FilesExpand file tree

 develop

/

RsaPKCS1.cs

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

120 lines (105 loc) · 4.86 KB

 develop

/

RsaPKCS1.cs

Top

File metadata and controls

• Code
• Blame

120 lines (105 loc) · 4.86 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

#if !DNXCORE50

#region License

// The PostgreSQL License

//

// Copyright (C) 2015 The Npgsql Development Team

//

// Permission to use, copy, modify, and distribute this software and its

// documentation for any purpose, without fee, and without a written

// agreement is hereby granted, provided that the above copyright notice

// and this paragraph and the following two paragraphs appear in all copies.

//

// IN NO EVENT SHALL THE NPGSQL DEVELOPMENT TEAM BE LIABLE TO ANY PARTY

// FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES,

// INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS

// DOCUMENTATION, EVEN IF THE NPGSQL DEVELOPMENT TEAM HAS BEEN ADVISED OF

// THE POSSIBILITY OF SUCH DAMAGE.

//

// THE NPGSQL DEVELOPMENT TEAM SPECIFICALLY DISCLAIMS ANY WARRANTIES,

// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

// AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS

// ON AN "AS IS" BASIS, AND THE NPGSQL DEVELOPMENT TEAM HAS NO OBLIGATIONS

// TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

#endregion

using System;

using System.Collections.Generic;

using System.Linq;

using System.Numerics;

using System.Security.Cryptography;

using System.Text;

using System.Threading.Tasks;

namespace TlsClientStream

{

internal static class RsaPKCS1

{

public static bool VerifyRsaPKCS1(RSACryptoServiceProvider key, byte[] signature, byte[] hash, bool allowNoPadding)

{

var parameters = key.ExportParameters(false);

var e = Utils.BigIntegerFromBigEndian(parameters.Exponent, 0, parameters.Exponent.Length);

var mod = Utils.BigIntegerFromBigEndian(parameters.Modulus, 0, parameters.Modulus.Length);

var m = Utils.BigIntegerFromBigEndian(signature, 0, signature.Length);

var decryptedArr = Utils.BigEndianFromBigInteger(BigInteger.ModPow(m, e, mod));

/*

PKCS padding used in TLS 1.0/TLS 1.1:

00 01 [k-3-hashlen 0xff bytes] 00 (hash)

OR, for only TLS 1.0, there may be no padding (or equivalently, 00 00 [k-3-hashlen 00 bytes] 00 (hash))

where k is the keylen

*/

if (allowNoPadding && decryptedArr.Length <= hash.Length)

{

int zeros = hash.Length - decryptedArr.Length;

for (var i = 0; i < zeros; i++)

{

if (hash[i] != 0)

return false;

}

return Utils.ArraysEqual(decryptedArr, 0, hash, zeros, hash.Length - zeros);

}

if (decryptedArr.Length != parameters.Modulus.Length - 1)

return false;

if (decryptedArr[0] != 1)

return false;

for (var i = 1; i < decryptedArr.Length - hash.Length - 1; i++)

{

if (decryptedArr[i] != 0xff)

return false;

}

if (decryptedArr[decryptedArr.Length - hash.Length - 1] != 0)

return false;

return Utils.ArraysEqual(decryptedArr, decryptedArr.Length - hash.Length, hash, 0, hash.Length);

}

public static byte[] SignRsaPKCS1(RSACryptoServiceProvider key, byte[] hash)

{

// NOTE: The X509Certificate2 must be initialized with the X509KeyStorageFlags.Exportable flag

var parameters = key.ExportParameters(true);

var dp = Utils.BigIntegerFromBigEndian(parameters.DP, 0, parameters.DP.Length);

var dq = Utils.BigIntegerFromBigEndian(parameters.DQ, 0, parameters.DQ.Length);

var qinv = Utils.BigIntegerFromBigEndian(parameters.InverseQ, 0, parameters.InverseQ.Length);

var p = Utils.BigIntegerFromBigEndian(parameters.P, 0, parameters.P.Length);

var q = Utils.BigIntegerFromBigEndian(parameters.Q, 0, parameters.Q.Length);

var data = new byte[parameters.D.Length - 1];

data[0] = 1;

for (var i = 1; i < data.Length - hash.Length - 1; i++)

{

data[i] = 0xff;

}

data[data.Length - hash.Length - 1] = 0;

Buffer.BlockCopy(hash, 0, data, data.Length - hash.Length, hash.Length);

var m = Utils.BigIntegerFromBigEndian(data, 0, data.Length);

var m1 = BigInteger.ModPow(m, dp, p);

var m2 = BigInteger.ModPow(m, dq, q);

var h = qinv * (m1 - m2) % p;

if (h.Sign == -1)

h += p;

var signature = Utils.BigEndianFromBigInteger(m2 + h * q);

Utils.ClearArray(parameters.D);

Utils.ClearArray(parameters.DP);

Utils.ClearArray(parameters.DQ);

Utils.ClearArray(parameters.InverseQ);

Utils.ClearArray(parameters.P);

Utils.ClearArray(parameters.Q);

return signature;

}

}

}

#endif