/** * FIPS 186-4 C.3.1 Miller-Rabin Probabilistic Primality Test * * Run several iterations of the Miller-Rabin algorithm with randomly-chosen bases. * * @param candidate * the {@link BigInteger} instance to test for primality. * @param random * the source of randomness to use to choose bases. * @param iterations * the number of randomly-chosen bases to perform the test for. * @return <code>false</code> if any witness to compositeness is found amongst the chosen bases * (so <code>candidate</code> is definitely NOT prime), or else <code>true</code> * (indicating primality with some probability dependent on the number of iterations * that were performed). */ public static bool IsMRProbablePrime(BigInteger candidate, SecureRandom random, int iterations) { CheckCandidate(candidate, "candidate"); if (random == null) { throw new ArgumentException("cannot be null", "random"); } if (iterations < 1) { throw new ArgumentException("must be > 0", "iterations"); } if (candidate.BitLength == 2) { return(true); } if (!candidate.TestBit(0)) { return(false); } BigInteger w = candidate; BigInteger wSubOne = candidate.Subtract(One); BigInteger wSubTwo = candidate.Subtract(Two); int a = wSubOne.GetLowestSetBit(); BigInteger m = wSubOne.ShiftRight(a); for (int i = 0; i < iterations; ++i) { BigInteger b = BigIntegers.CreateRandomInRange(Two, wSubTwo, random); if (!ImplMRProbablePrimeToBase(w, wSubOne, m, a, b)) { return(false); } } return(true); }
private void ImplSqrtTest(ECCurve c) { if (ECAlgorithms.IsFpCurve(c)) { BigInteger p = c.Field.Characteristic; BigInteger pMinusOne = p.Subtract(BigInteger.One); BigInteger legendreExponent = p.ShiftRight(1); int count = 0; while (count < 10) { BigInteger nonSquare = BigIntegers.CreateRandomInRange(BigInteger.Two, pMinusOne, secRand); if (!nonSquare.ModPow(legendreExponent, p).Equals(BigInteger.One)) { ECFieldElement root = c.FromBigInteger(nonSquare).Sqrt(); Assert.IsNull(root); ++count; } } } }
public bool Read(Stream stream) { if (stream.Length - stream.Position < 74) { return(false); } var aBytes = new byte[32]; var m1Bytes = new byte[20]; stream.Read(aBytes, 0, aBytes.Length); stream.Read(m1Bytes, 0, m1Bytes.Length); // skip remaining stuff stream.Seek(22, SeekOrigin.Current); A = BigIntegers.FromUnsignedByteArray(aBytes); M1 = BigIntegers.FromUnsignedByteArray(m1Bytes); return(true); }
public static void CreateSelfSignedCertificate(Certificate certInfo, string certificateFile, string keyFile) { var rndGen = new CryptoApiRandomGenerator(); var rnd = new SecureRandom(rndGen); var keyGenParams = new KeyGenerationParameters(rnd, 2048); var keyPairGen = new RsaKeyPairGenerator(); // var keyGenParams = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, rnd); // var keyPairGen = new ECKeyPairGenerator(); keyPairGen.Init(keyGenParams); var keyPair = keyPairGen.GenerateKeyPair(); var certGen = new X509V3CertificateGenerator(); var serialNo = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), rnd); certGen.SetSerialNumber(serialNo); certGen.SetSubjectDN(certInfo.X509Name()); certGen.SetIssuerDN(certInfo.X509Name()); var now = DateTime.UtcNow.Date; certGen.SetNotBefore(now); certGen.SetNotAfter(now.AddDays(certInfo.ValidDays)); certGen.SetPublicKey(keyPair.Public); var sigFac = new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, rnd); var cert = certGen.Generate(sigFac); using (var w = new StreamWriter(certificateFile, false, Encoding.ASCII)) { var pemWriter = new PemWriter(w); pemWriter.WriteObject(cert); } using (var w = new StreamWriter(keyFile, false, Encoding.ASCII)) { var pemWriter = new PemWriter(w); pemWriter.WriteObject(keyPair); } }
public virtual byte[] ProcessBlock(byte[] inBuf, int inOff, int inLen) { //IL_000d: Unknown result type (might be due to invalid IL or missing references) //IL_00cb: Unknown result type (might be due to invalid IL or missing references) if (key == null) { throw new InvalidOperationException("RSA engine not initialised"); } BigInteger bigInteger = core.ConvertInput(inBuf, inOff, inLen); BigInteger bigInteger4; if (key is RsaPrivateCrtKeyParameters) { RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters = (RsaPrivateCrtKeyParameters)key; BigInteger publicExponent = rsaPrivateCrtKeyParameters.PublicExponent; if (publicExponent != null) { BigInteger modulus = rsaPrivateCrtKeyParameters.Modulus; BigInteger bigInteger2 = BigIntegers.CreateRandomInRange(BigInteger.One, modulus.Subtract(BigInteger.One), random); BigInteger input = bigInteger2.ModPow(publicExponent, modulus).Multiply(bigInteger).Mod(modulus); BigInteger bigInteger3 = core.ProcessBlock(input); BigInteger val = bigInteger2.ModInverse(modulus); bigInteger4 = bigInteger3.Multiply(val).Mod(modulus); if (!bigInteger.Equals(bigInteger4.ModPow(publicExponent, modulus))) { throw new InvalidOperationException("RSA engine faulty decryption/signing detected"); } } else { bigInteger4 = core.ProcessBlock(bigInteger); } } else { bigInteger4 = core.ProcessBlock(bigInteger); } return(core.ConvertOutput(bigInteger4)); }
