/// <summary> /// Returns implementation of specified digest algorithm /// </summary> /// <param name="algorithm">Digest algorithm</param> /// <returns>Implementation of specified digest algorithm</returns> private static IDigest GetHashGenerator(DigestAlgorithm algorithm) { IDigest digest; switch (algorithm) { default: throw new NotSupportedException("Unsupported hash algorithm"); case DigestAlgorithm.SHA1: digest = new Sha1Digest(); break; case DigestAlgorithm.SHA256: digest = new Sha256Digest(); break; case DigestAlgorithm.SHA384: digest = new Sha384Digest(); break; case DigestAlgorithm.SHA512: digest = new Sha512Digest(); break; } return(digest); }
private IDigest GetShaDigest() { IDigest shaDigest = null; if (_shaBits == 1) { shaDigest = new Sha1Digest(); } else if (_shaBits == 3) { shaDigest = new Sha3Digest(); } else if (_shaBits == 224) { shaDigest = new Sha224Digest(); } else if (_shaBits == 256) { shaDigest = new Sha256Digest(); } else if (_shaBits == 384) { shaDigest = new Sha384Digest(); } else { shaDigest = new Sha512Digest(); } return(shaDigest); }
/// <summary> /// Gets the verifying stream. /// </summary> /// <returns></returns> public VerifyingStream GetVerifyingStream(KeyczarBase keyczar) { IDigest digest; if (Digest == DigestAlg.Sha256) { digest = new Sha256Digest(); } else if (Digest == DigestAlg.Sha384) { digest = new Sha384Digest(); } else if (Digest == DigestAlg.Sha512) { digest = new Sha512Digest(); } else { throw new InvalidKeyTypeException($"Unsupported digest type :{Digest}"); } var hmac = new HMac(digest); hmac.Init(new KeyParameter(HmacKeyBytes)); return(new HmacStream(hmac, HashLength)); }
internal override ISigner GetSigner() { IDigest digest; if (Digest == Sha224Digest) { digest = new Sha224Digest(); } else if (Digest == Sha256Digest) { digest = new Sha256Digest(); } else if (Digest == Sha384Digest) { digest = new Sha384Digest(); } else if (Digest == Sha512Digest) { digest = new Sha512Digest(); } else if (Digest == Sha1Digest) { digest = new Sha1Digest(); } else { throw new InvalidKeyTypeException(string.Format("Unknown digest type :{0}", Digest)); } if (Padding == PssPadding) { return(new PssSigner(new RsaBlindedEngine(), digest)); } throw new InvalidKeyTypeException(string.Format("Unknown padding type :{0}", Padding)); }
public static byte[] ComputeSha384(byte[] data) { IDigest digest = new Sha384Digest(); byte[] buffer = new byte[digest.GetDigestSize()]; digest.BlockUpdate(data, 0, data.Length); digest.DoFinal(buffer, 0); return(buffer); }
static byte[] Sha384(byte[] dat) { Sha384Digest digester = new Sha384Digest(); byte[] retValue = new byte[digester.GetDigestSize()]; digester.BlockUpdate(dat, 0, dat.Length); digester.DoFinal(retValue, 0); return(retValue); }
public static byte[] Hash384(byte[] value) { var digest = new Sha384Digest(); var output = new byte[digest.GetDigestSize()]; digest.BlockUpdate(value, 0, value.Length); digest.DoFinal(output, 0); return(output); }
public static byte[] Hash384(byte[] message) { var digest = new Sha384Digest(); var output = new byte[digest.GetDigestSize()]; byte[] msg = message ?? new byte[0]; digest.BlockUpdate(msg, 0, msg.Length); digest.DoFinal(output, 0); return(output); }
/// <summary> /// SHA384 computation /// </summary> /// <param name="data">the data to hash</param> /// <param name="key">optional hmac key</param> /// <returns>the hash value</returns> private static byte[] ComputeSha384(byte[] data, byte[] key) { byte[] outData = new byte[16]; if (key != null) { var digest = new HMac(new Sha384Digest()); digest.Init(new KeyParameter(key)); digest.BlockUpdate(data, 0, data.Length); digest.DoFinal(outData, 0); } else { var digest = new Sha384Digest(); digest.BlockUpdate(data, 0, data.Length); digest.DoFinal(outData, 0); } return(outData); }
private bool TryResumeSession(Stream stream, byte[] certSignatures, out Guid userToken) { #if SQLCLR userToken = Guid.Empty; return(false); #else //Resume Session: // C => S // byte ResumeSession // byte TicketLength // byte[] Ticket // byte ClientChallengeLength // byte[] ClientChallenge // S <= C // byte HashMethod // byte ServerChallengeLength // byte[] ServerChallenge IDigest hash = new Sha384Digest(); byte[] serverChallenge = SaltGenerator.Create(16); stream.WriteByte((byte)HashMethod.Sha384); stream.WriteByte((byte)serverChallenge.Length); stream.Write(serverChallenge); stream.Flush(); // C => S // byte ClientResponseLength // byte[] ClientChallenge byte[] ticket = stream.ReadBytes(stream.ReadNextByte()); byte[] clientChallenge = stream.ReadBytes(stream.ReadNextByte()); byte[] clientResponse = stream.ReadBytes(stream.ReadByte()); // S => C // bool IsSuccessful // byte ServerResponseLength // byte[] ServerResponse if (TryLoadTicket(ticket, out byte[] secret, out userToken))
internal override ISigner GetSigner() { IDigest digest; if (Digest == DigestAlg.Sha224) { digest = new Sha224Digest(); } else if (Digest == DigestAlg.Sha256) { digest = new Sha256Digest(); } else if (Digest == DigestAlg.Sha384) { digest = new Sha384Digest(); } else if (Digest == DigestAlg.Sha512) { digest = new Sha512Digest(); } else if (Digest == DigestAlg.Sha1) { digest = new Sha1Digest(); } else { throw new InvalidKeyTypeException($"Unknown digest type :{Digest}"); } if (Padding == PaddingAlg.Pss) { return(new PssSigner(new RsaBlindedEngine(), digest)); } if (Padding == PaddingAlg.Pkcs15) { return(new RsaDigestSigner(digest)); } throw new InvalidKeyTypeException($"Unknown padding type :{Padding}"); }
