public virtual AsymmetricCipherKeyPair GenerateKeyPair()
{
Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters(random);
Ed448PublicKeyParameters publicKey = privateKey.GeneratePublicKey();
return(new AsymmetricCipherKeyPair(publicKey, privateKey));
}
private void BasicSigTest()
{
Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters(
Hex.DecodeStrict(
"6c82a562cb808d10d632be89c8513ebf" +
"6c929f34ddfa8c9f63c9960ef6e348a3" +
"528c8a3fcc2f044e39a3fc5b94492f8f" +
"032e7549a20098f95b"), 0);
Ed448PublicKeyParameters publicKey = new Ed448PublicKeyParameters(
Hex.DecodeStrict("5fd7449b59b461fd2ce787ec616ad46a" +
"1da1342485a70e1f8a0ea75d80e96778" +
"edf124769b46c7061bd6783df1e50f6c" +
"d1fa1abeafe8256180"), 0);
byte[] sig = Hex.DecodeStrict("533a37f6bbe457251f023c0d88f976ae" +
"2dfb504a843e34d2074fd823d41a591f" +
"2b233f034f628281f2fd7a22ddd47d78" +
"28c59bd0a21bfd3980ff0d2028d4b18a" +
"9df63e006c5d1c2d345b925d8dc00b41" +
"04852db99ac5c7cdda8530a113a0f4db" +
"b61149f05a7363268c71d95808ff2e65" +
"2600");
ISigner signer = new Ed448Signer(new byte[0]);
signer.Init(true, privateKey);
IsTrue(AreEqual(sig, signer.GenerateSignature()));
signer.Init(false, publicKey);
IsTrue(signer.VerifySignature(sig));
}
private void DoTestConsistency(Ed448.Algorithm algorithm, byte[] context)
{
Ed448KeyPairGenerator kpg = new Ed448KeyPairGenerator();
kpg.Init(new Ed448KeyGenerationParameters(Random));
AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair();
Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters)kp.Private;
Ed448PublicKeyParameters publicKey = (Ed448PublicKeyParameters)kp.Public;
byte[] msg = new byte[Random.NextInt() & 255];
Random.NextBytes(msg);
ISigner signer = CreateSigner(algorithm, context);
signer.Init(true, privateKey);
signer.BlockUpdate(msg, 0, msg.Length);
byte[] signature = signer.GenerateSignature();
ISigner verifier = CreateSigner(algorithm, context);
{
verifier.Init(false, publicKey);
verifier.BlockUpdate(msg, 0, msg.Length);
bool shouldVerify = verifier.VerifySignature(signature);
if (!shouldVerify)
{
Fail("Ed448(" + algorithm + ") signature failed to verify");
}
}
{
byte[] wrongLengthSignature = Arrays.Append(signature, 0x00);
verifier.Init(false, publicKey);
verifier.BlockUpdate(msg, 0, msg.Length);
bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature);
if (shouldNotVerify)
{
Fail("Ed448(" + algorithm + ") wrong length signature incorrectly verified");
}
}
{
byte[] badSignature = Arrays.Clone(signature);
badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7));
verifier.Init(false, publicKey);
verifier.BlockUpdate(msg, 0, msg.Length);
bool shouldNotVerify = verifier.VerifySignature(badSignature);
if (shouldNotVerify)
{
Fail("Ed448(" + algorithm + ") bad signature incorrectly verified");
}
}
}
internal byte[] GenerateSignature(Ed448PrivateKeyParameters privateKey, Ed448PublicKeyParameters publicKey, byte[] ctx)
{
#if PORTABLE
byte[] buf = ToArray();
int count = buf.Length;
#else
byte[] buf = GetBuffer();
int count = (int)Position;
#endif
byte[] signature = new byte[Ed448PrivateKeyParameters.SignatureSize];
privateKey.Sign(Ed448.Algorithm.Ed448, publicKey, ctx, buf, 0, count, signature, 0);
Reset();
return(signature);
}
internal bool VerifySignature(Ed448PublicKeyParameters publicKey, byte[] ctx, byte[] signature)
{
#if PORTABLE
byte[] buf = ToArray();
int count = buf.Length;
#else
byte[] buf = GetBuffer();
int count = (int)Position;
#endif
byte[] pk = publicKey.GetEncoded();
bool result = Ed448.Verify(signature, 0, pk, 0, ctx, buf, 0, count);
Reset();
return(result);
}
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
if (forSigning)
{
this.privateKey = (Ed448PrivateKeyParameters)parameters;
this.publicKey = null;
}
else
{
this.privateKey = null;
this.publicKey = (Ed448PublicKeyParameters)parameters;
}
Reset();
}
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
if (forSigning)
{
// TODO Allow AsymmetricCipherKeyPair to be a CipherParameters?