public static AsymmetricKeyParameter CreatePrivateKeyResource(string subjectName = "CN=root") { const int keyStrength = 2048; // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDn = new X509Name(subjectName); var issuerDn = subjectDn; certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(70); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); return(subjectKeyPair.Private); }
public virtual byte[] ProcessBlock( byte[] input, int inOff, int inLen) { agree.Init(privParam); BigInteger z = agree.CalculateAgreement(pubParam); byte[] zBytes = BigIntegers.AsUnsignedByteArray(agree.GetFieldSize(), z); try { return(forEncryption ? EncryptBlock(input, inOff, inLen, zBytes) : DecryptBlock(input, inOff, inLen, zBytes)); } finally { Array.Clear(zBytes, 0, zBytes.Length); } }
public static byte[] GetSignedCertificate(AlgParSet parameters, Subj subj) { X509Certificate root = new X509CertificateParser().ReadCertificate(GetRootCertificate()); Cert data = CreateDatabaseInfoFromCertificate(root); var keys = GenerateKeyPair(parameters); string serial = string.Empty; do { serial = BigIntegers.CreateRandomBigInteger(512, new SecureRandom()).ToString(); }while (DatabaseInstance.GetInstance().Certs.FirstOrDefault(elm => elm.SerialNumber_Cert == serial) != null); Cert certificate = new Cert { Ver_Cert = DatabaseInstance.GetInstance().Vers.FirstOrDefault(), SignAlg_Cert = new SignAlg { AlgParSet_SignAlg = parameters, PrivateKey_SignAlg = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keys.Private).ToAsn1Object().GetEncoded(), PublicKey_SignAlg = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keys.Public).ToAsn1Object().GetEncoded() }, Issuer_Cert = data.Issuer_Cert, Subj_Cert = subj, SerialNumber_Cert = serial, ValidFrom_Cert = DateTime.Now, ValidBy_Cert = DateTimeOffset.Now.AddYears(5).UtcDateTime, SignSerialNumber_Cert = data.SerialNumber_Cert }; var cert = CreateCertificateFromDatabaseInfo(certificate); certificate.SignValue_Cert = string.Join("", BitConverter.ToString(cert.GetSignature()).Split('-')); DatabaseInstance.GetInstance().Certs.Add(certificate); DatabaseInstance.GetInstance().SaveChanges(); return(cert.GetEncoded()); }
// 5.3 pg 28 /** * Generate a signature for the given message using the key we were * initialised with. For conventional DSA the message should be a SHA-1 * hash of the message of interest. * * @param message the message that will be verified later. */ public virtual BigInteger[] GenerateSignature(byte[] message) { ECDomainParameters ec = key.Parameters; BigInteger n = ec.N; BigInteger e = CalculateE(n, message); BigInteger d = ((ECPrivateKeyParameters)key).D; if (kCalculator.IsDeterministic) { kCalculator.Init(n, d, message); } else { kCalculator.Init(n, random); } BigInteger r, s; ECMultiplier basePointMultiplier = CreateBasePointMultiplier(); // 5.3.2 do // Generate s { BigInteger k; do // Generate r { k = kCalculator.NextK(); ECPoint p = basePointMultiplier.Multiply(ec.G, k).Normalize(); // 5.3.3 r = p.AffineXCoord.ToBigInteger().Mod(n); }while (r.SignValue == 0); s = BigIntegers.ModOddInverse(n, k).Multiply(e.Add(d.Multiply(r))).Mod(n); }while (s.SignValue == 0); return(new BigInteger[] { r, s }); }
public virtual bool VerifySignature(byte[] signature) { BigInteger integer2; try { this.block = this.cipher.ProcessBlock(signature, 0, signature.Length); } catch (Exception) { return(false); } BigInteger n = new BigInteger(1, this.block); if ((n.IntValue & 15) == 12) { integer2 = n; } else { n = this.kParam.Modulus.Subtract(n); if ((n.IntValue & 15) == 12) { integer2 = n; } else { return(false); } } this.CreateSignatureBlock(); byte[] b = BigIntegers.AsUnsignedByteArray(this.block.Length, integer2); bool flag2 = Arrays.ConstantTimeAreEqual(this.block, b); this.ClearBlock(this.block); this.ClearBlock(b); return(flag2); }