private IDigest GetDigest(THashAlgorithm hashAlgorithm) { IDigest result = null; switch (hashAlgorithm) { case THashAlgorithm.None: result = new NullDigest(); break; case THashAlgorithm.MD5: result = new MD5Digest(); break; case THashAlgorithm.SHA1: result = new Sha1Digest(); break; case THashAlgorithm.SHA224: result = new Sha224Digest(); break; case THashAlgorithm.SHA256: result = new Sha256Digest(); break; case THashAlgorithm.SHA384: result = new Sha384Digest(); break; case THashAlgorithm.SHA512: result = new Sha512Digest(); break; default: break; } return(result); }
private byte[] Sign(byte[] bytesToBeSigned) { string alg = null; // Get the set algorithm or infer one try { alg = FindAttribute("alg").AsString(); } catch (Exception) { ; } if (alg == null) { switch (keyToSign.AsString("kty")) { case "RSA": alg = "PS256"; break; case "EC": switch (keyToSign.AsString("crv")) { case "P-256": alg = "ES256"; break; case "P-384": alg = "ES384"; break; case "P-521": alg = "ES512"; break; default: throw new JOSE_Exception("Unknown curve"); } break; default: throw new JOSE_Exception("Unknown or unsupported key type " + keyToSign.AsString("kty")); } objUnprotected.Add("alg", alg); } IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JOSE_Exception("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")), ConvertBigNum(keyToSign.AsBytes("e")), ConvertBigNum(keyToSign.AsBytes("d")), ConvertBigNum(keyToSign.AsBytes("p")), ConvertBigNum(keyToSign.AsBytes("q")), ConvertBigNum(keyToSign.AsBytes("dp")), ConvertBigNum(keyToSign.AsBytes("dq")), ConvertBigNum(keyToSign.AsBytes("qi"))); signer.Init(true, prv); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")), ConvertBigNum(keyToSign.AsBytes("e")), ConvertBigNum(keyToSign.AsBytes("d")), ConvertBigNum(keyToSign.AsBytes("p")), ConvertBigNum(keyToSign.AsBytes("q")), ConvertBigNum(keyToSign.AsBytes("dp")), ConvertBigNum(keyToSign.AsBytes("dq")), ConvertBigNum(keyToSign.AsBytes("qi"))); ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG); signer.Init(true, rnd); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "ES256": case "ES384": case "ES512": { X9ECParameters p = NistNamedCurves.GetByName(keyToSign.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign.AsBytes("d")), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(bytesToBeSigned); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); byte[] sigs = new byte[r.Length + s.Length]; Array.Copy(r, sigs, r.Length); Array.Copy(s, 0, sigs, r.Length, s.Length); return(sigs); } case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter key = new KeyParameter(keyToSign.AsBytes("k")); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.Init(key); hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); hmac.DoFinal(resBuf, 0); return(resBuf); } case "EdDSA": switch (keyToSign.AsString("crv")) { case "Ed25519": { ISigner eddsa; Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(keyToSign.AsBytes("d"), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.GenerateSignature()); } } break; } return(null); }
public bool Validate(byte[] content, byte[] msgAttributes) { CBORObject alg = null; // Get the set algorithm or infer one byte[] bytesToBeSigned = toBeSigned(content, msgAttributes); alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { throw new Exception("No Signature algorithm known"); } IDigest digest; IDigest digest2; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; default: throw new Exception("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; default: throw new CoseException("Unknown signature algorith"); } } else { throw new CoseException("Algorthm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.VerifySignature(rgbSignature)); } default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.VerifySignature(rgbSignature)); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = keyToSign.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPoint point = keyToSign.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, param); BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2); BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2); return(ecdsa.VerifySignature(digestedMessage, r, s)); } default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }
private byte[] Sign(byte[] bytesToBeSigned) { CBORObject alg = null; // Get the set algorithm or infer one alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { if (keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Number) { switch ((GeneralValuesInt)keyToSign[CoseKeyKeys.KeyType].AsInt32()) { case GeneralValuesInt.KeyType_RSA: alg = CBORObject.FromObject("PS256"); break; case GeneralValuesInt.KeyType_EC2: if (keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Number) { switch ((GeneralValuesInt)keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.P256: alg = AlgorithmValues.ECDSA_256; break; case GeneralValuesInt.P384: alg = AlgorithmValues.ECDSA_384; break; case GeneralValuesInt.P521: alg = AlgorithmValues.ECDSA_512; break; default: throw new CoseException("Unknown curve"); } } else if (keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString) { switch (keyToSign[CoseKeyParameterKeys.EC_Curve].AsString()) { default: throw new CoseException("Unknown curve"); } } else { throw new CoseException("Curve