/// <summary> /// Converts a base-58 string to a byte array, checking the checksum, and /// returning null if it wasn't valid. Appending "?" to the end of the string skips /// the checksum calculation, but still strips the four checksum bytes from the /// result. /// </summary> public static byte[] Base58CheckToByteArray(string base58) { bool IgnoreChecksum = false; if (base58.EndsWith("?")) { IgnoreChecksum = true; base58 = base58.Substring(0, base58.Length - 1); } byte[] bb = Base58.ToByteArray(base58); if (bb == null || bb.Length < 4) return null; if (IgnoreChecksum == false) { Sha256Digest bcsha256a = new Sha256Digest(); bcsha256a.BlockUpdate(bb, 0, bb.Length - 4); byte[] checksum = new byte[32]; //sha256.ComputeHash(bb, 0, bb.Length - 4); bcsha256a.DoFinal(checksum, 0); bcsha256a.BlockUpdate(checksum, 0, 32); bcsha256a.DoFinal(checksum, 0); for (int i = 0; i < 4; i++) { if (checksum[i] != bb[bb.Length - 4 + i]) return null; } } byte[] rv = new byte[bb.Length - 4]; Array.Copy(bb, 0, rv, 0, bb.Length - 4); return rv; }
private static string GetHashDigest(Org.BouncyCastle.Crypto.Digests.Sha256Digest hash) { var digest = new byte[hash.GetDigestSize()]; hash.DoFinal(digest, 0); return(BitConverter.ToString(digest).Replace("-", string.Empty).ToLower()); }
/** * Hashes the given data. * * @param data The data to hash * @return byte-array containing the hashed data */ public static byte[] Hash(byte[] data) { Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(data, 0, data.Length); byte[] hash = new byte[sha256.GetDigestSize()]; sha256.DoFinal(hash, 0); return hash; }
public static byte[] SHA256Hash(byte[] data) { var shaHash = new Sha256Digest (); shaHash.BlockUpdate (data, 0, data.Length); byte[] hashedValue = new byte[shaHash.GetDigestSize ()]; shaHash.DoFinal(hashedValue, 0); return hashedValue; }
/// <summary> /// Default constructor. Creates a new matched pair of escrow invitation codes. /// </summary> public EscrowCodeSet() { SecureRandom sr = new SecureRandom(); byte[] x = new byte[32]; byte[] y = new byte[32]; sr.NextBytes(x); sr.NextBytes(y); // Force x to be even // Force y to be odd x[31] &= 0xFE; y[31] |= 0x01; KeyPair kx = new KeyPair(x, true); KeyPair ky = new KeyPair(y, true); BigInteger xi = new BigInteger(1, x); BigInteger yi = new BigInteger(1, y); ECPoint Gx = kx.GetECPoint(); byte[] bytesGx = Gx.GetEncoded(); ECPoint Gy = ky.GetECPoint(); byte[] bytesGy = Gy.GetEncoded(); ECPoint Gxy = Gx.Multiply(yi); byte[] bytesGxy = Gxy.GetEncoded(); Sha256Digest sha256 = new Sha256Digest(); byte[] hashGxy = new byte[32]; sha256.BlockUpdate(bytesGxy, 0, bytesGxy.Length); sha256.DoFinal(hashGxy, 0); sha256.BlockUpdate(hashGxy, 0, 32); sha256.DoFinal(hashGxy, 0); int identifier30 = ((hashGxy[0] & 0x3f) << 24) + (hashGxy[1] << 16) + (hashGxy[2] << 8) + hashGxy[3]; byte[] invitationA = new byte[74]; byte[] invitationB = new byte[74]; long headA = headbaseA + (long)identifier30; long headB = headbaseB + (long)identifier30; // turn headA and headB into bytes for (int i = 7; i >= 0; i--) { invitationA[i] = (byte)(headA & 0xFF); invitationB[i] = (byte)(headB & 0xFF); headA >>= 8; headB >>= 8; } Array.Copy(x, 0, invitationA, 8 + 1, 32); Array.Copy(y, 0, invitationB, 8 + 1, 32); Array.Copy(bytesGy, 0, invitationA, 8 + 1 + 32, 33); Array.Copy(bytesGx, 0, invitationB, 8 + 1 + 32, 33); EscrowInvitationCodeA = Util.ByteArrayToBase58Check(invitationA); EscrowInvitationCodeB = Util.ByteArrayToBase58Check(invitationB); }
public static string Sha256(string input) { var data = System.Text.Encoding.UTF8.GetBytes(input); Sha256Digest hash = new Sha256Digest(); hash.BlockUpdate(data, 0, data.Length); byte[] result = new byte[hash.GetDigestSize()]; hash.DoFinal(result, 0); return Hex.ToHexString(result); }
public static byte[] Array(byte[] value) { var digest = new Sha256Digest(); digest.BlockUpdate(value, 0, value.Length); var ret = new byte[digest.GetDigestSize()]; digest.DoFinal(ret, 0); return ret; }
public static byte[] SHA256_SHA256(byte[] ba) { Sha256Digest bcsha256a = new Sha256Digest(); bcsha256a.BlockUpdate(ba, 0, ba.Length); byte[] thehash = new byte[32]; bcsha256a.DoFinal(thehash, 0); bcsha256a.BlockUpdate(thehash, 0, 32); bcsha256a.DoFinal(thehash, 0); return thehash; }
private static string GetBlockHash(byte[] bytes, int length) { Sha256Digest afg; new Sha256Digest(); var algorithm = new Org.BouncyCastle.Crypto.Digests.Sha256Digest(); algorithm.BlockUpdate(bytes, 0, length); return(GetHashDigest(algorithm)); }
