Exemplo n.º 1
 public void VerifyDataByteArraySpan_OffsetGreaterThanCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
     AssertExtensions.Throws <ArgumentOutOfRangeException>("offset",
                                                           () => ecdsa.VerifyData(new byte[0], 2, 1, null, default(HashAlgorithmName)));
Exemplo n.º 2
        private static void CSCbchallengeResult([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] signature, int signaturelen, eid_vwr_result result)
                theData.WriteLog("CSCbchallengeResult called, result = " + result.ToString() + "\n", eid_vwr_loglevel.EID_VWR_LOG_NORMAL);

                switch (result)
                //in case the function failed, we should not generate an error
                case eid_vwr_result.EID_VWR_RES_SUCCESS:
                    //verify the response

                    /* Offset       ENCODING                                            ASN.1 Syntax
                     *  00          30 76                                               -- SEQUENCE LENGTH
                     *  02                  30 10                                       -- SEQUENCE LENGTH
                     *                                                                  Label
                     *  04                          06 07                               -- OBJECT_ID LENGTH
                     *                              2A 86 48 CE 3D 02 01                EcPublicKey (1 2 840 10045 2 1)
                     *  0D                          06 05                               -- OBJECT_ID LENGTH
                     *  0F                          2B 81 04 00 22                      Secp384r1 (1 3 132 0 34)
                     *  14                  03 62                                       -- BIT_STRING (98 bytes) LENGTH
                     *  16                          00                                  -- no bits unused in the final byte
                     *  17                          04                                  compression byte
                     *  18                          {48 bytes}                          -- X coordinate
                     *  48                          {48 bytes}                          -- Y coordinate
                     * */

                    //For now: No real parsing here, only accepting the above fixed format
                    //Will add the parsing in pkcs#11, or here, later
                    if (theData.basicKeyFile.Length != 0x78)
                        //File for supported format is incorrect, cannot verify, exit
                        theData.WriteLog("CSCbchallengeResult encountered an error (basicKeyFile.Length != 0x78)\n , key verification could not start \n", eid_vwr_loglevel.EID_VWR_LOG_ERROR);

                    byte[] KeyParams = new byte[5];
                    byte[] Secp384r1 = { 0x2B, 0x81, 0x04, 0x00, 0x22 };

                    byte[] KeyValue_X = new byte[48];
                    byte[] KeyValue_Y = new byte[48];

                    Array.Copy(theData.basicKeyFile, 0x0F, KeyParams, 0, 5);

                    ECParameters parameters = new ECParameters();
                    if (System.Collections.StructuralComparisons.StructuralEqualityComparer.Equals(KeyParams, Secp384r1))
                        //Fill in parameters named curve:
                        //Create a named curve using the specified Oid object.
                        System.Security.Cryptography.Oid cardP384oid = new Oid("ECDSA_P384");
                        parameters.Curve = ECCurve.CreateFromOid(cardP384oid);

                        Array.Copy(theData.basicKeyFile, 0x18, KeyValue_X, 0, 48);
                        Array.Copy(theData.basicKeyFile, 0x48, KeyValue_Y, 0, 48);

                        //Fill in parameters public key (Q)
                        System.Security.Cryptography.ECPoint Q;
                        Q.X = KeyValue_X;
                        Q.Y = KeyValue_Y;

                        parameters.Q = Q;
                        //not supported, cannot verify, exit

                    ECDsa dsa = ECDsa.Create(parameters);
                    if (dsa.VerifyData(theData.challenge, signature, HashAlgorithmName.SHA384))
                        theData.WriteLog("CSCbchallengeResult: verified the challenge response successfully \n", eid_vwr_loglevel.EID_VWR_LOG_NORMAL);
                        theData.WriteLog("CSCbchallengeResult: the challenge response was incorrect \n", eid_vwr_loglevel.EID_VWR_LOG_ERROR);


                case eid_vwr_result.EID_VWR_RES_FAILED:
                    //mark the verification as not happened
                    theData.WriteLog("CSCbchallengeResult encountered an error, key verification could not start \n", eid_vwr_loglevel.EID_VWR_LOG_ERROR);
            catch (Exception e)
                theData.WriteLog("CSCbchallengeResult encountered an error " + e.ToString() + "\n", eid_vwr_loglevel.EID_VWR_LOG_ERROR);
Exemplo n.º 3
 public void VerifyDataStream_UnsupportedHashAlgorithm_ThrowsCryptographicException(ECDsa ecdsa)
     Assert.Throws <CryptographicException>(
         () => ecdsa.VerifyData(new MemoryStream(), new byte[0], new HashAlgorithmName("NOT_A_REAL_HASH_ALGORITHM")));
Exemplo n.º 4
        private bool Verify(ECDsa publicKey, byte[] signature, byte[] securedInput)
            Ensure.BitSize(publicKey.KeySize, keySize, string.Format("EcdsaUsingSha algorithm expected key of size {0} bits, but was given {1} bits", keySize, publicKey.KeySize));