is incorrectly encoded"); } break; default: throw new Exception("Unknown or unsupported key type " + keyToSign.AsString("kty")); } } else if (keyToSign[CoseKeyKeys.KeyType].Type == CBORType.TextString) { throw new CoseException("Unknown or unsupported key type " + keyToSign[CoseKeyKeys.KeyType].AsString()); } else { throw new CoseException("Key type is not correctly encoded"); } objUnprotected.Add(HeaderKeys.Algorithm, alg); } IDigest digest; IDigest digest2; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; default: throw new Exception("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; default: throw new CoseException("Unknown signature algorith"); } } else { throw new CoseException("Algorthm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { SecureRandom random = Message.GetPRNG(); digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = keyToSign.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign[CoseKeyParameterKeys.EC_D]), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, random); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); int cbR = (p.Curve.FieldSize + 7) / 8; byte[] sigs = new byte[cbR * 2]; Array.Copy(r, 0, sigs, cbR - r.Length, r.Length); Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length); return(sigs); } default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }
internal bool ValidateMac(byte[] toBeSigned, byte[] signature, string alg) { IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JoseException("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { if (this.AsString("kty") != "RSA") { throw new JoseException("Wrong Key"); } RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters pub = new RsaKeyParameters(false, this.AsBigInteger("n"), this.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length); if (!signer.VerifySignature(signature)) { throw new JoseException("Message failed to verify"); } } break; case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize()); RsaKeyParameters pub = new RsaKeyParameters(false, this.AsBigInteger("n"), this.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length); if (!signer.VerifySignature(signature)) { throw new JoseException("Message failed to verify"); } } break; case "ES256": case "ES384": case "ES512": { digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length); byte[] o1 = new byte[digest.GetDigestSize()]; digest.DoFinal(o1, 0); if (this.AsString("kty") != "EC") { throw new JoseException("Wrong Key Type"); } ICipherParameters pubKey = this.AsPublicKey(); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, pubKey); BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2); BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2); if (!ecdsa.VerifySignature(o1, r, s)) { throw new JoseException("Signature did not validate"); } } break; case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter K = new KeyParameter(Message.base64urldecode(this.AsString("k"))); hmac.Init(K); hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.DoFinal(resBuf, 0); bool fVerify = true; for (int i = 0; i < resBuf.Length; i++) { if (resBuf[i] != signature[i]) { fVerify = false; } } if (!fVerify) { throw new JoseException("Signature did not validate"); } } break; case "EdDSA": { ISigner eddsa; if (this.AsString("kty") != "OKP") { throw new JoseException("Wrong Key Type"); } switch (this.AsString("crv")) { case "Ed25519": { Ed25519PublicKeyParameters privKey = new Ed25519PublicKeyParameters(this.AsBytes("X"), 0); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length); if (!eddsa.VerifySignature(signature)) { throw new JoseException("Signature did not validate"); } break; } default: throw new JoseException("Unknown algorithm"); } break; } default: throw new JoseException("Unknown algorithm"); } return(true); }
internal byte[] ComputeMac(byte[] bytesToBeSigned, string alg) { IDigest digest; IDigest digest2; byte[] signature; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JoseException("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")), ConvertBigNum(this.AsString("e")), ConvertBigNum(this.AsString("d")), ConvertBigNum(this.AsString("p")), ConvertBigNum(this.AsString("q")), ConvertBigNum(this.AsString("dp")), ConvertBigNum(this.AsString("dq")), ConvertBigNum(this.AsString("qi"))); signer.Init(true, prv); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")), ConvertBigNum(this.AsString("e")), ConvertBigNum(this.AsString("d")), ConvertBigNum(this.AsString("p")), ConvertBigNum(this.AsString("q")), ConvertBigNum(this.AsString("dp")), ConvertBigNum(this.AsString("dq")), ConvertBigNum(this.AsString("qi"))); ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG); signer.Init(true, rnd); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "ES256": case "ES384": case "ES512": { digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] o1 = new byte[digest.GetDigestSize()]; digest.DoFinal(o1, 0); X9ECParameters p = NistNamedCurves.GetByName(this.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(this.AsString("d")), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(o1); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); int cbR = (p.Curve.FieldSize + 7) / 8; byte[] sigs = new byte[cbR * 2]; Array.Copy(r, 0, sigs, cbR - r.Length, r.Length); Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length); signature = sigs; return(sigs); } case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter key = new KeyParameter(this.AsBytes("k")); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.Init(key); hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); hmac.DoFinal(resBuf, 0); signature = resBuf; return(resBuf); } case "EdDSA": switch (this.AsString("crv")) { case "Ed25519": { ISigner eddsa; Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(this.AsBytes("d"), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); signature = eddsa.GenerateSignature(); return(signature); } } break; } return(null); }
