private void BasicSigTest() { Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters( Hex.DecodeStrict( "6c82a562cb808d10d632be89c8513ebf" + "6c929f34ddfa8c9f63c9960ef6e348a3" + "528c8a3fcc2f044e39a3fc5b94492f8f" + "032e7549a20098f95b"), 0); Ed448PublicKeyParameters publicKey = new Ed448PublicKeyParameters( Hex.DecodeStrict("5fd7449b59b461fd2ce787ec616ad46a" + "1da1342485a70e1f8a0ea75d80e96778" + "edf124769b46c7061bd6783df1e50f6c" + "d1fa1abeafe8256180"), 0); byte[] sig = Hex.DecodeStrict("533a37f6bbe457251f023c0d88f976ae" + "2dfb504a843e34d2074fd823d41a591f" + "2b233f034f628281f2fd7a22ddd47d78" + "28c59bd0a21bfd3980ff0d2028d4b18a" + "9df63e006c5d1c2d345b925d8dc00b41" + "04852db99ac5c7cdda8530a113a0f4db" + "b61149f05a7363268c71d95808ff2e65" + "2600"); ISigner signer = new Ed448Signer(new byte[0]); signer.Init(true, privateKey); IsTrue(AreEqual(sig, signer.GenerateSignature())); signer.Init(false, publicKey); IsTrue(signer.VerifySignature(sig)); }
public virtual AsymmetricCipherKeyPair GenerateKeyPair() { Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters(random); Ed448PublicKeyParameters publicKey = privateKey.GeneratePublicKey(); return(new AsymmetricCipherKeyPair(publicKey, privateKey)); }
private void DoTestConsistency(Ed448.Algorithm algorithm, byte[] context) { Ed448KeyPairGenerator kpg = new Ed448KeyPairGenerator(); kpg.Init(new Ed448KeyGenerationParameters(Random)); AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters)kp.Private; Ed448PublicKeyParameters publicKey = (Ed448PublicKeyParameters)kp.Public; byte[] msg = new byte[Random.NextInt() & 255]; Random.NextBytes(msg); ISigner signer = CreateSigner(algorithm, context); signer.Init(true, privateKey); signer.BlockUpdate(msg, 0, msg.Length); byte[] signature = signer.GenerateSignature(); ISigner verifier = CreateSigner(algorithm, context); { verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldVerify = verifier.VerifySignature(signature); if (!shouldVerify) { Fail("Ed448(" + algorithm + ") signature failed to verify"); } } { byte[] wrongLengthSignature = Arrays.Append(signature, 0x00); verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature); if (shouldNotVerify) { Fail("Ed448(" + algorithm + ") wrong length signature incorrectly verified"); } } { byte[] badSignature = Arrays.Clone(signature); badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); verifier.Init(false, publicKey); verifier.BlockUpdate(msg, 0, msg.Length); bool shouldNotVerify = verifier.VerifySignature(badSignature); if (shouldNotVerify) { Fail("Ed448(" + algorithm + ") bad signature incorrectly verified"); } } }
internal byte[] GenerateSignature(Ed448PrivateKeyParameters privateKey, Ed448PublicKeyParameters publicKey, byte[] ctx) { #if PORTABLE byte[] buf = ToArray(); int count = buf.Length; #else byte[] buf = GetBuffer(); int count = (int)Position; #endif byte[] signature = new byte[Ed448PrivateKeyParameters.SignatureSize]; privateKey.Sign(Ed448.Algorithm.Ed448, publicKey, ctx, buf, 0, count, signature, 0); Reset(); return(signature); }
public virtual void Init(bool forSigning, ICipherParameters parameters) { this.forSigning = forSigning; if (forSigning) { this.privateKey = (Ed448PrivateKeyParameters)parameters; this.publicKey = null; } else { this.privateKey = null; this.publicKey = (Ed448PublicKeyParameters)parameters; } Reset(); }
public virtual void Init(bool forSigning, ICipherParameters parameters) { this.forSigning = forSigning; if (forSigning) { // TODO Allow AsymmetricCipherKeyPair to be a CipherParameters? this.privateKey = (Ed448PrivateKeyParameters)parameters; this.publicKey = privateKey.GeneratePublicKey(); } else { this.privateKey = null; this.publicKey = (Ed448PublicKeyParameters)parameters; } Reset(); }
