public void TestRsaDigestSigner()
{
BigInteger rsaPubMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
BigInteger rsaPubExp = new BigInteger(Base64.Decode("EQ=="));
BigInteger rsaPrivMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
BigInteger rsaPrivDP = new BigInteger(Base64.Decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ=="));
BigInteger rsaPrivDQ = new BigInteger(Base64.Decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ=="));
BigInteger rsaPrivExp = new BigInteger(Base64.Decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E="));
BigInteger rsaPrivP = new BigInteger(Base64.Decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE="));
BigInteger rsaPrivQ = new BigInteger(Base64.Decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0="));
BigInteger rsaPrivQinv = new BigInteger(Base64.Decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg=="));
RsaKeyParameters rsaPublic = new RsaKeyParameters(false, rsaPubMod, rsaPubExp);
RsaPrivateCrtKeyParameters rsaPrivate = new RsaPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv);
byte[] msg = new byte[] { 1, 6, 3, 32, 7, 43, 2, 5, 7, 78, 4, 23 };
RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());
signer.Init(true, rsaPrivate);
signer.BlockUpdate(msg, 0, msg.Length);
byte[] sig = signer.GenerateSignature();
signer.Init(false, rsaPublic);
signer.BlockUpdate(msg, 0, msg.Length);
Assert.IsTrue(signer.VerifySignature(sig), "RSA IDigest Signer failed.");
}
public void Test()
{
//var keys = GenerateKeys(1024);
//Console.WriteLine(DotNetUtilities.ToRSA(((RsaPrivateCrtKeyParameters)keys.Private)).ToXmlString(true));
//Console.WriteLine();
//Console.WriteLine(DotNetUtilities.ToRSA(((RsaPrivateCrtKeyParameters)keys.Private)).ToXmlString(false));
var keys = GetRsaKeyPair();
byte[] msg = Guid.NewGuid().ToByteArray();
ISigner eng = new RsaDigestSigner(new Sha256Digest());
eng.Init(true, keys.Private);
eng.BlockUpdate(msg, 0, msg.Length);
byte[] s = eng.GenerateSignature();
eng = new RsaDigestSigner(new Sha256Digest());
eng.Init(false, keys.Public);
eng.BlockUpdate(msg, 0, msg.Length);
Assert.IsTrue(eng.VerifySignature(s));
}
private static bool ReadBody(IOwinContext context, byte[] signature)
{
var ms = new MemoryStream();
RsaDigestSigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
eng.Init(false, publicKey.Value);
byte[] buffer = new byte[81920];
int count;
while ((count = context.Request.Body.Read(buffer, 0, buffer.Length)) != 0)
{
ms.Write(buffer, 0, count);
eng.BlockUpdate(buffer, 0, count);
}
var sha256 = new SHA256Managed();
var cs = new CryptoStream(ms, sha256, CryptoStreamMode.Write);
context.Request.Body.CopyTo(cs);
cs.FlushFinalBlock();
ms.Seek(0, SeekOrigin.Begin);
context.Request.Body = ms;
return(eng.VerifySignature(signature));
}
public bool VerifySignature(byte[] data, byte[] signature, string publicKey)
{
var signer = new RsaDigestSigner(new Sha256Digest());
signer.Init(false, GetPublicKeyParameters(publicKey));
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(signature));
}
public bool VerifySignature(byte[] message, byte[] signature, AsymmetricKeyParameter publicKey)
{
var signer = new RsaDigestSigner(new Sha512Digest());
signer.Init(false, publicKey);
signer.BlockUpdate(message, 0, message.Length);
return(signer.VerifySignature(signature));
}
/// <summary>
/// Verifies a signature to be authentic
/// </summary>
/// <param name="originalSignature">The signature which is be verified</param>
/// <param name="publicKey">the public key used for the verification</param>
/// <param name="data">the data which is signed</param>
/// <returns>true if signature is authentic, false if not</returns>