public virtual byte[] ProcessBlock(byte[] inBuf, int inOff, int inLen) { BigInteger integer2; if (this.key == null) { throw new InvalidOperationException("RSA engine not initialised"); } BigInteger val = this.core.ConvertInput(inBuf, inOff, inLen); if (this.key is RsaPrivateCrtKeyParameters) { RsaPrivateCrtKeyParameters key = (RsaPrivateCrtKeyParameters)this.key; BigInteger publicExponent = key.PublicExponent; if (publicExponent != null) { BigInteger modulus = key.Modulus; BigInteger integer5 = BigIntegers.CreateRandomInRange(BigInteger.One, modulus.Subtract(BigInteger.One), this.random); BigInteger input = integer5.ModPow(publicExponent, modulus).Multiply(val).Mod(modulus); BigInteger integer7 = this.core.ProcessBlock(input); BigInteger integer8 = integer5.ModInverse(modulus); integer2 = integer7.Multiply(integer8).Mod(modulus); if (!val.Equals(integer2.ModPow(publicExponent, modulus))) { throw new InvalidOperationException("RSA engine faulty decryption/signing detected"); } } else { integer2 = this.core.ProcessBlock(val); } } else { integer2 = this.core.ProcessBlock(val); } return(this.core.ConvertOutput(integer2)); }
public virtual BigInteger NextK() { byte[] t = new byte[BigIntegers.GetUnsignedByteLength(n)]; for (;;) { int tOff = 0; while (tOff < t.Length) { hMac.BlockUpdate(V, 0, V.Length); hMac.DoFinal(V, 0); int len = System.Math.Min(t.Length - tOff, V.Length); Array.Copy(V, 0, t, tOff, len); tOff += len; } BigInteger k = BitsToInt(t); if (k.SignValue > 0 && k.CompareTo(n) < 0) { return(k); } hMac.BlockUpdate(V, 0, V.Length); hMac.Update((byte)0x00); hMac.DoFinal(K, 0); hMac.Init(new KeyParameter(K)); hMac.BlockUpdate(V, 0, V.Length); hMac.DoFinal(V, 0); } }
public X509Certificate2 MakeCertificate(string password, string issuedToDomainName, string friendlyName, int validMonths) { _certificateGenerator.Reset(); _certificateGenerator.SetSignatureAlgorithm(SignatureAlgorithm); var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), _random); _certificateGenerator.SetSerialNumber(serialNumber); _certificateGenerator.SetSubjectDN(new X509Name(issuedToDomainName)); _certificateGenerator.SetIssuerDN(_issuer); var utcNow = DateTime.UtcNow.AddDays(-1); _certificateGenerator.SetNotBefore(utcNow); _certificateGenerator.SetNotAfter(utcNow.AddMonths(validMonths)); var keyGenerationParameters = new KeyGenerationParameters(_random, _strength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); _certificateGenerator.SetPublicKey(subjectKeyPair.Public); var issuerKeyPair = subjectKeyPair; var certificate = _certificateGenerator.Generate(issuerKeyPair.Private, _random); var store = new Pkcs12Store(); var certificateEntry = new X509CertificateEntry(certificate); store.SetCertificateEntry(friendlyName, certificateEntry); store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry }); using (var stream = new MemoryStream()) { store.Save(stream, password.ToCharArray(), _random); return(new X509Certificate2(stream.ToArray(), password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable)); } }
public byte[] GenerateClientKeyExchange() { // TODO RFC 2246 7.4.72 /* * If the client certificate already contains a suitable Diffie-Hellman key, then * Yc is implicit and does not need to be sent again. In this case, the Client Key * Exchange message will be sent, but will be empty. */ //return new byte[0]; /* * Generate a keypair (using parameters from server key) and send the public value * to the server. */ DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator(); dhGen.Init(new DHKeyGenerationParameters(handler.Random, dhAgreeServerPublicKey.Parameters)); this.dhAgreeClientKeyPair = dhGen.GenerateKeyPair(); BigInteger Yc = ((DHPublicKeyParameters)dhAgreeClientKeyPair.Public).Y; return(BigIntegers.AsUnsignedByteArray(Yc)); }
public ECPrivateKeyStructure(int orderBitLength, BigInteger key, DerBitString publicKey, Asn1Encodable parameters) { if (key == null) { throw new ArgumentNullException("key"); } if (orderBitLength < key.BitLength) { throw new ArgumentException("must be >= key bitlength", "orderBitLength"); } byte[] str = BigIntegers.AsUnsignedByteArray((orderBitLength + 7) / 8, key); Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new DerInteger(1), new DerOctetString(str)); if (parameters != null) { asn1EncodableVector.Add(new DerTaggedObject(explicitly: true, 0, parameters)); } if (publicKey != null) { asn1EncodableVector.Add(new DerTaggedObject(explicitly: true, 1, publicKey)); } seq = new DerSequence(asn1EncodableVector); }
