private void NextKey()
{
SM3Digest sm3keycur = new SM3Digest(sm3keybase);
sm3keycur.Update((byte)(ct >> 24 & 0x00ff));
sm3keycur.Update((byte)(ct >> 16 & 0x00ff));
sm3keycur.Update((byte)(ct >> 8 & 0x00ff));
sm3keycur.Update((byte)(ct & 0x00ff));
sm3keycur.DoFinal(key, 0);
keyOff = 0;
ct++;
}
/// <summary>
/// SM3加密
/// <para>
/// SM3是中华人民共和国政府采用的一种密码散列函数标准,由国家密码管理局于2010年12月17日发布。相关标准为“GM/T 0004-2012 《SM3密码杂凑算法》”。
/// 在商用密码体系中,SM3主要用于数字签名及验证、消息认证码生成及验证、随机数生成等,其算法公开。据国家密码管理局表示,其安全性及效率与SHA-256相当。
/// </para>
/// </summary>
/// <param name="data">待加密的数据</param>
/// <returns>返回SM3加密后的二进制字节数组</returns>
public static byte[] SM3(this string data)
{
if (string.IsNullOrEmpty(data))
{
return(null);
}
var digest = new SM3Digest();
var bytes = Encoding.UTF8.GetBytes(data);
digest.BlockUpdate(bytes, 0, bytes.Length);
return(DigestUtilities.DoFinal(digest));
}
private void Reset()
{
this.sm3keybase = new SM3Digest();
this.sm3c3 = new SM3Digest();
byte[] p = byteConvert32Bytes(p2.Normalize().XCoord.ToBigInteger());
this.sm3keybase.BlockUpdate(p, 0, p.Length);
this.sm3c3.BlockUpdate(p, 0, p.Length);
p = byteConvert32Bytes(p2.Normalize().YCoord.ToBigInteger());
this.sm3keybase.BlockUpdate(p, 0, p.Length);
this.ct = 1;
NextKey();
}
public static string Compute(string data)
{
if (string.IsNullOrEmpty(data))
{
throw new ArgumentNullException(nameof(data));
}
var digest = new SM3Digest();
var bytes = Encoding.UTF8.GetBytes(data);
digest.BlockUpdate(bytes, 0, bytes.Length);
var result = DigestUtilities.DoFinal(digest);
return(BitConverter.ToString(result).Replace("-", "").ToLower());
}
public void DigestTest()
{
SM3Digest sm3Digest = new SM3Digest();
string ofdXml = Path.Combine(Directory.GetCurrentDirectory(), "Files", "OFD.xml");
byte[] ofdXmlContent = File.ReadAllBytes(ofdXml);
sm3Digest.BlockUpdate(ofdXmlContent, 0, ofdXmlContent.Length);
byte[] output = new byte[32];
sm3Digest.DoFinal(output, 0);
byte[] expect = Convert.FromBase64String("/Ew+hIIgEQwmbW71cvPmIjkT9S7ABpRZTUPHtNBwhZg=");
Assert.AreEqual(true, Arrays.AreEqual(output, expect));
}
/// <summary>
/// sha1
/// </summary>
/// <param name="dataStr"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static byte[] Sm3(string dataStr, Encoding encoding)
{
try
{
byte[] data = encoding.GetBytes(dataStr);
SM3Digest digest = new SM3Digest();
digest.BlockUpdate(data, 0, data.Length);
byte[] result = DigestUtilities.DoFinal(digest);
return(result);
}
catch
{
return(null);
}
}
/// <summary>
/// 获取杂凑值H
/// </summary>
/// <param name="z">Z值</param>
/// <param name="data">待签名消息</param>
/// <returns></returns>
public virtual byte[] Sm2GetH(byte[] z, byte[] data)
{
SM3Digest sm3 = new SM3Digest();
//Z
sm3.BlockUpdate(z, 0, z.Length);
//待签名消息
sm3.BlockUpdate(data, 0, data.Length);
// H
byte[] md = new byte[sm3.GetDigestSize()];
sm3.DoFinal(md, 0);
return(md);
}
/// <summary>
/// sha1
/// </summary>
/// <param name="dataStr"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static byte[] Sm3(string dataStr, Encoding encoding)
{
try
{
byte[] data = encoding.GetBytes(dataStr);
SM3Digest digest = new SM3Digest();
digest.BlockUpdate(data, 0, data.Length);
byte[] result = DigestUtilities.DoFinal(digest);
return(result);
}
catch (Exception e)
{
log.Error("sm3失败:" + e.Message);
return(null);
}
}
/// <summary>
/// 签名数据验证
/// </summary>
/// <param name="type">电子签名类型</param>
/// <param name="tbsContent">待签章内容</param>
/// <param name="signedValue">电子签章数据或签名值(SignedValue.xml文件内容)</param>
public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue)
{
if (type == SigType.Sign)
{
throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