/// <summary> /// Signs the passed in data with a private key /// </summary> /// <param name="privateKey">the private key used to create the signature</param> /// <param name="data">The data to sign</param> /// <returns>the signature as a byte array</returns> public byte[] Sign(byte[] privateKey, byte[] data) { var signer = new Ed448Signer(ByteConvert.StringToAsciiBytes("context")); Ed448PrivateKeyParameters privKey = null; try { privKey = (Ed448PrivateKeyParameters)CreateAsymmetricKeyParameterFromPrivateKeyInfo(privateKey); } catch (InvalidCastException exception) { string message = "Private Key Import Failed!\n" + $"{exception.Message}.\n" + "The contents of the source do not represent a valid Ed448 key parameter\n" + "Verify that the key is not corrupted.\n" + "- or - Verify that the correct key is selected."; throw new CryptoException(message, exception); } signer.Init(true, privKey); signer.BlockUpdate(data, 0, data.Length); var signature = signer.GenerateSignature(); return(signature); }
/** * Create a PrivateKeyInfo representation of a private key with attributes. * * @param privateKey the key to be encoded into the info object. * @param attributes the set of attributes to be included. * @return the appropriate PrivateKeyInfo * @throws java.io.IOException on an error encoding the key */ public static PrivateKeyInfo CreatePrivateKeyInfo(AsymmetricKeyParameter privateKey, Asn1Set attributes) { if (privateKey == null) { throw new ArgumentNullException("privateKey"); } if (!privateKey.IsPrivate) { throw new ArgumentException("Public key passed - private key expected", "privateKey"); } if (privateKey is ElGamalPrivateKeyParameters) { ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)privateKey; ElGamalParameters egp = _key.Parameters; return(new PrivateKeyInfo( new AlgorithmIdentifier(OiwObjectIdentifiers.ElGamalAlgorithm, new ElGamalParameter(egp.P, egp.G).ToAsn1Object()), new DerInteger(_key.X), attributes)); } if (privateKey is DsaPrivateKeyParameters) { DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)privateKey; DsaParameters dp = _key.Parameters; return(new PrivateKeyInfo( new AlgorithmIdentifier(X9ObjectIdentifiers.IdDsa, new DsaParameter(dp.P, dp.Q, dp.G).ToAsn1Object()), new DerInteger(_key.X), attributes)); } if (privateKey is DHPrivateKeyParameters) { DHPrivateKeyParameters _key = (DHPrivateKeyParameters)privateKey; DHParameter p = new DHParameter( _key.Parameters.P, _key.Parameters.G, _key.Parameters.L); return(new PrivateKeyInfo( new AlgorithmIdentifier(_key.AlgorithmOid, p.ToAsn1Object()), new DerInteger(_key.X), attributes)); } if (privateKey is RsaKeyParameters) { AlgorithmIdentifier algID = new AlgorithmIdentifier( PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance); RsaPrivateKeyStructure keyStruct; if (privateKey is RsaPrivateCrtKeyParameters) { RsaPrivateCrtKeyParameters _key = (RsaPrivateCrtKeyParameters)privateKey; keyStruct = new RsaPrivateKeyStructure( _key.Modulus, _key.PublicExponent, _key.Exponent, _key.P, _key.Q, _key.DP, _key.DQ, _key.QInv); } else { RsaKeyParameters _key = (RsaKeyParameters)privateKey; keyStruct = new RsaPrivateKeyStructure( _key.Modulus, BigInteger.Zero, _key.Exponent, BigInteger.Zero, BigInteger.Zero, BigInteger.Zero, BigInteger.Zero, BigInteger.Zero); } return(new PrivateKeyInfo(algID, keyStruct.ToAsn1Object(), attributes)); } if (privateKey is ECPrivateKeyParameters) { ECPrivateKeyParameters priv = (ECPrivateKeyParameters)privateKey; DerBitString publicKey = new DerBitString(ECKeyPairGenerator.GetCorrespondingPublicKey(priv).Q.GetEncoded(false)); ECDomainParameters dp = priv.Parameters; int orderBitLength = dp.N.BitLength; AlgorithmIdentifier algID; ECPrivateKeyStructure ec; if (priv.AlgorithmName == "ECGOST3410") { if (priv.PublicKeyParamSet == null) { throw BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateNotImplementedException("Not a CryptoPro parameter set"); } Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters( priv.