//Create S2 structure DataStructs.SIGMA_S2_MESSAGE GenerateS2Structure() { DataStructs.SIGMA_S2_MESSAGE S2Message = new DataStructs.SIGMA_S2_MESSAGE(); //Fill the S2 fields S2Message.Basename = new byte[DataStructs.BASE_NAME_LENGTH]; //The base name, chosen by the verifier, to be used in name based signatures. here you can use baseName, in case you want to do it. S2Message.Gb = Gb; //The Verifier's ephemeral DH public key S2Message.OcspReq = OCSPReq; //An (optional) OCSP Request from the prover return(S2Message); }
//Get S2 message public bool GetS2Message(out byte[] S2MessageArray) { S2MessageArray = new byte[0]; byte[] cert = DataStructs.Sigma11_3PSignedCert; //Verifier's certificate byte[] key = DataStructs.Sigma11_Signed3PKey; //Verifier's private key //Get the OCSP response according to the request we've got from the proover OCSPResp = GetOCSPResponseFromRealResponder(cert, OCSPReq.OcspNonce); //if there is a problem with the OCSP server connection if (OCSPResp == null) { return(false); } try { //Create S2 structure DataStructs.SIGMA_S2_MESSAGE S2Message = GenerateS2Structure(); //Build the OCSP response OCSPResp = BuildOCSPResp(cert, OCSPResp); //Composing - Data contains Verifier Cert, SIG_RL_HEADER followed by Revocation List , OCSP Response (If requested) VLRs in this order. SigRL is optional. List <byte> VerifierCertAndOCSPRespList = new List <byte>(); //Generate X509 verifier certificate byte[] x509VerifierCertArray = GenerateX509VerifierCert(cert); //Add the x509VerifierCert to S2 message VerifierCertAndOCSPRespList.AddRange(x509VerifierCertArray); //Here you can generate SIG-RL in case you want to use it, and add it to s2List //Add the OCSP response to S2 message VerifierCertAndOCSPRespList.AddRange(OCSPResp); //Convert VerifierCert and OCSPResp list to a byte array byte[] VerifierCertAndOCSPResp = VerifierCertAndOCSPRespList.ToArray(); //Convert OCSP request from structure to a byte array byte[] ocspReqArray = Utils.StructureToByteArray(S2Message.OcspReq); //Preparing the HMAC //Constructing HMAC data - Gb || Basename || OCSP Req || Verifier Cert || Sig-RL List || OCSPResp byte[] dataForHmac = new byte[DataStructs.SIGMA_PUBLIC_KEY_LEN + DataStructs.BASE_NAME_LENGTH + DataStructs.INT_SIZE + DataStructs.OCSP_NONCE_LENGTH + VerifierCertAndOCSPResp.Length]; S2Message.Gb.CopyTo(dataForHmac, 0); S2Message.Basename.CopyTo(dataForHmac, DataStructs.SIGMA_PUBLIC_KEY_LEN); ocspReqArray.CopyTo(dataForHmac, DataStructs.SIGMA_PUBLIC_KEY_LEN + DataStructs.BASE_NAME_LENGTH); VerifierCertAndOCSPResp.CopyTo(dataForHmac, DataStructs.SIGMA_PUBLIC_KEY_LEN + DataStructs.BASE_NAME_LENGTH + DataStructs.INT_SIZE + DataStructs.OCSP_NONCE_LENGTH); //Create HMAC - HMAC_SHA256 of [Gb || Basename || OCSP Req || Verifier Cert || Sig-RL List ], using SMK CdgStatus status; S2Message.S2Icv = new byte[DataStructs.SIGMA_MAC_LEN]; status = CryptoDataGenWrapper_1_1.CreateHmac(dataForHmac, dataForHmac.Length, SMK, DataStructs.SIGMA_SMK_LENGTH, S2Message.S2Icv, DataStructs.SIGMA_HMAC_LENGTH); if (status != CdgStatus.CdgStsOk) { return(false); } //Create Signed [Ga || Gb] using verifier ECDSA public key S2Message.SigGaGb = new byte[DataStructs.ECDSA_SIGNATURE_LEN]; status = CryptoDataGenWrapper_1_1.MessageSign(key, key.Length, GaGb, DataStructs.SIGMA_KEY_LENGTH * 2, S2Message.SigGaGb, DataStructs.ECDSA_SIGNATURE_LEN); if (status != CdgStatus.CdgStsOk) { return(false); } //Prepare final S2 message array contains S2 message structure + verifier cert + OCSP response int s2MessageLen = Marshal.SizeOf(S2Message); S2MessageArray = new byte[s2MessageLen + VerifierCertAndOCSPResp.Length]; Utils.StructureToByteArray(S2Message).CopyTo(S2MessageArray, 0); VerifierCertAndOCSPResp.CopyTo(S2MessageArray, s2MessageLen); return(true); } catch (Exception e) { return(false); } }