Esempio n. 1
0
        /// <summary>
        /// Create self signed cert
        /// </summary>
        /// <param name="signature"></param>
        /// <param name="subject"></param>
        /// <returns></returns>
        internal static AsymmetricAlgorithm CreateCsr(this SignatureType signature, string subject,
                                                      out CertificateRequest csr)
        {
            AsymmetricAlgorithm alg = null;

            try {
                if (signature.IsRSA())
                {
                    var rsa = RSA.Create();
                    alg = rsa;
                    csr = new CertificateRequest(X500DistinguishedNameEx.Create(subject),
                                                 rsa, signature.ToHashAlgorithmName(), signature.ToRSASignaturePadding());
                    return(alg);
                }
                if (signature.IsECC())
                {
                    var ecdsa = ECDsa.Create();
                    alg = ecdsa;
                    csr = new CertificateRequest(X500DistinguishedNameEx.Create(subject),
                                                 ecdsa, signature.ToHashAlgorithmName());
                    return(alg);
                }
                throw new ArgumentException("Bad signature");
            }
            catch {
                alg?.Dispose();
                throw;
            }
        }
Esempio n. 2
0
        /// <inheritdoc/>
        public async Task <bool> VerifyAsync(KeyHandle handle, byte[] hash,
                                             SignatureType algorithm, byte[] signature, CancellationToken ct)
        {
            var document = await _keys.GetAsync <KeyDocument>(KeyId.GetId(handle), ct);

            if (document.Value.IsDisabled)
            {
                throw new InvalidOperationException("Key is disabled");
            }
            var key = document.Value.KeyJson.ToKey();

            if (key == null)
            {
                throw new ResourceNotFoundException("Key not found");
            }
            switch (key.Type)
            {
            case KeyType.RSA:
                using (var rsa = key.ToRSA()) {
                    return(rsa.VerifyHash(hash, signature, algorithm.ToHashAlgorithmName(),
                                          algorithm.ToRSASignaturePadding()));
                }

            case KeyType.ECC:
                using (var ecc = key.ToECDsa()) {
                    return(ecc.VerifyHash(hash, signature));
                }

            default:
                throw new ArgumentException("Bad key type passed for signing");
            }
        }
        /// <summary>
        /// Create request with public key
        /// </summary>
        /// <param name="pubKey"></param>
        /// <param name="subjectDN"></param>
        /// <param name="signatureType"></param>
        /// <param name="extensions"></param>
        /// <returns></returns>
        public static CertificateRequest CreateCertificateRequest(this Key pubKey,
                                                                  X500DistinguishedName subjectDN, SignatureType signatureType,
                                                                  IEnumerable <X509Extension> extensions = null)
        {
            var request = new CertificateRequest(subjectDN, pubKey.ToPublicKey(),
                                                 signatureType.ToHashAlgorithmName());

            if (extensions != null)
            {
                foreach (var extension in extensions)
                {
                    request.CertificateExtensions.Add(extension);
                }
            }
            return(request);
        }
Esempio n. 4
0
        /// <summary>
        /// To DER algorithm identifier
        /// </summary>
        /// <param name="signature"></param>
        /// <returns></returns>
        public static byte[] ToAlgorithmIdentifier(this SignatureType signature)
        {
            var    hashAlgorithm = signature.ToHashAlgorithmName();
            string oid;

            if (signature.IsRSA())
            {
                var padding = signature.ToRSASignaturePadding();
                if (padding == RSASignaturePadding.Pkcs1)
                {
                    if (hashAlgorithm == HashAlgorithmName.SHA256)
                    {
                        oid = Oids.RsaPkcs1Sha256;
                    }
                    else if (hashAlgorithm == HashAlgorithmName.SHA384)
                    {
                        oid = Oids.RsaPkcs1Sha384;
                    }
                    else if (hashAlgorithm == HashAlgorithmName.SHA512)
                    {
                        oid = Oids.RsaPkcs1Sha512;
                    }
                    else
                    {
                        throw new ArgumentOutOfRangeException(nameof(hashAlgorithm),
                                                              $"The hash algorithm {hashAlgorithm.Name} is not supported.");
                    }
                    using (var writer = new AsnWriter(AsnEncodingRules.DER)) {
                        writer.PushSequence();
                        writer.WriteObjectIdentifier(oid);
                        writer.WriteNull();
                        writer.PopSequence();
                        return(writer.Encode());
                    }
                }
                if (padding == RSASignaturePadding.Pss)
                {
                    int saltLen;

                    if (hashAlgorithm == HashAlgorithmName.SHA256)
                    {
                        saltLen = 256 / 8;
                        oid     = Oids.Sha256;
                    }
                    else if (hashAlgorithm == HashAlgorithmName.SHA384)
                    {
                        saltLen = 384 / 8;
                        oid     = Oids.Sha384;
                    }
                    else if (hashAlgorithm == HashAlgorithmName.SHA512)
                    {
                        saltLen = 512 / 8;
                        oid     = Oids.Sha512;
                    }
                    else
                    {
                        throw new ArgumentOutOfRangeException(nameof(hashAlgorithm),
                                                              $"The hash algorithm {hashAlgorithm.Name} is not supported.");
                    }
                    using (var writer = new AsnWriter(AsnEncodingRules.DER)) {
                        writer.WritePssSignatureAlgorithmIdentifier(saltLen, oid);
                        return(writer.Encode());
                    }
                }
                throw new ArgumentOutOfRangeException(nameof(signature),
                                                      "Specified Padding is not supported.");
            }

            if (hashAlgorithm == HashAlgorithmName.SHA256)
            {
                oid = Oids.ECDsaWithSha256;
            }
            else if (hashAlgorithm == HashAlgorithmName.SHA384)
            {
                oid = Oids.ECDsaWithSha384;
            }
            else if (hashAlgorithm == HashAlgorithmName.SHA512)
            {
                oid = Oids.ECDsaWithSha512;
            }
            else
            {
                throw new ArgumentOutOfRangeException(nameof(hashAlgorithm),
                                                      $"The hash algorithm {hashAlgorithm.Name} is not supported.");
            }
            using (var writer = new AsnWriter(AsnEncodingRules.DER)) {
                writer.PushSequence();
                writer.WriteObjectIdentifier(oid);
                writer.PopSequence();
                return(writer.Encode());
            }
        }