}
//计算原文摘要
SM3Digest md = new SM3Digest();
md.BlockUpdate(tbsContent, 0, tbsContent.Length);
byte[] output = new byte[32];
md.DoFinal(output, 0);
SesSignature sesSignature = SesSignature.GetInstance(signedValue);
TbsSign toSign = sesSignature.TbsSign;
byte[] exceptHash = toSign.DataHash.GetOctets();
if (!Arrays.AreEqual(output, exceptHash))
{
return(VerifyResult.SignedNotMatch);
}
//加载证书
byte[] certDer = sesSignature.Cert.GetOctets();
X509CertificateParser parser = new X509CertificateParser();
X509Certificate cert = parser.ReadCertificate(certDer);
//判断证书是否过期
if (!cert.IsValid(DateTime.Now))
{
return(VerifyResult.SealOutdated);
}
//获取签名验证对象
ISigner signer = SignerUtilities.GetSigner(sesSignature.SignatureAlgId);
AsymmetricKeyParameter p = cert.GetPublicKey();
signer.Init(false, p);
byte[] buf = toSign.GetDerEncoded();
signer.BlockUpdate(buf, 0, buf.Length);
//预期的电子签章数据,签章值
byte[] expect = sesSignature.Signature.GetOctets();
//验证签名
bool result = signer.VerifySignature(expect);
return(result ? VerifyResult.Success : VerifyResult.SealTampered);
}
private void ValiCode(object sender, EventArgs e)
{
string codeStr = _ActivationCode;
int resLen = 256;
byte[] res = new byte[resLen];
int v = YouyiSdk.M_GetDevSn(_globalParam.m_Handle, ref resLen, ref res[0]);
if (v == 0)
{
byte[] sec = new UTF8Encoding().GetBytes(BaseConfig.AC_SECRET);
byte[] newRes = new byte[resLen];
Array.Copy(res, newRes, resLen);
LogHelper.ShowLog("设备SN:{0}", new UTF8Encoding().GetString(Hex.Encode(newRes)));
// 验证激活码与SN
byte[] md = new byte[32];
byte[] code = Encoding.Default.GetBytes(codeStr);
byte[] bt = new byte[resLen + sec.Length + code.Length];
newRes.CopyTo(bt, 0);
sec.CopyTo(bt, newRes.Length);
code.CopyTo(bt, bt.Length - code.Length);
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(bt, 0, bt.Length);
sm3.DoFinal(md, 0);
//string s = new UTF8Encoding().GetString(Hex.Encode(md));
//LogHelper.ShowLog("摘要加密:{0} 长度:{1}", s.ToUpper(), s.Length);
// 验证自定义数据
int vali = YouyiSdk.M_VerifyUserData(_globalParam.m_Handle, md.Length, ref md[0]);
LogHelper.ShowLog("验证结果:{0}", vali);
Loading = false;
if (vali != 0)
{
// 失败信息
MessageBox.Show("卡密不正确,请联系客服处理!");
_window.DelegeteShutDown();
}
else
{
// 写入激活码
INIHelper.Write("Info", "ActivationCode", codeStr, BaseConfig.CONFIG_PATH);
_window.DelegeteClose();
}
}
}
public override VerifyResult Validate(SigType type, byte[] tbsContent, byte[] signedValue)
{
if (type == SigType.Sign)
{
throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
}
// 计算原文摘要
GeneralDigest md = new SM3Digest();
md.BlockUpdate(tbsContent, 0, tbsContent.Length);
byte[] expect = new byte[32];
md.DoFinal(expect, 0);
SesSignature sesSignature = SesSignature.GetInstance(signedValue);
TbsSign toSign = sesSignature.ToSign;
byte[] expectDataHash = toSign.DataHash.GetOctets();
// 比较原文摘要
if (!Arrays.AreEqual(expect, expectDataHash))
{
return(VerifyResult.SignedTampered);
}
// 预期的电子签章数据,签章值
byte[] expSigVal = sesSignature.Signature.GetOctets();
ISigner sg = SignerUtilities.GetSigner(toSign.SignatureAlgorithm);
byte[] certDer = toSign.Cert.GetOctets();
// 构造证书对象
X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDer);
AsymmetricKeyParameter p = x509Certificate.GetPublicKey();
sg.Init(false, p);
byte[] input = toSign.GetDerEncoded();
sg.BlockUpdate(input, 0, input.Length);
if (!sg.VerifySignature(expSigVal))
{
return(VerifyResult.SignedTampered);
}
return(VerifyResult.Success);
}
// codeStr:D5puPvS6GzfOsdaW6Kjwle63AUeLFVVc
private void ValiCode(IntPtr m_Handle, string codeStr)
{
int resLen = 256;
byte[] res = new byte[resLen];
int v = YouyiSdk.M_GetDevSn(m_Handle, ref resLen, ref res[0]);
