public virtual AsymmetricCipherKeyPair GenerateKeyPair() { Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters(random); Ed448PublicKeyParameters publicKey = privateKey.GeneratePublicKey(); return(new AsymmetricCipherKeyPair(publicKey, privateKey)); }
private void BasicSigTest() { Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters( Hex.DecodeStrict( "6c82a562cb808d10d632be89c8513ebf" + "6c929f34ddfa8c9f63c9960ef6e348a3" + "528c8a3fcc2f044e39a3fc5b94492f8f" + "032e7549a20098f95b"), 0); Ed448PublicKeyParameters publicKey = new Ed448PublicKeyParameters( Hex.DecodeStrict("5fd7449b59b461fd2ce787ec616ad46a" + "1da1342485a70e1f8a0ea75d80e96778" + "edf124769b46c7061bd6783df1e50f6c" + "d1fa1abeafe8256180"), 0); byte[] sig = Hex.DecodeStrict("533a37f6bbe457251f023c0d88f976ae" + "2dfb504a843e34d2074fd823d41a591f" + "2b233f034f628281f2fd7a22ddd47d78" + "28c59bd0a21bfd3980ff0d2028d4b18a" + "9df63e006c5d1c2d345b925d8dc00b41" + "04852db99ac5c7cdda8530a113a0f4db" + "b61149f05a7363268c71d95808ff2e65" + "2600"); ISigner signer = new Ed448Signer(new byte[0]); signer.Init(true, privateKey); IsTrue(AreEqual(sig, signer.GenerateSignature())); signer.Init(false, publicKey); IsTrue(signer.VerifySignature(sig)); }
private void DoTestConsistency(Ed448.Algorithm algorithm, byte[] context) { Ed448KeyPairGenerator kpg = new Ed448KeyPairGenerator(); kpg.Init(new Ed448KeyGenerationParameters(Random)); AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters)kp.Private; Ed448PublicKeyParameters publicKey = (Ed448PublicKeyParameters)kp.Public; byte[] msg = new byte[Random.NextInt() & 255]; Random.NextBytes(msg); ISigner signer = CreateSigner(algorithm, context); signer.Init(true, privateKey); signer.BlockUpdate(msg, 0, msg.Length); byte[] signature = signer.GenerateSignature(); ISigner verifier = CreateSigner(algorithm, context); { verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldVerify = verifier.VerifySignature(signature); if (!shouldVerify) { Fail("Ed448(" + algorithm + ") signature failed to verify"); } } { byte[] wrongLengthSignature = Arrays.Append(signature, 0x00); verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature); if (shouldNotVerify) { Fail("Ed448(" + algorithm + ") wrong length signature incorrectly verified"); } } { byte[] badSignature = Arrays.Clone(signature); badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldNotVerify = verifier.VerifySignature(badSignature); if (shouldNotVerify) { Fail("Ed448(" + algorithm + ") bad signature incorrectly verified"); } } }
internal byte[] GenerateSignature(Ed448PrivateKeyParameters privateKey, Ed448PublicKeyParameters publicKey, byte[] ctx) { #if PORTABLE byte[] buf = ToArray(); int count = buf.Length; #else byte[] buf = GetBuffer(); int count = (int)Position; #endif byte[] signature = new byte[Ed448PrivateKeyParameters.SignatureSize]; privateKey.Sign(Ed448.Algorithm.Ed448, publicKey, ctx, buf, 0, count, signature, 0); Reset(); return(signature); }
internal bool VerifySignature(Ed448PublicKeyParameters publicKey, byte[] ctx, byte[] signature) { #if PORTABLE byte[] buf = ToArray(); int count = buf.Length; #else byte[] buf = GetBuffer(); int count = (int)Position; #endif byte[] pk = publicKey.GetEncoded(); bool result = Ed448.Verify(signature, 0, pk, 0, ctx, buf, 0, count); Reset(); return(result); }
public virtual void Init(bool forSigning, ICipherParameters parameters) { this.forSigning = forSigning; if (forSigning) { this.privateKey = (Ed448PrivateKeyParameters)parameters; this.publicKey = null; } else { this.privateKey = null; this.publicKey = (Ed448PublicKeyParameters)parameters; } Reset(); }
public virtual void Init(bool forSigning, ICipherParameters parameters) { this.forSigning = forSigning; if (forSigning) { // TODO Allow AsymmetricCipherKeyPair to be a CipherParameters? this.privateKey = (Ed448PrivateKeyParameters)parameters; this.publicKey = privateKey.GeneratePublicKey(); } else { this.privateKey = null; this.publicKey = (Ed448PublicKeyParameters)parameters; } Reset(); }
/// <summary> /// Verifies a signature to be authentic /// </summary> /// <param name="originalSignature">The signature which is be verified</param> /// <param name="publicKey">the public key used for the verification</param> /// <param name="data">the data which is signed</param> /// <returns>true if signature is authentic, false if not</returns> public bool Verify(byte[] originalSignature, byte[] publicKey, byte[] data) { Ed448PublicKeyParameters pubKey = null; try { pubKey = (Ed448PublicKeyParameters)CreateAsymmetricKeyParameterFromPublicKeyInfo(publicKey); } catch (InvalidCastException exception) { string message = "Public Key Import Failed!\n" + $"{exception.Message}.\n" + "The contents of the source do not represent a valid Ed448 key parameter\n" + "Verify that the key is not corrupted.\n" + "- or - Verify that the correct key is selected."; throw new CryptoException(message, exception); } var signer = new Ed448Signer(ByteConvert.StringToAsciiBytes("context")); signer.Init(false, pubKey); signer.BlockUpdate(data, 0, data.Length); return(signer.VerifySignature(originalSignature)); }
/// <summary> /// Create a Subject Public Key Info object for a given public key. /// </summary> /// <param name="publicKey">One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters</param> /// <returns>A subject public key info object.</returns> /// <exception cref="Exception">Throw exception if object provided is not one of the above.</exception> public static SubjectPublicKeyInfo CreateSubjectPublicKeyInfo( AsymmetricKeyParameter publicKey) { if (publicKey == null) throw new ArgumentNullException("publicKey"); if (publicKey.IsPrivate) throw new ArgumentException("Private key passed - public key expected.", "publicKey"); if (publicKey is ElGamalPublicKeyParameters) { ElGamalPublicKeyParameters _key = (ElGamalPublicKeyParameters)publicKey; ElGamalParameters kp = _key.Parameters; SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( new AlgorithmIdentifier( OiwObjectIdentifiers.ElGamalAlgorithm, new ElGamalParameter(kp.P, kp.G).ToAsn1Object()), new DerInteger(_key.Y)); return info; } if (publicKey is DsaPublicKeyParameters) { DsaPublicKeyParameters _key = (DsaPublicKeyParameters) publicKey; DsaParameters kp = _key.Parameters; Asn1Encodable ae = kp == null ? null : new DsaParameter(kp.P, kp.Q, kp.G).ToAsn1Object(); return new SubjectPublicKeyInfo( new AlgorithmIdentifier(X9ObjectIdentifiers.IdDsa, ae), new DerInteger(_key.Y)); } if (publicKey is DHPublicKeyParameters) { DHPublicKeyParameters _key = (DHPublicKeyParameters) publicKey; DHParameters kp = _key.Parameters; SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( new AlgorithmIdentifier( _key.AlgorithmOid, new DHParameter(kp.P, kp.G, kp.L).ToAsn1Object()), new DerInteger(_key.Y)); return info; } // End of DH if (publicKey is RsaKeyParameters) { RsaKeyParameters _key = (RsaKeyParameters) publicKey; SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance), new RsaPublicKeyStructure(_key.Modulus, _key.Exponent).ToAsn1Object()); return info; } // End of RSA. if (publicKey is ECPublicKeyParameters) { ECPublicKeyParameters _key = (ECPublicKeyParameters) publicKey; if (_key.Parameters is ECGost3410Parameters) { ECGost3410Parameters gostParams = (ECGost3410Parameters)_key.Parameters; BigInteger bX = _key.Q.AffineXCoord.ToBigInteger(); BigInteger bY = _key.Q.AffineYCoord.ToBigInteger(); bool is512 = (bX.BitLength > 256); Gost3410PublicKeyAlgParameters parameters = new Gost3410PublicKeyAlgParameters( gostParams.PublicKeyParamSet, gostParams.DigestParamSet, gostParams.EncryptionParamSet); int encKeySize; int offset; DerObjectIdentifier algIdentifier; if (is512) { encKeySize = 128; offset = 64; algIdentifier = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512; } else { encKeySize = 64; offset = 32; algIdentifier = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256; } byte[] encKey = new byte[encKeySize]; ExtractBytes(encKey, encKeySize / 2, 0, bX); ExtractBytes(encKey, encKeySize / 2, offset, bY); return new SubjectPublicKeyInfo(new AlgorithmIdentifier(algIdentifier, parameters), new DerOctetString(encKey)); } // End of ECGOST3410_2012 if (_key.AlgorithmName == "ECGOST3410") { if (_key.PublicKeyParamSet == null) throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set"); ECPoint q = _key.Q.Normalize(); BigInteger bX = q.AffineXCoord.ToBigInteger(); BigInteger bY = q.AffineYCoord.ToBigInteger(); byte[] encKey = new byte[64]; ExtractBytes(encKey, 0, bX); ExtractBytes(encKey, 32, bY); Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters( _key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet); AlgorithmIdentifier algID = new AlgorithmIdentifier( CryptoProObjectIdentifiers.GostR3410x2001, gostParams.ToAsn1Object()); return new SubjectPublicKeyInfo(algID, new DerOctetString(encKey)); } else { X962Parameters x962; if (_key.PublicKeyParamSet == null) { ECDomainParameters kp = _key.Parameters; X9ECParameters ecP = new X9ECParameters(kp.Curve, kp.G, kp.N, kp.H, kp.GetSeed()); x962 = new X962Parameters(ecP); } else { x962 = new X962Parameters(_key.PublicKeyParamSet); } byte[] pubKey = _key.Q.GetEncoded(false); AlgorithmIdentifier algID = new AlgorithmIdentifier( X9ObjectIdentifiers.IdECPublicKey, x962.ToAsn1Object()); return new SubjectPublicKeyInfo(algID, pubKey); } } // End of EC if (publicKey is Gost3410PublicKeyParameters) { Gost3410PublicKeyParameters _key = (Gost3410PublicKeyParameters) publicKey; if (_key.PublicKeyParamSet == null) throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set"); byte[] keyEnc = _key.Y.ToByteArrayUnsigned(); byte[] keyBytes = new byte[keyEnc.Length]; for (int i = 0; i != keyBytes.Length; i++) { keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian } Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters( _key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet); AlgorithmIdentifier algID = new AlgorithmIdentifier( CryptoProObjectIdentifiers.GostR3410x94, algParams.ToAsn1Object()); return new SubjectPublicKeyInfo(algID, new DerOctetString(keyBytes)); } if (publicKey is X448PublicKeyParameters) { X448PublicKeyParameters key = (X448PublicKeyParameters)publicKey; return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X448), key.GetEncoded()); } if (publicKey is X25519PublicKeyParameters) { X25519PublicKeyParameters key = (X25519PublicKeyParameters)publicKey; return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), key.GetEncoded()); } if (publicKey is Ed448PublicKeyParameters) { Ed448PublicKeyParameters key = (Ed448PublicKeyParameters)publicKey; return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448), key.GetEncoded()); } if (publicKey is Ed25519PublicKeyParameters) { Ed25519PublicKeyParameters key = (Ed25519PublicKeyParameters)publicKey; return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), key.GetEncoded()); } throw new ArgumentException("Class provided no convertible: " + Platform.GetTypeName(publicKey)); }
public static bool Validate(byte[] content, CBORObject alg, OneKey signKey, byte[] rgbSignature) { IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": break; default: throw new Exception("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown signature algorith"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": return(HashSig.Validate(content, signKey[CoseKeyParameterKeys.Lms_Public].GetByteString(), rgbSignature)); default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); ICipherParameters prv = signKey.AsPublicKey(); ParametersWithRandom param = new ParametersWithRandom(prv, Message.GetPRNG()); signer.Init(false, param); signer.BlockUpdate(content, 0, content.Length); return(signer.VerifySignature(rgbSignature)); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { if (signKey.GetKeyType() != GeneralValuesInt.KeyType_EC2) { throw new CoseException("Key is not correctly constructed."); } digest.BlockUpdate(content, 0, content.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); ICipherParameters param = signKey.AsPublicKey(); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, param); BigInteger r = new BigInteger(1, rgbSignature, 0, rgbSignature.Length / 2); BigInteger s = new BigInteger(1, rgbSignature, rgbSignature.Length / 2, rgbSignature.Length / 2); return(ecdsa.VerifySignature(digestedMessage, r, s)); } #if true case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { ICipherParameters privKey = signKey.AsPublicKey(); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); } else if (signKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { Ed448PublicKeyParameters privKey = new Ed448PublicKeyParameters(signKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(false, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(content, 0, content.Length); return(eddsa.VerifySignature(rgbSignature)); } #endif default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }
public bool Validate(OneKey signerKey) { CBORObject alg; // Get the set algorithm or infer one byte[] bytesToBeSigned = toBeSigned(); alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { throw new CoseException("No algorithm specified"); } IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "ES384": case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "HSS-LMS": break; default: throw new CoseException("Unknown signature algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown signature algorithm"); } } else { throw new CoseException("Algorthm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": return(HashSig.Validate(bytesToBeSigned, signerKey[CoseKeyParameterKeys.Lms_Public].GetByteString(), _rgbSignature)); default: throw new CoseException("Unknown Algorithm"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_n), signerKey.AsBigInteger(CoseKeyParameterKeys.RSA_e), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG()); signer.Init(false, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.VerifySignature(_rgbSignature)); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = signerKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPoint point = signerKey.GetPoint(); ECPublicKeyParameters param = new ECPublicKeyParameters(point, parameters); ECDsaSigner ecdsa = new ECDsaSigner(); ecdsa.Init(false, param); BigInteger r = new BigInteger(1, _rgbSignature, 0, _rgbSignature.Length / 2); BigInteger s = new BigInteger(1, _rgbSignature, _rgbSignature.Length / 2, _rgbSignature.Length / 2); return(ecdsa.VerifySignature(digestedMessage, r, s)); } #if true case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { Ed25519PublicKeyParameters privKey = new Ed25519PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0); eddsa = new Ed25519Signer(); eddsa.Init(false, privKey); } else if (signerKey[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { Ed448PublicKeyParameters privKey = new Ed448PublicKeyParameters(signerKey[CoseKeyParameterKeys.OKP_X].GetByteString(), 0); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(false, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.VerifySignature(_rgbSignature)); } #endif default: throw new CoseException("Unknown Algorithm"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }