/// <summary> /// Each StoredData element is individually signed. However, the /// signature also must be self-contained and cover the Kind-ID and /// Resource-ID even though they are not present in the StoredData /// structure. The input to the signature algorithm is: /// resource_id || kind || storage_time || StoredDataValue || /// SignerIdentity /// </summary> /// <param name="resId"></param> /// <param name="kind"></param> /// <param name="storageTime"></param> /// <param name="storedDataValue"></param> /// <param name="identity"></param> public Signature(ResourceId resId, UInt32 kind, UInt64 storageTime, StoredDataValue value, SignerIdentity signerIdentity, ReloadConfig config) { m_ReloadConfig = config; var ascii = new ASCIIEncoding(); /* Set alogorithm and identity */ algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); identity = signerIdentity; /* Get string of stored data value */ var ms = new MemoryStream(); var bw = new BinaryWriter(ms); value.Dump(bw); value.GetUsageValue.dump(bw); ms.Position = 0; var sr = new StreamReader(ms); string strValue = sr.ReadToEnd(); sr.Close(); bw.Close(); /* Concatenate signature input */ String signaturInput = String.Format("{0}{1}{2}{3}{4}", ascii.GetString(resId.Data, 0, resId.Data.Length), kind, storageTime, strValue, identity.ToString()); signatureValue = Sign(signaturInput); }
public Signature FromReader(BinaryReader reader, long reload_msg_size) { var ascii = new ASCIIEncoding(); var hashAlg = (HashAlgorithm)reader.ReadByte(); var signatureAlg = (SignatureAlgorithm)reader.ReadByte(); algorithm = new SignatureAndHashAlgorithm(hashAlg, signatureAlg); /* Read SignerIdentity */ var type = (SignerIdentityType)reader.ReadByte(); UInt16 length = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16()); /* Read SignerIdentityValue */ hashAlg = (HashAlgorithm)reader.ReadByte(); length -= 1; ushort hashLen = (ushort)reader.ReadByte(); byte[] bHash = reader.ReadBytes(hashLen); /* Create SignerIdentityValue */ var signerIdVal = new SignerIdentityValue(type, hashAlg, bHash); /* Create SignerIdentity */ identity = new SignerIdentity(type, signerIdVal); /* Read SignatureValue */ UInt16 sigLen = (UInt16)IPAddress.NetworkToHostOrder(reader.ReadInt16()); signatureValue = reader.ReadBytes(sigLen); return this; }
/// <summary> /// For signatures over messages the input to the signature is computed /// over the overlay and transaction_id come from the forwarding header /// see RELOAD base -13 p.53 /// </summary> /// <param name="overlay">overlay</param> /// <param name="transaction_id">transaction_id</param> /// <param name="messageContents">Message Contents</param> /// <param name="signerIdentity">SignerIdentity</param> public Signature(UInt32 overlay, string transactionId, string messageContents, SignerIdentity signerIdentity, ReloadConfig config) { m_ReloadConfig = config; algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); identity = signerIdentity; /* Compute signature */ String signaturInput = String.Format("{0}{1}{2}{3}", overlay, transactionId, messageContents, identity.ToString()); signatureValue = Sign(signaturInput); }
public Signature(UInt32 overlay, string transactionId, byte[] messageContents, SignerIdentity signerIdentity, ReloadConfig config) { m_ReloadConfig = config; algorithm = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, ReloadGlobals.SignatureAlg); identity = signerIdentity; /* Compute signature */ byte[] bOverlay = BitConverter.GetBytes(overlay); byte[] bTransId = Encoding.Unicode.GetBytes(transactionId); byte[] bId = Encoding.Unicode.GetBytes(identity.ToString()); byte[] sig = new byte[bOverlay.Length + bTransId.Length + messageContents.Length + bId.Length]; System.Buffer.BlockCopy(bOverlay, 0, sig, 0, bOverlay.Length); System.Buffer.BlockCopy(bTransId, 0, sig, bOverlay.Length, bTransId.Length); System.Buffer.BlockCopy(messageContents, 0, sig, bOverlay.Length + bTransId.Length, messageContents.Length); System.Buffer.BlockCopy(bId, 0, sig, bOverlay.Length + bTransId.Length + messageContents.Length, bId.Length); signatureValue = Sign(sig); }
/// <summary> /// Computes the signature of the stored data. /// The input to the signature algorithm is: /// /// resource_id || kind || storage_time || StoredDataValue || /// SignerIdentity /// Where || indicates concatenation. /// </summary> /// <param name="resId"></param> /// <param name="kindId"></param> public void SignData(ResourceId resId, UInt32 kindId, SignerIdentity id, ReloadConfig rc) { signature = new Signature(resId, kindId, storage_time, value, id, rc); }
/// <summary> /// Creates a new Security Block for data transporting messages /// </summary> /// <param name="signerCert">X.509 PKC of the request originator</param> /// <param name="certs">X.509 PKCs for validation data</param> public SecurityBlock(ReloadConfig rc, SignerIdentity myIdentity, List<byte[]> certs) { m_ReloadConfig = rc; m_AccessControl = rc.AccessController; /* Add the certificate of signer */ certificates = new List<GenericCertificate>(); GenericCertificate myCert = m_AccessControl.GetPKC(myIdentity); certificates.Add(myCert); /* Add all other PKCs */ foreach (byte[] pkc in certs) { certificates.Add(new GenericCertificate(pkc)); } signerId = myIdentity; }
/// <summary> /// Creates a new Security Block for ordinary messages /// </summary> /// <param name="signerCert">X.509 PKC of the request originator</param> public SecurityBlock(ReloadConfig rc, SignerIdentity myIdentity) { m_ReloadConfig = rc; m_AccessControl = rc.AccessController; /* Add the certificate of signer */ certificates = new List<GenericCertificate>(); GenericCertificate myCert = m_AccessControl.GetPKC(myIdentity); certificates.Add(myCert); signerId = myIdentity; }
public GenericCertificate GetPKC(SignerIdentity identity) { if (identity == null) throw new ArgumentNullException( "AccessControl.GetPKC: Identity null"); string strHash = String.Join(String.Empty, identity.Identity.CertificateHash.Select(b => b.ToString("x2"))); return storedPKCs[strHash]; }
public AccessController(ReloadConfig rc) { var ascii = new ASCIIEncoding(); m_ReloadConfig = rc; storedPKCs = new Dictionary<string, GenericCertificate>(); ACPs = new Dictionary<String, IAccessControlPolicy>(); ACPmap = new Dictionary<UInt32, String>(); /* Convert My TEIX509Certificate to opaque string*/ /* SignerIdValue*/ var sha256 = new SHA256Managed(); byte[] myCert; //m_ReloadConfig.MyCertificate.SaveToBuffer(out myCert); //myCert = m_ReloadConfig.MySSLCertificate.DER; myCert = m_ReloadConfig.MyCertificate.GetRawCertData(); byte[] bHash = sha256.ComputeHash(myCert); var signIdVal = new SignerIdentityValue(SignerIdentityType.cert_hash, ReloadGlobals.HashAlg, bHash); /* Publish my Id and my PKC */ var myGenCert = new GenericCertificate(myCert); myIdentity = new SignerIdentity(SignerIdentityType.cert_hash, signIdVal); string strHash = String.Join(String.Empty, bHash.Select(b => b.ToString("x2"))); storedPKCs.Add(strHash, myGenCert); }