public override void Decode(Asn1BerDecodeBuffer buffer, bool explicitTagging, int implicitLength)
{
var elemLength = explicitTagging ? MatchTag(buffer, Asn1Tag.Sequence) : implicitLength;
Init();
var context = new Asn1BerDecodeContext(buffer, elemLength);
var parsedLen = new IntHolder();
if (!context.MatchElemTag(0, 0x20, 0x10, parsedLen, false))
{
throw ExceptionUtility.CryptographicException(Resources.Asn1MissingRequiredException, buffer.ByteCount);
}
Algorithm = new AlgorithmIdentifier();
Algorithm.Decode(buffer, true, parsedLen.Value);
if (!context.MatchElemTag(0, 0, 3, parsedLen, false))
{
throw ExceptionUtility.CryptographicException(Resources.Asn1MissingRequiredException, buffer.ByteCount);
}
SubjectPublicKey = new Asn1BitString();
SubjectPublicKey.Decode(buffer, true, parsedLen.Value);
}
private byte[] getRandomNum(PKCS8.PrivateKeyInfo priKey)
{
foreach (ASN1 i in priKey.Attributes)
{
Asn1Reader reader = new Asn1Reader(i.GetBytes());
bool isRandomNumAttribute = false, inSET = false;
do
{
if (reader.TagName == "OBJECT_IDENTIFIER")
{
if (((Asn1ObjectIdentifier)reader.GetTagObject()).Value.Value == "1.2.410.200004.10.1.1.3")
{
isRandomNumAttribute = true;
}
}
else if (reader.TagName == "SET" && isRandomNumAttribute)
{
inSET = true;
}
else if (reader.TagName == "BIT_STRING" && inSET)
{
Asn1BitString asn1BitString = new Asn1BitString(reader);
return(asn1BitString.Value);
}
} while (reader.MoveNext());
}
throw new VIDOperationException("RandomNum in private key attributes is missing");
}
void decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
if (asn.PayloadLength == 0)
{
return;
}
do
{
switch (asn.Tag)
{
case 0xA0:
Asn1Reader distName = new Asn1Reader(asn.GetPayload());
do
{
switch (distName.Tag)
{
case 0xA0:
// full name
_fullNames.Decode(Asn1Utils.Encode(distName.GetPayload(), 48));
break;
case 0xA1:
// relative to issuer name
Byte[] relativeName = Asn1Utils.Encode(distName.GetPayload(), 48);
RelativeToIssuerName = new X500DistinguishedName(relativeName);
break;
default:
throw new InvalidDataException("The data is invalid");
}
} while (distName.MoveNextSibling());
break;
case 0xA1:
// reasons
Asn1BitString bs = new Asn1BitString(asn.GetPayload());
if (bs.Value[0] == 0)
{
Reasons = X509RevocationReasonFlag.Unspecified;
}
else
{
Reasons = (X509RevocationReasonFlag)bs.Value[0];
}
break;
case 0xA2:
// crl issuer
_crlIssuers.Decode(Asn1Utils.Encode(asn.GetPayload(), 48));
break;
default:
throw new InvalidDataException("The data is invalid.");
}
} while (asn.MoveNextSibling());
_rawData.AddRange(rawData);
}
/// <summary>
/// Signs <see cref="ToBeSignedData"/> data by using client-provided message signer.
/// </summary>
/// <param name="signerInfo">Configured message signer object which is used to sign the data.</param>
public void Sign(MessageSigner signerInfo)
{
var signature = signerInfo.SignData(ToBeSignedData).ToList();
if (signerInfo.SignerCertificate.PublicKey.Oid.Value == AlgorithmOids.RSA)
{
signature.Insert(0, 0);
Signature = new Asn1BitString(Asn1Utils.Encode(signature.ToArray(), 3));
}
else
{
// ECDSA, DSA signature consist of two parts, r and s.
Int32 divider = signature.Count / 2;
List <Byte> r = signature.Skip(0).Take(divider).ToList();
// check if most significant bit is set to 1. If set, prepend value with extra 0 byte.
if (r[0] > 127)
{
r.Insert(0, 0);
}
List <Byte> s = signature.Skip(divider).Take(divider).ToList();
// check if most significant bit is set to 1. If set, prepend value with extra 0 byte.