public byte[] ComputeHash(byte[] pbData) { Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(pbData, 0, pbData.Length); byte[] pbHash = new byte[32]; sha256.DoFinal(pbHash, 0); return pbHash; }
public static String SHA256(string tosha256) { Sha256Digest digest = new Sha256Digest(); byte[] scratch = new byte[digest.GetDigestSize()]; digest.BlockUpdate(UTF8Encoding.UTF8.GetBytes(tosha256), 0, UTF8Encoding.UTF8.GetByteCount(tosha256)); digest.DoFinal(scratch, 0); string hex = BitConverter.ToString(scratch).ToLower(); return hex.Replace("-", ""); }
public static byte[] Sha256(string text) { var bytes = new byte[text.Length * sizeof(char)]; Buffer.BlockCopy(text.ToCharArray(), 0, bytes, 0, bytes.Length); var sha256 = new Sha256Digest(); var hash = new byte[sha256.GetDigestSize()]; sha256.BlockUpdate(bytes, 0, bytes.Length); sha256.DoFinal(hash, 0); return hash; }
public static string ByteArrayToBase58Check(byte[] ba) { byte[] bb = new byte[ba.Length + 4]; Array.Copy(ba, bb, ba.Length); Sha256Digest bcsha256a = new Sha256Digest(); bcsha256a.BlockUpdate(ba, 0, ba.Length); byte[] thehash = new byte[32]; bcsha256a.DoFinal(thehash, 0); bcsha256a.BlockUpdate(thehash, 0, 32); bcsha256a.DoFinal(thehash, 0); for (int i = 0; i < 4; i++) bb[ba.Length + i] = thehash[i]; return Base58.FromByteArray(bb); }
private static string GetFileName(string imageUri) { var sha = new Sha256Digest(); var stream = new DigestStream(new MemoryStream(), null, sha); using (var writer = new StreamWriter(stream)) { writer.Write(imageUri); } byte[] buffer = new byte[sha.GetDigestSize()]; sha.DoFinal(buffer, 0); string hex = BitConverter.ToString(buffer); string fileName = hex.Replace("-", ""); return fileName; }
/** * Copy constructor. This will copy the state of the provided * message digest. */ public Sha256Digest(Sha256Digest t) : base(t) { H1 = t.H1; H2 = t.H2; H3 = t.H3; H4 = t.H4; H5 = t.H5; H6 = t.H6; H7 = t.H7; H8 = t.H8; Array.Copy(t.X, 0, X, 0, t.X.Length); xOff = t.xOff; }
private void CopyIn(Sha256Digest t) { base.CopyIn(t); H1 = t.H1; H2 = t.H2; H3 = t.H3; H4 = t.H4; H5 = t.H5; H6 = t.H6; H7 = t.H7; H8 = t.H8; Array.Copy(t.X, 0, X, 0, t.X.Length); xOff = t.xOff; }
public void CalculateFileHash() { var fileHashAlg = new Org.BouncyCastle.Crypto.Digests.Sha256Digest(); var block = new byte[_agent.Configuration.ChunkTransferBufferSize]; var read = 0; do { read = _fileStream.Read(block, 0, block.Length); fileHashAlg.BlockUpdate(block, 0, read); } while (read != 0); FileHash = GetHashDigest(fileHashAlg); _fileStream.Seek(0, SeekOrigin.Begin); }
private string GetHmacSha256(string stringToSign, string secretKey) { var key = Encoding.UTF8.GetBytes(secretKey); var data = Encoding.UTF8.GetBytes(stringToSign); var hash = new Sha256Digest(); HMac hmac = new HMac(hash); hmac.Init(new KeyParameter(key, 0, key.Length)); hmac.BlockUpdate(data, 0, data.Length); byte[] abyDigest = new byte[hmac.GetMacSize()]; int nRet = hmac.DoFinal(abyDigest, 0); return System.Convert.ToBase64String(abyDigest); ; }
public string GetSign(byte[] msg) { //Org.BouncyCastle.Math.BigInteger d = new Org.BouncyCastle.Math.BigInteger(Convert.FromBase64String(privKey)); byte[] prvB = StringToByteArray(prv); byte[] pubB = StringToByteArray(pub); //byte[] prvB = StringToByteArray(prvTmp); //byte[] pubB = StringToByteArray(pubTmp); Org.BouncyCastle.Math.BigInteger sk = new Org.BouncyCastle.Math.BigInteger(+1, prvB); Org.BouncyCastle.Math.EC.ECPoint q = domain.G.Multiply(sk); byte[] pubKeyX = q.Normalize().AffineXCoord.GetEncoded(); byte[] pubKeyY = q.Normalize().AffineYCoord.GetEncoded(); BigInteger k = GenerateRandom(); //BigInteger k = new BigInteger(+1,StringToByteArray("015B931D9C7BF3A7A70E57868BF29712377E74355FC59032CD7547C80E179010")); //Debug.Log("kv:" + BitConverter.ToString(kv.ToByteArray()).Replace("-", "")); Debug.Log("K:" + BitConverter.ToString(k.ToByteArray()).Replace("-", "")); ECPoint Q = domain.G.Multiply(k); Org.BouncyCastle.Crypto.Digests.Sha256Digest digester = new Org.BouncyCastle.Crypto.Digests.Sha256Digest(); byte[] h = new byte[digester.GetDigestSize()]; digester.BlockUpdate(Q.GetEncoded(true), 0, Q.GetEncoded(true).Length); digester.BlockUpdate(pubB, 0, pubB.Length); digester.BlockUpdate(msg, 0, msg.Length); digester.DoFinal(h, 0); Org.BouncyCastle.Math.BigInteger r = new Org.BouncyCastle.Math.BigInteger(+1, h); BigInteger s = r.Multiply(sk); s = k.Subtract(s); s = s.Mod(domain.n); string rt = BitConverter.ToString(r.ToByteArray()).Replace("-", ""); if (rt.Length > 32) { rt = rt.Remove(0, 2); } string st = BitConverter.ToString(s.ToByteArray()).Replace("-", ""); return(rt + st); }