this.privateKey = (Ed448PrivateKeyParameters)parameters;
this.publicKey = privateKey.GeneratePublicKey();
}
else
{
this.privateKey = null;
this.publicKey = (Ed448PublicKeyParameters)parameters;
}
Reset();
}
/// <summary>
/// Verifies a signature to be authentic
/// </summary>
/// <param name="originalSignature">The signature which is be verified</param>
/// <param name="publicKey">the public key used for the verification</param>
/// <param name="data">the data which is signed</param>
/// <returns>true if signature is authentic, false if not</returns>
public bool Verify(byte[] originalSignature, byte[] publicKey, byte[] data)
{
Ed448PublicKeyParameters pubKey = null;
try
{
pubKey = (Ed448PublicKeyParameters)CreateAsymmetricKeyParameterFromPublicKeyInfo(publicKey);
}
catch (InvalidCastException exception)
{
string message = "Public Key Import Failed!\n" +
$"{exception.Message}.\n" +
"The contents of the source do not represent a valid Ed448 key parameter\n" +
"Verify that the key is not corrupted.\n" +
"- or - Verify that the correct key is selected.";
throw new CryptoException(message, exception);
}
var signer = new Ed448Signer(ByteConvert.StringToAsciiBytes("context"));
signer.Init(false, pubKey);
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(originalSignature));
}
/// <summary>
/// Create a Subject Public Key Info object for a given public key.
/// </summary>
/// <param name="publicKey">One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters</param>
/// <returns>A subject public key info object.</returns>
/// <exception cref="Exception">Throw exception if object provided is not one of the above.</exception>
public static SubjectPublicKeyInfo CreateSubjectPublicKeyInfo(
AsymmetricKeyParameter publicKey)
{
if (publicKey == null)
throw new ArgumentNullException("publicKey");
if (publicKey.IsPrivate)
throw new ArgumentException("Private key passed - public key expected.", "publicKey");
if (publicKey is ElGamalPublicKeyParameters)
{
ElGamalPublicKeyParameters _key = (ElGamalPublicKeyParameters)publicKey;
ElGamalParameters kp = _key.Parameters;
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(kp.P, kp.G).ToAsn1Object()),
new DerInteger(_key.Y));
return info;
}
if (publicKey is DsaPublicKeyParameters)
{
DsaPublicKeyParameters _key = (DsaPublicKeyParameters) publicKey;
DsaParameters kp = _key.Parameters;
Asn1Encodable ae = kp == null
? null
: new DsaParameter(kp.P, kp.Q, kp.G).ToAsn1Object();
return new SubjectPublicKeyInfo(
new AlgorithmIdentifier(X9ObjectIdentifiers.IdDsa, ae),
new DerInteger(_key.Y));
}
if (publicKey is DHPublicKeyParameters)
{
DHPublicKeyParameters _key = (DHPublicKeyParameters) publicKey;
DHParameters kp = _key.Parameters;
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(
_key.AlgorithmOid,
new DHParameter(kp.P, kp.G, kp.L).ToAsn1Object()),
new DerInteger(_key.Y));
return info;
} // End of DH
if (publicKey is RsaKeyParameters)
{
RsaKeyParameters _key = (RsaKeyParameters) publicKey;
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance),
new RsaPublicKeyStructure(_key.Modulus, _key.Exponent).ToAsn1Object());
return info;
} // End of RSA.
