public static bool VerifyHash(string hash, string publicKey, string signature) { using (ECDsaCng dsa = new ECDsaCng(CngKey.Import(publicKey.FromHex(), CngKeyBlobFormat.EccPublicBlob))) { return(dsa.VerifyHash(hash.FromHex(), signature.FromHex())); } }
/// <inheritdoc /> protected internal override bool VerifyHash(byte[] data, byte[] signature) { using (var cng = new ECDsaCng(this.key)) { return(cng.VerifyHash(data, signature)); } }
public static bool DeCDsa(this string data, CngKey key, string originalData) { ECDsaCng ecdsa = new ECDsaCng(key); SHA1 sha1 = System.Security.Cryptography.SHA1.Create(); return(ecdsa.VerifyHash(sha1.ComputeHash(Convert.FromBase64String(originalData)), Convert.FromBase64String(data))); }
public static bool VerifyData( this ECDsaCng ecdsaCng, byte[] data, int offset, int count, byte[] signature) { if (data == null) { throw new ArgumentNullException("data"); } if (offset < 0 || offset > data.Length) { throw new ArgumentOutOfRangeException("offset"); } if (count < 0 || count > data.Length - offset) { throw new ArgumentOutOfRangeException("count"); } if (signature == null) { throw new ArgumentNullException("signature"); } using (BCryptHashAlgorithm hashAlgorithm = new BCryptHashAlgorithm(CngAlgorithm.Sha256, BCryptNative.ProviderName.MicrosoftPrimitiveProvider)) { hashAlgorithm.HashCore(data, offset, count); byte[] hashValue = hashAlgorithm.HashFinal(); return(ecdsaCng.VerifyHash(hashValue, signature)); } }
internal bool Verify(byte[] hash, byte[] signature) { using (ECDsaCng sig = new ECDsaCng(_cngKey)) { sig.HashAlgorithm = CngAlgorithm.ECDsaP256; return(sig.VerifyHash(hash, signature)); } }
public static bool Verify(CngKey pub, byte[] hash, byte[] sig) { using (var ecdsa = new ECDsaCng(pub)) { ecdsa.HashAlgorithm = CngAlgorithm.ECDsaP256; return(ecdsa.VerifyHash(hash, sig)); } }
public static void TestNegativeVerify256() { CngKey key = TestData.s_ECDsa256Key; ECDsaCng e = new ECDsaCng(key); byte[] tamperedSig = ("998791331eb2e1f4259297f5d9cb82fa20dec98e1cb0900e6b8f014a406c3d02cbdbf5238bde471c3155fc25565524301429" + "e8713dad9a67eb0a5c355e9e23dc").HexToByteArray(); bool verified = e.VerifyHash(ECDsaTestData.s_hashSha512, tamperedSig); Assert.False(verified); }
public static bool VerifyHash(byte[] hash, byte[] signature, byte[] PK) { using (CngKey key = CngKey.Import(PK, CngKeyBlobFormat.EccPublicBlob)) { using (ECDsaCng ecdsa = new ECDsaCng(key)) { return(ecdsa.VerifyHash(hash, signature)); } } }
public static void TestNegativeVerify384() { CngKey key = TestData.s_ECDsa384Key; ECDsaCng e = new ECDsaCng(key); byte[] tamperedSig = ("7805c494b17bba8cba09d3e5cdd16d69ce785e56c4f2d9d9061d549fce0a6860cca1cb9326bd534da21ad4ff326a1e0810d8" + "f366eb6afc66ede0d1ffe345f6b37ac622ed77838b42825ceb96cd3996d3d77fd6a248357ae1ae6cb85f048b1b04").HexToByteArray(); bool verified = e.VerifyHash(ECDsaTestData.s_hashSha512, tamperedSig); Assert.False(verified); }
