/// <summary>
/// Releases the unmanaged resources used by the <see cref="T:System.IO.Stream"/> and optionally releases the managed resources.
/// </summary>
/// <param name="disposing">true to release both managed and unmanaged resources; false to release only unmanaged resources.</param>
protected override void Dispose(bool disposing)
{
if (disposing)
{
_digestSigner.Reset();
}
_digestSigner = null;
base.Dispose(disposing);
}
public static bool Verify(this ISigner signer, byte[] signature, byte[] data, int offset = 0, int size = DefaultSize)
{
size = size._DefaultSize(data.Length - offset);
signer.Reset();
signer.BlockUpdate(data, offset, size);
return(signer.VerifySignature(signature));
}
public static byte[] Sign(this ISigner signer, byte[] data, int offset = 0, int size = DefaultSize)
{
size = size._DefaultSize(data.Length - offset);
signer.Reset();
signer.BlockUpdate(data, offset, size);
return(signer.GenerateSignature());
}
public virtual void GetDigestedOutput(ISigner signer)
{
// Default the buffer size to 4K.
byte[] buffer = new byte[4096];
int bytesRead;
var inputStream = (Stream)GetOutput(typeof(Stream));
signer.Reset();
while ((bytesRead = inputStream.Read(buffer, 0, buffer.Length)) > 0)
{
signer.BlockUpdate(buffer, 0, bytesRead);
}
}
public void DKIMSign(ISigner signer, CanonicalizationType headerCanonicalization, CanonicalizationType bodyCanonicalization, HashingAlgorithm hashAlgorithm, string domain, string selector)
{
if (IsSigned)
{
throw new InvalidOperationException("Message already have DKIM header.");
}
IsSigned = true;
string hashtype = hashAlgorithm == HashingAlgorithm.RSASha1 ? "sha1" : "sha256";
StringBuilder dkim = new StringBuilder(300)
.Append("v=1;") // version
.Append("a=").Append("rsa-").Append(hashtype).Append(";") // hash algorithm
.Append("c=").Append(string.Format("{0}/{1}", headerCanonicalization, bodyCanonicalization).ToLower()).Append(";") // canonicalization types headers/body
.Append("d=").Append(domain).Append(";") // domain for diim check
.Append("s=").Append(selector).Append(";") // TXT record selector
.Append("t=").Append(Convert.ToInt64((DateTime.Now.ToUniversalTime() - DateTime.SpecifyKind(DateTime.Parse("00:00:00 January 1, 1970"), DateTimeKind.Utc)).TotalSeconds).ToString()).Append(";") // creation time
.Append("bh=").Append(GetBodyHash(bodyCanonicalization, hashtype)).Append(";"); // body hash
var headers = ComputedHeaders;
List <string> h = new List <string>();
foreach (string header in headers)
{
foreach (string value in headers.GetValues(header))
{
h.Add(header);
}
}
dkim.Append("h=").Append(string.Join(":", h)).Append(";") // headers for hashing
.Append("b="); // signature data
var canonialized = DKIMCanonicalizer.CanonicalizeHeader(headerCanonicalization, headers) + "dkim-signature:" + dkim.ToString();
var bytes = (HeadersEncoding ?? Encoding.UTF8).GetBytes(canonialized);
lock (signer)
{
signer.BlockUpdate(bytes, 0, bytes.Length);
bytes = signer.GenerateSignature();//computing signature
signer.Reset();
}
dkim.Append(Convert.ToBase64String(bytes));
Headers.Add("dkim-signature", dkim.ToString());// adding DKIM header
}
public static void Main(string[] args)
{
string quoteMe = "Hallo IAIK!";
byte[] quoteMeBytes = System.Text.Encoding.ASCII.GetBytes(quoteMe);
// Establish Connections
IDictionary <string, TPMSession> sessions =
XMLConfiguration.EstablischConnection(base_path + "ClientConfigXml/UnixSocketDeviceLin.xml");
// Create one keystore per opened session
foreach (TPMSession tpmSes in sessions.Values)
{
tpmSes.Keystore = new InMemoryKeystore();
}
TPMSession sessionToUse = sessions["local0"];
sessionToUse.SetRequestSecretCallback(RequestSecret);
ClientKeyHandle myFirstSignKey =
sessionToUse.KeyClient.GetSrkKeyHandle().CreateKey("my_first_sign_key", TPMKeyUsage.TPM_KEY_SIGNING);
ISigner signer = myFirstSignKey.CreateSigner();
signer.Init(true, null);
signer.BlockUpdate(quoteMeBytes, 0, quoteMeBytes.Length);
byte[] quote = signer.GenerateSignature();
Console.WriteLine("Sign of \"Hallo IAIK\" is:\n" + ByteHelper.ByteArrayToHexString(quote));
Console.WriteLine();
Console.WriteLine("Now we would verify this sign.");
signer.Reset();
signer.Init(false, null);
signer.BlockUpdate(quoteMeBytes, 0, quoteMeBytes.Length);
if (signer.VerifySignature(quote) == true)
{
Console.WriteLine("Sign is OK!");
}
else
{
Console.WriteLine("UUUUPPPPSSS something went wrong!");
}
}
public static void Main(string[] args)
{
string quoteMe = "Hallo IAIK!";
byte[] quoteMeBytes = System.Text.Encoding.ASCII.GetBytes(quoteMe);
// Establish Connections
IDictionary <string, TPMSession> sessions =
XMLConfiguration.EstablischConnection(base_path + "ClientConfigXml/UnixSocketDeviceLin.xml");
