/// <summary>
/// Construct profile for the specified device.
/// </summary>
/// <param name="Name">The name of the device within profiles.</param>
/// <param name="Description">Description of the device.</param>
/// <param name="SignatureAlgorithmID">The public key algorithm to use for signature keys.</param>
/// <param name="ExchangeAlgorithmID">The public key algorithm to use for encryption keys.</param>
public DeviceProfile(string Name, string Description,
CryptoAlgorithmID SignatureAlgorithmID,
CryptoAlgorithmID ExchangeAlgorithmID) {
this.Names = new List<string>();
this.Names.Add(Name);
this.Description = Description;
DeviceSignatureKey = PublicKey.Generate (KeyType.DSK, SignatureAlgorithmID);
DeviceAuthenticationKey = PublicKey.Generate(KeyType.DAK,
SignatureAlgorithmID);
DeviceEncryptiontionKey = PublicKey.Generate(KeyType.DEK, ExchangeAlgorithmID);
Identifier = DeviceSignatureKey.UDF;
}
/// <summary>
/// Create a MasterProfile using the specified signature and exchange
/// algorithms.
/// </summary>
/// <param name="SignatureAlgorithmID">The signature algorithm to be used for
/// the master signature key and the online signature key.</param>
/// <param name="ExchangeAlgorithmID">The exchange a</param>
public MasterProfile(CryptoAlgorithmID SignatureAlgorithmID,
CryptoAlgorithmID ExchangeAlgorithmID) {
MasterSignatureKey = PublicKey.Generate(KeyType.PMSK, SignatureAlgorithmID);
MasterSignatureKey.SelfSignCertificate(Application.PersonalMaster);
var OnlineSignatureKey = PublicKey.Generate(KeyType.POSK, SignatureAlgorithmID);
OnlineSignatureKey.SignCertificate(Application.CA, MasterSignatureKey);
OnlineSignatureKeys = new List<PublicKey>();
OnlineSignatureKeys.Add(OnlineSignatureKey);
var MasterEscrowKey = PublicKey.Generate(KeyType.PMEK, ExchangeAlgorithmID);
MasterEscrowKey.SignCertificate(Application.DataEncryption, MasterSignatureKey);
MasterEscrowKeys = new List<PublicKey>();
MasterEscrowKeys.Add(MasterEscrowKey);
Identifier = MasterSignatureKey.UDF;
}
/// <summary>
/// Generate a new key pair and return a PublicKey object for the public
/// parameters.
/// </summary>
/// <param name="KeyType">The mest key type.</param>
/// <param name="CryptoAlgorithmID">The algorithm to generate keys for.</param>
/// <returns>The generated key pair</returns>
public static PublicKey Generate(KeyType KeyType, CryptoAlgorithmID CryptoAlgorithmID) {
var CryptoProvider = CryptoCatalog.Default.GetAsymmetric(CryptoAlgorithmID);
CryptoProvider.Generate(GetKeySecurity(KeyType));
var KeyPair = CryptoProvider.KeyPair;
var PublicKey = new PublicKey();
PublicKey.KeyPair = KeyPair;
if (KeyPair.GetType() == typeof(RSAKeyPair)) {
PublicKey.PublicParameters = new PublicKeyRSA(KeyPair as RSAKeyPair);
return PublicKey;
}
throw new Exception("Not found");
}
/// <summary>
/// Create an instance with the specified property values.