/// <summary> /// 根据传入的公钥与签名,对可签名对象的签名进行验证 /// </summary> /// <param name="signable">要验证的数据</param> /// <param name="pubkey">公钥</param> /// <param name="signature">签名</param> /// <returns>返回验证结果</returns> public static bool VerifySignature(this ISignable signable, ECPoint pubkey, byte[] signature) { const int ECDSA_PUBLIC_P256_MAGIC = 0x31534345; byte[] bytes = BitConverter.GetBytes(ECDSA_PUBLIC_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey.EncodePoint(false).Skip(1)).ToArray(); using (CngKey key = CngKey.Import(bytes, CngKeyBlobFormat.EccPublicBlob)) using (ECDsaCng ecdsa = new ECDsaCng(key)) { return(ecdsa.VerifyHash(signable.GetHashForSigning(), signature)); } }
public static void TestNegativeVerify384() { CngKey key = TestData.s_ECDsa384Key; ECDsaCng e = new ECDsaCng(key); byte[] tamperedSig = ("7805c494b17bba8cba09d3e5cdd16d69ce785e56c4f2d9d9061d549fce0a6860cca1cb9326bd534da21ad4ff326a1e0810d8" + "f366eb6afc66ede0d1ffe345f6b37ac622ed77838b42825ceb96cd3996d3d77fd6a248357ae1ae6cb85f048b1b04").HexToByteArray(); bool verified = e.VerifyHash(EccTestData.s_hashSha512, tamperedSig); Assert.False(verified); }
public static void TestNegativeVerify256() { CngKey key = TestData.s_ECDsa256Key; ECDsaCng e = new ECDsaCng(key); byte[] tamperedSig = ("998791331eb2e1f4259297f5d9cb82fa20dec98e1cb0900e6b8f014a406c3d02cbdbf5238bde471c3155fc25565524301429" + "e8713dad9a67eb0a5c355e9e23dc").HexToByteArray(); bool verified = e.VerifyHash(EccTestData.s_hashSha512, tamperedSig); Assert.False(verified); }
public static void TestNegativeVerify521() { CngKey key = TestData.s_ECDsa521Key; ECDsaCng e = new ECDsaCng(key); byte[] tamperedSig = ("0084461450745672df85735fbf89f2dccef804d6b56e86ca45ea5c366a05a5de96327eddb75582821c6315c8bb823c875845" + "a6f25963ddab70461b786261507f971401fdc300697824129e0a84e0ba1ab4820ac7b29e7f8248bc2e29d152a9190eb3fcb7" + "6e8ebf1aa5dd28ffd582a24cbfebb3426a5f933ce1d995b31c951103d24f6256").HexToByteArray(); bool verified = e.VerifyHash(EccTestData.s_hashSha512, tamperedSig); Assert.False(verified); }
private bool ValidateHash(byte[] hash, byte[] signature) { const string publicKey = "RUNTNUIAAAABLcbMBFKtpFlBY0j6TnD5DTeDjy2UoTt3ik2yhY9RGB8AdkZ44DTLG3L3e8S7g+bRmhwygtlsGUFEUMGiJ2SBeGAABS5nBJRfQhAA+vmishz0EWYXD5FUYClQaRHlrH9clkB9pDakzPSvPbGnpMuHgCWa6LniAb1zExIPbYv9zHlfqOA="; using (var key = CngKey.Import(Convert.FromBase64String(publicKey), CngKeyBlobFormat.EccPublicBlob)) { using (var ecdsa = new ECDsaCng(key)) { return(ecdsa.VerifyHash(hash, signature)); } } }
/// <summary> /// Is the signed hash belong to the hash and public key /// </summary> /// <param name="hash">transfer info hash</param> /// <param name="publicKey">public key</param> /// <returns>true if the signed hash belong to the hash and public key</returns> public bool IsValidSignedHash(byte[] hash, byte[] publicKey) { bool ret; using (var dsa = new ECDsaCng(CngKey.Import(publicKey, CngKeyBlobFormat.EccPublicBlob))) { dsa.HashAlgorithm = Global.HashAlgorithm; //// verifying hashed message ////bReturn = dsa.VerifyHash(dataHash, SignedMsg); ret = dsa.VerifyHash(hash, this.sgndData); } return(ret); }
