1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
// Copyright (C) 2015, The Duplicati Team
// http://www.duplicati.com, info@duplicati.com
//
// This library is free software; you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as
// published by the Free Software Foundation; either version 2.1 of the
// License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
using System;
namespace Duplicati.Library.AutoUpdater
{
public class SignatureReadingStream : System.IO.Stream, IDisposable
{
/// <summary>
/// The size of the SHA256 output hash in bytes
/// </summary>
///
internal const int SIGNED_HASH_SIZE = 128;
/// <summary>
/// The stream to read from
/// </summary>
private System.IO.Stream m_stream;
protected SignatureReadingStream()
{
}
public SignatureReadingStream(System.IO.Stream stream, System.Security.Cryptography.RSACryptoServiceProvider key)
{
if (!VerifySignature(stream, key))
throw new System.IO.InvalidDataException("Unable to verify signature");
m_stream = stream;
this.Position = 0;
}
private static bool VerifySignature(System.IO.Stream stream, System.Security.Cryptography.RSACryptoServiceProvider key)
{
stream.Position = 0;
var signature = new byte[SIGNED_HASH_SIZE];
if (stream.Read(signature, 0, signature.Length) != signature.Length)
throw new System.IO.InvalidDataException("Unexpected end-of-stream while reading signature");
var sha256 = System.Security.Cryptography.SHA256.Create();
sha256.Initialize();
var bytes = stream.Length - (signature.Length);
var buf = new byte[8 * 1024];
while (bytes > 0)
{
var r = stream.Read(buf, 0, (int)Math.Min(bytes, buf.Length));
if (r == 0)
throw new Exception("Unexpected end-of-stream while reading content");
bytes -= r;
sha256.TransformBlock(buf, 0, r, buf, 0);
}
sha256.TransformFinalBlock(buf, 0, 0);
var hash = sha256.Hash;
var OID = System.Security.Cryptography.CryptoConfig.MapNameToOID("SHA256");
return key.VerifyHash(hash, OID, signature);
}
public static void CreateSignedStream(System.IO.Stream datastream, System.IO.Stream signedstream, System.Security.Cryptography.RSACryptoServiceProvider key)
{
var sha256 = System.Security.Cryptography.SHA256.Create();
datastream.Position = 0;
signedstream.Position = SIGNED_HASH_SIZE;
var buf = new byte[8 * 1024];
var bytes = datastream.Length;
while (bytes > 0)
{
var r = datastream.Read(buf, 0, (int)Math.Min(bytes, buf.Length));
if (r == 0)
throw new Exception("Unexpected end-of-stream while reading content");
signedstream.Write(buf, 0, r);
bytes -= r;
sha256.TransformBlock(buf, 0, r, buf, 0);
}
sha256.TransformFinalBlock(buf, 0, 0);
var hash = sha256.Hash;
var OID = System.Security.Cryptography.CryptoConfig.MapNameToOID("SHA256");
var signature = key.SignHash(hash, OID);
signedstream.Position = 0;
signedstream.Write(signature, 0, signature.Length);
signedstream.Position = 0;
if (!VerifySignature(signedstream, key))
throw new System.IO.InvalidDataException("Unable to verify signature");
}
#region implemented abstract members of Stream
public override void Flush()
{
try { m_stream.Flush(); }
catch { }
}
public override int Read(byte[] buffer, int offset, int count)
{
return m_stream.Read(buffer, offset, count);
}
public override long Seek(long offset, System.IO.SeekOrigin origin)
{
switch (origin)
{
case System.IO.SeekOrigin.Current:
return Seek(offset + this.Position, System.IO.SeekOrigin.Begin);
case System.IO.SeekOrigin.End:
return Seek(this.Length - offset, System.IO.SeekOrigin.Begin);
case System.IO.SeekOrigin.Begin:
default:
return this.Position = offset;
}
}
public override void SetLength(long value)
{
throw new InvalidOperationException();
}
public override void Write(byte[] buffer, int offset, int count)
{
throw new InvalidOperationException();
}
public override bool CanRead
{
get
{
return true;
}
}
public override bool CanSeek
{
get
{
return true;
}
}
public override bool CanWrite
{
get
{
return false;
}
}
public override long Length
{
get
{
return m_stream.Length - SIGNED_HASH_SIZE;
}
}
public override long Position
{
get
{
return m_stream.Position - SIGNED_HASH_SIZE;
}
set
{
m_stream.Position = value + SIGNED_HASH_SIZE;
}
}
#endregion
}
}
|
