// public methods overriding random
public override void NextBytes(byte[] bytes)
{
lock (this)
{
int stateOff = 0;
digest.doFinal(state, 0);
for (int i = 0; i < bytes.Length; i++)
{
if (stateOff == state.Length)
{
byte[] b = longToBytes(counter++);
digest.update(b, 0, b.Length);
digest.update(state, 0, state.Length);
digest.doFinal(state, 0);
stateOff = 0;
}
bytes[i] = state[stateOff++];
}
byte[] bb = longToBytes(counter++);
digest.update(bb, 0, bb.Length);
digest.update(state, 0, state.Length);
}
}
// public methods overriding random
public virtual void nextBytes(byte[] bytes)
{
int stateOff = 0;
digest.doFinal(state, 0);
for (int i = 0; i != bytes.Length; i++)
{
if (stateOff == state.Length)
{
byte[] b = longToBytes(counter++);
digest.update(b, 0, b.Length);
digest.update(state, 0, state.Length);
digest.doFinal(state, 0);
stateOff = 0;
}
bytes[i] = state[stateOff++];
}
byte[] bb = longToBytes(counter++);
digest.update(bb, 0, bb.Length);
digest.update(state, 0, state.Length);
}
public override byte[] Sign(byte[] msg)
{
SHA1Digest hash = new SHA1Digest();
hash.update(msg, 0, msg.Length);
byte[] data = new byte[hash.getDigestSize()];
hash.doFinal(data, 0);
byte[] tmp = new byte[data.Length + ASN_SHA1.Length];
Array.Copy(ASN_SHA1, 0, tmp, 0, ASN_SHA1.Length);
Array.Copy(data, 0, tmp, ASN_SHA1.Length, data.Length);
data = tmp;
BigInteger dataInt = new BigInteger(1, data);
int mLen = (Modulus.bitLength() + 7) / 8;
dataInt = RSA.padPKCS1(dataInt, 1, mLen, new RNGCryptoServiceProvider());
BigInteger signatureInt = null;
signatureInt = RSA.doPrivateCrt(dataInt,
PrimeP, PrimeQ,
PrimeExponentP,
PrimeExponentQ,
CrtCoefficient);
byte[] sig = unsignedBigIntToBytes(signatureInt, mLen);
return(sig);
}
protected internal bool VerifySignature(byte[] msg, BigInteger r, BigInteger s)
{
// Create a SHA1 hash of the message
SHA1Digest h = new SHA1Digest();
h.update(msg, 0, msg.Length);
byte[] data = new byte[h.getDigestSize()];
h.doFinal(data, 0);
BigInteger m = new BigInteger(1, data);
m = m.mod(q);
if (BigInteger.valueOf(0).compareTo(r) >= 0 || q.compareTo(r) <= 0)
{
return(false);
}
if (BigInteger.valueOf(0).compareTo(s) >= 0 || q.compareTo(s) <= 0)
{
return(false);
}
BigInteger w = s.modInverse(q);
BigInteger u1 = m.multiply(w).mod(q);
BigInteger u2 = r.multiply(w).mod(q);
BigInteger v = g.modPow(u1, p).multiply(y.modPow(u2, p)).mod(p).mod(q);
return(v.compareTo(r) == 0);
}
public byte[] Sign(byte[] msg)
{
SHA1Digest h = new SHA1Digest();
h.update(msg, 0, msg.Length);
byte[] data = new byte[h.getDigestSize()];
h.doFinal(data, 0);
return(DSA.Sign(x, p, q, g, data));
}
public virtual bool VerifySignature(byte[] signature, byte[] msg)
{
// Create a SHA1 hash of the message
SHA1Digest h = new SHA1Digest();
h.update(msg, 0, msg.Length);
byte[] data = new byte[h.getDigestSize()];
h.doFinal(data, 0);
return(DSA.Verify(y, p, q, g, signature, data));
}
/**
*
* Calulates the keyidentifier using a SHA1 hash over the BIT STRING
* from SubjectPublicKeyInfo as defined in RFC2459.
*
* Example of making a AuthorityKeyIdentifier:
* <pre>
* SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
* new ByteArrayInputStream(publicKey.getEncoded())).readObject());
* AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
* </pre>
*
**/
public AuthorityKeyIdentifier(
SubjectPublicKeyInfo spki)
{
Digest digest = new SHA1Digest();
byte[] resBuf = new byte[digest.getDigestSize()];
byte[] bytes = spki.getPublicKeyData().getBytes();
digest.update(bytes, 0, bytes.Length);
digest.doFinal(resBuf, 0);
this.keyidentifier = new DEROctetString(resBuf);
}
/**
* mask generator function, as described in PKCS1v2.
*/
private byte[] maskGeneratorFunction1(
byte[] Z,
int zOff,
int zLen,
int length)
{
byte[] mask = new byte[length];
byte[] hashBuf = new byte[defHash.Length];
byte[] C = new byte[4];
int counter = 0;
hash.reset();
do
{
ItoOSP(counter, C);
hash.update(Z, zOff, zLen);
hash.update(C, 0, C.Length);
hash.doFinal(hashBuf, 0);
Array.Copy(hashBuf, 0, mask, counter * defHash.Length, defHash.Length);
}while (++counter < (length / defHash.Length));
if ((counter * defHash.Length) < length)
{
ItoOSP(counter, C);
hash.update(Z, zOff, zLen);
hash.update(C, 0, C.Length);
hash.doFinal(hashBuf, 0);
Array.Copy(hashBuf, 0, mask, counter * defHash.Length, mask.Length - (counter * defHash.Length));
}
return(mask);
}
/// <summary>
/// Create using an public Asymmetric Key.
/// </summary>
/// <param name="key">A public Asymmetric key.</param>
public RespID(AsymmetricKeyParameter key)
{
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(key);
byte[] b = info.getEncoded();
SHA1Digest sha1 = new SHA1Digest();
sha1.update(b, 0, b.Length);
b = new byte[sha1.getDigestSize()];
sha1.doFinal(b, 0);
ASN1OctetString keyHash = new DEROctetString(b);
this.id = new ResponderID(keyHash);
}
/**
* create an AuthorityKeyIdentifier with the GeneralNames tag and
* the serial number provided as well.
*/
public AuthorityKeyIdentifier(
SubjectPublicKeyInfo spki,
GeneralNames name,
BigInteger serialNumber)
{
Digest digest = new SHA1Digest();
byte[] resBuf = new byte[digest.getDigestSize()];
byte[] bytes = spki.getPublicKeyData().getBytes();
digest.update(bytes, 0, bytes.Length);
digest.doFinal(resBuf, 0);
this.keyidentifier = new DEROctetString(resBuf);
this.certissuer = name;
this.certserno = new DERInteger(serialNumber);
}
public virtual bool VerifySignature(byte[] signature,
byte[] msg)
{
BigInteger signatureInt = new BigInteger(signature);
signatureInt = RSA.doPublic(signatureInt,
modulus, publicExponent);
signatureInt = RSA.removePKCS1(signatureInt, 1);
signature = signatureInt.toByteArray();
SHA1Digest h = new SHA1Digest();
h.update(msg, 0, msg.Length);
byte[] data = new byte[h.getDigestSize()];
h.doFinal(data, 0);
if (data.Length != (signature.Length - ASN_SHA1.Length))
{
return(false);
}
byte[] cmp = ASN_SHA1;
for (int i = 0, j = 0; i < signature.Length; i++, j++)
{
if (i == ASN_SHA1.Length)
{
cmp = data;
j = 0;
}
if (signature[i] != cmp[j])
{
return(false);
}
}
return(true);
}
/**
* which generates the p and g values from the given parameters,
* returning the DSAParameters object.
* <p>
* Note: can take a while...
*/
public DSAParameters generateParameters()
{
byte[] seed = new byte[20];
byte[] part1 = new byte[20];
byte[] part2 = new byte[20];
byte[] u = new byte[20];
SHA1Digest sha1 = new SHA1Digest();
int n = (size - 1) / 160;
byte[] w = new byte[size / 8];
BigInteger q = null, p = null, g = null;
int counter = 0;
bool primesFound = false;
while (!primesFound)
{
do
{
random.nextBytes(seed);
sha1.update(seed, 0, seed.Length);
sha1.doFinal(part1, 0);
Array.Copy(seed, 0, part2, 0, seed.Length);
add(part2, seed, 1);
sha1.update(part2, 0, part2.Length);
sha1.doFinal(part2, 0);
for (int i = 0; i != u.Length; i++)
{
u[i] = (byte)(part1[i] ^ part2[i]);
}
u[0] |= (byte)0x80;
u[19] |= (byte)0x01;
q = new BigInteger(1, u);
}while (!q.isProbablePrime(certainty));
counter = 0;
int offset = 2;
while (counter < 4096)
{
for (int k = 0; k < n; k++)
{
add(part1, seed, offset + k);
sha1.update(part1, 0, part1.Length);
sha1.doFinal(part1, 0);
Array.Copy(part1, 0, w, w.Length - (k + 1) * part1.Length, part1.Length);
}
add(part1, seed, offset + n);
sha1.update(part1, 0, part1.Length);
sha1.doFinal(part1, 0);
Array.Copy(part1, part1.Length - ((w.Length - (n) * part1.Length)), w, 0, w.Length - n * part1.Length);
w[0] |= (byte)0x80;
BigInteger x = new BigInteger(1, w);
BigInteger c = x.mod(q.multiply(TWO));
p = x.subtract(c.subtract(ONE));
if (p.testBit(size - 1))
{
if (p.isProbablePrime(certainty))
{
primesFound = true;
break;
}
}
counter += 1;
offset += n + 1;
}
}
//
// calculate the generator g
//
BigInteger pMinusOneOverQ = p.subtract(ONE).divide(q);
for (;;)
{
BigInteger h = new BigInteger(size, random);
if (h.compareTo(ONE) <= 0 || h.compareTo(p.subtract(ONE)) >= 0)
{
continue;
}
g = h.modPow(pMinusOneOverQ, p);
if (g.compareTo(ONE) <= 0)
{
continue;
}
break;
}
return(new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)));
}