            return(publicKey.VerifyData(securedInput, signature, Hash));
Exemplo n.º 5
 public void VerifyDataByteArraySpan_NullSignature_ThrowsArgumentNullException(ECDsa ecdsa)
     Assert.Throws <ArgumentNullException>("signature",
                                           () => ecdsa.VerifyData(new byte[0], 0, 0, null, default(HashAlgorithmName)));
Exemplo n.º 6
 public void VerifyDataStream_NullSignature_ThrowsArgumentNullException(ECDsa ecdsa)
     Assert.Throws <ArgumentNullException>("signature",
                                           () => ecdsa.VerifyData(new MemoryStream(), null, default(HashAlgorithmName)));
Exemplo n.º 7
 /// <inheritdoc />
 public bool Verify(byte[] bytesToSign, byte[] signature)
 => _publicKey.VerifyData(bytesToSign, signature, HashAlgorithmInternal);
Exemplo n.º 8
 public void VerifyDataByteArraySpan_NegativeCount_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
     Assert.Throws <ArgumentOutOfRangeException>("count",
                                                 () => ecdsa.VerifyData(new byte[0], 0, -1, null, default(HashAlgorithmName)));
 public bool Verify(byte[] data, byte[] sign)
     return(dsa.VerifyData(data, sign, HashAlgorithmName.SHA256));
Exemplo n.º 10
 /// <inheritdoc/>
 public bool Verify(byte[] data, byte[] signature)
     return(_dsa.VerifyData(data, signature, _algorithmName));
Exemplo n.º 11
 /// <summary>
 /// Checks if a signature is valid.
 /// </summary>
 /// <returns><see langword="true"/> if the signature is valid, else <see langword="false"/>.</returns>
 public bool Verify(byte[] data, byte[] signature)
     return(publicKey.VerifyData(data, signature, HashAlgorithmName.SHA256));
Exemplo n.º 12
 public override bool Verify(byte[] input, byte[] signature)
     return(_ecdsa.VerifyData(input, signature, _hashes[Algorithm]));
Exemplo n.º 13
 public void VerifyDataStream_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
     AssertExtensions.Throws <ArgumentNullException>("data",
                                                     () => ecdsa.VerifyData((Stream)null, null, default(HashAlgorithmName)));
        public void VerifyData_InvalidArguments_Throws(ECDsa ecdsa)
            AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.VerifyData((byte[])null, null, default(HashAlgorithmName)));
            AssertExtensions.Throws <ArgumentNullException>("data", () => ecdsa.VerifyData(null, -1, -1, null, default(HashAlgorithmName)));

            AssertExtensions.Throws <ArgumentNullException>("signature", () => ecdsa.VerifyData(new byte[0], null, default(HashAlgorithmName)));
            AssertExtensions.Throws <ArgumentNullException>("signature", () => ecdsa.VerifyData(new byte[0], 0, 0, null, default(HashAlgorithmName)));

            AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.VerifyData(new byte[0], -1, -1, null, default(HashAlgorithmName)));
            AssertExtensions.Throws <ArgumentOutOfRangeException>("offset", () => ecdsa.VerifyData(new byte[0], 2, 1, null, default(HashAlgorithmName)));

            AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.VerifyData(new byte[0], 0, -1, null, default(HashAlgorithmName)));
            AssertExtensions.Throws <ArgumentOutOfRangeException>("count", () => ecdsa.VerifyData(new byte[0], 0, 1, null, default(HashAlgorithmName)));

            AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new byte[0], new byte[0], default(HashAlgorithmName)));
            AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new byte[0], 0, 0, new byte[0], default(HashAlgorithmName)));
            AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new byte[10], new byte[0], new HashAlgorithmName("")));
            AssertExtensions.Throws <ArgumentException>("hashAlgorithm", () => ecdsa.VerifyData(new byte[10], 0, 10, new byte[0], new HashAlgorithmName("")));

            Assert.ThrowsAny <CryptographicException>(() => ecdsa.VerifyData(new byte[0], new byte[0], new HashAlgorithmName(Guid.NewGuid().ToString("N"))));
            Assert.ThrowsAny <CryptographicException>(() => ecdsa.VerifyData(new byte[0], 0, 0, new byte[0], new HashAlgorithmName(Guid.NewGuid().ToString("N"))));
Exemplo n.º 15
        /// <summary>
        /// Verify a card challenge against the card's public key. It is assumed that
        /// the signature is an EC signature (curve Secp384r1) from a SHA384 hash of the data.
        /// </summary>
        /// <param name="data">challenge</param>
        /// <param name="signature">Signature of the challenge</param>
        /// <param name="eCPublicKey">ECPublicKey object to verify the signed challenge</param>
        /// <returns>True if the verification succeeds</returns>
        public bool VerifyChallenge(byte[] data, byte[] signature, ECPublicKey eCPublicKey)
                // Offset(dec)       ENCODING            ASN.1 Syntax
                //  00               06 05                -- OBJECT_ID LENGTH
                //  02               2B 81 04 00 22      Secp384r1(1 3 132 0 34)
                byte[] EncodedParamsCurve = eCPublicKey.ECParams.Value;

                // Offset(dec)       ENCODING            ASN.1 Syntax
                //  00              04                  compression byte
                //  01              { 48 bytes}          --X coordinate
                //  49:             { 48 bytes}          --Y coordinate
                byte[] EncodedParamsPoint = eCPublicKey.ECPoint.Value;

                byte[] KeyParams = new byte[5];
                byte[] Secp384r1 = { 0x2B, 0x81, 0x04, 0x00, 0x22 };

                byte[] KeyValue_X = new byte[48];
                byte[] KeyValue_Y = new byte[48];

                Array.Copy(EncodedParamsCurve, 0x02, KeyParams, 0, 5);

                ECParameters parameters = new ECParameters();

                //check if the curve is Secp384r1(1 3 132 0 34)
                if (System.Collections.StructuralComparisons.StructuralEqualityComparer.Equals(KeyParams, Secp384r1))
                    //Fill in parameters named curve:
                    //Create a named curve using the specified Oid object.
                    System.Security.Cryptography.Oid cardP384oid = new Oid("ECDSA_P384");
                    parameters.Curve = ECCurve.CreateFromOid(cardP384oid);

                    //skip the encoding byte
                    Array.Copy(EncodedParamsPoint, 0x01, KeyValue_X, 0, 48);
                    Array.Copy(EncodedParamsPoint, 0x31, KeyValue_Y, 0, 48);

                    //Fill in parameters public key (Q)
                    System.Security.Cryptography.ECPoint Q;
                    Q.X = KeyValue_X;
                    Q.Y = KeyValue_Y;

                    parameters.Q = Q;
                    //not supported, cannot verify, exit

                ECDsa dsa = ECDsa.Create(parameters);
                // verify signature. assume that the data was SHA384 hashed.
                return(dsa.VerifyData(data, signature, HashAlgorithmName.SHA384));
            catch (Exception e)
                Console.WriteLine("Error: " + e.Message);
Exemplo n.º 16
 protected override bool VerifyData(ECDsa ecdsa, byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm) =>
 ecdsa.VerifyData(new ReadOnlySpan <byte>(data, offset, count), signature, hashAlgorithm);
Exemplo n.º 17
        /// <summary>
        /// Verify a signature with a given certificate. It is assumed that
        /// the signature is made from a SHA1 hash of the data.
        /// </summary>
        /// <param name="data">Signed data</param>
        /// <param name="signature">Signature to be verified</param>
        /// <param name="certificate">Certificate containing the public key used to verify the code</param>
        /// <returns>True if the verification succeeds</returns>
        public bool Verify(byte[] data, byte[] signature, byte[] certificate)
                X509Certificate2 x509Certificate;

                // create certificate object from byte 'file'
                x509Certificate = new X509Certificate2(certificate);

                String algo = x509Certificate.GetKeyAlgorithm();
                if (String.Compare(algo, "1.2.840.113549.1.1.1") == 0) //rsaEncryption
                    // use public key from certificate during verification
                    RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509Certificate.PublicKey.Key;

                    // verify signature. assume that the data was SHA1 hashed.
                    return(rsa.VerifyData(data, "SHA1", signature));
                else if (String.Compare(algo, "1.2.840.10045.2.1") == 0) //EC Public Key
                    // use public key from certificate during verification
                    PublicKey publicKey = x509Certificate.PublicKey;

                    // Offset(dec)       ENCODING            ASN.1 Syntax
                    //  00               06 05                -- OBJECT_ID LENGTH
                    //  02               2B 81 04 00 22      Secp384r1(1 3 132 0 34)
                    byte[] EncodedParamsCurve = publicKey.EncodedParameters.RawData;

                    // Offset(dec)       ENCODING            ASN.1 Syntax
                    //  00              04                  compression byte
                    //  01              { 48 bytes}          --X coordinate
                    //  49:             { 48 bytes}          --Y coordinate
                    byte[] EncodedParamsPoint = publicKey.EncodedKeyValue.RawData;

                    byte[] KeyParams = new byte[5];
                    byte[] Secp384r1 = { 0x2B, 0x81, 0x04, 0x00, 0x22 };

                    byte[] KeyValue_X = new byte[48];
                    byte[] KeyValue_Y = new byte[48];

                    Array.Copy(EncodedParamsCurve, 0x02, KeyParams, 0, 5);

                    ECParameters parameters = new ECParameters();

                    //check if the curve is Secp384r1(1 3 132 0 34)
                    if (System.Collections.StructuralComparisons.StructuralEqualityComparer.Equals(KeyParams, Secp384r1))
                        //Fill in parameters named curve:
                        //Create a named curve using the specified Oid object.
                        System.Security.Cryptography.Oid cardP384oid = new Oid("ECDSA_P384");
                        parameters.Curve = ECCurve.CreateFromOid(cardP384oid);

                        Array.Copy(EncodedParamsPoint, 0x01, KeyValue_X, 0, 48);
                        Array.Copy(EncodedParamsPoint, 0x31, KeyValue_Y, 0, 48);

                        //Fill in parameters public key (Q)
                        System.Security.Cryptography.ECPoint Q;
                        Q.X = KeyValue_X;
                        Q.Y = KeyValue_Y;

                        parameters.Q = Q;
                        //not supported, cannot verify, exit

                    ECDsa dsa = ECDsa.Create(parameters);
                    // verify signature. assume that the data was SHA384 hashed.
                    return(dsa.VerifyData(data, signature, HashAlgorithmName.SHA384));
            catch (Exception e)
                Console.WriteLine("Error: " + e.Message);
Exemplo n.º 18
 public void VerifyDataByteArraySpan_CountGreaterThanLengthMinusOffset_ThrowsArgumentOutOfRangeException(ECDsa ecdsa)
     Assert.Throws <ArgumentOutOfRangeException>("count",
                                                 () => ecdsa.VerifyData(new byte[0], 0, 1, null, default(HashAlgorithmName)));
Exemplo n.º 19
        /// <summary>
        /// Simplified method that validates signed bytes against the signature using a EC public key.
        /// </summary>
        private bool VerifySignedBytesAgainstSignature(ECDsa publicKey, byte[] signedBytes, byte[] signature)
            bool result = publicKey.VerifyData(signedBytes, signature.FromAsn1Signature(), HashAlgorithmName.SHA256);

Exemplo n.º 20
 public void VerifyDataByteArraySpan_EmptyHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
     Assert.Throws <ArgumentException>("hashAlgorithm",
                                       () => ecdsa.VerifyData(new byte[10], 0, 10, new byte[0], new HashAlgorithmName("")));
Exemplo n.º 21
 /// <summary>
 /// Verifies that a digital signature is valid by calculating the hash value of the specified data
 /// using the specified hash algorithm and padding, and comparing it to the provided signature.
 /// </summary>
 /// <param name="data">The data to sign.</param>
 /// <param name="signature">The signature data to be verified.</param>
 /// <returns>true if the signature is valid; otherwise, false.</returns>
 public bool Verify(byte[] data, byte[] signature)
     return(ecdsa.VerifyData(data, signature, hashName));
Exemplo n.º 22
 public void VerifyDataStream_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
     Assert.Throws <ArgumentException>("hashAlgorithm",
                                       () => ecdsa.VerifyData(new MemoryStream(), new byte[0], default(HashAlgorithmName)));
        /// <summary>デジタル署名を検証する</summary>
        /// <param name="data">デジタル署名を行なった対象データ</param>
        /// <param name="sign">対象データに対してデジタル署名したデジタル署名部分のデータ</param>
        /// <returns>検証結果( true:検証成功, false:検証失敗 )</returns>
        public override bool Verify(byte[] data, byte[] sign)
            ECDsa aa2 = this.X509Certificate.GetECDsaPublicKey();

            return(aa2.VerifyData(data, sign, this.HashAlgorithmName));
Exemplo n.º 24
        public void SignVerify_InteroperableSameKeys_RoundTripsUnlessTampered(ECDsa ecdsa, HashAlgorithmName hashAlgorithm)
            byte[] data = Encoding.UTF8.GetBytes("something to repeat and sign");

            // large enough to make hashing work though multiple iterations and not a multiple of 4KB it uses.
            byte[]       dataArray  = new byte[33333];
            MemoryStream dataStream = new MemoryStream(dataArray, true);

            while (dataStream.Position < dataArray.Length - data.Length)
                dataStream.Write(data, 0, data.Length);

            dataStream.Position = 0;

            byte[] dataArray2 = new byte[dataArray.Length + 2];
            dataArray.CopyTo(dataArray2, 1);
            ArraySegment <byte> dataSpan = new ArraySegment <byte>(dataArray2, 1, dataArray.Length);

            HashAlgorithm halg;

            if (hashAlgorithm == HashAlgorithmName.MD5)
                halg = MD5.Create();
            else if (hashAlgorithm == HashAlgorithmName.SHA1)
                halg = SHA1.Create();
            else if (hashAlgorithm == HashAlgorithmName.SHA256)
                halg = SHA256.Create();
            else if (hashAlgorithm == HashAlgorithmName.SHA384)
                halg = SHA384.Create();
            else if (hashAlgorithm == HashAlgorithmName.SHA512)
                halg = SHA512.Create();
                throw new Exception("Hash algorithm not supported.");

            List <byte[]> signatures = new List <byte[]>(6);

            // Compute a signature using each of the SignData overloads.  Then, verify it using each
            // of the VerifyData overloads, and VerifyHash overloads.
            // Then, verify that VerifyHash fails if the data is tampered with.

            signatures.Add(ecdsa.SignData(dataArray, hashAlgorithm));

            signatures.Add(ecdsa.SignData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, hashAlgorithm));

            signatures.Add(ecdsa.SignData(dataStream, hashAlgorithm));
            dataStream.Position = 0;


            signatures.Add(ecdsa.SignHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count)));

            dataStream.Position = 0;

            foreach (byte[] signature in signatures)
                Assert.True(ecdsa.VerifyData(dataArray, signature, hashAlgorithm), "Verify 1");

                Assert.True(ecdsa.VerifyData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, signature, hashAlgorithm), "Verify 2");

                Assert.True(ecdsa.VerifyData(dataStream, signature, hashAlgorithm), "Verify 3");
                Assert.True(dataStream.Position == dataArray.Length, "Check stream read 3A");
                dataStream.Position = 0;

                Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify 4");

                Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count), signature), "Verify 5");

                Assert.True(ecdsa.VerifyHash(halg.ComputeHash(dataStream), signature), "Verify 6");
                Assert.True(dataStream.Position == dataArray.Length, "Check stream read 6A");
                dataStream.Position = 0;

            int distinctSignatures = signatures.Distinct(new ByteArrayComparer()).Count();

            Assert.True(distinctSignatures == signatures.Count, "Signing should be randomized");

            foreach (byte[] signature in signatures)
                signature[signature.Length - 1] ^= 0xFF; // flip some bits

                Assert.False(ecdsa.VerifyData(dataArray, signature, hashAlgorithm), "Verify Tampered 1");

                Assert.False(ecdsa.VerifyData(dataSpan.Array, dataSpan.Offset, dataSpan.Count, signature, hashAlgorithm), "Verify Tampered 2");

                Assert.False(ecdsa.VerifyData(dataStream, signature, hashAlgorithm), "Verify Tampered 3");
                Assert.True(dataStream.Position == dataArray.Length, "Check stream read 3B");
                dataStream.Position = 0;

                Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataArray), signature), "Verify Tampered 4");

                Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataSpan.Array, dataSpan.Offset, dataSpan.Count), signature), "Verify Tampered 5");

                Assert.False(ecdsa.VerifyHash(halg.ComputeHash(dataStream), signature), "Verify Tampered 6");
                Assert.True(dataStream.Position == dataArray.Length, "Check stream read 6B");
                dataStream.Position = 0;
Exemplo n.º 25
 /// <inheritdoc />
 public bool Verify(byte[] bytesToSign, byte[] signature)
 => _publicKey.VerifyData(bytesToSign, signature, this.HashAlgorithmName);
Exemplo n.º 26
 public void VerifyDataByteArray_NullData_ThrowsArgumentNullException(ECDsa ecdsa)
     Assert.Throws <ArgumentNullException>("data",
                                           () => ecdsa.VerifyData((byte[])null, null, default(HashAlgorithmName)));
Exemplo n.º 27
 public void VerifyDataByteArray_DefaultHashAlgorithm_ThrowsArgumentException(ECDsa ecdsa)
     AssertExtensions.Throws <ArgumentException>("hashAlgorithm",
                                                 () => ecdsa.VerifyData(new byte[0], new byte[0], default(HashAlgorithmName)));