internal BigInteger CalculatePrivate(DHParameters dhParams, SecureRandom random) { int l = dhParams.L; if (l != 0) { int num = l >> 2; BigInteger bigInteger; do { bigInteger = new BigInteger(l, random).SetBit(l - 1); }while (WNafUtilities.GetNafWeight(bigInteger) < num); return(bigInteger); } BigInteger min = BigInteger.Two; int m = dhParams.M; if (m != 0) { min = BigInteger.One.ShiftLeft(m - 1); } BigInteger bigInteger2 = dhParams.Q; if (bigInteger2 == null) { bigInteger2 = dhParams.P; } BigInteger bigInteger3 = bigInteger2.Subtract(BigInteger.Two); int num2 = bigInteger3.BitLength >> 2; BigInteger bigInteger4; do { bigInteger4 = BigIntegers.CreateRandomInRange(min, bigInteger3, random); }while (WNafUtilities.GetNafWeight(bigInteger4) < num2); return(bigInteger4); }
internal BigInteger CalculatePrivate(DHParameters dhParams, SecureRandom random) { BigInteger integer5; int l = dhParams.L; if (l != 0) { BigInteger integer; int num2 = l >> 2; do { integer = new BigInteger(l, random).SetBit(l - 1); }while (WNafUtilities.GetNafWeight(integer) < num2); return(integer); } BigInteger two = BigInteger.Two; int m = dhParams.M; if (m != 0) { two = BigInteger.One.ShiftLeft(m - 1); } BigInteger q = dhParams.Q; if (q == null) { q = dhParams.P; } BigInteger max = q.Subtract(BigInteger.Two); int num4 = max.BitLength >> 2; do { integer5 = BigIntegers.CreateRandomInRange(two, max, random); }while (WNafUtilities.GetNafWeight(integer5) < num4); return(integer5); }
/// <summary> /// Creates a new X509 certificate and returns its data in PEM format. /// /// <see cref="PatchingCertificatePem"/> is generated using this method. /// </summary> public string GenerateNewCertificatePem() { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // TODO: Figure out ISignatureFactory to avoid these deprecated methods #pragma warning disable 618 certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA"); #pragma warning restore 618 var subjectDn = new X509Name("cn=Unknown"); var issuerDn = subjectDn; certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date.AddYears(-10)); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(50)); var keyGenerationParameters = new KeyGenerationParameters(random, 2048); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // TODO: Figure out ISignatureFactory to avoid these deprecated methods #pragma warning disable 618 X509Certificate cert = certificateGenerator.Generate(subjectKeyPair.Private); #pragma warning restore 618 using var writer = new StringWriter(); var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(writer); pemWriter.WriteObject(new PemObject("CERTIFICATE", cert.GetEncoded())); pemWriter.WriteObject(subjectKeyPair.Private); return(writer.ToString()); }
public byte[] Encode() { BigInteger amount = BigInteger.ValueOf(long.Parse(Amount)); BigInteger gasPrice = BigInteger.ValueOf(long.Parse(GasPrice)); ProtoTransactionInfo info = new ProtoTransactionInfo(); info.Version = (uint)Version; info.Nonce = (ulong)Nonce; info.Toaddr = ByteString.CopyFrom(ByteUtil.HexStringToByteArray(ToAddr.ToLower())); info.Senderpubkey = new ByteArray() { Data = ByteString.CopyFrom(ByteUtil.HexStringToByteArray(PubKey)) }; info.Amount = new ByteArray() { Data = ByteString.CopyFrom(BigIntegers.AsUnsignedByteArray(16, amount)) }; info.Gasprice = new ByteArray() { Data = ByteString.CopyFrom(BigIntegers.AsUnsignedByteArray(16, gasPrice)) }; info.Gaslimit = ulong.Parse(GasLimit); if (!string.IsNullOrEmpty(Code)) { info.Code = ByteString.CopyFrom(System.Text.Encoding.Default.GetBytes(Code)); } if (!string.IsNullOrEmpty(Data)) { info.Data = ByteString.CopyFrom(System.Text.Encoding.Default.GetBytes(Data)); } return(info.ToByteArray()); }
public static bool IsMRProbablePrime(BigInteger candidate, SecureRandom random, int iterations) { //IL_0018: Unknown result type (might be due to invalid IL or missing references) //IL_002c: Unknown result type (might be due to invalid IL or missing references) CheckCandidate(candidate, "candidate"); if (random == null) { throw new ArgumentException("cannot be null", "random"); } if (iterations < 1) { throw new ArgumentException("must be > 0", "iterations"); } if (candidate.BitLength == 2) { return(true); } if (!candidate.TestBit(0)) { return(false); } BigInteger bigInteger = candidate.Subtract(One); BigInteger max = candidate.Subtract(Two); int lowestSetBit = bigInteger.GetLowestSetBit(); BigInteger m = bigInteger.ShiftRight(lowestSetBit); for (int i = 0; i < iterations; i++) { BigInteger b = BigIntegers.CreateRandomInRange(Two, max, random); if (!ImplMRProbablePrimeToBase(candidate, bigInteger, m, lowestSetBit, b)) { return(false); } } return(true); }
public virtual bool VerifySignature(byte[] signature) { try { block = cipher.ProcessBlock(signature, 0, signature.Length); } catch (Exception) { return(false); IL_0024 :; } BigInteger bigInteger = new BigInteger(block); BigInteger n; if ((bigInteger.IntValue & 0xF) == 12) { n = bigInteger; } else { bigInteger = kParam.Modulus.Subtract(bigInteger); if ((bigInteger.IntValue & 0xF) != 12) { return(false); } n = bigInteger; } CreateSignatureBlock(); byte[] b = BigIntegers.AsUnsignedByteArray(block.Length, n); bool result = Arrays.ConstantTimeAreEqual(block, b); ClearBlock(block); ClearBlock(b); return(result); }
public static (AsymmetricCipherKeyPair, X509Certificate) GenerateSelfSigned() { var startDate = DateTime.Now; var expiryDate = DateTime.Now.AddYears(10); var serialNumber = BigIntegers.CreateRandomInRange( BigInteger.ValueOf(2).Pow(63), BigInteger.ValueOf(2).Pow(64), new SecureRandom() ); var oid = ECGost3410NamedCurves.GetOid("Tc26-Gost-3410-12-256-paramSetA"); var param = new ECKeyGenerationParameters(oid, new SecureRandom()); var engine = new ECKeyPairGenerator(); engine.Init(param); var keyPair = engine.GenerateKeyPair(); var certGen = new X509V1CertificateGenerator(); var dnName = new X509Name("CN=Test CA Certificate"); certGen.SetSerialNumber(serialNumber); certGen.SetIssuerDN(dnName); certGen.SetNotBefore(startDate); certGen.SetNotAfter(expiryDate); certGen.SetSubjectDN(dnName); certGen.SetPublicKey(keyPair.Public); var signer = new GostSignerFactory(keyPair.Private); var certificate = certGen.Generate(signer); return(keyPair, certificate); }
private static byte[] GenerateSelfSignedCertificate(string subjectName) { // Generating Random Numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); // Subject Public Key KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, KeySize); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair(); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random)); certificateGenerator.SetSignatureAlgorithm(SignatureAlgorithm); certificateGenerator.SetIssuerDN(new X509Name(subjectName)); certificateGenerator.SetSubjectDN(new X509Name(subjectName)); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date); certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment)); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth)); certificateGenerator.SetPublicKey(subjectKeyPair.Public); Org.BouncyCastle.X509.X509Certificate cert = certificateGenerator.Generate(subjectKeyPair.Private, random); Pkcs12Store store = new Pkcs12StoreBuilder().SetUseDerEncoding(true).Build(); store.SetKeyEntry("unused", new AsymmetricKeyEntry(subjectKeyPair.Private), new X509CertificateEntry[] { new X509CertificateEntry(cert) }); using (MemoryStream stream = new MemoryStream()) { store.Save(stream, new char[0], random); return(stream.ToArray()); } }
/// <summary> /// Creates a self signed application instance certificate. /// </summary> /// <param name="storeType">Type of certificate store (Directory) <see cref="CertificateStoreType"/>.</param> /// <param name="storePath">The store path (syntax depends on storeType).</param> /// <param name="password">The password to use to protect the certificate.</param> /// <param name="applicationUri">The application uri (created if not specified).</param> /// <param name="applicationName">Name of the application (optional if subjectName is specified).</param> /// <param name="subjectName">The subject used to create the certificate (optional if applicationName is specified).</param> /// <param name="domainNames">The domain names that can be used to access the server machine (defaults to local computer name if not specified).</param> /// <param name="keySize">Size of the key (1024, 2048 or 4096).</param> /// <param name="startTime">The start time.</param> /// <param name="lifetimeInMonths">The lifetime of the key in months.</param> /// <param name="hashSizeInBits">The hash size in bits.</param> /// <param name="isCA">if set to <c>true</c> then a CA certificate is created.</param> /// <param name="issuerCAKeyCert">The CA cert with the CA private key.</param> /// <returns>The certificate with a private key.</returns> public static X509Certificate2 CreateCertificate( string storeType, string storePath, string password, string applicationUri, string applicationName, string subjectName, IList <String> domainNames, ushort keySize, DateTime startTime, ushort lifetimeInMonths, ushort hashSizeInBits, bool isCA, X509Certificate2 issuerCAKeyCert) { if (!String.IsNullOrEmpty(storeType) && storeType != CertificateStoreType.Directory) { throw new NotSupportedException("Cannot create a certificate for a non directory store."); } if (issuerCAKeyCert != null) { if (!issuerCAKeyCert.HasPrivateKey) { throw new NotSupportedException("Cannot sign with a CA certificate without a private key."); } throw new NotSupportedException("Signing with an issuer CA certificate is currently unsupported."); } // set default values. SetSuitableDefaults( ref applicationUri, ref applicationName, ref subjectName, ref domainNames, ref keySize, ref lifetimeInMonths, isCA); // cert generators SecureRandom random = new SecureRandom(); X509V3CertificateGenerator cg = new X509V3CertificateGenerator(); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); cg.SetSerialNumber(serialNumber); // build name attributes var nameOids = new ArrayList(); nameOids.Add(X509Name.DC); nameOids.Add(X509Name.CN); var nameValues = new ArrayList(); nameValues.Add(domainNames[0]); nameValues.Add(applicationName); // self signed X509Name subjectDN = new X509Name(nameOids, nameValues); X509Name issuerDN = subjectDN; cg.SetIssuerDN(issuerDN); cg.SetSubjectDN(subjectDN); // valid for cg.SetNotBefore(startTime); cg.SetNotAfter(startTime.AddMonths(lifetimeInMonths)); // Private/Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keySize); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); cg.SetPublicKey(subjectKeyPair.Public); // add extensions // Subject key identifier cg.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public))); // Basic constraints cg.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(isCA)); // Authority Key identifier var issuerKeyPair = subjectKeyPair; var issuerSerialNumber = serialNumber; cg.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public), new GeneralNames(new GeneralName(issuerDN)), issuerSerialNumber)); if (!isCA) { // Key usage cg.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DataEncipherment | KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment)); // Extended Key usage cg.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(new List <DerObjectIdentifier>() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1"), // server auth new DerObjectIdentifier("1.3.6.1.5.5.7.3.2"), // client auth })); // subject alternate name cg.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.UniformResourceIdentifier, applicationUri), new GeneralName(GeneralName.DnsName, domainNames[0]) })); } else { // Key usage CA cg.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.CrlSign | KeyUsage.DigitalSignature | KeyUsage.KeyCertSign)); } // sign certificate ISignatureFactory signatureFactory = new Asn1SignatureFactory((hashSizeInBits < 256) ? "SHA1WITHRSA" : "SHA256WITHRSA", subjectKeyPair.Private, random); Org.BouncyCastle.X509.X509Certificate x509 = cg.Generate(signatureFactory); // create pkcs12 store for cert and private key X509Certificate2 certificate = null; using (MemoryStream pfxData = new MemoryStream()) { Pkcs12Store pkcsStore = new Pkcs12StoreBuilder().Build(); X509CertificateEntry[] chain = new X509CertificateEntry[1]; string passcode = "passcode"; chain[0] = new X509CertificateEntry(x509); pkcsStore.SetKeyEntry(applicationName, new AsymmetricKeyEntry(subjectKeyPair.Private), chain); pkcsStore.Save(pfxData, passcode.ToCharArray(), random); // merge into X509Certificate2 certificate = CreateCertificateFromPKCS12(pfxData.ToArray(), passcode); } Utils.Trace(Utils.TraceMasks.Security, "Created new certificate: {0}", certificate.Thumbprint); // add cert to the store. if (!String.IsNullOrEmpty(storePath)) { ICertificateStore store = null; if (storeType == CertificateStoreType.Directory) { using (store = new DirectoryCertificateStore()) { store.Open(storePath); store.Add(certificate); store.Close(); } } } // note: this cert has a private key! return(certificate); }
public static AsymmetricKeyParameter GenerateCACertificate(string subjectName, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public), new GeneralNames(new GeneralName(issuerDN)), serialNumber)); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); // Add CA certificate to Root store X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(x509); store.Close(); store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(x509); store.Close(); RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)issuerKeyPair.Private; x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); store = new X509Store("PrivateCertStore", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(x509); store.Close(); return(issuerKeyPair.Private); }