if (s[0] > 127)
{
s.Insert(0, 0);
}
var builder = new List <Byte>();
builder.AddRange(Asn1Utils.Encode(r.ToArray(), (Byte)Asn1Type.INTEGER));
builder.AddRange(Asn1Utils.Encode(s.ToArray(), (Byte)Asn1Type.INTEGER));
builder = new List <Byte>(Asn1Utils.Encode(builder.ToArray(), 48));
builder.Insert(0, 0);
Signature = new Asn1BitString(Asn1Utils.Encode(builder.ToArray(), 3));
}
SignatureAlgorithm = signerInfo.GetAlgorithmIdentifier();
BlobType = ContentBlobType.SignedBlob;
}
public RsaPublicKey(Asn1BitString valueNode)
{
var value = Asn1Node.ReadNode(valueNode.Data);
Modulus = GetRsaData((Asn1Integer)value.Nodes[0]);
Exponent = GetRsaData((Asn1Integer)value.Nodes[1]);
}
public override void Decode(Asn1BerDecodeBuffer buffer, bool explicitTagging, int implicitLength)
{
var elemLength = explicitTagging ? MatchTag(buffer, Asn1Tag.Sequence) : implicitLength;
Init();
var context = new Asn1BerDecodeContext(buffer, elemLength);
var parsedLen = new IntHolder();
if (!context.MatchElemTag(0, 0x20, 0x10, parsedLen, false))
{
throw ExceptionUtility.CryptographicException(Resources.Asn1MissingRequiredException, buffer.ByteCount);
}
Algorithm = new AlgorithmIdentifier();
Algorithm.Decode(buffer, true, parsedLen.Value);
if (!context.MatchElemTag(0, 0, 3, parsedLen, false))
{
throw ExceptionUtility.CryptographicException(Resources.Asn1MissingRequiredException, buffer.ByteCount);
}
SubjectPublicKey = new Asn1BitString();
SubjectPublicKey.Decode(buffer, true, parsedLen.Value);
}
public static byte[] FromRSA(RSA rsa)
{
var prms = rsa.ExportParameters(false);
var modulus = new Asn1Integer((new byte[] { 0x00 }.Concat(prms.Modulus)).ToArray());
var exponent = new Asn1Integer(prms.Exponent);
var oidheader = new Asn1Sequence();
oidheader.Nodes.Add(new Asn1ObjectIdentifier("1.2.840.113549.1.1.1"));
oidheader.Nodes.Add(new Asn1Null());
var rsaSequence = new Asn1Sequence();
rsaSequence.Nodes.Add(modulus);
rsaSequence.Nodes.Add(exponent);
var bitString = new Asn1BitString(rsaSequence.GetBytes());
var result = new Asn1Sequence();
result.Nodes.Add(oidheader);
result.Nodes.Add(bitString);
return(result.GetBytes());
}
public X509Certificate SignWith(X509PrivateKey authorityPrivateKey)
{
var tbsData = Tbs.ToAsn1().GetBytes();
var data = authorityPrivateKey.SignData(tbsData);
SignatureValue = new Asn1BitString(data);
SignatureAlgorithm = Tbs.SignatureAlgorithm;
return(this);
}
/// <summary>
/// This constructor sets all elements to references to the
/// given objects
/// </summary>
public SubjectPublicKeyInfo(
AlgorithmIdentifier algorithm_,
Asn1BitString subjectPublicKey_
)
: base()
{
algorithm = algorithm_;
subjectPublicKey = subjectPublicKey_;
}
public RsaPrivateKey(Asn1BitString valueNode)
{
var value = Asn1Node.ReadNode(valueNode.Data);
Modulus = GetRsaData((Asn1Integer)value.Nodes[1]);
Exponent = GetRsaData((Asn1Integer)value.Nodes[2]);
D = GetRsaData((Asn1Integer)value.Nodes[3]);
P = GetRsaData((Asn1Integer)value.Nodes[4]);
Q = GetRsaData((Asn1Integer)value.Nodes[5]);
DP = GetRsaData((Asn1Integer)value.Nodes[6]);
DQ = GetRsaData((Asn1Integer)value.Nodes[7]);
InverseQ = GetRsaData((Asn1Integer)value.Nodes[8]);
}
public void WriteBitString(string correctResultHex, string valueToTest, int unusedBits)
{
var encoded = Helpers.GetExampleBytes(correctResultHex);
var encodedValueToTest = Helpers.GetExampleBytes(valueToTest);
using (var ms = new MemoryStream())
{
var asn1Obj = new Asn1BitString(encodedValueToTest, unusedBits);
new DerWriter(ms).Write(asn1Obj);
var res = Enumerable.SequenceEqual(encoded, ms.ToArray());
Assert.True(res);
}
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNextAndExpectTags(0x30);
ToBeSignedData = asn.GetTagRawData();
asn.MoveNextCurrentLevelAndExpectTags(0x30);
SignatureAlgorithm = new AlgorithmIdentifier(asn.GetTagRawData());
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.BIT_STRING);
Signature = new Asn1BitString(asn);
}
void decode()
{
var asn = new Asn1Reader(RawData);
if (asn.PayloadLength == 0)
{
return;
}
asn.MoveNext();
do
{
switch (asn.Tag)
{
case 0xa0:
DistributionPoint = new X509DistributionPoint(Asn1Utils.Encode(asn.GetTagRawData(), 48));
break;
case 0xa1:
OnlyUserCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa2:
OnlyCaCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa3:
var val = new Asn1BitString(asn.GetPayload());
if (val.Value.Length > 1)
{
Reasons = (X509RevocationReasonFlag)BitConverter.ToUInt16(val.Value, 0);
}
else if (val.Value.Length == 1)
{
Reasons = (X509RevocationReasonFlag)val.Value[0];
}
break;
case 0xa4:
IndirectCRL = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa5:
OnlyAttributeCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
}
} while (asn.MoveNextSibling());
}
/// <summary>
/// Hashes current blob in <see cref="ToBeSignedData"/> member, constructs algorithm identifier
/// (usually, with "NoSign" suffix) and attaches hash value in the signature section.