private byte[] _Sign(byte[] bytesToBeSigned) { CBORObject alg; // Get the set algorithm or infer one if (rgbContent == null) { throw new CoseException("No Content Specified"); } alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyKeys.KeyType].AsInt32()) { case GeneralValuesInt.KeyType_RSA: alg = AlgorithmValues.RSA_PSS_256; break; case GeneralValuesInt.KeyType_EC2: if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.P256: alg = AlgorithmValues.ECDSA_256; break; case GeneralValuesInt.P521: alg = AlgorithmValues.ECDSA_512; break; default: throw new CoseException("Unknown curve"); } } else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString) { switch (_keyToSign[CoseKeyParameterKeys.EC_Curve].AsString()) { case "P-384": alg = CBORObject.FromObject("ES384"); break; default: throw new CoseException("Unknown curve"); } } else { throw new CoseException("Curve is incorrectly encoded"); } break; case GeneralValuesInt.KeyType_OKP: if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.Ed25519: alg = AlgorithmValues.EdDSA; break; case GeneralValuesInt.Ed448: alg = AlgorithmValues.EdDSA; break; default: throw new CoseException("Unknown curve"); } } else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString) { switch (_keyToSign[CoseKeyParameterKeys.EC_Curve].AsString()) { default: throw new CoseException("Unknown curve"); } } else { throw new CoseException("Curve is incorrectly encoded"); } break; default: throw new CoseException("Unknown or unsupported key type " + _keyToSign.AsString("kty")); } } else if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.TextString) { throw new CoseException("Unknown or unsupported key type " + _keyToSign[CoseKeyKeys.KeyType].AsString()); } else { throw new CoseException("Key type is not correctly encoded"); } UnprotectedMap.Add(HeaderKeys.Algorithm, alg); } IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "ES384": case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "HSS-LMS": break; default: throw new CoseException("Unknown Algorithm Specified"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown Algorithm Specified"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": HashSig sig = new HashSig(_keyToSign[CoseKeyParameterKeys.Lms_Private].AsString()); byte[] signBytes = sig.Sign(bytesToBeSigned); _keyToSign.Replace(CoseKeyParameterKeys.Lms_Private, CBORObject.FromObject(sig.PrivateKey)); return(signBytes); default: throw new CoseException("Unknown Algorithm Specified"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters( _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { CBORObject privateKeyD = _keyToSign[CoseKeyParameterKeys.EC_D]; if (privateKeyD == null) { throw new CoseException("Private key required to sign"); } SecureRandom random = GetPRNG(); digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = _keyToSign.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(privateKeyD), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, random); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); int cbR = (p.Curve.FieldSize + 7) / 8; byte[] sigs = new byte[cbR * 2]; Array.Copy(r, 0, sigs, cbR - r.Length, r.Length); Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length); return(sigs); } #if true case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(_keyToSign[CoseKeyParameterKeys.OKP_D].GetByteString(), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); } else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { Ed448PrivateKeyParameters privKey = new Ed448PrivateKeyParameters(_keyToSign[CoseKeyParameterKeys.OKP_D].GetByteString(), 0); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(true, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.GenerateSignature()); } #endif default: throw new CoseException("Unknown Algorithm Specified"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }
protected byte[] HMAC(CBORObject alg, byte[] K) { int cbitKey; int cbResult; IDigest digest; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { default: throw new Exception("Unrecognized algorithm"); } } else if (alg.Type == CBORType.Number) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.HMAC_SHA_256: cbitKey = 256; cbResult = 256 / 8; digest = new Sha256Digest(); break; case AlgorithmValuesInt.HMAC_SHA_256_64: cbitKey = 256; digest = new Sha256Digest(); cbResult = 64 / 8; break; case AlgorithmValuesInt.HMAC_SHA_384: cbitKey = 384; digest = new Sha384Digest(); cbResult = cbitKey / 8; break; case AlgorithmValuesInt.HMAC_SHA_512: cbitKey = 512; digest = new Sha512Digest(); cbResult = cbitKey / 8; break; default: throw new CoseException("Unknown or unsupported algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } if (K == null) { throw new CoseException("No Key value"); } HMac hmac = new HMac(digest); KeyParameter key = new KeyParameter(K); byte[] resBuf = new byte[hmac.GetMacSize()]; byte[] toDigest = BuildContentBytes(); hmac.Init(key); hmac.BlockUpdate(toDigest, 0, toDigest.Length); hmac.DoFinal(resBuf, 0); byte[] rgbOut = new byte[cbResult]; Array.Copy(resBuf, rgbOut, cbResult); return(rgbOut); }
public Sha384Digest(Sha384Digest t) : base(t) { }
public static bool Validate(byte[] content, CBORObject alg, OneKey signKey, byte[] rgbSignature) { IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": break; default: throw new Exception("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown signature algorith"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": return(HashSig.Validate(content, signKey[CoseKeyParameterKeys.Lms_Public].GetByteString(), rgbSignature)); default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); ICipherParameters prv = signKey.AsPublicKey(); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(false, param); signer.BlockUpdate(content, 0, content.Length); return(signer.VerifySignature(rgbSignature)); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { if (signKey.GetKeyType() != GeneralValuesInt.KeyType_EC2) { throw new CoseException("Key is not correctly constructed."); } digest.BlockUpdate(content, 0, content.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); ICipherParameters param = signKey.AsPublicKey(); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, param); BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2); BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2); return(ecdsa.VerifySignature(digestedMessage, r, s)); } #if true case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { ICipherParameters privKey = signKey.AsPublicKey(); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); } else if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { Ed448PublicKeyParameters privKey = new Ed448PublicKeyParameters(signKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(false, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(content, 0, content.Length); return(eddsa.VerifySignature(rgbSignature)); } #endif default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }
public static IDigest GetDigest(string algorithm) { string text = Platform.ToUpperInvariant(algorithm); string text2 = (string)DigestUtilities.algorithms[text]; if (text2 == null) { text2 = text; } try { switch ((DigestUtilities.DigestAlgorithm)Enums.GetEnumValue(typeof(DigestUtilities.DigestAlgorithm), text2)) { case DigestUtilities.DigestAlgorithm.GOST3411: { IDigest result = new Gost3411Digest(); return(result); } case DigestUtilities.DigestAlgorithm.MD2: { IDigest result = new MD2Digest(); return(result); } case DigestUtilities.DigestAlgorithm.MD4: { IDigest result = new MD4Digest(); return(result); } case DigestUtilities.DigestAlgorithm.MD5: { IDigest result = new MD5Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD128: { IDigest result = new RipeMD128Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD160: { IDigest result = new RipeMD160Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD256: { IDigest result = new RipeMD256Digest(); return(result); } case DigestUtilities.DigestAlgorithm.RIPEMD320: { IDigest result = new RipeMD320Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_1: { IDigest result = new Sha1Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_224: { IDigest result = new Sha224Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_256: { IDigest result = new Sha256Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_384: { IDigest result = new Sha384Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_512: { IDigest result = new Sha512Digest(); return(result); } case DigestUtilities.DigestAlgorithm.SHA_512_224: { IDigest result = new Sha512tDigest(224); return(result); } case DigestUtilities.DigestAlgorithm.SHA_512_256: { IDigest result = new Sha512tDigest(256); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_224: { IDigest result = new Sha3Digest(224); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_256: { IDigest result = new Sha3Digest(256); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_384: { IDigest result = new Sha3Digest(384); return(result); } case DigestUtilities.DigestAlgorithm.SHA3_512: { IDigest result = new Sha3Digest(512); return(result); } case DigestUtilities.DigestAlgorithm.TIGER: { IDigest result = new TigerDigest(); return(result); } case DigestUtilities.DigestAlgorithm.WHIRLPOOL: { IDigest result = new WhirlpoolDigest(); return(result); } } } catch (ArgumentException) { } throw new SecurityUtilityException("Digest " + text2 + " not recognised."); }
