public string GetHashDigestToHexString()
{
byte[] bMessage = this.Message;
HashFunctionIdent hashIdent = this.HashFunctionIdent;
return(Encoding.ASCII.GetString(Hex.Encode(Hashfunction.generateHashDigest(ref bMessage, ref hashIdent))));
}
public static byte[] generateHashDigest(ref byte[] input, ref HashFunctionIdent hashIdent)
{
hashFunctionDigest = DigestUtilities.GetDigest(hashIdent.diplayName);
byte[] hashDigest = new byte[hashFunctionDigest.GetDigestSize()];
hashFunctionDigest.BlockUpdate(input, 0, input.Length);
hashFunctionDigest.DoFinal(hashDigest, 0);
return(hashDigest);
}
private byte[] getCompleteHw()
{
byte[] bDerHashIdent = Hex.Decode(Datablock.getInstance().HashFunctionIdent.DERIdent);
byte[] bMessage = Datablock.getInstance().Message;
HashFunctionIdent hashIdent = Datablock.getInstance().HashFunctionIdent;
byte[] hashDigest = Hashfunction.generateHashDigest(ref bMessage, ref hashIdent);
byte[] returnArray = new byte[bDerHashIdent.Length + Hashfunction.getDigestSize()];
Array.Copy(bDerHashIdent, 0, returnArray, 0, bDerHashIdent.Length);
Array.Copy(hashDigest, 0, returnArray, returnArray.Length - hashDigest.Length, hashDigest.Length);
return(returnArray);
}
public bool verifyRsaSignatureWithFlaw(byte[] message, byte[] signature)
{
BigInteger signatureBigInt = new BigInteger(1, signature);
RsaKeyParameters pubkeyParam = (RsaKeyParameters)RsaKey.Instance.getPubKey();
byte[] sigDecrypted = (signatureBigInt.ModPow(pubkeyParam.Exponent, pubkeyParam.Modulus)).ToByteArray();
byte[] block = this.DerEncode(sigDecrypted); // hiernach steht DERIdent und hash am anfang des arrays, danach garbage
funcIdent = this.extractHashFunction(Encoding.ASCII.GetString(Hex.Encode(block)));
// SHA1, Digest length: 160 Bit
if (funcIdent == HashFuncIdentHandler.SHA1)
{
return(this.verifySigWithoutPad(block, message, HashFuncIdentHandler.SHA1, 20));
}
// SHA-256, Digest length: 256 Bit
if (funcIdent == HashFuncIdentHandler.SHA256)
{
return(this.verifySigWithoutPad(block, message, HashFuncIdentHandler.SHA256, 32));
}
// SHA-384, Digest length: 384 Bit
if (funcIdent == HashFuncIdentHandler.SHA384)
{
return(this.verifySigWithoutPad(block, message, HashFuncIdentHandler.SHA384, 48));
}
// SHA-512, Digest length: 512 Bit
if (funcIdent == HashFuncIdentHandler.SHA512)
{
return(this.verifySigWithoutPad(block, message, HashFuncIdentHandler.SHA512, 64));
}
// MD2, Digest length: 128 Bit
if (funcIdent == HashFuncIdentHandler.MD2)
{
return(this.verifySigWithoutPad(block, message, HashFuncIdentHandler.MD2, 16));
}
// MD5, Digest length: 128 Bit
if (funcIdent == HashFuncIdentHandler.MD5)
{
return(this.verifySigWithoutPad(block, message, HashFuncIdentHandler.MD5, 16));
}
return(false);
}
private bool verifySigWithoutPad(byte[] sigWithoutPad, byte[] message, HashFunctionIdent hashFuncIdent, int digestLength)
{
//TODO Längen überprüfen!
string blockString = Encoding.ASCII.GetString(Hex.Encode(sigWithoutPad)).ToLower();
byte[] hashDigestFromSig = new byte[digestLength];
int endOfIdent = hashFuncIdent.DERIdent.Length / 2;
Array.Copy(sigWithoutPad, endOfIdent, hashDigestFromSig, 0, digestLength);
IDigest hashFunctionDigest = DigestUtilities.GetDigest(hashFuncIdent.diplayName);
byte[] hashDigestMessage = Hashfunction.generateHashDigest(ref message, ref hashFuncIdent);
return(this.compareByteArrays(hashDigestFromSig, hashDigestMessage));
}
public bool verifyRsaSignature(byte[] message, byte[] signature)
{
IAsymmetricBlockCipher eng = new Pkcs1Encoding(new RsaEngine());
eng.Init(false, RsaKey.Instance.getPubKey());
try
{
byte[] data = eng.ProcessBlock(signature, 0, signature.Length);
funcIdent = this.extractHashFunction(Encoding.ASCII.GetString(Hex.Encode(data)));
if (null != funcIdent)
{
ISigner verifier = SignerUtilities.GetSigner(funcIdent.diplayName + "withRSA");
return(this.verifySig(verifier, message, signature));
}
}
catch (Exception)
{
return(false);
}
return(false);
}
private static IDigest hashFunctionDigest = DigestUtilities.GetDigest(HashFuncIdentHandler.SHA1.diplayName); // default SHA1
public static byte[] generateHashDigest(string input, HashFunctionIdent hashIdent)
{
byte[] bInput = Encoding.ASCII.GetBytes(input);
return(generateHashDigest(ref bInput, ref hashIdent));
}
public override bool GenerateSignature()
{
this.SendGuiLogMsg("Message Generation started", NotificationLevel.Info);
this.m_KeyLength = RsaKey.Instance.RsaKeySize;
int hashDigestLength = Hashfunction.getDigestSize() * 8; // weil Size in Byte zurückgegeben wird
int hashIdentLength = Datablock.getInstance().HashFunctionIdent.DERIdent.Length * 4; // weil ein zeichen im string = 4 bit
int keyLength = this.m_KeyLength;
BigInteger derIdent = new BigInteger(Datablock.getInstance().HashFunctionIdent.DERIdent, 16);
BigInteger datablockLength = BigInteger.ValueOf(hashDigestLength + hashIdentLength + 8); // Länge Datenblock inkl 0-Byte (=8Bit)
bool isDivByThree = false;
BigInteger N = null;
BigInteger datablock = null;
while (false == isDivByThree)
{
byte[] bMessage = Datablock.getInstance().Message;
HashFunctionIdent hashIdent = Datablock.getInstance().HashFunctionIdent;
BigInteger hashDigest = new BigInteger(1, Hashfunction.generateHashDigest(ref bMessage, ref hashIdent));
// T*2^160 + H
datablock = derIdent.Multiply(BigInteger.Two.Pow(hashDigestLength)).Add(hashDigest); // Datablock erstellen; T=HashFuncIdent; H=HashDigest
N = (BigInteger.Two.Pow(datablockLength.IntValue)).Subtract(datablock); // N muss vielfaches von 3 sein
if (0 == (N.Mod(BigInteger.Three)).IntValue)
{
isDivByThree = true;
}
else
{
byte[] extSign = Encoding.ASCII.GetBytes(ChangeSign);
byte[] tmp = new byte[Datablock.getInstance().Message.Length + extSign.Length];
Array.Copy(Datablock.getInstance().Message, tmp, Datablock.getInstance().Message.Length);
Array.Copy(extSign, 0, tmp, Datablock.getInstance().Message.Length, extSign.Length);
Datablock.getInstance().Message = tmp;
}
}
BigInteger sigLengthWithoutZeros = BigInteger.ValueOf(this.m_KeyLength - 15); // 15 weil die ersten 15 bit 0 sind
BigInteger startPos = BigInteger.ValueOf(this.m_dataBlockStartPos);
BigInteger endPos = startPos.Add(datablockLength);
BigInteger sigLengthDivThree = sigLengthWithoutZeros.Divide(BigInteger.Three);
BigInteger testbeta = endPos.Subtract(BigInteger.Two.Multiply(sigLengthDivThree)).Subtract(datablockLength); // sollte 34 seinbei keylength 3072
//2^3057 - 2^ (2038 + 288 + 34) == 2^3057 - 2^2360
BigInteger fakeSig = (BigInteger.Two.Pow(sigLengthWithoutZeros.IntValue)).Subtract(BigInteger.Two.Pow(2 * sigLengthDivThree.IntValue + datablockLength.IntValue + testbeta.IntValue));
// 2^3057 - 2^2360 + 2^2072 * N
fakeSig = fakeSig.Add((BigInteger.Two.Pow(startPos.IntValue)).Multiply(datablock));
fakeSig = fakeSig.Add(BigInteger.Two.Pow(startPos.IntValue - 8).Multiply(BigInteger.ValueOf(125))); // add garbage
BigInteger fakeSigResult = MathFunctions.cuberoot(fakeSig);
byte[] returnByteArray = new byte[this.m_KeyLength / 8]; // KeyLength is in bit
Array.Copy(fakeSigResult.ToByteArray(), 0, returnByteArray, returnByteArray.Length - fakeSigResult.ToByteArray().Length, fakeSigResult.ToByteArray().Length);
this.m_Signature = returnByteArray;
this.m_bSigGenerated = true;
this.OnRaiseSigGenEvent(SignatureType.Bleichenbacher);
return(true);
}
public override bool GenerateSignature()
{
this.m_KeyLength = RsaKey.Instance.RsaKeySize; // Länge des RSA Modulus
// drei Leerzeichen an Msg anhängen
string sMsgModifier = " ";
byte[] bMsgModifier = Encoding.ASCII.GetBytes(sMsgModifier);
byte[] bMessage = new byte[Datablock.getInstance().Message.Length + bMsgModifier.Length];
Array.Copy(Datablock.getInstance().Message, bMessage, Datablock.getInstance().Message.Length);
Array.Copy(bMsgModifier, 0, bMessage, Datablock.getInstance().Message.Length, bMsgModifier.Length);
HashFunctionIdent hashFuncIdent = Datablock.getInstance().HashFunctionIdent; // Die vom User gewählte Hashfunktion
byte[] hashIdent = Hex.Decode(Encoding.ASCII.GetBytes(hashFuncIdent.DERIdent)); // ASN.1 codierter Ident-string
int significantByteLength = 11 + hashIdent.Length + hashFuncIdent.digestLength / 8;
// Datenblock wird konstruiert
byte[] A = new byte[significantByteLength];
A[0] = 0x00;
A[1] = 0x01;
for (int i = 2; i < 10; i++)
{
A[i] = 0xFF;
}
A[10] = 0x00;
Array.Copy(hashIdent, 0, A, 11, hashIdent.Length);
// Datenblock noch ohne Hashwert, wird in while Schleife unten hinzugefügt
// byte array der kompletten Signatur, wird zuerst mit 'FF' gefüllt und dann nachher Datenblock an den Anfang kopiert
byte[] S = new byte[this.m_KeyLength / 8];
for (int i = A.Length; i < S.Length; i++)
{
S[i] = 0xFF;
}
BigInteger finalSignature = null;
int iMsgLength = bMessage.Length;
bool isEqual = false;
int countLoops = 0;
this.SendGuiLogMsg("Signature Generation started", NotificationLevel.Info);
byte[] hashDigest = new byte[0]; // Hashwert wird in dieser var gespeichert
BigInteger T = new BigInteger("0"); // hilfsvar
byte[] resultArray = new byte[this.m_KeyLength / 8];
while (!isEqual && (countLoops < this.m_Iterations))
{
hashDigest = Hashfunction.generateHashDigest(ref bMessage, ref hashFuncIdent); // Hashwert wird erzeugt
Array.Copy(hashDigest, 0, A, 11 + hashIdent.Length, hashDigest.Length); // erzeugter Hashwert wird in den Datenblock kopiert
Array.Copy(A, 0, S, 0, A.Length); // erzeugter Datenblock wird in erzeugte Signatur S kopiert
finalSignature = MathFunctions.cuberoot4(new BigInteger(S), this.m_KeyLength); // Kubikwurzel ziehen
byte[] test2 = finalSignature.ToByteArray();
T = finalSignature.Pow(3); // mit 3 potenzieren
byte[] test = T.ToByteArray();
resultArray[0] = 0x00; // erstes byte is 0
// durch Konvertierung in BigInteger werden führende Nullen abgeschnitten, daher wird an Stelle 1 in byte array kopiert.
Array.Copy(T.ToByteArray(), 0, resultArray, 1, T.ToByteArray().Length);
isEqual = MathFunctions.compareByteArray(ref resultArray, ref S, significantByteLength); // byte arrays vergleichen, wird in meinen Tests nicht erreicht
if (!isEqual)
{
int value1 = bMessage[iMsgLength - 1];
if (++value1 >= 256)
{
value1 = 0;
int value2 = bMessage[iMsgLength - 2];
if (++value2 >= 256)
{
value2 = 0;
int value3 = bMessage[iMsgLength - 3];
++value3;
bMessage[iMsgLength - 3] = (byte)value3;
}
bMessage[iMsgLength - 2] = (byte)value2;
}
bMessage[iMsgLength - 1] = (byte)value1;
countLoops++;
}
}
if (countLoops != this.m_Iterations)
{
Datablock.getInstance().Message = bMessage;
byte[] returnByteArray = new byte[this.m_KeyLength / 8];
Array.Copy(finalSignature.ToByteArray(), 0, returnByteArray, returnByteArray.Length - finalSignature.ToByteArray().Length, finalSignature.ToByteArray().Length);
this.m_Signature = returnByteArray;
this.m_bSigGenerated = true;
this.OnRaiseSigGenEvent(SignatureType.Kuehn);
return(true);
}
else
{
this.m_bSigGenerated = false;
}
return(false);
}