSA: {
ISigner eddsa;
if (keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519))
{
ICipherParameters privKey = keyToSign.AsPrivateKey();
eddsa = new Ed25519Signer();
eddsa.Init(true, privKey);
}
else if (keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448))
{
ICipherParameters privKey = keyToSign.AsPrivateKey();
eddsa = new Ed448Signer(new byte[0]);
eddsa.Init(true, privKey);
}
else
{
throw new CoseException("Unrecognized curve");
}
eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
return(eddsa.GenerateSignature());
}
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
public bool Validate(OneKey signerKey)
{
CBORObject alg; // Get the set algorithm or infer one
byte[] bytesToBeSigned = toBeSigned();
alg = FindAttribute(HeaderKeys.Algorithm);
if (alg == null)
{
throw new CoseException("No algorithm specified");
}
IDigest digest = null;
IDigest digest2 = null;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "ES384":
case "PS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "HSS-LMS":
break;
default:
throw new CoseException("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case AlgorithmValuesInt.EdDSA:
break;
default:
throw new CoseException("Unknown signature algorithm");
}
}
else
{
throw new CoseException("Algorthm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
return(HashSig.Validate(bytesToBeSigned,
signerKey[CoseKeyParameterKeys.Lms_Public].GetByteString(),
_rgbSignature));
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_n), signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_e), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG());
signer.Init(false, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.VerifySignature(_rgbSignature));
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
X9ECParameters p = signerKey.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPoint point = signerKey.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, param);
BigInteger r = new BigInteger(1, _rgbSignature, 0, _rgbSignature.Length / 2);
BigInteger s = new BigInteger(1, _rgbSignature, _rgbSignature.Length / 2, _rgbSignature.Length / 2);
return(ecdsa.VerifySignature(digestedMessage, r, s));
}
#if true
case AlgorithmValuesInt.EdDSA: {
ISigner eddsa;
if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519))
{
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
}
else if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448))
{
Ed448PublicKeyParameters privKey =
new Ed448PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0);
eddsa = new Ed448Signer(new byte[0]);
eddsa.Init(false, privKey);
}
else
{
throw new CoseException("Unrecognized curve");
}
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(eddsa.VerifySignature(_rgbSignature));
}
#endif
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