// Create one keystore per opened session
foreach (TPMSession tpmSes in sessions.Values)
{
tpmSes.Keystore = new InMemoryKeystore();
}
TPMSession sessionToUse = sessions["local0"];
sessionToUse.SetRequestSecretCallback(RequestSecret);
ClientKeyHandle myFirstQuoteKey =
sessionToUse.KeyClient.GetSrkKeyHandle().CreateKey("my_first_quote_key", TPMKeyUsage.TPM_KEY_SIGNING);
sessionToUse.IntegrityClient.Extend(0, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
sessionToUse.IntegrityClient.Extend(1, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
sessionToUse.IntegrityClient.Extend(2, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
TPMPCRSelection pcrselect = sessionToUse.CreateEmptyPCRSelection();
pcrselect.PcrSelection[0] = true;
pcrselect.PcrSelection[1] = true;
pcrselect.PcrSelection[2] = true;
ISigner signer = myFirstQuoteKey.CreateQuoter(pcrselect);
signer.Init(true, null);
signer.BlockUpdate(quoteMeBytes, 0, quoteMeBytes.Length);
byte[] quote = signer.GenerateSignature();
Console.WriteLine("Quote of \"Hallo IAIK\" is:\n" + ByteHelper.ByteArrayToHexString(quote));
Console.WriteLine();
Console.WriteLine("Now we would verify this quote.");
signer.Reset();
signer.Init(false, null);
signer.BlockUpdate(quoteMeBytes, 0, quoteMeBytes.Length);
if (signer.VerifySignature(quote) == true)
{
Console.WriteLine("Quote is OK!");
}
else
{
Console.WriteLine("UUUUPPPPSSS something went wrong!");
}
Console.WriteLine("Extending PCRs, Quote should fail now!");
sessionToUse.IntegrityClient.Extend(0, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
sessionToUse.IntegrityClient.Extend(1, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
sessionToUse.IntegrityClient.Extend(2, new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
if (signer.VerifySignature(quote) == true)
{
Console.WriteLine("UUUUPPPPSSS something went wrong!");
}
else
{
Console.WriteLine("Quote is NOT OK, that's the way it should be.");
}
}
public void Reset()
{
_hash.Reset();
}
public void InitPrivateKey(RsaKeyParameters privatKey)
{
_signer.Reset();
_signer.Init(true, privatKey);
}
/// <summary>
/// Verify data with the given signer and signature
/// </summary>
/// <param name="signer">the signer to use</param>
/// <param name="data">input data</param>
/// <param name="signature">signature</param>
/// <returns>validity</returns>
public static bool Verify(this ISigner signer, byte[] data, byte[] signature)
{
signer.Reset();
signer.BlockUpdate(data, 0, data.Length);
return(signer.VerifySignature(signature));
}
/// <summary>
/// Sign bytes with the given signer
/// </summary>
/// <param name="signer">the signer to use</param>
/// <param name="data">input data</param>
/// <returns>signature</returns>
public static byte[] Sign(this ISigner signer, byte[] data)
{
signer.Reset();
signer.BlockUpdate(data, 0, data.Length);
return(signer.GenerateSignature());
}
public void DKIMSign(ISigner signer, CanonicalizationType headerCanonicalization, CanonicalizationType bodyCanonicalization, HashingAlgorithm hashAlgorithm, string domain, string selector)
{
if (IsSigned)
throw new InvalidOperationException("Message already have DKIM header.");
IsSigned = true;
string hashtype = hashAlgorithm == HashingAlgorithm.RSASha1 ? "sha1" : "sha256";
StringBuilder dkim = new StringBuilder(300)
.Append("v=1;") // version
.Append("a=").Append("rsa-").Append(hashtype).Append(";") // hash algorithm
.Append("c=").Append(string.Format("{0}/{1}", headerCanonicalization, bodyCanonicalization).ToLower()).Append(";") // canonicalization types headers/body
.Append("d=").Append(domain).Append(";") // domain for diim check
.Append("s=").Append(selector).Append(";") // TXT record selector
.Append("t=").Append(Convert.ToInt64((DateTime.Now.ToUniversalTime() - DateTime.SpecifyKind(DateTime.Parse("00:00:00 January 1, 1970"), DateTimeKind.Utc)).TotalSeconds).ToString()).Append(";") // creation time
.Append("bh=").Append(GetBodyHash(bodyCanonicalization, hashtype)).Append(";"); // body hash
var headers = ComputedHeaders;
List<string> h = new List<string>();
foreach (string header in headers)
foreach (string value in headers.GetValues(header))
h.Add(header);
dkim.Append("h=").Append(string.Join(":", h)).Append(";") // headers for hashing
.Append("b="); // signature data
var canonialized = DKIMCanonicalizer.CanonicalizeHeader(headerCanonicalization, headers) + "dkim-signature:" + dkim.ToString();
var bytes = (HeadersEncoding ?? Encoding.UTF8).GetBytes(canonialized);
lock (signer)
{
signer.BlockUpdate(bytes, 0, bytes.Length);
bytes = signer.GenerateSignature();//computing signature
signer.Reset();
}
dkim.Append(Convert.ToBase64String(bytes));
Headers.Add("dkim-signature", dkim.ToString());// adding DKIM header
}
