public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier algorithm, byte[] input)
{
var parameters = CreateParameters(algorithm);
using (var ms = new MemoryStream(input))
{
var asn1 = new DERReader(ms).Read();
var seq = asn1 as ASN1Sequence;
SecurityAssert.NotNull(seq);
SecurityAssert.Assert(seq !.Count >= 2);
var version = seq !.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(version);
SecurityAssert.Assert(version !.Value == 1);
var dString = seq !.Elements[1] as ASN1OctetString;
SecurityAssert.NotNull(dString);
var d = parameters.Field.Value(dString !.Value.ToBigInteger(Endianness.BigEndian));
var q = Point.Multiply(
parameters.Curve,
d,
parameters.Generator
);
var pub = new ECPublicKey(parameters, q);
return(new ECPrivateKey(pub, d));
}
}
public PublicKey ReadPublicKey(X509AlgorithmIdentifier algorithm, BitArray bits)
{
SecurityAssert.Assert(IsRSAIdentifier(algorithm.Algorithm));
SecurityAssert.Assert(algorithm.Parameters.Count == 1 && algorithm.Parameters[0] is ASN1Null);
var data = bits.ToArray();
ASN1Object asn1;
using (var ms = new MemoryStream(data))
{
asn1 = new DERReader(ms).Read();
}
var keySeq = asn1 as ASN1Sequence;
SecurityAssert.Assert(keySeq != null && keySeq.Count == 2);
var modulusInt = keySeq !.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(modulusInt);
var exponentInt = keySeq !.Elements[1] as ASN1Integer;
SecurityAssert.NotNull(exponentInt);
return(new RSAPublicKey(modulusInt !.Value, exponentInt !.Value));
}
public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier?algorithm, byte[] input)
{
using var ms = new MemoryStream(input);
var asn1 = new DERReader(ms);
return(new RSAPrivateKey(asn1.Read()));
}
public bool Verify(byte[] input, byte[] signature, IDigest hash)
{
if (_publicKey is null || _domain is null || _nField is null)
{
throw new InvalidOperationException("ECDSA not initialised");
}
FieldValue r, s;
using (var buffer = new MemoryStream(signature))
{
var reader = new DERReader(buffer);
var seq = reader.Read() as ASN1Sequence;
SecurityAssert.NotNull(seq);
SecurityAssert.Assert(seq !.Count == 2);
var ri = seq.Elements[0] as ASN1Integer;
SecurityAssert.NotNull(ri);
r = _nField.Value(ri !.Value);
SecurityAssert.Assert(r.Value == ri !.Value);
var si = seq.Elements[1] as ASN1Integer;
SecurityAssert.NotNull(si);
s = _nField.Value(si !.Value);
SecurityAssert.Assert(s.Value == si !.Value);
}
// check QA != O
// check QA is on curve
SecurityAssert.Assert(_domain.Curve.IsPointOnCurve(_publicKey));
// check n*QA = O
// check r and s are in [1, n-1]
// e = HASH(input)
hash.Update(input);
var e = hash.DigestBuffer();
// z = the Ln leftmost bits of e, where Ln is the bit length of the group order n.
var z = ToZ(e, _ln);
// w = 1/s (mod n)
var w = _nField.Divide(_nField.Value(1), s);
// u1 = zw (mod n)
var u1 = _nField.Multiply(w, z);
// u2 = rw (mod n)
var u2 = _nField.Multiply(w, r);
// (x1, y2) = u1 * G + u2 * QA
var point = Point.Add(_domain.Curve,
a: Point.Multiply(_domain.Curve, u1, _domain.Generator),
b: Point.Multiply(_domain.Curve, u2, _publicKey)) !;
// return r == x1 (mod n)
return(r == point.X);
}
// http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf for reading the DER format
// https://www.ietf.org/rfc/rfc5280.txt for fields in certificate
// https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem for fields in private key (PKCS#1)
// https://lapo.it/asn1js javascript parser / visualizer
public X509Certificate ReadCertificate()
{
using (var ms = new MemoryStream(_input))
{
var reader = new DERReader(ms);
var asn1 = reader.Read();
return(ReadFromASN1(asn1));
}
}
public PrivateKey ReadPrivateKey(X509AlgorithmIdentifier algorithm, byte[] input)
{
var parameters = CreateParameters(algorithm);
using (var ms = new MemoryStream(input))
{
var asn1 = new DERReader(ms);
return(new DHPrivateKey(parameters, asn1.Read()));
}
}
public PublicKey ReadPublicKey(X509AlgorithmIdentifier algorithm, BitArray bits)
{
var parameters = CreateParameters(algorithm);
var data = bits.ToArray();
ASN1Object asn1;
using (var ms = new MemoryStream(data))
{
asn1 = new DERReader(ms).Read();
}
var y = asn1 as ASN1Integer;
SecurityAssert.NotNull(y);
return(new DHPublicKey(parameters, y !.Value));
}
private List <X509Extension> ReadExtensions(ASN1Sequence seq)
{
var extensions = new List <X509Extension>();
foreach (var extInfo in seq.Elements)
{
var extSeq = ToSeq(extInfo, 2, 3);
var id = GetElement <ASN1ObjectIdentifier>(extSeq, 0).Identifier;
var critical = extSeq.Count == 3 && GetElement <ASN1Boolean>(extSeq, 1).Value;
var value = GetElement <ASN1OctetString>(extSeq, extInfo.Count - 1).Value;
ASN1Object asn1Value;
using (var ms = new MemoryStream(value))
{
asn1Value = new DERReader(ms).Read();
}
extensions.Add(new X509Extension(id, critical, asn1Value));
}
return(extensions);
}