/// </summary>
/// <param name="CryptoAlgorithmID">CryptoAlgorithmID Identifier.</param>
/// <param name="Name">.NET Framework name.</param>
/// <param name="KeySize">Default algorithm key size.</param>
/// <param name="JSON_alg">JSON Algorithm Identifier.</param>
/// <param name="JSON_kty">JSON Key type.</param>
/// <param name="JSON_use">JSON Key Use.</param>
/// <param name="XML">XML algorithm identifier.</param>
/// <param name="AlgorithmClass">Algorithm type.</param>
/// <param name="GetCryptoProvider">Delegate returning the default crypto provider.</param>
public CryptoAlgorithm(
CryptoAlgorithmID CryptoAlgorithmID,
string Name,
int KeySize,
string JSON_kty,
string JSON_use,
string JSON_alg,
string XML,
CryptoAlgorithmClass AlgorithmClass,
GetCryptoProvider GetCryptoProvider) {
_CryptoAlgorithmID = CryptoAlgorithmID;
_Name = Name;
_OID = CryptoConfig.MapNameToOID(Name);
_GetCryptoProvider = GetCryptoProvider;
_KeySize = KeySize;
_JSON_alg = JSON_alg;
_JSON_use = JSON_use;
_JSON_kty = JSON_kty;
_XML = XML;
_AlgorithmClass = AlgorithmClass;
}
/// <summary>
/// Get a signature provider by algorithm identifier
/// </summary>>
/// <param name="Signature">Signature algorithm identifier.</param>
/// <param name="Digest">Digest algorithm identifer.</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderExchange GetExchange(CryptoAlgorithmID Signature,
CryptoAlgorithmID Digest) {
return Get(Signature, Digest) as CryptoProviderExchange;
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Algorithm identifier</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderSignature GetSignature(CryptoAlgorithmID ID) {
return Get(OrDefault(ID, AlgorithmSignature)) as CryptoProviderSignature;
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Algorithm identifier</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderEncryption GetEncryption(CryptoAlgorithmID ID) {
return Get(OrDefault(ID, AlgorithmEncryption)) as CryptoProviderEncryption;
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Algorithm identifier</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderDigest GetDigest(CryptoAlgorithmID ID) {
return Get(OrDefault(ID, AlgorithmDigest)) as CryptoProviderDigest;
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Principal algorithm identifier.</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProvider Get(CryptoAlgorithmID ID) {
var Index = (int)ID;
var Entry = Algorithms[Index];
return Entry.GetCryptoProvider(Entry.KeySize, CryptoAlgorithmID.NULL);
}
/// <summary>
/// Create an instance of the RSA crypto provider with specified
/// default key size and digest algorithm.
/// </summary>
/// <param name="KeySize">Default key size.</param>
/// <param name="DigestAlgorithm">Default digest algorithm.</param>
public CryptoProviderSignatureRSA(int KeySize, CryptoAlgorithmID DigestAlgorithm) {
this.KeySize = KeySize;
this.DigestAlgorithm = DigestAlgorithm;
}
public void TestDigest(CryptoAlgorithmID DigestID, string Input, string TestHex) {
var TestVector = Trace.HexToByte(TestHex);
var Provider = CryptoCatalog.GetDigest(DigestID);
Trace.WriteLine("Test provider {0}", Provider.Name);
var Result = Provider.Process(HelloWorld);
Trace.WriteHex("Result", Result.Integrity);
Trace.AssertEqual("Check Testvector", Result.Integrity, TestVector);
// Reinitialize and retest
Provider.Initialize();
var Result2 = Provider.Process(HelloWorld);
Trace.WriteHex("Result#2", Result2.Integrity);
Trace.AssertEqual("Check reinitialization", Result.Integrity, Result2.Integrity);
// Check that the validation is correct
Result.Integrity[0] = (byte)(Result.Integrity[0] ^ 0xff);
Trace.AssertNotEqual("Check verification code", Result.Integrity, Result2.Integrity);
}
public void TestPublicEncrypt(CryptoAlgorithmID PublicID, CryptoAlgorithmID BulkID, string Text) {
var PublicProvider = CryptoCatalog.GetExchange(PublicID);
var Encryptor = CryptoCatalog.GetEncryption(BulkID);
Trace.WriteLine("Test provider {0} with {1}", PublicProvider.Name, Encryptor.Name);
var BinaryText = Encoding.UTF8.GetBytes(Text);
Encryptor.StartEncrypt();
var Key = Encryptor.Key;
var IV = Encryptor.IV;
var Result = Encryptor.Process(BinaryText);
PublicProvider.Generate(KeySecurity.Ephemeral);
var EncryptedKey = PublicProvider.Encrypt(Result);
Trace.WriteHex("Public key blob:", EncryptedKey.Data);
// find the key by UDF
var PublicDecryptor = CryptoCatalog.GetExchange(PublicProvider.UDF);
var DecryptedKey = PublicDecryptor.Decrypt(EncryptedKey);
Trace.AssertEqual("Encryption Round Trip", Key, DecryptedKey.Key);
var Decryptor = CryptoCatalog.GetEncryption(BulkID);
Decryptor.StartDecrypt(DecryptedKey.Key, IV);
Result.Key = DecryptedKey.Key;
var Result2 = Decryptor.Decrypt(Result, Result.Data);
Trace.AssertEqual("Encryption Round Trip", BinaryText, Result2.Data);
}
public void TestSignVerify(CryptoAlgorithmID SignID, CryptoAlgorithmID DigestID, string Text) {
var SignProvider = CryptoCatalog.GetSignature(SignID);
var DigestProvider = CryptoCatalog.GetDigest(DigestID);
Trace.WriteLine("Test provider {0} with {1}", SignProvider.Name, DigestProvider.Name);
var Result = DigestProvider.Process(Text);
Trace.WriteHex("Digest", Result.Integrity);
SignProvider.Generate(KeySecurity.Ephemeral);
Trace.WriteLine("fingerprint {0}", SignProvider.UDF);
var Signature = SignProvider.Sign(Result);
Trace.WriteHex("Signature", Signature.Integrity);
// Find the signature provider in the local store by fingerprint.
var VerifyProvider = CryptoCatalog.GetSignature(SignProvider.UDF);
var ValidSignResult = VerifyProvider.Verify(Result, Signature);
Trace.WriteLine("Checked valid signature valid={0}", ValidSignResult);
Trace.Assert("Check valid signature", ValidSignResult);
// Clobber the integrity data
Result.Integrity[0] = (byte)(Result.Integrity[0] ^ 0xff);
var InvalidSignResult = VerifyProvider.Verify(Result, Signature);
Trace.WriteLine("Checked valid signature valid={0}", InvalidSignResult);
Trace.Assert("Check invalid signature", !InvalidSignResult);
}
public void TestEncryption(CryptoAlgorithmID EncID, string Text) {
var BinaryText = Encoding.UTF8.GetBytes(Text);
var Encryptor = CryptoCatalog.GetEncryption(EncID);
Trace.WriteLine("Test provider {0}", Encryptor.Name);
// Encrypt using provider generated Key and IV
Encryptor.StartEncrypt();
var Result = Encryptor.Process(BinaryText);
// Decrypt from cryto blob.
var Decryptor = CryptoCatalog.GetEncryption(EncID);
var Result2 = Decryptor.Decrypt(Result, Result.Data);
Trace.AssertEqual("Encryption Round Trip", BinaryText, Result2.Data);
}
public void TestAuthentication(CryptoAlgorithmID MACID, byte[] Key, byte[] Input, byte[] TestVector) {
var Provider = CryptoCatalog.GetAuthentication(MACID);
Provider.Key = Key;
Trace.WriteLine("Test provider {0}", Provider.Name);
var Result = Provider.Process(Input);
Trace.WriteHex("Result", Result.Integrity);
Trace.AssertEqual("Check Testvector", Result.Integrity, TestVector);
// Reinitialize and retest
Provider.Initialize();
var Result2 = Provider.Process(Input);
Trace.WriteHex("Result#2", Result2.Integrity);
Trace.AssertEqual("Check reinitialization", Result.Integrity, Result2.Integrity);
// Check that the validation is correct
Result.Integrity[0] = (byte)(Result.Integrity[0] ^ 0xff);
Trace.AssertNotEqual("Check verification code", Result.Integrity, Result2.Integrity);
}
void SetDefault(ref CryptoAlgorithmID Current, CryptoAlgorithm New, CryptoAlgorithmID ID,
CryptoAlgorithmClass Class) {
if (Current == CryptoAlgorithmID.NULL & (New.AlgorithmClass == Class)) {
Current = ID;
}
}
CryptoAlgorithmID OrDefault(CryptoAlgorithmID Value, CryptoAlgorithmID Default) {
return Value == CryptoAlgorithmID.NULL ? Default : Value;
}
private static CryptoProvider Factory(int KeySize, CryptoAlgorithmID DigestAlgorithm) {
return new CryptoProviderSignatureRSA(KeySize, DigestAlgorithm);
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Principal algorithm identifier.</param>
/// <param name="Bulk">Bulk algorithm identifier.</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProvider Get(CryptoAlgorithmID ID, CryptoAlgorithmID Bulk) {
var Entry = Algorithms[(int)ID];
return Entry.GetCryptoProvider(Entry.KeySize, Bulk);
}
private static CryptoProvider Factory(int KeySize, CryptoAlgorithmID Ignore) {
return new CryptoProviderHMACSHA2_512();
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Algorithm identifier</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderAuthentication GetAuthentication(CryptoAlgorithmID ID) {
return Get(OrDefault(ID, AlgorithmMAC)) as CryptoProviderAuthentication;
}
private static CryptoProvider Factory(int KeySize, CryptoAlgorithmID DigestAlgorithm) {
return new CryptoProviderExchangeRSA(KeySize);
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Algorithm identifier</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderAsymmetric GetAsymmetric(CryptoAlgorithmID ID) {
var Result = Get(ID);
return Result as CryptoProviderAsymmetric;
}
private static CryptoProvider Factory(int KeySize, CryptoAlgorithmID Ignore) {
return new CryptoProviderExchangeRSAPKCS(KeySize);
}
/// <summary>
/// Get a signature provider by algorithm identifier
/// </summary>>
/// <param name="Signature">Signature algorithm identifier.</param>
/// <param name="Digest">Digest algorithm identifer.</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderSignature GetSignature(CryptoAlgorithmID Signature,
CryptoAlgorithmID Digest) {
return Get(Signature, Digest) as CryptoProviderSignature;
}
/// <summary>
/// Create and populate a result for an encryption with authentication algorithm.
/// </summary>
/// <param name="Identifier"></param>
/// <param name="OID"></param>
/// <param name="Value"></param>
/// <param name="Data"></param>
public CryptoData(CryptoAlgorithmID Identifier, string OID,
byte[] Value, byte[] Data) {
_Identifier = Identifier;
_Integrity = Value;
_Data = Data;
_OID = OID;
_Key = null;
_IV = null;
_CryptoOperation = CryptoOperation.Unknown;
}
/// <summary>
/// Get a cryptographic provider by algorithm identifier
/// </summary>
/// <param name="ID">Algorithm identifier</param>
/// <returns>Cryptographic provider if found or null otherwise.</returns>
public CryptoProviderExchange GetExchange(CryptoAlgorithmID ID) {
return Get(OrDefault(ID, AlgorithmExchange)) as CryptoProviderExchange;
}
/// <summary>
/// Create and populate a result for an encryption with authentication algorithm.
/// </summary>
/// <param name="Identifier"></param>
/// <param name="OID"></param>
/// <param name="Integrity"></param>
/// <param name="Data"></param>
/// <param name="Key">Key data</param>
/// <param name="IV">Initialization Vector</param>
public CryptoData(CryptoAlgorithmID Identifier, string OID,
byte[] Integrity, byte[] Data, byte [] Key, byte []IV) {
_Identifier = Identifier;
_Integrity = Integrity;
_Data = Data;
_OID = OID;
_Key = Key;
_IV = IV;
_CryptoOperation = CryptoOperation.Unknown;
}
private static CryptoProvider Factory(int KeySize, CryptoAlgorithmID DigestAlgorithm) {
return new CryptoProviderEncryptAES(KeySize);
}
private static CryptoProvider Factory(int KeySize, CryptoAlgorithmID DigestAlgorithm) {
return new CryptoProviderSHA1();
}
