public byte[] PkcsSign(byte[] m, TpmAlgId hashAlg)
{
int k = KeySize;
byte[] em = CryptoEncoders.Pkcs15Encode(m, k, hashAlg);
BigInteger message = FromBigEndian(em);
BigInteger sig = BigInteger.ModPow(message, D, N);
byte[] signature = ToBigEndian(sig, KeySize);
return(signature);
}
public bool PssVerify(byte[] m, byte[] signature, TpmAlgId hashAlg)
{
// The TPM uses the maximum salt length
int defaultPssSaltLength = 0; // KeySize - CryptoLib.DigestSize(hashAlg) - 1 - 1;
BigInteger sig = FromBigEndian(signature);
BigInteger emx = BigInteger.ModPow(sig, E, N);
byte[] em = ToBigEndian(emx, KeySize);
bool ok = CryptoEncoders.PssVerify(m, em, defaultPssSaltLength, NumBits - 1, hashAlg);
return(ok);
}
public byte[] PssSign(byte[] m, TpmAlgId hashAlg)
{
// The TPM uses the maximum salt length
int defaultPssSaltLength = 0; // KeySize - CryptoLib.DigestSize(hashAlg) - 1 - 1;
// Encode
byte[] em = CryptoEncoders.PssEncode(m, hashAlg, defaultPssSaltLength, NumBits - 1);
BigInteger message = FromBigEndian(em);
// Sign
BigInteger sig = BigInteger.ModPow(message, D, N);
byte[] signature = ToBigEndian(sig, KeySize);
return(signature);
}
public byte[] OaepEncrypt(byte[] data, TpmAlgId hashAlg, byte[] encodingParms)
{
if (data.Length == 0)
{
throw new ArgumentException("");
}
int encLen = NumBits / 8;
byte[] zeroTermEncoding = GetLabel(encodingParms);
byte[] encoded = CryptoEncoders.OaepEncode(data, zeroTermEncoding, hashAlg, encLen);
BigInteger message = FromBigEndian(encoded);
BigInteger cipher = BigInteger.ModPow(message, E, N);
byte[] encMessageBigEnd = ToBigEndian(cipher, KeySize);
return(encMessageBigEnd);
}
public byte[] OaepEncrypt(byte[] data, TpmAlgId hashAlg, byte[] encodingParms)
{
int encLen = NumBits / 8;
byte[] zeroTermEncoding = GetLabel(encodingParms);
byte[] encoded = CryptoEncoders.OaepEncode(data, zeroTermEncoding, hashAlg, encLen);
BigInteger message = FromBigEndian(encoded);
BigInteger cipher = BigInteger.ModPow(message, E, N);
byte[] encMessageBigEnd = ToBigEndian(cipher, KeySize);
if (encMessageBigEnd.Length < encLen)
{
encMessageBigEnd = Globs.AddZeroToBeginning(encMessageBigEnd, encLen - encMessageBigEnd.Length);
}
return(encMessageBigEnd);
}
public bool PkcsVerify(byte[] m, byte[] s, TpmAlgId hashAlg)
{
if (s.Length != KeySize)
{
throw new Exception("Invalid signature");
}
int k = KeySize;
BigInteger sig = FromBigEndian(s);
BigInteger emx = BigInteger.ModPow(sig, E, N);
byte[] emDecrypted = ToBigEndian(emx, KeySize);
byte[] emPrime = CryptoEncoders.Pkcs15Encode(m, k, hashAlg);
if (!Globs.ArraysAreEqual(emPrime, emDecrypted))
{
return(false);
}
return(true);
}
public byte[] OaepDecrypt(byte[] cipherText, TpmAlgId hashAlg, byte[] encodingParms)
{
byte[] zeroTermEncoding = GetLabel(encodingParms);
BigInteger cipher = FromBigEndian(cipherText);
BigInteger plain = BigInteger.ModPow(cipher, D, N);
byte[] encMessage = ToBigEndian(plain, KeySize - 1);
byte[] message;
// Hack - be robust to leading zeros
while (true)
{
bool decodeOk = CryptoEncoders.OaepDecode(encMessage, zeroTermEncoding, hashAlg, out message);
if (decodeOk)
{
break;
}
encMessage = Globs.AddZeroToBeginning(encMessage);
}
return(message);
}