Each SignatureAndHashAlgorithm value lists a single hash/signature pair that the client is willing to verify. The values are indicated in descending order of preference. see RFC-5246 p.46
SignatureAndHashAlgorithm Class Documentation
Esempio n. 1
0
    public Signature FromReader(BinaryReader reader, long reload_msg_size) {
        var ascii = new ASCIIEncoding();
        var hashAlg = (HashAlgorithm)reader.ReadByte();
        var signatureAlg = (SignatureAlgorithm)reader.ReadByte();
        algorithm = new SignatureAndHashAlgorithm(hashAlg, signatureAlg);
        /* Read SignerIdentity */
        var type = (SignerIdentityType)reader.ReadByte();
        UInt16 length = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16());
        /* Read SignerIdentityValue */
        hashAlg = (HashAlgorithm)reader.ReadByte();
        length -= 1;
        ushort hashLen = (ushort)reader.ReadByte();
        byte[] bHash = reader.ReadBytes(hashLen);
        /* Create SignerIdentityValue */
        var signerIdVal = new SignerIdentityValue(type, hashAlg, bHash);
        /* Create SignerIdentity */
        identity = new SignerIdentity(type, signerIdVal);
        /* Read SignatureValue */
        UInt16 sigLen = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16());
        signatureValue = reader.ReadBytes(sigLen);

        return this;
    }
Esempio n. 2
0
    /// <summary>
    /// Each StoredData element is individually signed.  However, the
    /// signature also must be self-contained and cover the Kind-ID and
    /// Resource-ID even though they are not present in the StoredData
    /// structure.  The input to the signature algorithm is:
    /// resource_id || kind || storage_time || StoredDataValue ||
    /// SignerIdentity
    /// </summary>
    /// <param name="resId"></param>
    /// <param name="kind"></param>
    /// <param name="storageTime"></param>
    /// <param name="storedDataValue"></param>
    /// <param name="identity"></param>
    public Signature(ResourceId resId, UInt32 kind, UInt64 storageTime,
      StoredDataValue value, SignerIdentity signerIdentity,
      ReloadConfig config) {

      m_ReloadConfig = config;
      var ascii = new ASCIIEncoding();
      /* Set alogorithm and identity */
      algorithm =  new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
        ReloadGlobals.SignatureAlg);
      identity = signerIdentity;
      /* Get string of stored data value */
      var ms = new MemoryStream();
      var bw = new BinaryWriter(ms);
      value.Dump(bw);
      value.GetUsageValue.dump(bw);
      ms.Position = 0;
      var sr = new StreamReader(ms);
      string strValue = sr.ReadToEnd();
      sr.Close();
      bw.Close();
      /* Concatenate signature input */
      String signaturInput = String.Format("{0}{1}{2}{3}{4}",
        ascii.GetString(resId.Data, 0, resId.Data.Length), kind, storageTime,
        strValue, identity.ToString());
      signatureValue = Sign(signaturInput);
    }
Esempio n. 3
0
    /// <summary>
    /// For signatures over messages the input to the signature is computed
    /// over the overlay and transaction_id come from the forwarding header
    /// see RELOAD base -13 p.53
    /// </summary>
    /// <param name="overlay">overlay</param>
    /// <param name="transaction_id">transaction_id</param>
    /// <param name="messageContents">Message Contents</param>
    /// <param name="signerIdentity">SignerIdentity</param>
    public Signature(UInt32 overlay, string transactionId, string messageContents, SignerIdentity signerIdentity, ReloadConfig config) {

      m_ReloadConfig = config;

      algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
        ReloadGlobals.SignatureAlg);
      identity = signerIdentity;
      /* Compute signature */      
      String signaturInput = String.Format("{0}{1}{2}{3}", overlay, transactionId, messageContents, identity.ToString());

      signatureValue = Sign(signaturInput);      
    }
Esempio n. 4
0
    public Signature(UInt32 overlay, string transactionId, byte[] messageContents, SignerIdentity signerIdentity, ReloadConfig config)
    {
        m_ReloadConfig = config;

        algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256,
          ReloadGlobals.SignatureAlg);
        identity = signerIdentity;
        /* Compute signature */

        byte[] bOverlay = BitConverter.GetBytes(overlay);
        byte[] bTransId = Encoding.Unicode.GetBytes(transactionId);
        byte[] bId = Encoding.Unicode.GetBytes(identity.ToString());

        byte[] sig = new byte[bOverlay.Length + bTransId.Length + messageContents.Length + bId.Length];
        System.Buffer.BlockCopy(bOverlay, 0, sig, 0, bOverlay.Length);
        System.Buffer.BlockCopy(bTransId, 0, sig, bOverlay.Length, bTransId.Length);
        System.Buffer.BlockCopy(messageContents, 0, sig, bOverlay.Length + bTransId.Length, messageContents.Length);
        System.Buffer.BlockCopy(bId, 0, sig, bOverlay.Length + bTransId.Length + messageContents.Length, bId.Length);

        signatureValue = Sign(sig);
    }
Esempio n. 5
0
    public bool validateDataSignature(ResourceId resId, uint kind, StoredData sd) {
      //FetchAns fetch_answer = (FetchAns)(reloadMsg.reload_message_body);

      var ascii = new ASCIIEncoding();
      /* Set alogorithm and identity */
      SignatureAndHashAlgorithm algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg);
      /* Covert Idenity to string */
      String identity = sd.Signature.Identity.ToString();
      /* Get string of stored data value */
      var ms = new MemoryStream();
      var bw = new BinaryWriter(ms);
      sd.Value.Dump(bw);
      sd.Value.GetUsageValue.dump(bw);
      ms.Position = 0;
      var sr = new StreamReader(ms);
      string strValue = sr.ReadToEnd();
      sr.Close();
      bw.Close();
      /* Concatenate signature input */
      String strSignaturInput = String.Format("{0}{1}{2}{3}{4}",
        ascii.GetString(resId.Data, 0, resId.Data.Length), kind, sd.StoreageTime,
        strValue, identity);

      byte[] signatureInput = ascii.GetBytes(strSignaturInput);
      byte[] sigVal = sd.Signature.SignaureValue;

      GenericCertificate gencert = GetPKC(sd.Signature.Identity);
      byte[] bcert = gencert.Certificate; //TODO: TEST
      X509Certificate2 signerCert = new X509Certificate2(bcert);

      if (!Utils.X509Utils.VerifyCertificate(signerCert, m_ReloadConfig.RootCertificate))
      {
        m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_ERROR,
          String.Format("validateDataSignatures: NodeID {0}, Certificate" +
          "validation failed (CA Issuer {1})",
          null, signerCert.Issuer));
        //return false;
      }
      var cert = new X509Certificate2(bcert);

      switch (sd.Signature.Algorithm.signature) {
        case SignatureAlgorithm.rsa:
          var cryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key;

          switch (sd.Signature.Algorithm.hash) {
            case HashAlgorithm.sha256:
              var sha256 = new SHA256CryptoServiceProvider();

              if (!cryptoIPT.VerifyData(signatureInput, sha256, sigVal)) {
                throw new InvalidOperationException("Invalid signature");
                return false;
              }
              else {
                m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_FORWARDING, "DATA SIGNATURE VALID!!");
                return true;
              }
              break;
            default:
              throw new NotImplementedException("AccessController:" +
                "hash algoritm not implemented!");
          }

          break;
        case SignatureAlgorithm.dsa:
          throw new NotImplementedException("AccessController:" +
            "DSA encryption not implemented!");
        default:
          throw new NotImplementedException("AccessController:" +
            "encryption not implemented!");
      }
    }