public S2k(
PgpHashAlgorithm algorithm)
{
this.type = 0;
this.algorithm = algorithm;
iv = Array.Empty <byte>();
}
//[TestCase("DSA-2048-224.sec", "DSA-2048-224.pub", PgpHashAlgorithm.Sha256)]
//[TestCase("DSA-2048-224.sec", "DSA-2048-224.pub", PgpHashAlgorithm.Sha512)]
public void GenerateTest(string privateKeyFile, string publicKeyFile, PgpHashAlgorithm digest)
{
PgpSecretKeyRing secRing = loadSecretKey(privateKeyFile);
PgpPublicKeyRing pubRing = loadPublicKey(publicKeyFile);
string data = "hello world!";
byte[] dataBytes = Encoding.ASCII.GetBytes(data);
MemoryStream bOut = new MemoryStream();
DateTime testDate = new DateTime((DateTime.UtcNow.Ticks / TimeSpan.TicksPerSecond) * TimeSpan.TicksPerSecond);
var messageGenerator = new PgpMessageGenerator(bOut);
using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.BinaryDocument, secRing.GetSecretKey().ExtractPrivateKey("test"), digest))
using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDate))
{
literalStream.Write(dataBytes);
}
bOut.Position = 0;
var signedMessage = (PgpSignedMessage)PgpMessage.ReadMessage(bOut);
Assert.AreEqual(digest, signedMessage.HashAlgorithm);
Assert.AreEqual(PgpPublicKeyAlgorithm.Dsa, signedMessage.KeyAlgorithm);
var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage();
Assert.AreEqual(testDate, literalMessage.ModificationTime);
literalMessage.GetStream().CopyTo(Stream.Null);
Assert.IsTrue(signedMessage.Verify(pubRing.GetPublicKey()));
}
private void PerformTestSig(
PgpHashAlgorithm hashAlgorithm,
PgpKey pubKey,
PgpPrivateKey privKey)
{
const string data = "hello world!";
byte[] dataBytes = Encoding.ASCII.GetBytes(data);
DateTime testDateTime = new DateTime(1973, 7, 27);
MemoryStream bOut = new MemoryStream();
var messageGenerator = new PgpMessageGenerator(bOut);
using (var compressedGenerator = messageGenerator.CreateCompressed(PgpCompressionAlgorithm.Zip))
using (var signingGenerator = compressedGenerator.CreateSigned(PgpSignatureType.BinaryDocument, privKey, hashAlgorithm))
using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", testDateTime))
{
literalStream.Write(dataBytes);
}
// Verify generated signature
bOut.Position = 0;
var compressedMessage = (PgpCompressedMessage)PgpMessage.ReadMessage(bOut);
var signedMessage = (PgpSignedMessage)compressedMessage.ReadMessage();
var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage();
Assert.AreEqual(testDateTime, literalMessage.ModificationTime);
literalMessage.GetStream().CopyTo(Stream.Null);
Assert.IsTrue(signedMessage.Verify(pubKey));
}
private void verifySignature(
byte[] encodedSig,
PgpHashAlgorithm hashAlgorithm,
PgpKey pubKey,
byte[] original,
bool checkTime = false)
{
var now = DateTime.UtcNow;
var signedMessage = (PgpSignedMessage)PgpMessage.ReadMessage(encodedSig);
var literalMessage = (PgpLiteralMessage)signedMessage.ReadMessage();
literalMessage.GetStream().CopyTo(Stream.Null);
Assert.IsTrue(signedMessage.Verify(pubKey, out DateTime creationTime));
Assert.IsTrue(!checkTime || Math.Abs((creationTime - now).TotalMinutes) < 10);
Assert.AreEqual(pubKey.KeyId, signedMessage.KeyId);
/*
* sig.InitVerify(pubKey);
*
* sig.Update(original);
* sig.Update(original);
*
* if (!sig.Verify())
* {
* Fail("Failed generated signature check against original data");
* }*/
}
private void doTestTextSig(
PgpHashAlgorithm hashAlgorithm,
PgpKey pubKey,
PgpPrivateKey privKey,