/// <summary> /// Creates a new signing key pair /// </summary> /// <param name="name">The name of the key or zone</param> /// <param name="recordClass">The record class of the DnsKeyRecord</param> /// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param> /// <param name="flags">The Flags of the DnsKeyRecord</param> /// <param name="protocol">The protocol version</param> /// <param name="algorithm">The key algorithm</param> /// <param name="keyStrength">The key strength or 0 for default strength</param> /// <returns></returns> public static DnsKeyRecord CreateSigningKey(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, int keyStrength = 0) { byte[] privateKey; byte[] publicKey; switch (algorithm) { case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: if (keyStrength == 0) { keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024; } RsaKeyPairGenerator rsaKeyGen = new RsaKeyPairGenerator(); rsaKeyGen.Init(new KeyGenerationParameters(_secureRandom, keyStrength)); var rsaKey = rsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded(); var rsaPublicKey = (RsaKeyParameters)rsaKey.Public; var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned(); var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned(); int offset = 1; if (rsaExponent.Length > 255) { publicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length]; DnsMessageBase.EncodeUShort(publicKey, ref offset, (ushort)publicKey.Length); } else { publicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length]; publicKey[0] = (byte)rsaExponent.Length; } DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaExponent); DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaModulus); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: if (keyStrength == 0) { keyStrength = 1024; } DsaParametersGenerator dsaParamsGen = new DsaParametersGenerator(); dsaParamsGen.Init(keyStrength, 12, _secureRandom); DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator(); dsaKeyGen.Init(new DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters())); var dsaKey = dsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded(); var dsaPublicKey = (DsaPublicKeyParameters)dsaKey.Public; var dsaY = dsaPublicKey.Y.ToByteArrayUnsigned(); var dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned(); var dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned(); var dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned(); var dsaT = (byte)((dsaY.Length - 64) / 8); publicKey = new byte[21 + 3 * dsaY.Length]; publicKey[0] = dsaT; dsaQ.CopyTo(publicKey, 1); dsaP.CopyTo(publicKey, 21); dsaG.CopyTo(publicKey, 21 + dsaY.Length); dsaY.CopyTo(publicKey, 21 + 2 * dsaY.Length); break; case DnsSecAlgorithm.EccGost: ECDomainParameters gostEcDomainParameters = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); var gostKeyGen = new ECKeyPairGenerator(); gostKeyGen.Init(new ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom)); var gostKey = gostKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded(); var gostPublicKey = (ECPublicKeyParameters)gostKey.Public; publicKey = new byte[64]; gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32); gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); publicKey = publicKey.Reverse().ToArray(); break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: int ecDsaDigestSize; X9ECParameters ecDsaCurveParameter; if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256) { ecDsaDigestSize = new Sha256Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP256r1); } else { ecDsaDigestSize = new Sha384Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP384r1); } ECDomainParameters ecDsaP384EcDomainParameters = new ECDomainParameters( ecDsaCurveParameter.Curve, ecDsaCurveParameter.G, ecDsaCurveParameter.N, ecDsaCurveParameter.H, ecDsaCurveParameter.GetSeed()); var ecDsaKeyGen = new ECKeyPairGenerator(); ecDsaKeyGen.Init(new ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom)); var ecDsaKey = ecDsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded(); var ecDsaPublicKey = (ECPublicKeyParameters)ecDsaKey.Public; publicKey = new byte[ecDsaDigestSize * 2]; ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize); break; default: throw new NotSupportedException(); } return(new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, privateKey)); }
public bool Verify(SignMessage msg) { string alg = FindAttribute("alg").AsString(); JWK key = keyToSign; IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JoseException("Unknown signature algorithm"); } // byte[] toBeSigned; string str = ""; string body = Encoding.UTF8.GetString(msg.payloadB64); if (ProtectedMap.ContainsKey("b64") && ProtectedMap["b64"].AsBoolean() == false) { str += protectedB64 + "." + body; } else { str += protectedB64 + "." + body; } toBeSigned = Encoding.UTF8.GetBytes(str); switch (alg) { case "RS256": case "RS384": case "RS512": { if (key.AsString("kty") != "RSA") { throw new JoseException("Wrong Key"); } RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length); if (!signer.VerifySignature(signature)) { throw new JoseException("Message failed to verify"); } } break; case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize()); RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length); if (!signer.VerifySignature(signature)) { throw new JoseException("Message failed to verify"); } } break; case "ES256": case "ES384": case "ES512": { digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length); byte[] o1 = new byte[digest.GetDigestSize()]; digest.DoFinal(o1, 0); if (key.AsString("kty") != "EC") { throw new JoseException("Wrong Key Type"); } ICipherParameters pubKey = keyToSign.AsPublicKey(); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, pubKey); BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2); BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2); if (!ecdsa.VerifySignature(o1, r, s)) { throw new JoseException("Signature did not validate"); } } break; case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k"))); hmac.Init(K); hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.DoFinal(resBuf, 0); bool fVerify = true; for (int i = 0; i < resBuf.Length; i++) { if (resBuf[i] != signature[i]) { fVerify = false; } } if (!fVerify) { throw new JoseException("Signature did not validate"); } } break; case "EdDSA": { ISigner eddsa; if (key.AsString("kty") != "OKP") { throw new JoseException("Wrong Key Type"); } switch (key.AsString("crv")) { case "Ed25519": { Ed25519PublicKeyParameters privKey = new Ed25519PublicKeyParameters(key.AsBytes("X"), 0); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length); if (!eddsa.VerifySignature(signature)) { throw new JoseException("Signature did not validate"); } break; } default: throw new JoseException("Unknown algorithm"); } break; } default: throw new JoseException("Unknown algorithm"); } return(true); }