if (v == 0)
{
byte[] sec = new UTF8Encoding().GetBytes(BaseConfig.AC_SECRET);
byte[] newRes = new byte[resLen];
Array.Copy(res, newRes, resLen);
LogHelper.ShowLog("设备SN:{0}", new UTF8Encoding().GetString(Hex.Encode(newRes)));
// 验证激活码与SN
byte[] md = new byte[32];
byte[] code = Encoding.Default.GetBytes(codeStr);
byte[] bt = new byte[resLen + sec.Length + code.Length];
newRes.CopyTo(bt, 0);
sec.CopyTo(bt, newRes.Length);
code.CopyTo(bt, bt.Length - code.Length);
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(bt, 0, bt.Length);
sm3.DoFinal(md, 0);
// 验证自定义数据
int vali = YouyiSdk.M_VerifyUserData(m_Handle, md.Length, ref md[0]);
LogHelper.ShowLog("验证结果:{0}", vali);
if (vali != 0)
{
_valiCode += 1;
}
else
{
if (_valiCode != 0)
{
_valiCode = 0;
}
}
}
else
{
_valiCode += 1;
}
}
private void Reset()
{
sm3keybase = new SM3Digest();
sm3c3 = new SM3Digest();
byte[] p;
p = p2.Normalize().XCoord.ToBigInteger().ToByteArray();
sm3keybase.BlockUpdate(p, 0, p.Length);
sm3c3.BlockUpdate(p, 0, p.Length);
p = p2.Normalize().YCoord.ToBigInteger().ToByteArray();
sm3keybase.BlockUpdate(p, 0, p.Length);
ct = 1;
NextKey();
}
public override void PerformTest()
{
base.PerformTest();
SM3Digest dig = new SM3Digest();
byte[] resBuf = new byte[dig.GetDigestSize()];
VectorTest(dig, 10, resBuf, Hex.Decode(hexMessages[0]), Hex.Decode(digests[messages.Length]));
VectorTest(dig, 11, resBuf, Hex.Decode(hexMessages[1]), Hex.Decode(digests[messages.Length + 1]));
VectorTest(dig, 12, resBuf, Hex.Decode(hexMessages[2]), Hex.Decode(digests[messages.Length + 2]));
VectorTest(dig, 13, resBuf, Hex.Decode(hexMessages[3]), Hex.Decode(digests[messages.Length + 3]));
VectorTest(dig, 14, resBuf, Hex.Decode(hexMessages[4]), Hex.Decode(digests[messages.Length + 4]));
VectorTest(dig, 15, resBuf, Hex.Decode(hexMessages[5]), Hex.Decode(digests[messages.Length + 5]));
VectorTest(dig, 16, resBuf, Hex.Decode(hexMessages[6]), Hex.Decode(digests[messages.Length + 6]));
VectorTest(dig, 17, resBuf, Hex.Decode(hexMessages[7]), Hex.Decode(digests[messages.Length + 7]));
sixtyFourKTest(sixtyFourKdigest);
millionATest(million_a_digest);
}
/// <summary>
/// Hash the raw data with signatureAlgorithm
/// </summary>
/// <param name="raw">hashing data</param>
/// <param name="signatureAlgorithm">the autograph method</param>
/// <returns>hashed bytes</returns>
public static byte[] Hash(byte[] raw, string signatureAlgorithm)
{
if (signatureAlgorithm == "ACS3-HMAC-SHA256" || signatureAlgorithm == "ACS3-RSA-SHA256")
{
byte[] signData;
using (SHA256 sha256 = new SHA256Managed())
{
signData = sha256.ComputeHash(raw);
}
return(signData);
}
else if (signatureAlgorithm == "ACS3-HMAC-SM3")
{
byte[] md = new byte[32];
SM3Digest sm3 = new SM3Digest();
sm3.BlockUpdate(raw, 0, raw.Length);
sm3.DoFinal(md, 0);
return(md);
}
return(null);
}
public virtual byte[] Sm2GetZ(byte[] userId, ECPoint userKey)
{
SM3Digest sm3 = new SM3Digest();
byte[] p;
// userId length
int len = userId.Length * 8;
sm3.Update((byte)(len >> 8 & 0x00ff));
sm3.Update((byte)(len & 0x00ff));
// userId
sm3.BlockUpdate(userId, 0, userId.Length);
// a,b
p = ecc_a.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = ecc_b.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// gx,gy
p = ecc_gx.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = ecc_gy.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// x,y
p = userKey.AffineXCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = userKey.AffineYCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// Z
byte[] md = new byte[sm3.GetDigestSize()];
sm3.DoFinal(md, 0);
return(md);
}