if (publicKey is ECPublicKeyParameters)
{
ECPublicKeyParameters _key = (ECPublicKeyParameters) publicKey;
if (_key.Parameters is ECGost3410Parameters)
{
ECGost3410Parameters gostParams = (ECGost3410Parameters)_key.Parameters;
BigInteger bX = _key.Q.AffineXCoord.ToBigInteger();
BigInteger bY = _key.Q.AffineYCoord.ToBigInteger();
bool is512 = (bX.BitLength > 256);
Gost3410PublicKeyAlgParameters parameters = new Gost3410PublicKeyAlgParameters(
gostParams.PublicKeyParamSet,
gostParams.DigestParamSet,
gostParams.EncryptionParamSet);
int encKeySize;
int offset;
DerObjectIdentifier algIdentifier;
if (is512)
{
encKeySize = 128;
offset = 64;
algIdentifier = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512;
}
else
{
encKeySize = 64;
offset = 32;
algIdentifier = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
}
byte[] encKey = new byte[encKeySize];
ExtractBytes(encKey, encKeySize / 2, 0, bX);
ExtractBytes(encKey, encKeySize / 2, offset, bY);
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(algIdentifier, parameters), new DerOctetString(encKey));
} // End of ECGOST3410_2012
if (_key.AlgorithmName == "ECGOST3410")
{
if (_key.PublicKeyParamSet == null)
throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");
ECPoint q = _key.Q.Normalize();
BigInteger bX = q.AffineXCoord.ToBigInteger();
BigInteger bY = q.AffineYCoord.ToBigInteger();
byte[] encKey = new byte[64];
ExtractBytes(encKey, 0, bX);
ExtractBytes(encKey, 32, bY);
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
_key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet);
AlgorithmIdentifier algID = new AlgorithmIdentifier(
CryptoProObjectIdentifiers.GostR3410x2001,
gostParams.ToAsn1Object());
return new SubjectPublicKeyInfo(algID, new DerOctetString(encKey));
}
else
{
X962Parameters x962;
if (_key.PublicKeyParamSet == null)
{
ECDomainParameters kp = _key.Parameters;
X9ECParameters ecP = new X9ECParameters(kp.Curve, kp.G, kp.N, kp.H, kp.GetSeed());
x962 = new X962Parameters(ecP);
}
else
{
x962 = new X962Parameters(_key.PublicKeyParamSet);
}
byte[] pubKey = _key.Q.GetEncoded(false);
AlgorithmIdentifier algID = new AlgorithmIdentifier(
X9ObjectIdentifiers.IdECPublicKey, x962.ToAsn1Object());
return new SubjectPublicKeyInfo(algID, pubKey);
}
} // End of EC
if (publicKey is Gost3410PublicKeyParameters)
{
Gost3410PublicKeyParameters _key = (Gost3410PublicKeyParameters) publicKey;
if (_key.PublicKeyParamSet == null)
throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");
byte[] keyEnc = _key.Y.ToByteArrayUnsigned();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyBytes.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian
}
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
_key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet);
AlgorithmIdentifier algID = new AlgorithmIdentifier(
CryptoProObjectIdentifiers.GostR3410x94,
algParams.ToAsn1Object());
return new SubjectPublicKeyInfo(algID, new DerOctetString(keyBytes));
}
if (publicKey is X448PublicKeyParameters)
{
X448PublicKeyParameters key = (X448PublicKeyParameters)publicKey;
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X448), key.GetEncoded());
}
if (publicKey is X25519PublicKeyParameters)
{
X25519PublicKeyParameters key = (X25519PublicKeyParameters)publicKey;
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), key.GetEncoded());
}
if (publicKey is Ed448PublicKeyParameters)
{
Ed448PublicKeyParameters key = (Ed448PublicKeyParameters)publicKey;
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448), key.GetEncoded());
}
if (publicKey is Ed25519PublicKeyParameters)
{
Ed25519PublicKeyParameters key = (Ed25519PublicKeyParameters)publicKey;
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), key.GetEncoded());
}
throw new ArgumentException("Class provided no convertible: " + Platform.GetTypeName(publicKey));
}
public static bool Validate(byte[] content, CBORObject alg, OneKey signKey, byte[] rgbSignature)
{
IDigest digest = null;
IDigest digest2 = null;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
break;
default:
throw new Exception("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case AlgorithmValuesInt.EdDSA:
break;
default:
throw new CoseException("Unknown signature algorith");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
return(HashSig.Validate(content,
signKey[CoseKeyParameterKeys.Lms_Public].GetByteString(),
rgbSignature));
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
ICipherParameters prv = signKey.AsPublicKey();
ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG());
signer.Init(false, param);
signer.BlockUpdate(content, 0, content.Length);
return(signer.VerifySignature(rgbSignature));
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
if (signKey.GetKeyType() != GeneralValuesInt.KeyType_EC2)
{
throw new CoseException("Key is not correctly constructed.");
}
digest.BlockUpdate(content, 0, content.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
ICipherParameters param = signKey.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, param);
BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2);
BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2);
return(ecdsa.VerifySignature(digestedMessage, r, s));
}
#if true
case AlgorithmValuesInt.EdDSA: {
ISigner eddsa;
if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519))
{
ICipherParameters privKey = signKey.AsPublicKey();
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
}
else if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448))
{
Ed448PublicKeyParameters privKey =
new Ed448PublicKeyParameters(signKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0);
eddsa = new Ed448Signer(new byte[0]);
eddsa.Init(false, privKey);
}
else
{
throw new CoseException("Unrecognized curve");
}
eddsa.BlockUpdate(content, 0, content.Length);
return(eddsa.VerifySignature(rgbSignature));
}
#endif
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
public bool Validate(OneKey signerKey)
{
CBORObject alg; // Get the set algorithm or infer one
byte[] bytesToBeSigned = toBeSigned();
alg = FindAttribute(HeaderKeys.Algorithm);
if (alg == null)
{
throw new CoseException("No algorithm specified");
}
IDigest digest = null;
IDigest digest2 = null;
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "ES384":
case "PS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "HSS-LMS":
break;
default:
throw new CoseException("Unknown signature algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.RSA_PSS_256:
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.RSA_PSS_384:
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case AlgorithmValuesInt.ECDSA_512:
case AlgorithmValuesInt.RSA_PSS_512:
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case AlgorithmValuesInt.EdDSA:
break;
default:
throw new CoseException("Unknown signature algorithm");
}
}
else
{
throw new CoseException("Algorthm incorrectly encoded");
}
if (alg.Type == CBORType.TextString)
{
switch (alg.AsString())
{
case "HSS-LMS":
return(HashSig.Validate(bytesToBeSigned,
signerKey[CoseKeyParameterKeys.Lms_Public].GetByteString(),
_rgbSignature));
default:
throw new CoseException("Unknown Algorithm");
}
}
else if (alg.Type == CBORType.Integer)
{
switch ((AlgorithmValuesInt)alg.AsInt32())
{
case AlgorithmValuesInt.RSA_PSS_256:
case AlgorithmValuesInt.RSA_PSS_384:
case AlgorithmValuesInt.RSA_PSS_512: {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_n), signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_e), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv));
ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG());
signer.Init(false, param);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.VerifySignature(_rgbSignature));
}
case AlgorithmValuesInt.ECDSA_256:
case AlgorithmValuesInt.ECDSA_384:
case AlgorithmValuesInt.ECDSA_512: {
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] digestedMessage = new byte[digest.GetDigestSize()];
digest.DoFinal(digestedMessage, 0);
X9ECParameters p = signerKey.GetCurve();
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPoint point = signerKey.GetPoint();
ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, param);
BigInteger r = new BigInteger(1, _rgbSignature, 0, _rgbSignature.Length / 2);
BigInteger s = new BigInteger(1, _rgbSignature, _rgbSignature.Length / 2, _rgbSignature.Length / 2);
return(ecdsa.VerifySignature(digestedMessage, r, s));
}
#if true
case AlgorithmValuesInt.EdDSA: {
ISigner eddsa;
if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519))
{
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
}
else if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448))
{
Ed448PublicKeyParameters privKey =
new Ed448PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0);
eddsa = new Ed448Signer(new byte[0]);
eddsa.Init(false, privKey);
}
else
{
throw new CoseException("Unrecognized curve");
}
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(eddsa.VerifySignature(_rgbSignature));
}
#endif
default:
throw new CoseException("Unknown Algorithm");
}
}
else
{
throw new CoseException("Algorithm incorrectly encoded");
}
}