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet); algID = new AlgorithmIdentifier(CryptoProObjectIdentifiers.GostR3410x2001, gostParams); // TODO Do we need to pass any parameters here? ec = new ECPrivateKeyStructure(orderBitLength, priv.D, publicKey, null); } else { X962Parameters x962; if (priv.PublicKeyParamSet == null) { X9ECParameters ecP = new X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed()); x962 = new X962Parameters(ecP); } else { x962 = new X962Parameters(priv.PublicKeyParamSet); } ec = new ECPrivateKeyStructure(orderBitLength, priv.D, publicKey, x962); algID = new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, x962); } return(new PrivateKeyInfo(algID, ec, attributes)); } if (privateKey is Gost3410PrivateKeyParameters) { Gost3410PrivateKeyParameters _key = (Gost3410PrivateKeyParameters)privateKey; if (_key.PublicKeyParamSet == null) { throw BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateNotImplementedException("Not a CryptoPro parameter set"); } byte[] keyEnc = _key.X.ToByteArrayUnsigned(); byte[] keyBytes = new byte[keyEnc.Length]; for (int i = 0; i != keyBytes.Length; i++) { keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian } Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters( _key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet, null); AlgorithmIdentifier algID = new AlgorithmIdentifier( CryptoProObjectIdentifiers.GostR3410x94, algParams.ToAsn1Object()); return(new PrivateKeyInfo(algID, new DerOctetString(keyBytes), attributes)); } if (privateKey is X448PrivateKeyParameters) { X448PrivateKeyParameters key = (X448PrivateKeyParameters)privateKey; return(new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X448), new DerOctetString(key.GetEncoded()), attributes, key.GeneratePublicKey().GetEncoded())); } if (privateKey is X25519PrivateKeyParameters) { X25519PrivateKeyParameters key = (X25519PrivateKeyParameters)privateKey; return(new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), new DerOctetString(key.GetEncoded()), attributes, key.GeneratePublicKey().GetEncoded())); } if (privateKey is Ed448PrivateKeyParameters) { Ed448PrivateKeyParameters key = (Ed448PrivateKeyParameters)privateKey; return(new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448), new DerOctetString(key.GetEncoded()), attributes, key.GeneratePublicKey().GetEncoded())); } if (privateKey is Ed25519PrivateKeyParameters) { Ed25519PrivateKeyParameters key = (Ed25519PrivateKeyParameters)privateKey; return(new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), new DerOctetString(key.GetEncoded()), attributes, key.GeneratePublicKey().GetEncoded())); } throw new ArgumentException("Class provided is not convertible: " + BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.GetTypeName(privateKey)); }
private byte[] _Sign(byte[] bytesToBeSigned) { CBORObject alg; // Get the set algorithm or infer one if (rgbContent == null) { throw new CoseException("No Content Specified"); } alg = FindAttribute(HeaderKeys.Algorithm); if (alg == null) { if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyKeys.KeyType].AsInt32()) { case GeneralValuesInt.KeyType_RSA: alg = AlgorithmValues.RSA_PSS_256; break; case GeneralValuesInt.KeyType_EC2: if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.P256: alg = AlgorithmValues.ECDSA_256; break; case GeneralValuesInt.P521: alg = AlgorithmValues.ECDSA_512; break; default: throw new CoseException("Unknown curve"); } } else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString) { switch (_keyToSign[CoseKeyParameterKeys.EC_Curve].AsString()) { case "P-384": alg = CBORObject.FromObject("ES384"); break; default: throw new CoseException("Unknown curve"); } } else { throw new CoseException("Curve is incorrectly encoded"); } break; case GeneralValuesInt.KeyType_OKP: if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.Integer) { switch ((GeneralValuesInt)_keyToSign[CoseKeyParameterKeys.EC_Curve].AsInt32()) { case GeneralValuesInt.Ed25519: alg = AlgorithmValues.EdDSA; break; case GeneralValuesInt.Ed448: alg = AlgorithmValues.EdDSA; break; default: throw new CoseException("Unknown curve"); } } else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Type == CBORType.TextString) { switch (_keyToSign[CoseKeyParameterKeys.EC_Curve].AsString()) { default: throw new CoseException("Unknown curve"); } } else { throw new CoseException("Curve is incorrectly encoded"); } break; default: throw new CoseException("Unknown or unsupported key type " + _keyToSign.AsString("kty")); } } else if (_keyToSign[CoseKeyKeys.KeyType].Type == CBORType.TextString) { throw new CoseException("Unknown or unsupported key type " + _keyToSign[CoseKeyKeys.KeyType].AsString()); } else { throw new CoseException("Key type is not correctly encoded"); } UnprotectedMap.Add(HeaderKeys.Algorithm, alg); } IDigest digest = null; IDigest digest2 = null; if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "ES384": case "PS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "HSS-LMS": break; default: throw new CoseException("Unknown Algorithm Specified"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.RSA_PSS_256: digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.RSA_PSS_384: digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case AlgorithmValuesInt.ECDSA_512: case AlgorithmValuesInt.RSA_PSS_512: digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case AlgorithmValuesInt.EdDSA: break; default: throw new CoseException("Unknown Algorithm Specified"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } if (alg.Type == CBORType.TextString) { switch (alg.AsString()) { case "HSS-LMS": HashSig sig = new HashSig(_keyToSign[CoseKeyParameterKeys.Lms_Private].AsString()); byte[] signBytes = sig.Sign(bytesToBeSigned); _keyToSign.Replace(CoseKeyParameterKeys.Lms_Private, CBORObject.FromObject(sig.PrivateKey)); return(signBytes); default: throw new CoseException("Unknown Algorithm Specified"); } } else if (alg.Type == CBORType.Integer) { switch ((AlgorithmValuesInt)alg.AsInt32()) { case AlgorithmValuesInt.RSA_PSS_256: case AlgorithmValuesInt.RSA_PSS_384: case AlgorithmValuesInt.RSA_PSS_512: { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetByteLength()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters( _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_n), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_e), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_d), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_p), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_q), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dP), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_dQ), _keyToSign.AsBigInteger(CoseKeyParameterKeys.RSA_qInv)); ParametersWithRandom param = new ParametersWithRandom(prv, GetPRNG()); signer.Init(true, param); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case AlgorithmValuesInt.ECDSA_256: case AlgorithmValuesInt.ECDSA_384: case AlgorithmValuesInt.ECDSA_512: { CBORObject privateKeyD = _keyToSign[CoseKeyParameterKeys.EC_D]; if (privateKeyD == null) { throw new CoseException("Private key required to sign"); } SecureRandom random = GetPRNG(); digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] digestedMessage = new byte[digest.GetDigestSize()]; digest.DoFinal(digestedMessage, 0); X9ECParameters p = _keyToSign.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(privateKeyD), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, random); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(digestedMessage); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); int cbR = (p.Curve.FieldSize + 7) / 8; byte[] sigs = new byte[cbR * 2]; Array.Copy(r, 0, sigs, cbR - r.Length, r.Length); Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length); return(sigs); } #if true case AlgorithmValuesInt.EdDSA: { ISigner eddsa; if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed25519)) { Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(_keyToSign[CoseKeyParameterKeys.OKP_D].GetByteString(), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); } else if (_keyToSign[CoseKeyParameterKeys.EC_Curve].Equals(GeneralValues.Ed448)) { Ed448PrivateKeyParameters privKey = new Ed448PrivateKeyParameters(_keyToSign[CoseKeyParameterKeys.OKP_D].GetByteString(), 0); eddsa = new Ed448Signer(new byte[0]); eddsa.Init(true, privKey); } else { throw new CoseException("Unrecognized curve"); } eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.GenerateSignature()); } #endif default: throw new CoseException("Unknown Algorithm Specified"); } } else { throw new CoseException("Algorithm incorrectly encoded"); } }