byte[] data,
byte[] canonicalData,
int version = 4)
{
MemoryStream bOut = new MemoryStream();
var messageGenerator = new PgpMessageGenerator(bOut);
using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.CanonicalTextDocument, privKey, PgpHashAlgorithm.Sha1, version))
using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Text, "_CONSOLE", DateTime.UtcNow))
{
literalStream.Write(data);
literalStream.Write(canonicalData);
}
/*if (sig.CreationTime == DateTimeOffset.FromUnixTimeSeconds(0).DateTime)
* {
* Fail("creation time not set in v4 signature");
* }*/
verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, canonicalData);
}
public bool VerifySignature(
ReadOnlySpan <byte> rgbHash,
ReadOnlySpan <byte> rgbSignature,
PgpHashAlgorithm hashAlgorithm)
{
throw new NotSupportedException();
}
public PgpSignatureTransformation(PgpSignatureType signatureType, PgpHashAlgorithm hashAlgorithm, bool ignoreTrailingWhitespace)
{
this.signatureType = signatureType;
this.hashAlgorithm = hashAlgorithm;
this.lastb = 0;
this.sig = PgpUtilities.GetHashAlgorithm(hashAlgorithm);
this.ignoreTrailingWhitespace = ignoreTrailingWhitespace;
}
public S2k(
PgpHashAlgorithm algorithm,
byte[] iv)
{
this.type = 1;
this.algorithm = algorithm;
this.iv = iv;
}
public byte[] CreateSignature(ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm)
{
byte[] ieeeSignature = ecdsa.SignHash(rgbHash.ToArray(), DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
byte[] pgpSignature = new byte[ieeeSignature.Length + 4]; // Maximum possible length
MPInteger.TryWriteInteger(ieeeSignature.AsSpan(0, ieeeSignature.Length / 2), pgpSignature, out int rWritten);
MPInteger.TryWriteInteger(ieeeSignature.AsSpan(ieeeSignature.Length / 2), pgpSignature.AsSpan(rWritten), out int sWritten);
return(pgpSignature.AsSpan(0, rWritten + sWritten).ToArray());
}
/// <summary>Add a PBE encryption method to the encrypted object.</summary>
public void AddMethod(ReadOnlySpan <byte> rawPassPhrase, PgpHashAlgorithm s2kDigest)
{
S2k s2k = PgpUtilities.GenerateS2k(s2kDigest, 0x60);
byte[] key = new byte[PgpUtilities.GetKeySize(defAlgorithm) / 8];
S2kBasedEncryption.MakeKey(rawPassPhrase, s2kDigest, s2k.GetIV(), s2k.IterationCount, key);
methods.Add(new PbeMethod(defAlgorithm, s2k, key));
}
public bool VerifySignature(
ReadOnlySpan <byte> rgbHash,
ReadOnlySpan <byte> rgbSignature,
PgpHashAlgorithm hashAlgorithm)
{
var signature = MPInteger.ReadInteger(rgbSignature, out var _);
return(rsa.VerifyHash(rgbHash, signature, PgpUtilities.GetHashAlgorithmName(hashAlgorithm), RSASignaturePadding.Pkcs1));
}
public byte[] CreateSignature(
ReadOnlySpan <byte> rgbHash,
PgpHashAlgorithm hashAlgorithm)
{
var signature = rsa.SignHash(rgbHash.ToArray(), PgpUtilities.GetHashAlgorithmName(hashAlgorithm), RSASignaturePadding.Pkcs1);
var signatureBytes = new byte[MPInteger.GetMPEncodedLength(signature)];
MPInteger.TryWriteInteger(signature, signatureBytes, out var _);
return(signatureBytes);
}
public S2k(
PgpHashAlgorithm algorithm,
byte[] iv,
int itCount)
{
this.type = 3;
this.algorithm = algorithm;
this.iv = iv;
this.itCount = itCount;
}
public byte[] CreateSignature(ReadOnlySpan <byte> rgbHash, PgpHashAlgorithm hashAlgorithm)
{
byte[] ieeeSignature = dsa.CreateSignature(rgbHash.ToArray(), DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
var r = ieeeSignature.AsSpan(0, ieeeSignature.Length / 2);
var s = ieeeSignature.AsSpan(ieeeSignature.Length / 2);
byte[] pgpSignature = new byte[MPInteger.GetMPEncodedLength(r) + MPInteger.GetMPEncodedLength(s)];
MPInteger.TryWriteInteger(r, pgpSignature, out int rWritten);
MPInteger.TryWriteInteger(s, pgpSignature.AsSpan(rWritten), out int _);
return(pgpSignature);
}
public bool Verify(byte[] hash, byte[] signature, PgpHashAlgorithm hashAlgorithm)
{
var key = GetKey();
if (!key.CanSign)
{
throw new PgpException("Key is not usable for singing");
}
return(key.VerifySignature(hash, signature, hashAlgorithm));
}
/// <summary>Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.</summary>
public PgpSignatureGenerator(PgpSignatureType signatureType, PgpPrivateKey privateKey, PgpHashAlgorithm hashAlgorithm, int version = 4, bool ignoreTrailingWhitespace = false)
{
// TODO: Add version 5 support
if (version < 3 || version > 4)
{
throw new ArgumentOutOfRangeException(nameof(version));
}
this.version = version;
this.hashAlgorithm = hashAlgorithm;
this.helper = new PgpSignatureTransformation(signatureType, hashAlgorithm, ignoreTrailingWhitespace);
this.privateKey = privateKey;
}
public OnePassSignaturePacket(
PgpSignatureType sigType,
PgpHashAlgorithm hashAlgorithm,
PgpPublicKeyAlgorithm keyAlgorithm,
long keyId,
bool isNested)
{
this.version = 3;
this.sigType = sigType;
this.hashAlgorithm = hashAlgorithm;
this.keyAlgorithm = keyAlgorithm;
this.keyId = keyId;
this.nested = (isNested) ? 0 : 1;
}
public bool VerifySignature(
ReadOnlySpan <byte> rgbHash,
ReadOnlySpan <byte> rgbSignature,
PgpHashAlgorithm hashAlgorithm)
{
var asnWriter = new AsnWriter(AsnEncodingRules.DER);
using (var scope = asnWriter.PushSequence())
{
asnWriter.WriteIntegerUnsigned(MPInteger.ReadInteger(rgbSignature, out int rConsumed));
asnWriter.WriteIntegerUnsigned(MPInteger.ReadInteger(rgbSignature.Slice(rConsumed), out var _));
}
return(dsa.VerifySignature(rgbHash, asnWriter.Encode(), DSASignatureFormat.Rfc3279DerSequence));
}
/// <summary>Add a PBE encryption method to the encrypted object.</summary>
public void AddMethod(ReadOnlySpan <char> passPhrase, PgpHashAlgorithm s2kDigest)
{
byte[] rawPassPhrase = Array.Empty <byte>();
try
{
rawPassPhrase = CryptoPool.Rent(Encoding.UTF8.GetByteCount(passPhrase));
int bytesWritten = Encoding.UTF8.GetBytes(passPhrase, rawPassPhrase);
AddMethod(rawPassPhrase.AsSpan(0, bytesWritten), s2kDigest);
}
finally
{
CryptoPool.Return(rawPassPhrase);
}
}
// FIXME: This method is too advanced
public static PgpCertification GenerateUserCertification(
PgpSignatureType signatureType,
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpUserAttributes userAttributes,
PgpKey userPublicKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (userAttributes == null)
{
throw new ArgumentNullException(nameof(userAttributes));
}
if (userPublicKey == null)
{
throw new ArgumentNullException(nameof(userPublicKey));
}
var userPacket = new UserAttributePacket(userAttributes.ToSubpacketArray());
var signatureGenerator = new PgpSignatureGenerator(signatureType, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, userPacket, userPublicKey));
return(new PgpCertification(signature, userPacket, userPublicKey));
}
internal OnePassSignaturePacket(Stream bcpgIn)
{
version = bcpgIn.ReadByte();
sigType = (PgpSignatureType)bcpgIn.ReadByte();
hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte();
keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte();
keyId |= (long)bcpgIn.ReadByte() << 56;
keyId |= (long)bcpgIn.ReadByte() << 48;
keyId |= (long)bcpgIn.ReadByte() << 40;
keyId |= (long)bcpgIn.ReadByte() << 32;
keyId |= (long)bcpgIn.ReadByte() << 24;
keyId |= (long)bcpgIn.ReadByte() << 16;
keyId |= (long)bcpgIn.ReadByte() << 8;
keyId |= (uint)bcpgIn.ReadByte();
nested = bcpgIn.ReadByte();
}
public ECDiffieHellmanKey(
ECDiffieHellman ecdh,
PgpHashAlgorithm hashAlgorithm,
PgpSymmetricKeyAlgorithm symmetricAlgorithm,
byte[] fingerprint)
{
if (fingerprint == null)
{
throw new ArgumentNullException(nameof(fingerprint));
}
this.ecdh = ecdh;
this.hashAlgorithm = hashAlgorithm;
this.symmetricAlgorithm = symmetricAlgorithm;
this.fingerprint = fingerprint;
VerifyHashAlgorithm();
VerifySymmetricKeyAlgorithm();
}
private void doTestSig(
PgpHashAlgorithm hashAlgorithm,
PgpKey pubKey,
PgpPrivateKey privKey,
int version = 4)
{
MemoryStream bOut = new MemoryStream();
var messageGenerator = new PgpMessageGenerator(bOut);
using (var signingGenerator = messageGenerator.CreateSigned(PgpSignatureType.BinaryDocument, privKey, hashAlgorithm, version))
using (var literalStream = signingGenerator.CreateLiteral(PgpDataFormat.Binary, "_CONSOLE", DateTime.UtcNow))
{
literalStream.Write(TEST_DATA);
literalStream.Write(TEST_DATA);
}
verifySignature(bOut.ToArray(), hashAlgorithm, pubKey, TEST_DATA);
}
public static PgpCertification GenerateKeyRevocation(
PgpKey signingKey,
PgpPrivateKey signingPrivateKey,
PgpKey revokedKey,
PgpSignatureAttributes?hashedAttributes = null,
PgpSignatureAttributes?unhashedAttributes = null,
PgpHashAlgorithm hashAlgorithm = PgpHashAlgorithm.Sha1)
{
if (signingKey == null)
{
throw new ArgumentNullException(nameof(signingKey));
}
if (signingPrivateKey == null)
{
throw new ArgumentNullException(nameof(signingPrivateKey));
}
if (signingKey.KeyId != signingPrivateKey.KeyId)
{
throw new ArgumentException(SR.Cryptography_OpenPgp_SigningKeyIdMismatch);
}
if (revokedKey == null)
{
throw new ArgumentNullException(nameof(revokedKey));
}
var signatureGenerator = new PgpSignatureGenerator(revokedKey.IsMasterKey ? PgpSignatureType.KeyRevocation : PgpSignatureType.SubkeyRevocation, signingPrivateKey, hashAlgorithm);
if (hashedAttributes != null)
{
signatureGenerator.HashedAttributes = hashedAttributes;
}
if (unhashedAttributes != null)
{
signatureGenerator.UnhashedAttributes = unhashedAttributes;
}
var signature = signatureGenerator.Generate(GenerateCertificationData(signingKey, null, revokedKey));
return(new PgpCertification(signature, null, revokedKey));
}
public SignaturePacket(
int version,
PgpSignatureType signatureType,
long keyId,
PgpPublicKeyAlgorithm keyAlgorithm,
PgpHashAlgorithm hashAlgorithm,
DateTime creationTime,
SignatureSubpacket[] hashedData,
SignatureSubpacket[] unhashedData,
byte[] fingerprint,
byte[] signature)
{
this.version = version;
this.signatureType = signatureType;
this.keyId = keyId;
this.keyAlgorithm = keyAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.hashedData = hashedData;
this.unhashedData = unhashedData;
this.fingerprint = fingerprint;
this.signature = signature;
this.creationTime = creationTime;
}
internal S2k(Stream inStr)
{
type = inStr.ReadByte();
algorithm = (PgpHashAlgorithm)inStr.ReadByte();
//
// if this happens we have a dummy-S2k packet.