/// <summary> /// From a single given key create a hashname with the intermediate hashes of other keys /// </summary> /// <returns>The key.</returns> /// <param name="csid">The identifier for the cipher set as a string.</param> /// <param name="keyData">The key data for the given csid.</param> /// <param name="intermediates">Intermediates.</param> public static string FromKey(string csid, byte[] keyData, IDictionary<string, string> intermediates) { Sha256Digest digest = new Sha256Digest (); List<string> keys = new List<string>(intermediates.Keys); keys.Add (csid); keys.Sort (); int digestSize = digest.GetDigestSize (); byte[] outhash = null; foreach (var key in keys) { if (outhash != null) { digest.BlockUpdate (outhash, 0, digestSize); } else { outhash = new byte[digestSize]; } byte inByte; try { inByte = Convert.ToByte (key, 16); } catch(FormatException) { return null; } catch(OverflowException) { return null; } catch (ArgumentException) { return null; } digest.Update (inByte); digest.DoFinal (outhash, 0); digest.Reset (); digest.BlockUpdate (outhash, 0, digestSize); if (key == csid) { Sha256Digest keyDigest = new Sha256Digest (); keyDigest.BlockUpdate (keyData, 0, keyData.Length); keyDigest.DoFinal (outhash, 0); digest.BlockUpdate (outhash, 0, outhash.Length); } else { byte[] keyIntermediate = Base32Encoder.Decode (intermediates [key]); digest.BlockUpdate (keyIntermediate, 0, keyIntermediate.Length); } digest.DoFinal (outhash, 0); } return Base32Encoder.Encode (outhash).TrimEnd(trimChars).ToLower(); }
public static string HashSomething(string password, string something) { var dig = new Sha256Digest(); byte[] bpassword = Encoding.UTF8.GetBytes(password); dig.BlockUpdate(bpassword, 0, bpassword.Length); var key = new byte[dig.GetDigestSize()]; dig.DoFinal(key, 0); var hmac = new HMac(new Sha256Digest()); hmac.Init(new KeyParameter(key)); byte[] input = Encoding.UTF8.GetBytes(something); hmac.BlockUpdate(input, 0, input.Length); var output = new byte[hmac.GetMacSize()]; hmac.DoFinal(output, 0); var sb = new StringBuilder(output.Length*2); foreach (byte b in output) { sb.AppendFormat("{0:x2}", b); } return sb.ToString(); }
public static SecureRandom GetInstance( string algorithm) { // TODO Compared to JDK, we don't auto-seed if the client forgets - problem? // TODO Support all digests more generally, by stripping PRNG and calling DigestUtilities? IDigest digest = null; switch (algorithm.ToUpper(CultureInfo.InvariantCulture)) { case "SHA1PRNG": digest = new Sha1Digest(); break; case "SHA256PRNG": digest = new Sha256Digest(); break; } if (digest != null) { return new SecureRandom(new DigestRandomGenerator(digest)); } throw new ArgumentException("Unrecognised PRNG algorithm: " + algorithm, "algorithm"); }
/** * generate suitable parameters for DSA, in line with * <i>FIPS 186-3 A.1 Generation of the FFC Primes p and q</i>. */ private DsaParameters GenerateParameters_FIPS186_3() { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function // FIXME This should be configurable (digest size in bits must be >= N) IDigest d = new Sha256Digest(); int outlen = d.GetDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If // the pair is not in the list, then return INVALID. // Note: checked at initialisation // 2. If (seedlen < N), then return INVALID. // FIXME This should be configurable (must be >= N) int seedlen = N; byte[] seed = new byte[seedlen / 8]; // 3. n = ceiling(L ⁄ outlen) – 1. int n = (L - 1) / outlen; // 4. b = L – 1 – (n ∗ outlen). int b = (L - 1) % outlen; byte[] output = new byte[d.GetDigestSize()]; for (;;) { // 5. Get an arbitrary sequence of seedlen bits as the domain_parameter_seed. random.NextBytes(seed); // 6. U = Hash (domain_parameter_seed) mod 2^(N–1). Hash(d, seed, output); BigInteger U = new BigInteger(1, output).Mod(BigInteger.One.ShiftLeft(N - 1)); // 7. q = 2^(N–1) + U + 1 – ( U mod 2). BigInteger q = BigInteger.One.ShiftLeft(N - 1).Add(U).Add(BigInteger.One).Subtract( U.Mod(BigInteger.Two)); // 8. Test whether or not q is prime as specified in Appendix C.3. // TODO Review C.3 for primality checking if (!q.IsProbablePrime(certainty)) { // 9. If q is not a prime, then go to step 5. continue; } // 10. offset = 1. // Note: 'offset' value managed incrementally byte[] offset = Arrays.Clone(seed); // 11. For counter = 0 to (4L – 1) do int counterLimit = 4 * L; for (int counter = 0; counter < counterLimit; ++counter) { // 11.1 For j = 0 to n do // Vj = Hash ((domain_parameter_seed + offset + j) mod 2^seedlen). // 11.2 W = V0 + (V1 ∗ 2^outlen) + ... + (V^(n–1) ∗ 2^((n–1) ∗ outlen)) + ((Vn mod 2^b) ∗ 2^(n ∗ outlen)). // TODO Assemble w as a byte array BigInteger W = BigInteger.Zero; for (int j = 0, exp = 0; j <= n; ++j, exp += outlen) { Inc(offset); Hash(d, offset, output); BigInteger Vj = new BigInteger(1, output); if (j == n) { Vj = Vj.Mod(BigInteger.One.ShiftLeft(b)); } W = W.Add(Vj.ShiftLeft(exp)); } // 11.3 X = W + 2^(L–1). Comment: 0 ≤ W < 2L–1; hence, 2L–1 ≤ X < 2L. BigInteger X = W.Add(BigInteger.One.ShiftLeft(L - 1)); // 11.4 c = X mod 2q. BigInteger c = X.Mod(q.ShiftLeft(1)); // 11.5 p = X - (c - 1). Comment: p ≡ 1 (mod 2q). BigInteger p = X.Subtract(c.Subtract(BigInteger.One)); // 11.6 If (p < 2^(L - 1)), then go to step 11.9 if (p.BitLength != L) continue; // 11.7 Test whether or not p is prime as specified in Appendix C.3. // TODO Review C.3 for primality checking if (p.IsProbablePrime(certainty)) { // 11.8 If p is determined to be prime, then return VALID and the values of p, q and // (optionally) the values of domain_parameter_seed and counter. // TODO Make configurable (8-bit unsigned)? // int index = 1; // BigInteger g = CalculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, index); // if (g != null) // { // // TODO Should 'index' be a part of the validation parameters? // return new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter)); // } BigInteger g = CalculateGenerator_FIPS186_3_Unverifiable(p, q, random); return new DsaParameters(p, q, g, new DsaValidationParameters(seed, counter)); } // 11.9 offset = offset + n + 1. Comment: Increment offset; then, as part of // the loop in step 11, increment counter; if // counter < 4L, repeat steps 11.1 through 11.8. // Note: 'offset' value already incremented in inner loop } // 12. Go to step 5. } }
public static byte[] ComputeSha256(byte[] ofwhat) { Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(ofwhat, 0, ofwhat.Length); byte[] rv = new byte[32]; sha256.DoFinal(rv, 0); return rv; }
public override void Reset(IMemoable other) { Sha256Digest d = (Sha256Digest)other; CopyIn(d); }
/** * Copy constructor. This will copy the state of the provided * message digest. */ public Sha256Digest(Sha256Digest t) : base(t) { CopyIn(t); }
/// <summary> /// Encryption constructor to create a new random key from an intermediate /// </summary> public Bip38KeyPair(Bip38Intermediate intermediate, bool retainPrivateKeyWhenPossible=false) { // generate seedb byte[] seedb = new byte[24]; SecureRandom sr = new SecureRandom(); sr.NextBytes(seedb); // get factorb as sha256(sha256(seedb)) Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(seedb, 0, 24); factorb = new byte[32]; sha256.DoFinal(factorb, 0); sha256.BlockUpdate(factorb, 0, 32); sha256.DoFinal(factorb, 0); // get ECPoint from passpoint PublicKey pk = new PublicKey(intermediate.passpoint); ECPoint generatedpoint = pk.GetECPoint().Multiply(new BigInteger(1, factorb)); byte[] generatedpointbytes = generatedpoint.GetEncoded(); PublicKey generatedaddress = new PublicKey(generatedpointbytes); // get addresshash UTF8Encoding utf8 = new UTF8Encoding(false); byte[] generatedaddressbytes = utf8.GetBytes(generatedaddress.AddressBase58); sha256.BlockUpdate(generatedaddressbytes, 0, generatedaddressbytes.Length); byte[] addresshashfull = new byte[32]; sha256.DoFinal(addresshashfull, 0); sha256.BlockUpdate(addresshashfull, 0, 32); sha256.DoFinal(addresshashfull, 0); byte[] addresshashplusownerentropy = new byte[12]; Array.Copy(addresshashfull, 0, addresshashplusownerentropy, 0, 4); Array.Copy(intermediate.ownerentropy, 0, addresshashplusownerentropy, 4, 8); // derive encryption key material derived = new byte[64]; SCrypt.ComputeKey(intermediate.passpoint, addresshashplusownerentropy, 1024, 1, 1, 1, derived); byte[] derivedhalf2 = new byte[32]; Array.Copy(derived, 32, derivedhalf2, 0, 32); byte[] unencryptedpart1 = new byte[16]; for (int i = 0; i < 16; i++) { unencryptedpart1[i] = (byte)(seedb[i] ^ derived[i]); } byte[] encryptedpart1 = new byte[16]; // encrypt it var aes = Aes.Create(); aes.KeySize = 256; aes.Mode = CipherMode.ECB; aes.Key = derivedhalf2; ICryptoTransform encryptor = aes.CreateEncryptor(); encryptor.TransformBlock(unencryptedpart1, 0, 16, encryptedpart1, 0); encryptor.TransformBlock(unencryptedpart1, 0, 16, encryptedpart1, 0); byte[] unencryptedpart2 = new byte[16]; for (int i = 0; i < 8; i++) { unencryptedpart2[i] = (byte)(encryptedpart1[i + 8] ^ derived[i + 16]); } for (int i = 0; i < 8; i++) { unencryptedpart2[i + 8] = (byte)(seedb[i + 16] ^ derived[i + 24]); } byte[] encryptedpart2 = new byte[16]; encryptor.TransformBlock(unencryptedpart2, 0, 16, encryptedpart2, 0); encryptor.TransformBlock(unencryptedpart2, 0, 16, encryptedpart2, 0); byte[] result = new byte[39]; result[0] = 0x01; result[1] = 0x43; result[2] = generatedaddress.IsCompressedPoint ? (byte)0x20 : (byte)0x00; if (intermediate.LotSequencePresent) result[2] |= 0x04; Array.Copy(addresshashfull, 0, result, 3, 4); Array.Copy(intermediate.ownerentropy, 0, result, 7, 8); Array.Copy(encryptedpart1, 0, result, 15, 8); Array.Copy(encryptedpart2, 0, result, 23, 16); _encryptedKey = Util.ByteArrayToBase58Check(result); _pubKey = generatedaddress.PublicKeyBytes; _hash160 = generatedaddress.Hash160; var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); if (retainPrivateKeyWhenPossible && intermediate.passfactor != null) { BigInteger privatekey = new BigInteger(1, intermediate.passfactor).Multiply(new BigInteger(1, factorb)).Mod(ps.N); _privKey = new KeyPair(privatekey).PrivateKeyBytes; } // create the confirmation code confirmationCodeInfo = new byte[51]; // constant provides for prefix "cfrm38" confirmationCodeInfo[0] = 0x64; confirmationCodeInfo[1] = 0x3B; confirmationCodeInfo[2] = 0xF6; confirmationCodeInfo[3] = 0xA8; confirmationCodeInfo[4] = 0x9A; // fields for flagbyte, addresshash, and ownerentropy all copy verbatim Array.Copy(result, 2, confirmationCodeInfo, 5, 1 + 4 + 8); }
public void DoTest13() { BigInteger modulus = new BigInteger(1, Hex.Decode("CDCBDABBF93BE8E8294E32B055256BBD0397735189BF75816341BB0D488D05D627991221DF7D59835C76A4BB4808ADEEB779E7794504E956ADC2A661B46904CDC71337DD29DDDD454124EF79CFDD7BC2C21952573CEFBA485CC38C6BD2428809B5A31A898A6B5648CAA4ED678D9743B589134B7187478996300EDBA16271A861")); BigInteger pubExp = new BigInteger(1, Hex.Decode("010001")); BigInteger privExp = new BigInteger(1, Hex.Decode("4BA6432AD42C74AA5AFCB6DF60FD57846CBC909489994ABD9C59FE439CC6D23D6DE2F3EA65B8335E796FD7904CA37C248367997257AFBD82B26F1A30525C447A236C65E6ADE43ECAAF7283584B2570FA07B340D9C9380D88EAACFFAEEFE7F472DBC9735C3FF3A3211E8A6BBFD94456B6A33C17A2C4EC18CE6335150548ED126D")); RsaKeyParameters pubParams = new RsaKeyParameters(false, modulus, pubExp); RsaKeyParameters privParams = new RsaKeyParameters(true, modulus, privExp); IAsymmetricBlockCipher rsaEngine = new RsaBlindedEngine(); IDigest digest = new Sha256Digest(); // set challenge to all zero's for verification byte[] challenge = new byte[8]; // DOES NOT USE FINAL BOOLEAN TO INDICATE RECOVERY Iso9796d2Signer signer = new Iso9796d2Signer(rsaEngine, digest, false); // sign signer.Init(true, privParams); signer.BlockUpdate(challenge, 0, challenge.Length); byte[] sig = signer.GenerateSignature(); // verify signer.Init(false, pubParams); signer.BlockUpdate(challenge, 0, challenge.Length); if (!signer.VerifySignature(sig)) { Fail("basic verification failed"); } // === LETS ACTUALLY DO SOME RECOVERY, USING INPUT FROM INTERNAL AUTHENTICATE === signer.Reset(); string args0 = "482E20D1EDDED34359C38F5E7C01203F9D6B2641CDCA5C404D49ADAEDE034C7481D781D043722587761C90468DE69C6585A1E8B9C322F90E1B580EEDAB3F6007D0C366CF92B4DB8B41C8314929DCE2BE889C0129123484D2FD3D12763D2EBFD12AC8E51D7061AFCA1A53DEDEC7B9A617472A78C952CCC72467AE008E5F132994"; digest = new Sha1Digest(); signer = new Iso9796d2Signer(rsaEngine, digest, true); signer.Init(false, pubParams); byte[] signature = Hex.Decode(args0); signer.UpdateWithRecoveredMessage(signature); signer.BlockUpdate(challenge, 0, challenge.Length); if (!signer.VerifySignature(signature)) { Fail("recovered + challenge signature failed"); } // === FINALLY, USING SHA-256 === signer.Reset(); digest = new Sha256Digest(); // NOTE setting implicit to false does not actually do anything for verification !!! signer = new Iso9796d2Signer(rsaEngine, digest, false); signer.Init(true, privParams); // generate NONCE of correct length using some inner knowledge int nonceLength = modulus.BitLength / 8 - 1 - digest.GetDigestSize() - 2; byte[] nonce = new byte[nonceLength]; SecureRandom rnd = new SecureRandom(); rnd.NextBytes(nonce); signer.BlockUpdate(nonce, 0, nonce.Length); signer.BlockUpdate(challenge, 0, challenge.Length); byte[] sig3 = signer.GenerateSignature(); signer.Init(false, pubParams); signer.UpdateWithRecoveredMessage(sig3); signer.BlockUpdate(challenge, 0, challenge.Length); if (signer.VerifySignature(sig3)) { if (signer.HasFullMessage()) { Fail("signer indicates full message"); } byte[] recoverableMessage = signer.GetRecoveredMessage(); // sanity check, normally the nonce is ignored in eMRTD specs (PKI Technical Report) if (!Arrays.AreEqual(nonce, recoverableMessage)) { Fail("Nonce compare with recoverable part of message failed"); } } else { Fail("recoverable + nonce failed."); } }
public static byte[] Digest(byte[] data, String algo) { if (algo == null) { throw new ArgumentNullException("El algoritmo de huella digital no puede ser nulo"); } if (data == null) { throw new ArgumentNullException("Los datos no pueden ser nulos"); } switch (algo) { /** * ALGORITMOS DE HASING */ case AOSignConstants.SIGN_ALGORITHM_SHA1: { Sha1Digest dig = new Sha1Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } case AOSignConstants.SIGN_ALGORITHM_SHA256: { Sha256Digest dig = new Sha256Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } case AOSignConstants.SIGN_ALGORITHM_SHA384: { Sha384Digest dig = new Sha384Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } case AOSignConstants.SIGN_ALGORITHM_SHA512: { Sha512Digest dig = new Sha512Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } case AOSignConstants.SIGN_ALGORITHM_RIPEMD160: { RipeMD160Digest dig = new RipeMD160Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } case AOSignConstants.SIGN_ALGORITHM_MD5: { MD5Digest dig = new MD5Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } case AOSignConstants.SIGN_ALGORITHM_MD2: { MD2Digest dig = new MD2Digest(); dig.BlockUpdate(data, 0, data.Length); byte[] result = new byte[dig.GetDigestSize()]; dig.DoFinal(result, 0); return result; } default: // You can use the default case. throw new ArgumentNullException("El algoritmo no es reconocido"); } throw new ArgumentNullException("Algoritmo de hash no soportado: " + algo); }
public override void Reset(IMemoable other) { Sha256Digest t = (Sha256Digest)other; this.CopyIn(t); }
public override bool DecryptWithPassphrase(string passphrase) { if (passphrase == null) { return false; } byte[] hex = Util.Base58CheckToByteArray(_encryptedKey); KeyPair tempkey = null; if (hex.Length == 39 && hex[0] == 1 && hex[1] == 0x42) { UTF8Encoding utf8 = new UTF8Encoding(false); byte[] addresshash = new byte[] { hex[3], hex[4], hex[5], hex[6] }; byte[] derivedBytes = new byte[64]; SCrypt.ComputeKey(utf8.GetBytes(passphrase), addresshash, 16384, 8, 8, 8, derivedBytes); var aes = Aes.Create(); aes.KeySize = 256; aes.Mode = CipherMode.ECB; byte[] aeskey = new byte[32]; Array.Copy(derivedBytes, 32, aeskey, 0, 32); aes.Key = aeskey; ICryptoTransform decryptor = aes.CreateDecryptor(); byte[] decrypted = new byte[32]; decryptor.TransformBlock(hex, 7, 16, decrypted, 0); decryptor.TransformBlock(hex, 7, 16, decrypted, 0); decryptor.TransformBlock(hex, 23, 16, decrypted, 16); decryptor.TransformBlock(hex, 23, 16, decrypted, 16); for (int x = 0; x < 32; x++) decrypted[x] ^= derivedBytes[x]; tempkey = new KeyPair(decrypted, compressed: IsCompressedPoint); Sha256Digest sha256 = new Sha256Digest(); byte[] addrhash = new byte[32]; byte[] addrtext = utf8.GetBytes(tempkey.AddressBase58); sha256.BlockUpdate(addrtext, 0, addrtext.Length); sha256.DoFinal(addrhash, 0); sha256.BlockUpdate(addrhash, 0, 32); sha256.DoFinal(addrhash, 0); if (addrhash[0] != hex[3] || addrhash[1] != hex[4] || addrhash[2] != hex[5] || addrhash[3] != hex[6]) { return false; } _privKey = tempkey.PrivateKeyBytes; _pubKey = tempkey.PublicKeyBytes; _hash160 = tempkey.Hash160; return true; } else if (hex.Length == 39 && hex[0] == 1 && hex[1] == 0x43) { // produce the intermediate from the passphrase // get ownersalt and encryptedpart2 since they are in the record byte[] ownersalt = new byte[8]; Array.Copy(hex, 7, ownersalt, 0, 8); bool includeHashStep = (hex[2] & 4) == 4; Bip38Intermediate intermediate = new Bip38Intermediate(passphrase, ownersalt, includeHashStep); this.LotNumber = intermediate.LotNumber; this.SequenceNumber = intermediate.SequenceNumber; tempkey = decryptUsingIntermediate(intermediate, hex); if (verifyAddressHash(tempkey.AddressBase58, hex) == false) return false; } _privKey = tempkey.PrivateKeyBytes; _pubKey = tempkey.PublicKeyBytes; _hash160 = tempkey.Hash160; return true; }
public Exception DecryptWithPassphrase(string passphrase) { // check for null entry if (passphrase == null || passphrase == "") { return new ArgumentException("Passphrase is required"); } Bip38Intermediate intermediate = new Bip38Intermediate(passphrase, _ownerentropy, LotSequencePresent); // derive the 64 bytes we need // get ECPoint from passpoint PublicKey pk = new PublicKey(intermediate.passpoint); byte[] addresshashplusownerentropy = Util.ConcatenateByteArrays(_addressHash, intermediate.ownerentropy); // derive encryption key material byte[] derived = new byte[64]; SCrypt.ComputeKey(intermediate.passpoint, addresshashplusownerentropy, 1024, 1, 1, 1, derived); byte[] derivedhalf2 = new byte[32]; Array.Copy(derived, 32, derivedhalf2, 0, 32); byte[] unencryptedpubkey = new byte[33]; // recover the 0x02 or 0x03 prefix unencryptedpubkey[0] = (byte)(_encryptedpointb[0] ^ (derived[63] & 0x01)); // decrypt var aes = Aes.Create(); aes.KeySize = 256; aes.Mode = CipherMode.ECB; aes.Key = derivedhalf2; ICryptoTransform decryptor = aes.CreateDecryptor(); decryptor.TransformBlock(_encryptedpointb, 1, 16, unencryptedpubkey, 1); decryptor.TransformBlock(_encryptedpointb, 1, 16, unencryptedpubkey, 1); decryptor.TransformBlock(_encryptedpointb, 1 + 16, 16, unencryptedpubkey, 17); decryptor.TransformBlock(_encryptedpointb, 1 + 16, 16, unencryptedpubkey, 17); // xor out the padding for (int i = 0; i < 32; i++) unencryptedpubkey[i + 1] ^= derived[i]; // reconstitute the ECPoint var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); ECPoint point; try { point = ps.Curve.DecodePoint(unencryptedpubkey); // multiply passfactor. Result is going to be compressed. ECPoint pubpoint = point.Multiply(new BigInteger(1, intermediate.passfactor)); // Do we want it uncompressed? then we will have to uncompress it. if (IsCompressedPoint==false) { pubpoint = ps.Curve.CreatePoint(pubpoint.X.ToBigInteger(), pubpoint.Y.ToBigInteger(), false); } // Convert to bitcoin address and check address hash. PublicKey generatedaddress = new PublicKey(pubpoint); // get addresshash UTF8Encoding utf8 = new UTF8Encoding(false); Sha256Digest sha256 = new Sha256Digest(); byte[] generatedaddressbytes = utf8.GetBytes(generatedaddress.AddressBase58); sha256.BlockUpdate(generatedaddressbytes, 0, generatedaddressbytes.Length); byte[] addresshashfull = new byte[32]; sha256.DoFinal(addresshashfull, 0); sha256.BlockUpdate(addresshashfull, 0, 32); sha256.DoFinal(addresshashfull, 0); for (int i = 0; i < 4; i++) { if (addresshashfull[i] != _addressHash[i]) { return new ArgumentException("This passphrase is wrong or does not belong to this confirmation code."); } } this.PublicKey = generatedaddress; } catch { return new ArgumentException("This passphrase is wrong or does not belong to this confirmation code."); } return null; }
private bool verifyAddressHash(string addressBase58, byte[] hex) { // check address hash UTF8Encoding utf8 = new UTF8Encoding(false); Sha256Digest sha256 = new Sha256Digest(); byte[] addrhash = new byte[32]; byte[] addrtext = utf8.GetBytes(addressBase58); sha256.BlockUpdate(addrtext, 0, addrtext.Length); sha256.DoFinal(addrhash, 0); sha256.BlockUpdate(addrhash, 0, 32); sha256.DoFinal(addrhash, 0); if (addrhash[0] != hex[3] || addrhash[1] != hex[4] || addrhash[2] != hex[5] || addrhash[3] != hex[6]) { return false; } return true; }
private KeyPair decryptUsingIntermediate(Bip38Intermediate intermediate, byte[] hex) { if (intermediate.passfactor == null) { throw new ArgumentException("This is an encryption-only intermediate code because it was not created from a passphrase. An intermediate must have been created from passphrase to be used for decryption"); } byte[] encryptedpart2 = new byte[16]; Array.Copy(hex, 23, encryptedpart2, 0, 16); // get the first part of encryptedpart1 (the rest is encrypted within encryptedpart2) byte[] encryptedpart1 = new byte[16]; Array.Copy(hex, 15, encryptedpart1, 0, 8); // derive decryption key byte[] addresshashplusownerentropy = new byte[12]; Array.Copy(hex, 3, addresshashplusownerentropy, 0, 4); Array.Copy(intermediate.ownerentropy, 0, addresshashplusownerentropy, 4, 8); byte[] derived = new byte[64]; SCrypt.ComputeKey(intermediate.passpoint, addresshashplusownerentropy, 1024, 1, 1, 1, derived); byte[] derivedhalf2 = new byte[32]; Array.Copy(derived, 32, derivedhalf2, 0, 32); // decrypt encrypted payload var aes = Aes.Create(); aes.KeySize = 256; aes.Mode = CipherMode.ECB; aes.Key = derivedhalf2; ICryptoTransform decryptor = aes.CreateDecryptor(); byte[] unencryptedpart2 = new byte[16]; decryptor.TransformBlock(encryptedpart2, 0, 16, unencryptedpart2, 0); decryptor.TransformBlock(encryptedpart2, 0, 16, unencryptedpart2, 0); for (int i = 0; i < 16; i++) { unencryptedpart2[i] ^= derived[i + 16]; } // take the decrypted part and recover encrypted part 1 Array.Copy(unencryptedpart2, 0, encryptedpart1, 8, 8); // decrypt part 1 byte[] unencryptedpart1 = new byte[16]; decryptor.TransformBlock(encryptedpart1, 0, 16, unencryptedpart1, 0); decryptor.TransformBlock(encryptedpart1, 0, 16, unencryptedpart1, 0); for (int i = 0; i < 16; i++) { unencryptedpart1[i] ^= derived[i]; } // recover seedb byte[] seedb = new byte[24]; Array.Copy(unencryptedpart1, 0, seedb, 0, 16); Array.Copy(unencryptedpart2, 8, seedb, 16, 8); // turn seedb into factorb Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(seedb, 0, 24); byte[] factorb = new byte[32]; sha256.DoFinal(factorb, 0); sha256.BlockUpdate(factorb, 0, 32); sha256.DoFinal(factorb, 0); // get private key var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); BigInteger privatekey = new BigInteger(1, intermediate.passfactor).Multiply(new BigInteger(1, factorb)).Mod(ps.N); // use private key return new KeyPair(privatekey, this.IsCompressedPoint, this._addressType); }
public Sha256Digest(Sha256Digest t) : base(t) { this.X = new uint[0x40]; this.CopyIn(t); }
/// <summary> /// Creates a new key pair using the SHA256 hash of a given string as the private key. /// </summary> public static KeyPair CreateFromString(string tohash) { UTF8Encoding utf8 = new UTF8Encoding(false); byte[] forsha = utf8.GetBytes(tohash); Sha256Digest sha256 = new Sha256Digest(); sha256.BlockUpdate(forsha, 0, forsha.Length); byte[] thehash = new byte[32]; sha256.DoFinal(thehash, 0); return new KeyPair(thehash); }
private static Boolean SignatureMatches(string encodedSignature, string encodedAgreement, string signTextTransformation, OpensignSignature opensignSignature) { if (!encodedAgreement.Equals(encodedSignature)) { return false; } var stylesheetDigest = opensignSignature.StylesheetDigest; if (stylesheetDigest != null) { if (signTextTransformation == null) { throw new ArgumentException("signTextTransformation is required for XML signing"); } var digest = new Sha256Digest(); var encode = new ASCIIEncoding(); byte[] stylesheetBytes = encode.GetBytes(signTextTransformation); digest.BlockUpdate(stylesheetBytes, 0, stylesheetBytes.Length); var digestBytes = new byte[digest.GetDigestSize()]; digest.DoFinal(digestBytes, 0); var calculatedDigest = Encoding.UTF8.GetString(digestBytes, 0, digestBytes.Length); return stylesheetDigest.Equals(calculatedDigest); } return true; }
// Token: 0x060000D5 RID: 213 RVA: 0x0000787C File Offset: 0x00005A7C internal override void ProcessBlock() { for (int i = 16; i <= 63; i++) { this.X[i] = Sha256Digest.Theta1(this.X[i - 2]) + this.X[i - 7] + Sha256Digest.Theta0(this.X[i - 15]) + this.X[i - 16]; } uint num = this.H1; uint num2 = this.H2; uint num3 = this.H3; uint num4 = this.H4; uint num5 = this.H5; uint num6 = this.H6; uint num7 = this.H7; uint num8 = this.H8; int num9 = 0; for (int j = 0; j < 8; j++) { num8 += Sha256Digest.Sum1Ch(num5, num6, num7) + Sha256Digest.K[num9] + this.X[num9]; num4 += num8; num8 += Sha256Digest.Sum0Maj(num, num2, num3); num9++; num7 += Sha256Digest.Sum1Ch(num4, num5, num6) + Sha256Digest.K[num9] + this.X[num9]; num3 += num7; num7 += Sha256Digest.Sum0Maj(num8, num, num2); num9++; num6 += Sha256Digest.Sum1Ch(num3, num4, num5) + Sha256Digest.K[num9] + this.X[num9]; num2 += num6; num6 += Sha256Digest.Sum0Maj(num7, num8, num); num9++; num5 += Sha256Digest.Sum1Ch(num2, num3, num4) + Sha256Digest.K[num9] + this.X[num9]; num += num5; num5 += Sha256Digest.Sum0Maj(num6, num7, num8); num9++; num4 += Sha256Digest.Sum1Ch(num, num2, num3) + Sha256Digest.K[num9] + this.X[num9]; num8 += num4; num4 += Sha256Digest.Sum0Maj(num5, num6, num7); num9++; num3 += Sha256Digest.Sum1Ch(num8, num, num2) + Sha256Digest.K[num9] + this.X[num9]; num7 += num3; num3 += Sha256Digest.Sum0Maj(num4, num5, num6); num9++; num2 += Sha256Digest.Sum1Ch(num7, num8, num) + Sha256Digest.K[num9] + this.X[num9]; num6 += num2; num2 += Sha256Digest.Sum0Maj(num3, num4, num5); num9++; num += Sha256Digest.Sum1Ch(num6, num7, num8) + Sha256Digest.K[num9] + this.X[num9]; num5 += num; num += Sha256Digest.Sum0Maj(num2, num3, num4); num9++; } this.H1 += num; this.H2 += num2; this.H3 += num3; this.H4 += num4; this.H5 += num5; this.H6 += num6; this.H7 += num7; this.H8 += num8; this.xOff = 0; Array.Clear(this.X, 0, 16); }