internal static bool ValidateBareCertificateWithBcrypt(X509Certificate2 certificate) { var deviceInfo = ExtensionDecoder.Decode(certificate); // check we have a good extension if (deviceInfo == null) { Helpers.Notify("Certificate does not have well-formed RIoT extension", true); return(false); } var devIdPubKeyDEREncoded = deviceInfo.EncodedDeviceIDKey; if (devIdPubKeyDEREncoded.Length != 65) { Helpers.Notify("Public key in extension has incorrect length", true); return(false); } // We need to convert to the Windows key format before we can import // #define BCRYPT_ECDSA_PUBLIC_P256_MAGIC 0x31534345 // ECS1 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa375520(v=vs.85).aspx byte[] windowsEncodedKey = new byte[32 * 2 + 4 + 4]; // todo - endianess byte[] magic = BitConverter.GetBytes((uint)0x31534345); byte[] len = BitConverter.GetBytes((uint)32); Array.Copy(magic, 0, windowsEncodedKey, 0, 4); Array.Copy(len, 0, windowsEncodedKey, 4, 4); Array.Copy(devIdPubKeyDEREncoded, 1, windowsEncodedKey, 8, 32); Array.Copy(devIdPubKeyDEREncoded, 32 + 1, windowsEncodedKey, 8 + 32, 32); var devIdPubKey = CngKey.Import(windowsEncodedKey, CngKeyBlobFormat.EccPublicBlob); ECDsaCng verifier = new ECDsaCng(devIdPubKey); ECDsaCng testSigner = new ECDsaCng(256); var sig = testSigner.SignData(new byte[] { 1, 2, 3, 4 }); bool okx = testSigner.VerifyData(new byte[] { 1, 2, 3, 4 }, sig); var bits = ExtensionDecoder.Decompose(certificate); var tbsHash = Helpers.HashData(bits.Tbs, 0, bits.Tbs.Length); bool ok = verifier.VerifyHash(tbsHash, bits.Signature); return(true); }
public static bool?VerifySignatureCng(byte[] pkParameters, byte[] pkKey, byte[] hash, byte[] signature) { #if !__MonoCS__ EllipticCurve curve = null; var ecsngHeader = new byte[8] { (byte)'E', (byte)'C', (byte)'S', 0, 0, 0, 0, 0 }; curve = GetCurveFromParameters(pkParameters); if (curve == null) { return(null); } if (curve == EllipticCurve.P256) { ecsngHeader[3] = (byte)'1'; } else if (curve == EllipticCurve.P384) { ecsngHeader[3] = (byte)'3'; } else // P512 { ecsngHeader[3] = (byte)'5'; } ecsngHeader[4] = (byte)curve.curveByteLen; var pubKeyBlob = new byte[8 + curve.curveByteLen * 2]; Buffer.BlockCopy(ecsngHeader, 0, pubKeyBlob, 0, 8); Buffer.BlockCopy(pkKey, 1, pubKeyBlob, 8, curve.curveByteLen * 2); var ecdsa = new ECDsaCng(CngKey.Import(pubKeyBlob, CngKeyBlobFormat.EccPublicBlob)); // We must decode the signature from DER format to raw format (to coordinates on the curve) var decodedSignature = Utils.DecodeDERSignature(signature, 0, signature.Length, curve.curveByteLen); bool ok = ecdsa.VerifyHash(hash, decodedSignature); return(ok); #else throw new NotSupportedException(); #endif }
private static bool VerifySignature(byte[] hash, byte[] signature, byte[] pubkey) { const int ECDSA_PUBLIC_P256_MAGIC = 0x31534345; try { pubkey = ECPoint.DecodePoint(pubkey, ECCurve.Secp256r1).EncodePoint(false).Skip(1).ToArray(); } catch { return(false); } pubkey = BitConverter.GetBytes(ECDSA_PUBLIC_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey).ToArray(); using (CngKey key = CngKey.Import(pubkey, CngKeyBlobFormat.EccPublicBlob)) using (ECDsaCng ecdsa = new ECDsaCng(key)) { return(ecdsa.VerifyHash(hash, signature)); } }
public void TryWithRaw() { var pubHex = "046A347F0488ABC7D92E2208794E327ECA15B0C2B27018B2B5B89DD8CB736FD7CC38F37D2D10822530AD97359ACBD837A65C2CA62D44B0CE569BD222C2DABF268F"; var privBytes = "48 119 2 1 1 4 32 36 32 85 234 114 73 227 18 64 63 130 39 155 80 70 109 242 211 48 21 9 238 238 96 191 178 8 11 9 221 183 246 160 10 6 8 42 134 72 206 61 3 1 7 161 68 3 66 0 4 106 52 127 4 136 171 199 217 46 34 8 121 78 50 126 202 21 176 194 178 112 24 178 181 184 157 216 203 115 111 215 204 56 243 125 45 16 130 37 48 173 151 53 154 203 216 55 166 92 44 166 45 68 176 206 86 155 210 34 194 218 191 38 143".FromIntList(); var pubBytes = pubHex.FromHex(); var msgBytes = "time for beer".StringToBytes(); var d = Asn1Node.ReadNode(privBytes); //Console.WriteLine(privBytes.ToHex()); var pk = d.Nodes.First(n => n.NodeType == Asn1UniversalNodeType.OctetString).GetBytes().Skip(2).ToArray(); // var oid = d.Nodes.First(n => n.NodeType == Asn1UniversalNodeType.ObjectId); //Console.WriteLine(pk.Length); //var npb = new List<byte>(); //npb.AddRange("45435332".FromHex()); //npb.AddRange("20000000".FromHex()); //var keyType = new byte[] {0x45, 0x43, 0x53, 0x31}; //var keyLength = new byte[] {0x20, 0x00, 0x00, 0x00}; //var key = pubBytes.Skip(1); //var keyImport = keyType.Concat(keyLength).Concat(key).ToArray(); //var cngKey = CngKey.Import(keyImport, CngKeyBlobFormat.EccPublicBlob); var keyType = new byte[] { 0x45, 0x43, 0x53, 0x32 }; var keyLength = new byte[] { 0x20, 0x00, 0x00, 0x00 }; var key = pubBytes.Skip(1); var keyImport = keyType.Concat(keyLength).Concat(key).Concat(pk.Take(32)).ToArray(); var cngKey = CngKey.Import(keyImport, CngKeyBlobFormat.EccPrivateBlob); // Console.WriteLine(msgBytes.ToIntList()); // Console.WriteLine(cngKey.Algorithm); using (var ecdsa = new ECDsaCng(cngKey)) { ; var sig = ecdsa.SignHash(msgBytes); var r = sig.Take(32).ToArray().ToIntList(); var s = sig.Skip(32).ToArray().ToIntList(); // Console.WriteLine($"r={r}"); //Console.WriteLine($"s={s}"); } var sm = new List <byte>(); var rb = "4 125 215 32 233 142 70 85 201 154 76 249 192 224 47 110 137 143 196 200 134 41 40 215 145 53 16 48 70 137 141 220".FromIntList(); var sb = "13 204 63 209 196 150 249 28 161 192 197 238 187 28 49 93 64 81 111 132 87 13 150 77 41 62 144 197 244 173 110 176".FromIntList(); var ri = new BigInteger(rb.Reverse().ToArray()); Console.WriteLine(ri); var bi = BigInteger.Parse("2031592040209509309444738411503462520448943330036365867913793138397723332060"); var bib = bi.ToByteArray(); Console.WriteLine(bib.ToIntList()); sm.AddRange(rb); sm.AddRange(sb); //Console.WriteLine(sm.Count); using (var ecdsa = new ECDsaCng(cngKey)) { Assert.True(ecdsa.VerifyHash(msgBytes, sm.ToArray())); } //npb.AddRange(pubBytes.Skip(1)); //npb.AddRange(pk); //var cngKey = CngKey.Import(npb.ToArray(), CngKeyBlobFormat.EccPrivateBlob); }
/// <summary> /// Verifies the signature over data or a digest. /// The data will be hashed internall by the method using hash algorithm from /// the signing scheme digest computed from the specified data buffer. /// The signing scheme is retrieved from the signature. The verification key /// shall have either compatible or null scheme. /// </summary> /// <param name="data">Byte buffer containing either digest or data to check against the signature</param> /// <param name="dataIsDigest">Specifies the type of 'data' parameter contents</param> /// <param name="signature">The signature</param> /// <returns>True if the verification succeeds.</returns> private bool VerifySignature(byte[] data, bool dataIsDigest, ISignatureUnion sig) { #if TSS_USE_BCRYPT Debug.Assert(Key != UIntPtr.Zero); #endif TpmAlgId sigScheme = sig.GetUnionSelector(); TpmAlgId sigHash = CryptoLib.SchemeHash(sig); var rsaParams = PublicParms.parameters as RsaParms; if (rsaParams != null) { #if !TSS_USE_BCRYPT Debug.Assert(RsaProvider != null); #endif var s = sig as SignatureRsa; TpmAlgId keyScheme = rsaParams.scheme.GetUnionSelector(); if (keyScheme != TpmAlgId.Null && keyScheme != sigScheme) { Globs.Throw <ArgumentException>("Key scheme and signature scheme do not match"); return(false); } byte[] digest = dataIsDigest ? data : CryptoLib.HashData(sigHash, data); if (sigScheme == TpmAlgId.Rsassa) { #if TSS_USE_BCRYPT return(Key.VerifySignature(digest, s.sig, sigHash, true)); #else return(RsaProvider.VerifyHash(digest, CryptoLib.GetHashName(sigHash), s.sig)); #endif } if (sigScheme == TpmAlgId.Rsapss) { #if true Globs.Throw <ArgumentException>("VerifySignature(): PSS scheme is not supported"); return(false); #else #if TSS_USE_BCRYPT return(BCryptInterface.VerifySignature(KeyHandle, digest, sig.sig, sigHash, false)); #else var rr = new RawRsa(RsaProvider.ExportParameters(false), RsaProvider.KeySize); return(rr.PssVerify(digest, sig.sig, sigHash)); #endif #endif // false } Globs.Throw <ArgumentException>("VerifySignature(): Unrecognized scheme"); return(false); } var eccParams = PublicParms.parameters as EccParms; if (eccParams != null) { if (eccParams.scheme.GetUnionSelector() != TpmAlgId.Ecdsa) { Globs.Throw <ArgumentException>("Unsupported ECC sig scheme"); return(false); } TpmAlgId keyScheme = eccParams.scheme.GetUnionSelector(); if (keyScheme != TpmAlgId.Null && keyScheme != sigScheme) { Globs.Throw <ArgumentException>("Key scheme and signature scheme do not match"); return(false); } var s = sig as SignatureEcdsa; byte[] digest = dataIsDigest ? data : CryptoLib.HashData(sigHash, data); byte[] sigBlob = Globs.Concatenate(s.signatureR, s.signatureS); #if TSS_USE_BCRYPT return(Key.VerifySignature(digest, sigBlob)); #elif !__MonoCS__ Debug.Assert(EcdsaProvider != null); EcdsaProvider.HashAlgorithm = GetCngAlgorithm(sigHash); return(EcdsaProvider.VerifyHash(digest, sigBlob)); #endif // !TSS_USE_BCRYPT && !__MonoCS__ } // Should never be here Globs.Throw("VerifySignature: Unrecognized asymmetric algorithm"); return(false); } // VerifySignature()
public bool VerifyHash(byte[] publicKey, byte[] hash, byte[] signature) { using (ECDsaCng verifier = new ECDsaCng(CngKey.Import(publicKey, CngKeyBlobFormat.EccPublicBlob))) return(verifier.VerifyHash(hash, signature)); }
public static void TestNegativeVerify521() { CngKey key = TestData.s_ECDsa521Key; ECDsaCng e = new ECDsaCng(key); byte[] tamperedSig = ("0084461450745672df85735fbf89f2dccef804d6b56e86ca45ea5c366a05a5de96327eddb75582821c6315c8bb823c875845" + "a6f25963ddab70461b786261507f971401fdc300697824129e0a84e0ba1ab4820ac7b29e7f8248bc2e29d152a9190eb3fcb7" + "6e8ebf1aa5dd28ffd582a24cbfebb3426a5f933ce1d995b31c951103d24f6256").HexToByteArray(); bool verified = e.VerifyHash(ECDsaTestData.s_hashSha512, tamperedSig); Assert.False(verified); }