/// <summary>
/// 获取Z值
/// Z=SM3(ENTL∣∣userId∣∣a∣∣b∣∣gx∣∣gy ∣∣x∣∣y)
/// </summary>
/// <param name="userId">签名方的用户身份标识</param>
/// <param name="userKey">签名方公钥</param>
/// <returns></returns>
public virtual byte[] Sm2GetZ(byte[] userId, ECPoint userKey)
{
SM3Digest sm3 = new SM3Digest();
byte[] p;
// ENTL由2个字节标识的ID的比特长度
int len = userId.Length * 8;
sm3.Update((byte)(len >> 8 & 0x00ff));
sm3.Update((byte)(len & 0x00ff));
// userId用户身份标识ID
sm3.BlockUpdate(userId, 0, userId.Length);
// a,b为系统曲线参数;
p = EccA.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = EccB.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// gx、gy为基点
p = EccGx.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = EccGy.ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// x,y用户的公钥的X和Y
p = userKey.Normalize().XCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
p = userKey.Normalize().YCoord.ToBigInteger().ToByteArray();
sm3.BlockUpdate(p, 0, p.Length);
// Z
byte[] md = new byte[sm3.GetDigestSize()];
sm3.DoFinal(md, 0);
return(md);
}
public SM3CryptoServiceProvider()
{
_digest = new SM3Digest();
}
public override void Validate(SigType type, string signAlgName, byte[] tbsContent, byte[] signedValue)
{
if (type == SigType.Sign)
{
throw new ArgumentOutOfRangeException(nameof(type), "签名类型(type)必须是 Seal,不支持电子印章验证");
}
// 计算原文摘要
GeneralDigest md = new SM3Digest();
md.BlockUpdate(tbsContent, 0, tbsContent.Length);
byte[] expect = new byte[32];
md.DoFinal(expect, 0);
SesSignature sesSignature = SesSignature.GetInstance(signedValue);
TbsSign toSign = sesSignature.ToSign;
byte[] expectDataHash = toSign.DataHash.GetOctets();
// 比较原文摘要
if (!Arrays.AreEqual(expect, expectDataHash))
{
//throw new InvalidSignedValueException("Signature.xml 文件被篡改,电子签章失效。("+ toSign.getPropertyInfo().getString() + ")");
}
//sg.initVerify(signCert);
//sg.update(toSign.getEncoded("DER"));
//if (!sg.verify(expSigVal))
//{
// throw new InvalidSignedValueException("电子签章数据签名值不匹配,电子签章数据失效。");
//}
// 预期的电子签章数据,签章值
byte[] expSigVal = sesSignature.Signature.GetOctets();
//Signature sg = Signature(toSign.getSignatureAlgorithm().getId(),new BouncyCastleProvider());
ISigner sg = SignerUtilities.GetSigner(GMObjectIdentifiers.sm2encrypt_with_sm3);
byte[] certDER = toSign.Cert.GetOctets();
//new X509V1CertificateGenerator().Generate()
// 构造证书对象
//Certificate signCert = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(certDER));
//X509Certificate x509Certificate = new X509Certificate(new X509CertificateStructure(TbsCertificateStructure.GetInstance(certDER), null, new DerBitString(certDER)));
X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(certDER);
//x509Certificate.Verify();
AsymmetricKeyParameter p = x509Certificate.GetPublicKey();
sg.Init(false, p);
//System.Security.Cryptography.X509Certificates.X509Certificate x509 = new System.Security.Cryptography.X509Certificates.X509Certificate(certDER);
//sg.Init(false,new ECPublicKeyParameters());
// 获取一条SM2曲线参数
X9ECParameters sm2EcParameters = GMNamedCurves.GetByName("sm2p256v1");
// 构造domain参数
ECDomainParameters domainParameters = new ECDomainParameters(sm2EcParameters.Curve, sm2EcParameters.G, sm2EcParameters.N);
//提取公钥点
ECPoint pukPoint = sm2EcParameters.Curve.DecodePoint(certDER);
// 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);
sg.Init(false, publicKeyParameters);
byte[] input = toSign.GetDerEncoded();
sg.BlockUpdate(input, 0, input.Length);
bool pass = sg.VerifySignature(expSigVal);
if (!pass)
{
throw new Exception();
}
}
public void Sm3DigestNoContractorTest()
{
SM3Digest sm3Digest = new SM3Digest();
SM2Engine sm2 = new SM2Engine(sm3Digest);
}