public void Verify(Key key, SignMessage msg) { string alg = FindAttr("alg", msg).AsString(); IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JOSE_Exception("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { if (key.AsString("kty") != "RSA") { throw new JOSE_Exception("Wrong Key"); } RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(protectedB64, 0, protectedB64.Length); signer.BlockUpdate(rgbDot, 0, 1); signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); if (!signer.VerifySignature(signature)) { throw new JOSE_Exception("Message failed to verify"); } } break; case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e")); signer.Init(false, pub); signer.BlockUpdate(protectedB64, 0, protectedB64.Length); signer.BlockUpdate(rgbDot, 0, 1); signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); if (!signer.VerifySignature(signature)) { throw new JOSE_Exception("Message failed to verify"); } } break; case "ES256": case "ES384": case "ES512": { if (key.AsString("kty") != "EC") { throw new JOSE_Exception("Wrong Key Type"); } X9ECParameters p = NistNamedCurves.GetByName(key.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPoint point = p.Curve.CreatePoint(key.AsBigInteger("x" ), key.AsBigInteger("y")); ECPublicKeyParameters pubKey = new ECPublicKeyParameters(point, parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, pubKey); digest.BlockUpdate(protectedB64, 0, protectedB64.Length); digest.BlockUpdate(rgbDot, 0, rgbDot.Length); digest.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); byte[] o1 = new byte[digest.GetDigestSize()]; digest.DoFinal(o1, 0); BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2); BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2); if (!ecdsa.VerifySignature(o1, r, s)) { throw new JOSE_Exception("Signature did not validate"); } } break; case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k"))); hmac.Init(K); hmac.BlockUpdate(protectedB64, 0, protectedB64.Length); hmac.BlockUpdate(rgbDot, 0, rgbDot.Length); hmac.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.DoFinal(resBuf, 0); bool fVerify = true; for (int i = 0; i < resBuf.Length; i++) { if (resBuf[i] != signature[i]) { fVerify = false; } } if (!fVerify) { throw new JOSE_Exception("Signature did not validte"); } } break; case "EdDSA": { ISigner eddsa; if (key.AsString("kty") != "OKP") { throw new JOSE_Exception("Wrong Key Type"); } switch (key.AsString("crv")) { case "Ed25519": { Ed25519PublicKeyParameters privKey = new Ed25519PublicKeyParameters(key.AsBytes("X"), 0); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); byte[] toVerify = new byte[protectedB64.Length + rgbDot.Length + msg.payloadB64.Length]; Array.Copy(protectedB64, 0, toVerify, 0, protectedB64.Length); Array.Copy(rgbDot, 0, toVerify, protectedB64.Length, rgbDot.Length); Array.Copy(msg.payloadB64, 0, toVerify, protectedB64.Length + rgbDot.Length, msg.payloadB64.Length); eddsa.BlockUpdate(toVerify, 0, toVerify.Length); if (!eddsa.VerifySignature(signature)) { throw new JOSE_Exception("Signature did not validate"); } break; } default: throw new JOSE_Exception("Unknown algorithm"); } break; } default: throw new JOSE_Exception("Unknown algorithm"); } }
public override void Reset(IMemoable other) { Sha384Digest t = (Sha384Digest)other; CopyIn(t); }
private bool TryResumeSession(Stream stream, byte[] certSignatures, out Guid userToken) { #if SQLCLR userToken = Guid.Empty; return(false); #else //Resume Session: // C => S // byte ResumeSession // byte TicketLength // byte[] Ticket // byte ClientChallengeLength // byte[] ClientChallenge // S <= C // byte HashMethod // byte ServerChallengeLength // byte[] ServerChallenge IDigest hash = new Sha384Digest(); byte[] serverChallenge = SaltGenerator.Create(16); stream.WriteByte((byte)HashMethod.Sha384); stream.WriteByte((byte)serverChallenge.Length); stream.Write(serverChallenge); stream.Flush(); // C => S // byte ClientResponseLength // byte[] ClientChallenge byte[] ticket = stream.ReadBytes(stream.ReadNextByte()); byte[] clientChallenge = stream.ReadBytes(stream.ReadNextByte()); byte[] clientResponse = stream.ReadBytes(stream.ReadByte()); byte[] secret; // S => C // bool IsSuccessful // byte ServerResponseLength // byte[] ServerResponse if (TryLoadTicket(ticket, out secret, out userToken)) { byte[] clientResponseCheck = hash.ComputeHash(serverChallenge, clientChallenge, secret, certSignatures); if (clientResponse.SecureEquals(clientResponseCheck)) { byte[] serverResponse = hash.ComputeHash(clientChallenge, serverChallenge, secret, certSignatures); stream.Write(true); stream.WriteByte((byte)serverResponse.Length); stream.Write(serverResponse); stream.Flush(); if (stream.ReadBoolean()) { return(true); } return(false); } } stream.Write(false); userToken = default(Guid); return(false); #endif }