public async Task <BigInteger> Authenticate(AuthSessionRequest authRequest) { if (String.IsNullOrEmpty(authRequest.Identity)) { throw new ArgumentNullException(nameof(authRequest.Identity)); } if (seed == 0) { await Send(new AuthSessionResponse() { Response = AuthResponseCode.Failed }); throw new AuthenticationFailedException("cannot authenticate with a server seed of 0"); } var account = GrainFactory.GetGrain <IAccount>(authRequest.Identity); if (await account.Exists()) { try { var sessionKey = await account.GetSessionKey(); using (var sha1 = new Digester(SHA1.Create())) { var serverDigest = BigIntegers.FromUnsignedByteArray( sha1.CalculateDigest(new byte[][] { Encoding.UTF8.GetBytes(authRequest.Identity), new byte[4], BitConverter.GetBytes(authRequest.ClientSeed), BitConverter.GetBytes(seed), sessionKey.ToByteArray(40), }) ); if (serverDigest == authRequest.ClientDigest) { GetLogger().Info($"{authRequest.Identity} successfully authenticated to {ShardName} {nameof(ShardSession)} {this.GetPrimaryKey()}"); // we can't just Send the Success response here, since the client expects the packet cipher to be initialized at this point AuthenticatedIdentity = authRequest.Identity; return(sessionKey); } else { await Send(new AuthSessionResponse() { Response = AuthResponseCode.Failed }); throw new AuthenticationFailedException($"account {authRequest.Identity} failed authentication proof"); } } } catch (AccountDoesNotExistException) { await Send(new AuthSessionResponse() { Response = AuthResponseCode.UnknownAccount }); throw new AuthenticationFailedException($"account {authRequest.Identity} does not exist"); } catch (AccountStateException) { GetLogger().Warn($"received {nameof(AuthSessionRequest)} with unauthenticated identity {authRequest.Identity}"); await Send(new AuthSessionResponse() { Response = AuthResponseCode.Failed }); throw new AuthenticationFailedException($"account {authRequest.Identity} is not authenticated"); } } else { await Send(new AuthSessionResponse() { Response = AuthResponseCode.UnknownAccount }); throw new AuthenticationFailedException($"account {authRequest.Identity} does not exist"); } }
public static X509Certificate2 IssueCertificate( string basename, string password, DistinguishedName dn, CertificateType certtype, DateTime notBefore, DateTime notAfter) { var certificateGenerator = new X509V3CertificateGenerator(); var privateOutputPath = ""; var publicOutputPath = ""; /* Prepare output directories */ if (certtype == CertificateType.AuthorityCertificate) { privateOutputPath = AuthorityPrivateCertificatesPath; publicOutputPath = AuthorityPublicCertificatesPath; } else if (certtype == CertificateType.ServerCertificate) { privateOutputPath = ServerPrivateCertificatesPath; publicOutputPath = ServerPublicCertificatesPath; } else { privateOutputPath = UserPrivateCertificatesPath; publicOutputPath = UserPublicCertificatesPath; } /* Certificate Asymmetric Keys */ CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, 2048); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); /* Certificate Serial Number */ BigInteger serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); /* Certificate Date Constrains */ certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); /* Certificate Issuer and Subject DN */ string issuerName = IssuerDN.ToString(); if (certtype == CertificateType.AuthorityCertificate) { /* A Certification Authority is a self signed certificate */ issuerName = dn.ToString(); } certificateGenerator.SetSubjectDN(new X509Name(dn.ToString())); certificateGenerator.SetIssuerDN(new X509Name(issuerName)); /* Certificate Alternative Names */ if (dn.AlternativeNames != null && dn.AlternativeNames.Any()) { var subjectAlternativeNamesExtension = new DerSequence( dn.AlternativeNames.Select(name => new GeneralName(GeneralName.DnsName, name)) .ToArray <Asn1Encodable> ()); certificateGenerator.AddExtension( X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension); } /* Certificate Keys Usage */ var keyUsageFlags = KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.DigitalSignature; if (certtype == CertificateType.AuthorityCertificate || certtype == CertificateType.ServerCertificate) { keyUsageFlags |= KeyUsage.CrlSign | KeyUsage.NonRepudiation; } certificateGenerator.AddExtension( X509Extensions.KeyUsage.Id, false, new KeyUsage(keyUsageFlags)); /* Certificate Extended Key Usages */ if (certtype != CertificateType.AuthorityCertificate) { KeyPurposeID[] extendedUsages = null; if (certtype == CertificateType.ServerCertificate) { extendedUsages = new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, }; } else { extendedUsages = new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPEmailProtection, }; } certificateGenerator.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(extendedUsages)); } /* Certificate Authority Key Identifier */ /* A Certification Authority is a self signed certificate */ AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;; if (certtype != CertificateType.AuthorityCertificate) { issuerKeyPair = DotNetUtilities.GetKeyPair(IssuerCertificate.PrivateKey); } var issuerPKIFactory = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKeyPair.Public); var generalNames = new GeneralNames( new GeneralName(new X509Name(issuerName))); /* A Certification Authority is a self signed certificate */ BigInteger issuerSerialNumber = serialNumber; if (certtype != CertificateType.AuthorityCertificate) { issuerSerialNumber = new BigInteger(IssuerCertificate.GetSerialNumber()); } var authorityKIExtension = new AuthorityKeyIdentifier( issuerPKIFactory, generalNames, issuerSerialNumber); certificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKIExtension); /* Certificate Subject Key Identifier */ var subjectPKIFactory = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public); var subjectKIExtension = new SubjectKeyIdentifier(subjectPKIFactory); certificateGenerator.AddExtension( X509Extensions.SubjectKeyIdentifier.Id, false, subjectKIExtension); /* Certificate Basic constrains */ bool isCertificateAuthority = false; if (certtype == CertificateType.AuthorityCertificate) { isCertificateAuthority = true; } var basicConstrains = new BasicConstraints(isCertificateAuthority); certificateGenerator.AddExtension( X509Extensions.BasicConstraints.Id, true, basicConstrains); /* Generate BouncyCastle Certificate */ ISignatureFactory signatureFactory = new Asn1SignatureFactory( "SHA512WITHRSA", issuerKeyPair.Private, random ); /* Generate P12 Certificate Store and write to disk*/ var store = new Pkcs12Store(); var certificate = certificateGenerator.Generate(signatureFactory); var certificateEntry = new X509CertificateEntry(certificate); var stream = new MemoryStream(); store.SetCertificateEntry(dn.ToString(), certificateEntry); store.SetKeyEntry(dn.ToString(), new AsymmetricKeyEntry(subjectKeyPair.Private), new [] { certificateEntry }); store.Save(stream, password.ToCharArray(), random); File.WriteAllBytes(privateOutputPath + basename + ".p12", stream.ToArray()); /* Convert to Microsoft X509Certificate2 and write to disk pfx and der files */ var convertedCertificate = new X509Certificate2(stream.ToArray(), password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); File.WriteAllBytes(privateOutputPath + basename + ".pfx", convertedCertificate.Export(X509ContentType.Pfx, password)); File.WriteAllBytes(publicOutputPath + basename + ".crt", convertedCertificate.Export(X509ContentType.Cert, password)); return(convertedCertificate); }
public static void WriteECParameter(BigInteger x, Stream output) { TlsUtilities.WriteOpaque8(BigIntegers.AsUnsignedByteArray(x), output); }
public static byte[] SerializeECFieldElement(int fieldSize, BigInteger x) { return(BigIntegers.AsUnsignedByteArray((fieldSize + 7) / 8, x)); }
/// <summary> Generates a self signed certificate. </summary> /// <exception cref="PemException"> Thrown when a Pem error condition occurs. </exception> /// <param name="subjectName"> Name of the subject. </param> /// <param name="issuerName"> Name of the issuer. </param> /// <param name="issuerPrivKey"> The issuer priv key. </param> /// <param name="validTill"> The valid till Date/Time. </param> /// <param name="keyStrength"> (Optional) The key strength. </param> /// <returns> The self signed certificate. </returns> public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, DateTime validTill, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name var subjectDn = new X509Name(subjectName); var issuerDn = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = validTill; certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // selfsign certificate var signatureFactory = new Asn1SignatureFactory(SignatureAlgorithm, issuerPrivKey); var certificate = certificateGenerator.Generate(signatureFactory); // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)info.ParsePrivateKey(); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); x509.PrivateKey = ToDotNetKey(rsaparams); return(x509); }