public bool Verify(byte[] originalSignature, byte[] publicKey, byte[] data)
{
var signer = new RsaDigestSigner(new Sha1Digest());
var pubKey = (RsaKeyParameters)CreateAsymmetricKeyParameterFromPublicKeyInfo(publicKey);
signer.Init(false, pubKey);
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(originalSignature));
}
public bool VerifyMessage(string message, byte[] signature, AsymmetricKeyParameter publicKey)
{
var bytesToEncrypt = Encoding.UTF8.GetBytes(message);
var signer = new RsaDigestSigner(GetShaDigest());
signer.Init(false, publicKey);
signer.BlockUpdate(bytesToEncrypt, 0, bytesToEncrypt.Length);
return(signer.VerifySignature(signature));
}
public bool VerifyMessage(string message, string signature, string publicKey)
{
var bytesToEncrypt = Encoding.UTF8.GetBytes(message);
var signer = new RsaDigestSigner(GetShaDigest());
signer.Init(false, GetPublic(publicKey));
signer.BlockUpdate(bytesToEncrypt, 0, bytesToEncrypt.Length);
return(signer.VerifySignature(Convert.FromBase64String(signature)));
}
private bool VerifyRsa(IDigest digest, byte[] buffer, int length, byte[] signature)
{
RsaDigestSigner signer = new RsaDigestSigner(digest);
int exponentOffset = 1;
int exponentLength = PublicKey[0] == 0 ? DnsMessageBase.ParseUShort(PublicKey, ref exponentOffset) : PublicKey[0];
int moduloOffset = exponentOffset + exponentLength;
int moduloLength = PublicKey.Length - moduloOffset;
RsaKeyParameters parameters = new RsaKeyParameters(false, new BigInteger(1, PublicKey, moduloOffset, moduloLength), new BigInteger(1, PublicKey, exponentOffset, exponentLength));
signer.Init(false, new ParametersWithRandom(parameters, _secureRandom));
signer.BlockUpdate(buffer, 0, length);
return(signer.VerifySignature(signature));
}
public static bool VerifySignature(byte[] data, byte[] modulus, byte[] exponent, byte[] signature)
{
//RSAParameters p = new RSAParameters();
//var publicKey = DotNetUtilities.GetRsaPublicKey(p);
//var cs = new RSACryptoServiceProvider(1024);
//var publicKey = DotNetUtilities.GetRsaPublicKey(cs);
var publicKey = new RsaKeyParameters(false, new BigInteger(1, modulus), new BigInteger(1, exponent));
ISigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
eng.Init(false, publicKey);
eng.BlockUpdate(data, 0, data.Length);
return(eng.VerifySignature(signature));
}
public static bool VerifySignature(string message, string signature)
{
try
{
byte[] messageBytes = message.ToByteArray();
byte[] signatureBytes = signature.FromBase64();
RsaDigestSigner signer = new RsaDigestSigner(new Sha256Digest());
signer.Init(false, TransformKey(KeyType.PublicKey));
signer.BlockUpdate(messageBytes, 0, messageBytes.Length);
bool isValidSignature = signer.VerifySignature(signatureBytes);
return(isValidSignature);
}
catch (Exception ex)
{
FileHelper.WriteFile(ErrorHelper.FormatError(ex), FileHelper.ErrorPath, true);
return(false);
}
}
public static bool VerifySignature(byte[] data, byte[] signature)
{
//RSAParameters p = new RSAParameters();
//var publicKey = DotNetUtilities.GetRsaPublicKey(p);
//var cs = new RSACryptoServiceProvider(1024);
//var publicKey = DotNetUtilities.GetRsaPublicKey(cs);
var rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(pubKey);
var parameters = rsa.ExportParameters(false);
var publicKey = DotNetUtilities.GetRsaPublicKey(parameters);
//ISigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
RsaDigestSigner eng = new RsaDigestSigner(new Sha256Digest()); //new PssSigner(new RsaEngine(), digest);
eng.Init(false, publicKey);
eng.BlockUpdate(data, 0, data.Length);
return(eng.VerifySignature(signature));
}
internal override void Evaluate()
{
RsaDigestSigner signer = new RsaDigestSigner(provider.CreateEngine(EngineUsage.GENERAL), FipsShs.CreateDigest(FipsShs.Sha256));
signer.Init(false, new RsaKeyParameters(false, katM, katE));
signer.BlockUpdate(msg, 0, msg.Length);
if (!signer.VerifySignature(FipsKats.Values[FipsKats.Vec.RsaStartupVerifySig]))
{
Fail("self test signature verify failed.");
}
signer.Init(true, new ParametersWithRandom(testPrivKey, Utils.testRandom));
signer.BlockUpdate(msg, 0, msg.Length);
byte[] sig = signer.GenerateSignature();
if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.RsaStartupResultSig], sig))
{
Fail("self test signature generate failed.");
}
}
/// <summary>
/// Verifies an RSA SHA256 signature of <paramref name="data"/> using <paramref name="key"/>
/// </summary>
/// <param name="key"></param>
/// <param name="data"></param>
/// <param name="signature"></param>
/// <returns></returns>
public bool VerifySignature(RsaKeyParameters key, byte[] data, byte[] signature)
{
signer.Init(false, key);
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(signature));
}
public void Verify(Key key, SignMessage msg)
{
string alg = FindAttr("alg", msg).AsString();
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JOSE_Exception("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (key.AsString("kty") != "RSA")
{
throw new JOSE_Exception("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(protectedB64, 0, protectedB64.Length);
signer.BlockUpdate(rgbDot, 0, 1);
signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
if (!signer.VerifySignature(signature))
{
throw new JOSE_Exception("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(protectedB64, 0, protectedB64.Length);
signer.BlockUpdate(rgbDot, 0, 1);
signer.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
if (!signer.VerifySignature(signature))
{
throw new JOSE_Exception("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
if (key.AsString("kty") != "EC")
{
throw new JOSE_Exception("Wrong Key Type");
}
X9ECParameters p = NistNamedCurves.GetByName(key.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPoint point = p.Curve.CreatePoint(key.AsBigInteger("x"
), key.AsBigInteger("y"));
ECPublicKeyParameters pubKey = new ECPublicKeyParameters(point, parameters);
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
digest.BlockUpdate(protectedB64, 0, protectedB64.Length);
digest.BlockUpdate(rgbDot, 0, rgbDot.Length);
digest.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JOSE_Exception("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(protectedB64, 0, protectedB64.Length);
hmac.BlockUpdate(rgbDot, 0, rgbDot.Length);
hmac.BlockUpdate(msg.payloadB64, 0, msg.payloadB64.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JOSE_Exception("Signature did not validte");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (key.AsString("kty") != "OKP")
{
throw new JOSE_Exception("Wrong Key Type");
}
switch (key.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(key.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
byte[] toVerify = new byte[protectedB64.Length + rgbDot.Length + msg.payloadB64.Length];
Array.Copy(protectedB64, 0, toVerify, 0, protectedB64.Length);
Array.Copy(rgbDot, 0, toVerify, protectedB64.Length, rgbDot.Length);
Array.Copy(msg.payloadB64, 0, toVerify, protectedB64.Length + rgbDot.Length, msg.payloadB64.Length);
eddsa.BlockUpdate(toVerify, 0, toVerify.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JOSE_Exception("Signature did not validate");
}
break;
}
default:
throw new JOSE_Exception("Unknown algorithm");
}
break;
}
default:
throw new JOSE_Exception("Unknown algorithm");
}
}
public static void Main1(string[] args)
{
//公钥和密钥的生成,并加密解密测试
//RsaKeyGeneratorTest(); //done!!!!!
byte[] msg = Encoding.UTF8.GetBytes("abcdefg");
string priKeyString = File.ReadAllText(@"E:\OwenProject\RSA\pc8_bc.pem");
string pubKeyString = File.ReadAllText(@"E:\OwenProject\RSA\pc8_bc_pub.pem");
using (TextReader priReader = new StringReader(priKeyString)
, pubReader = new StringReader(pubKeyString))
{
PemReader pemReader = new PemReader(priReader);
var obj = pemReader.ReadObject();
var pri = obj as RsaPrivateCrtKeyParameters;
//RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
//RSAParameters p = new RSAParameters();
//p.DP = pri.DP.ToByteArray();
//p.DQ = pri.DQ.ToByteArray();
//p.Exponent = pri.Exponent.ToByteArray();
//p.P = pri.P.ToByteArray();
//p.Q = pri.Q.ToByteArray();
//p.Modulus = pri.Modulus.ToByteArray();
//p.D = pri.PublicExponent.ToByteArray();
//p.InverseQ = pri.QInv.ToByteArray();
//rsa.ImportParameters(p);
PemReader pemReaderPub = new PemReader(pubReader);
var objPub = pemReaderPub.ReadObject();
var pub = objPub as RsaKeyParameters;
//AsymmetricCipherKeyPair kp = new AsymmetricCipherKeyPair(pri, pub);
RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());
signer.Init(true, pri);
signer.BlockUpdate(msg, 0, msg.Length);
byte[] sig = signer.GenerateSignature();
Console.WriteLine(Convert.ToBase64String(sig));
signer.Init(false, pub);
signer.BlockUpdate(msg, 0, msg.Length);
bool valid = signer.VerifySignature(sig);
Console.WriteLine(valid);
}
var priKeyContent = Convert.FromBase64String(@"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKko+TE1xJaRoRm/UrNIoWDejYYPdDurNZe28pXFrRWTyFFPx9ABOx6XduSkbxbmCnh3bqE5ytlpKmZjxVCV74wT9RYMzkmERlBhI55aK6deKNnRS8OluiNyJybT3pxCzKe+daj3P4LgjQLe3d0Jn+bWUT2L0iA/TCdDt6ZLZywVAgMBAAECgYBY7Y5bPW30zehIVdlPIQ6dk0IJSRSMzcvlzyqma/47Cq7TeEKN6ie/RFcfigZQnmzAueCx52TpeKzumOLBI6GDQgnSBx8RVPjx/p8XNGUxw4UQiUG+EW7iNqLEKKKtnwfjYNqFcNAsn1b8CCMORozIwYLhn5ihkBiz10ITQURQoQJBAOBxhfpDYFNhlYHuP3qn7VqKZCzzbAfT6OOuc8GoEJvHeBnKczFrUzMmbiberVn5g/l7rJ9rfakY32f5KYP73XkCQQDA8Z03nqKhqaxdEG2JgStcGgMT1htkWeSmUNoKaY+SBor3BVLrd30VZGp51zzAcTY9pdUG7PQXystxn6Htskh9AkEAhnk+Dp4DvrF/BGQcwH6QpWi5cH1AQshihtflHyh1GwC+IqW7suZc6Q6jfMJ6Fqh6vCWvXaznk0MFx6PvjdZ/8QJBAIZTL7sbK+oUsDUSTNAgJ0m1qlLTCrrwgmjvfP0mxJdLCtAy2qmnxGNyR1aP7HGl37dHjmmF6eHug3iVRCyxpBkCQATsf3oAPErQ0AT2wB0Uof6uv0x+/6r1q0cuR/R3Htd3Sz9GIx+4v79p41DBcSMyr2fubtXp6WiHSlvseiKigWU=");
var pubKeyContent = Convert.FromBase64String(@"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpKPkxNcSWkaEZv1KzSKFg3o2GD3Q7qzWXtvKVxa0Vk8hRT8fQATsel3bkpG8W5gp4d26hOcrZaSpmY8VQle+ME/UWDM5JhEZQYSOeWiunXijZ0UvDpbojcicm096cQsynvnWo9z+C4I0C3t3dCZ/m1lE9i9IgP0wnQ7emS2csFQIDAQAB");
//var priKeyContent = Convert.FromBase64String(@"MIICWwIBAAKBgQDsQIuN+M/x9grPYectc3Ye5rboKWT12w9KcSWLgdRlUg9IGe6oDYj/CEGh0rJi4pijlRRY06Ri8MLkn76T/sYYXHuYSzVgAaolhD1Fpv0NwQBBGwWhogz/FF1qhW2dMQiMlBlQjp6jblzbJwnPAg9mESvywj8h03KNG3VnPAhCMwIDAQABAoGAfJsWgA0JcG77CKJ0ke5iEK5TLmQW0e12RSckTE5vvfjoAnla/NwWs5yhMT61w54ML8tDbg5Cl8SwpnDyzZAE3nTX86+oqRUDdJV96YOR2gti6lcfiZYd6qqPgnbZ4KQmcE+LRMpWhnL9zoAdg4kSorHP/nl8UfaRZQqhILg6G4ECQQD/8EOpEq/+M011yLlXMOO496/ckCrfm08DAw9vl0K5FVBMD9Fsd31/7pZh7Um7dqCabaNsYYorbIsffMQXB/6hAkEA7E8SClZJtTE+hUK2Vn9SNTQlofuztui2kRt0lt0+rjqgh+GH3FkPQeVVTQ7dxkq2aUntkEtELso+RRkYgbg0UwJACFF0wX/7/FUKhXN6opzSKebS7mY5Hn9buAtXaxcNchqBO5egBNh1Wb0VYiVmKhOW8K3zi8g3x2WFuAZEEUOPQQJAGTyMiawTbRVYPvUT8gLg7aunBTiTRcpujOqotd/k7Mh4EmrkjoS4W2o5hOQ8jQu3lWD+zPUsz+5rXgfDFT9t3wJACdFWlzj1TC64f9bNo7I2n1S+xWn1Rm/z0e+fVq2n7sbtVtaYQY1HSXPOuDgCKMPcx5Fp1EuhzDvnxIaPdUXzyQ==");
var asn1Seq = Asn1Sequence.GetInstance(priKeyContent);
if (asn1Seq is DerSequence)
{
asn1Seq = (Asn1Sequence)asn1Seq;
}
var ppriv = PrivateKeyFactory.CreateKey(PrivateKeyInfo.GetInstance(asn1Seq)) as AsymmetricKeyParameter;
var ppubl = PublicKeyFactory.CreateKey((pubKeyContent));
RsaDigestSigner signer1 = new RsaDigestSigner(new Sha1Digest());
signer1.Init(true, ppriv);
signer1.BlockUpdate(msg, 0, msg.Length);
byte[] sig1 = signer1.GenerateSignature();
Console.WriteLine(Convert.ToBase64String(sig1));
signer1.Init(false, ppubl);
signer1.BlockUpdate(msg, 0, msg.Length);
bool valid2 = signer1.VerifySignature(sig1);
Console.WriteLine(valid2);
}
internal bool ValidateMac(byte[] toBeSigned, byte[] signature, string alg)
{
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (this.AsString("kty") != "RSA")
{
throw new JoseException("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, this.AsBigInteger("n"), this.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, this.AsBigInteger("n"), this.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
if (this.AsString("kty") != "EC")
{
throw new JoseException("Wrong Key Type");
}
ICipherParameters pubKey = this.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JoseException("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(this.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JoseException("Signature did not validate");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (this.AsString("kty") != "OKP")
{
throw new JoseException("Wrong Key Type");
}
switch (this.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(this.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JoseException("Signature did not validate");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
return(true);
}
public bool Verify(SignMessage msg)
{
string alg = FindAttribute("alg").AsString();
JWK key = keyToSign;
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
//
byte[] toBeSigned;
string str = "";
string body = Encoding.UTF8.GetString(msg.payloadB64);
if (ProtectedMap.ContainsKey("b64") && ProtectedMap["b64"].AsBoolean() == false)
{
str += protectedB64 + "." + body;
}
else
{
str += protectedB64 + "." + body;
}
toBeSigned = Encoding.UTF8.GetBytes(str);
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (key.AsString("kty") != "RSA")
{
throw new JoseException("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
if (key.AsString("kty") != "EC")
{
throw new JoseException("Wrong Key Type");
}
ICipherParameters pubKey = keyToSign.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JoseException("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JoseException("Signature did not validate");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (key.AsString("kty") != "OKP")
{
throw new JoseException("Wrong Key Type");
}
switch (key.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(key.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JoseException("Signature did not validate");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
return(true);
}