public static byte[] Digest(byte[] data, String algo) { if (algo == null) { throw new ArgumentNullException("El algoritmo de huella digital no puede ser nulo"); } if (data == null) { throw new ArgumentNullException("Los datos no pueden ser nulos"); } switch (algo) { /** * ALGORITMOS DE HASING */ case AOSignConstants.SIGN_ALGORITHM_SHA1: { Sha1Digest dig = new Sha1Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } case AOSignConstants.SIGN_ALGORITHM_SHA256: { Sha256Digest dig = new Sha256Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } case AOSignConstants.SIGN_ALGORITHM_SHA384: { Sha384Digest dig = new Sha384Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } case AOSignConstants.SIGN_ALGORITHM_SHA512: { Sha512Digest dig = new Sha512Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } case AOSignConstants.SIGN_ALGORITHM_RIPEMD160: { RipeMD160Digest dig = new RipeMD160Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } case AOSignConstants.SIGN_ALGORITHM_MD5: { MD5Digest dig = new MD5Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } case AOSignConstants.SIGN_ALGORITHM_MD2: { MD2Digest dig = new MD2Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return(result); } default: // You can use the default case. throw new ArgumentNullException("El algoritmo no es reconocido"); } throw new ArgumentNullException("Algoritmo de hash no soportado: " + algo); }
public static byte[] Sign(byte[] toBeSigned, CBORObject alg, OneKey keyToSign) { IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "HSS-LMS": break; default: throw new Exception("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown signature algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": HashSig sig = new HashSig(keyToSign[CoseKeyParameterKeys.Lms_Private].AsString()); byte[] signBytes = sig.Sign(toBeSigned); keyToSign.Replace(CoseKeyParameterKeys.Lms_Private, CBORObject.FromObject(sig.PrivateKey)); return(signBytes); default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); ICipherParameters prv = keyToSign.AsPrivateKey(); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(true, param); signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length); return(signer.GenerateSignature()); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { SecureRandom random = Message.GetPRNG(); digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); ICipherParameters privKey = keyToSign.AsPrivateKey(); X9ECParameters p = keyToSign.GetCurve(); ParametersWithRandom param = new ParametersWithRandom(privKey, random); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); int cbR = (p.Curve.FieldSize + 7) / 8; byte[] sigs = new byte[cbR * 2]; Array.Copy(r, 0, sigs, cbR - r.Length, r.Length); Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length); return(sigs); } case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { ICipherParameters privKey = keyToSign.AsPrivateKey(); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); } else if (keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { ICipherParameters privKey = keyToSign.AsPrivateKey(); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(true, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length); return(eddsa.GenerateSignature()); } default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }
public bool Validate(OneKey signerKey) { CBORObject alg; // Get the set algorithm or infer one byte[] bytesToBeSigned = toBeSigned(); alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { throw new CoseException("No algorithm specified"); } IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "ES384": case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "HSS-LMS": break; default: throw new CoseException("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown signature algorithm"); } } else { throw new CoseException("Algorthm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": return(HashSig.Validate(bytesToBeSigned, signerKey[CoseKeyParameterKeys.Lms_Public].GetByteString(), _rgbSignature)); default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_n), signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_e), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG()); signer.Init(false, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.VerifySignature(_rgbSignature)); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = signerKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPoint point = signerKey.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, param); BigInteger r = new BigInteger(1, _rgbSignature, 0, _rgbSignature.Length / 2); BigInteger s = new BigInteger(1, _rgbSignature, _rgbSignature.Length / 2, _rgbSignature.Length / 2); return(ecdsa.VerifySignature(digestedMessage, r, s)); } #if true case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { Ed25519PublicKeyParameters privKey = new Ed25519PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); } else if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { Ed448PublicKeyParameters privKey = new Ed448PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(false, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.VerifySignature(_rgbSignature)); } #endif default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }