public Signature FromReader(BinaryReader reader, long reload_msg_size) { var ascii = new ASCIIEncoding(); var hashAlg = (HashAlgorithm)reader.ReadByte(); var signatureAlg = (SignatureAlgorithm)reader.ReadByte(); algorithm = new SignatureAndHashAlgorithm(hashAlg, signatureAlg); /* Read SignerIdentity */ var type = (SignerIdentityType)reader.ReadByte(); UInt16 length = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16()); /* Read SignerIdentityValue */ hashAlg = (HashAlgorithm)reader.ReadByte(); length -= 1; ushort hashLen = (ushort)reader.ReadByte(); byte[] bHash = reader.ReadBytes(hashLen); /* Create SignerIdentityValue */ var signerIdVal = new SignerIdentityValue(type, hashAlg, bHash); /* Create SignerIdentity */ identity = new SignerIdentity(type, signerIdVal); /* Read SignatureValue */ UInt16 sigLen = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16()); signatureValue = reader.ReadBytes(sigLen); return this; }
/// <summary> /// Each StoredData element is individually signed. However, the /// signature also must be self-contained and cover the Kind-ID and /// Resource-ID even though they are not present in the StoredData /// structure. The input to the signature algorithm is: /// resource_id || kind || storage_time || StoredDataValue || /// SignerIdentity /// </summary> /// <param name="resId"></param> /// <param name="kind"></param> /// <param name="storageTime"></param> /// <param name="storedDataValue"></param> /// <param name="identity"></param> public Signature(ResourceId resId, UInt32 kind, UInt64 storageTime, StoredDataValue value, SignerIdentity signerIdentity, ReloadConfig config) { m_ReloadConfig = config; var ascii = new ASCIIEncoding(); /* Set alogorithm and identity */ algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); identity = signerIdentity; /* Get string of stored data value */ var ms = new MemoryStream(); var bw = new BinaryWriter(ms); value.Dump(bw); value.GetUsageValue.dump(bw); ms.Position = 0; var sr = new StreamReader(ms); string strValue = sr.ReadToEnd(); sr.Close(); bw.Close(); /* Concatenate signature input */ String signaturInput = String.Format("{0}{1}{2}{3}{4}", ascii.GetString(resId.Data, 0, resId.Data.Length), kind, storageTime, strValue, identity.ToString()); signatureValue = Sign(signaturInput); }
/// <summary> /// For signatures over messages the input to the signature is computed /// over the overlay and transaction_id come from the forwarding header /// see RELOAD base -13 p.53 /// </summary> /// <param name="overlay">overlay</param> /// <param name="transaction_id">transaction_id</param> /// <param name="messageContents">Message Contents</param> /// <param name="signerIdentity">SignerIdentity</param> public Signature(UInt32 overlay, string transactionId, string messageContents, SignerIdentity signerIdentity, ReloadConfig config) { m_ReloadConfig = config; algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); identity = signerIdentity; /* Compute signature */ String signaturInput = String.Format("{0}{1}{2}{3}", overlay, transactionId, messageContents, identity.ToString()); signatureValue = Sign(signaturInput); }
public Signature(UInt32 overlay, string transactionId, byte[] messageContents, SignerIdentity signerIdentity, ReloadConfig config) { m_ReloadConfig = config; algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); identity = signerIdentity; /* Compute signature */ byte[] bOverlay = BitConverter.GetBytes(overlay); byte[] bTransId = Encoding.Unicode.GetBytes(transactionId); byte[] bId = Encoding.Unicode.GetBytes(identity.ToString()); byte[] sig = new byte[bOverlay.Length + bTransId.Length + messageContents.Length + bId.Length]; System.Buffer.BlockCopy(bOverlay, 0, sig, 0, bOverlay.Length); System.Buffer.BlockCopy(bTransId, 0, sig, bOverlay.Length, bTransId.Length); System.Buffer.BlockCopy(messageContents, 0, sig, bOverlay.Length + bTransId.Length, messageContents.Length); System.Buffer.BlockCopy(bId, 0, sig, bOverlay.Length + bTransId.Length + messageContents.Length, bId.Length); signatureValue = Sign(sig); }
public bool validateDataSignature(ResourceId resId, uint kind, StoredData sd) { //FetchAns fetch_answer = (FetchAns)(reloadMsg.reload_message_body); var ascii = new ASCIIEncoding(); /* Set alogorithm and identity */ SignatureAndHashAlgorithm algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); /* Covert Idenity to string */ String identity = sd.Signature.Identity.ToString(); /* Get string of stored data value */ var ms = new MemoryStream(); var bw = new BinaryWriter(ms); sd.Value.Dump(bw); sd.Value.GetUsageValue.dump(bw); ms.Position = 0; var sr = new StreamReader(ms); string strValue = sr.ReadToEnd(); sr.Close(); bw.Close(); /* Concatenate signature input */ String strSignaturInput = String.Format("{0}{1}{2}{3}{4}", ascii.GetString(resId.Data, 0, resId.Data.Length), kind, sd.StoreageTime, strValue, identity); byte[] signatureInput = ascii.GetBytes(strSignaturInput); byte[] sigVal = sd.Signature.SignaureValue; GenericCertificate gencert = GetPKC(sd.Signature.Identity); byte[] bcert = gencert.Certificate; //TODO: TEST X509Certificate2 signerCert = new X509Certificate2(bcert); if (!Utils.X509Utils.VerifyCertificate(signerCert, m_ReloadConfig.RootCertificate)) { m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_ERROR, String.Format("validateDataSignatures: NodeID {0}, Certificate" + "validation failed (CA Issuer {1})", null, signerCert.Issuer)); //return false; } var cert = new X509Certificate2(bcert); switch (sd.Signature.Algorithm.signature) { case SignatureAlgorithm.rsa: var cryptoIPT = (RSACryptoServiceProvider)cert.PublicKey.Key; switch (sd.Signature.Algorithm.hash) { case HashAlgorithm.sha256: var sha256 = new SHA256CryptoServiceProvider(); if (!cryptoIPT.VerifyData(signatureInput, sha256, sigVal)) { throw new InvalidOperationException("Invalid signature"); return false; } else { m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_FORWARDING, "DATA SIGNATURE VALID!!"); return true; } break; default: throw new NotImplementedException("AccessController:" + "hash algoritm not implemented!"); } break; case SignatureAlgorithm.dsa: throw new NotImplementedException("AccessController:" + "DSA encryption not implemented!"); default: throw new NotImplementedException("AccessController:" + "encryption not implemented!"); } }