//
if (type != GnuDummyS2K)
{
if (type != 0)
{
iv = new byte[8];
if (inStr.ReadFully(iv) < iv.Length)
{
throw new EndOfStreamException();
}
if (type == 3)
{
itCount = inStr.ReadByte();
}
}
else
{
iv = Array.Empty <byte>();
}
}
else
{
iv = Array.Empty <byte>();
inStr.ReadByte(); // G
inStr.ReadByte(); // N
inStr.ReadByte(); // U
protectionMode = inStr.ReadByte(); // protection mode
}
}
public static string GetDigestName(PgpHashAlgorithm hashAlgorithm)
{
switch (hashAlgorithm)
{
case PgpHashAlgorithm.Sha1: return("SHA1");
case PgpHashAlgorithm.MD2: return("MD2");
case PgpHashAlgorithm.MD5: return("MD5");
case PgpHashAlgorithm.RipeMD160: return("RIPEMD160");
case PgpHashAlgorithm.Sha224: return("SHA224");
case PgpHashAlgorithm.Sha256: return("SHA256");
case PgpHashAlgorithm.Sha384: return("SHA384");
case PgpHashAlgorithm.Sha512: return("SHA512");
default:
throw new PgpException("unknown hash algorithm tag in GetDigestName: " + hashAlgorithm);
}
}
internal SignaturePacket(Stream bcpgIn)
{
version = bcpgIn.ReadByte();
if (version == 3 || version == 2)
{
// int l =
bcpgIn.ReadByte();
signatureType = (PgpSignatureType)bcpgIn.ReadByte();
creationTime = DateTimeOffset.FromUnixTimeSeconds(
((long)bcpgIn.ReadByte() << 24) | ((long)bcpgIn.ReadByte() << 16) | ((long)bcpgIn.ReadByte() << 8) | (uint)bcpgIn.ReadByte()).UtcDateTime;
keyId |= (long)bcpgIn.ReadByte() << 56;
keyId |= (long)bcpgIn.ReadByte() << 48;
keyId |= (long)bcpgIn.ReadByte() << 40;
keyId |= (long)bcpgIn.ReadByte() << 32;
keyId |= (long)bcpgIn.ReadByte() << 24;
keyId |= (long)bcpgIn.ReadByte() << 16;
keyId |= (long)bcpgIn.ReadByte() << 8;
keyId |= (uint)bcpgIn.ReadByte();
keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte();
hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte();
hashedData = Array.Empty <SignatureSubpacket>();
unhashedData = Array.Empty <SignatureSubpacket>();
}
else if (version == 4)
{
signatureType = (PgpSignatureType)bcpgIn.ReadByte();
keyAlgorithm = (PgpPublicKeyAlgorithm)bcpgIn.ReadByte();
hashAlgorithm = (PgpHashAlgorithm)bcpgIn.ReadByte();
int hashedLength = (bcpgIn.ReadByte() << 8) | bcpgIn.ReadByte();
byte[] hashed = new byte[hashedLength];
if (bcpgIn.ReadFully(hashed) < hashed.Length)
{
throw new EndOfStreamException();
}
//
// read the signature sub packet data.
//
SignatureSubpacketParser sIn = new SignatureSubpacketParser(new MemoryStream(hashed, false));
IList <SignatureSubpacket> v = new List <SignatureSubpacket>();
SignatureSubpacket? sub;
while ((sub = sIn.ReadPacket()) != null)
{
v.Add(sub);
if (sub is IssuerKeyId issuerKeyId)
{
keyId = issuerKeyId.KeyId;
}
else if (sub is SignatureCreationTime signatureCreationTime)
{
creationTime = signatureCreationTime.Time;
}
}
hashedData = v.ToArray();
int unhashedLength = (bcpgIn.ReadByte() << 8) | bcpgIn.ReadByte();
byte[] unhashed = new byte[unhashedLength];
if (bcpgIn.ReadFully(unhashed) < unhashed.Length)
{
throw new EndOfStreamException();
}
sIn = new SignatureSubpacketParser(new MemoryStream(unhashed, false));
v.Clear();
while ((sub = sIn.ReadPacket()) != null)
{
v.Add(sub);
if (sub is IssuerKeyId issuerKeyId && keyId == 0)
{
keyId = issuerKeyId.KeyId;
}
}
unhashedData = v.ToArray();
}
else
{
throw new PgpException("unsupported version: " + version);
}
fingerprint = new byte[2];
if (bcpgIn.ReadFully(fingerprint) < fingerprint.Length)
{
throw new EndOfStreamException();
}
signature = bcpgIn.ReadAll();
}
internal static S2k GenerateS2k(PgpHashAlgorithm hashAlgorithm, int s2kCount)
{
byte[] iv = new byte[8];
RandomNumberGenerator.Fill(iv);
return(new S2k(hashAlgorithm, iv, s2kCount));
}
internal MyS2k(PgpHashAlgorithm algorithm, byte[] iv, long iterationCount64)
: base(algorithm, iv, (int)iterationCount64)
{
this.mIterationCount64 = iterationCount64;
}