/// </summary>
/// <param name="hashAlgorithm">Hash algorithm to use for hashing.</param>
/// <exception cref="ArgumentException">
/// Hash algorithm is not valid or cannot be mapped to respective signature algorithm.
/// </exception>
/// <exception cref="ArgumentNullException">
/// <strong>hashAlgorithm</strong> parameter is null.
/// </exception>
public void Hash(Oid2 hashAlgorithm)
{
if (hashAlgorithm == null)
{
throw new ArgumentNullException(nameof(hashAlgorithm));
}
Oid2 transofrmedOid = Oid2.MapHashToSignatureOid(hashAlgorithm);
using (var hasher = HashAlgorithm.Create(hashAlgorithm.FriendlyName)) {
if (hasher == null)
{
throw new ArgumentException("Specified hash algorithm is not valid hashing algorithm");
}
List <Byte> signature = hasher.ComputeHash(ToBeSignedData).ToList();
signature.Insert(0, 0);
Signature = new Asn1BitString(Asn1Utils.Encode(signature.ToArray(), (Byte)Asn1Type.BIT_STRING));
}
SignatureAlgorithm = new AlgorithmIdentifier(transofrmedOid.ToOid(), Asn1Utils.EncodeNull());
BlobType = ContentBlobType.SignedBlob;
}
public override void Decode
(Asn1BerDecodeBuffer buffer, bool explicitTagging, int implicitLength)
{
int llen = (explicitTagging) ?
MatchTag(buffer, Asn1Tag.Sequence) : implicitLength;
Init();
// decode SEQUENCE
Asn1BerDecodeContext context =
new Asn1BerDecodeContext(buffer, llen);
IntHolder elemLen = new IntHolder();
// decode algorithm
if (context.MatchElemTag(Asn1Tag.Universal, Asn1Tag.CONS, 16, elemLen, false))
{
algorithm = new AlgorithmIdentifier();
algorithm.Decode(buffer, true, elemLen.Value);
}
else
{
throw new Exception("Asn1MissingRequiredException (buffer)");
}
// decode subjectPublicKey
if (context.MatchElemTag(Asn1Tag.Universal, Asn1Tag.PRIM, 3, elemLen, false))
{
subjectPublicKey = new Asn1BitString();
subjectPublicKey.Decode(buffer, true, elemLen.Value);
}
else
{
throw new Exception("Asn1MissingRequiredException (buffer)");
}
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new ArgumentException("The data is invalid");
}
if (!asn.MoveNext())
{
throw new ArgumentException("The data is invalid");
}
ToBeSignedData = asn.GetTagRawData();
if (!asn.MoveNextCurrentLevel())
{
throw new ArgumentException("The data is invalid");
}
SignatureAlgorithm = new AlgorithmIdentifier(asn.GetTagRawData());
if (!asn.MoveNextCurrentLevel())
{
throw new ArgumentException("The data is invalid");
}
Signature = new Asn1BitString(asn);
}
private void Init()
{
Algorithm = null;
SubjectPublicKey = null;
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
if (asn.PayloadLength == 0)
{
return;
}
do
{
Byte[] altNames;
switch (asn.Tag)
{
case 0xA0:
Asn1Reader distName = new Asn1Reader(asn.GetPayload());
do
{
switch (distName.Tag)
{
case 0xA0:
// full name
altNames = Asn1Utils.Encode(distName.GetPayload(), 48);
FullName = new X509AlternativeNameCollection();
FullName.Decode(altNames);
break;
case 0xA1:
// relative to issuer name
Byte[] relativeName = Asn1Utils.Encode(distName.GetPayload(), 48);
RelativeToIssuerName = new X500DistinguishedName(relativeName);
break;
default:
throw new InvalidDataException("The data is invalid");
}
} while (distName.MoveNextCurrentLevel());
break;
case 0xA1:
// reasons
Asn1BitString bs = new Asn1BitString(asn.GetPayload());
if (bs.Value[0] == 0)
{
Reasons = X509RevocationReasons.Unspecified;
break;
}
Byte mask = 1;
do
{
if ((bs.Value[0] & mask) > 0)
{
switch (mask)
{
case 1: Reasons += (Int32)X509RevocationReasons.AACompromise; break;
case 2: Reasons += (Int32)X509RevocationReasons.PrivilegeWithdrawn; break;
case 4: Reasons += (Int32)X509RevocationReasons.CertificateHold; break;
case 8: Reasons += (Int32)X509RevocationReasons.CeaseOfOperation; break;
case 16: Reasons += (Int32)X509RevocationReasons.Superseded; break;
case 32: Reasons += (Int32)X509RevocationReasons.ChangeOfAffiliation; break;
case 64: Reasons += (Int32)X509RevocationReasons.CACompromise; break;
case 128: Reasons += (Int32)X509RevocationReasons.KeyCompromise; break;
}
}
mask <<= 1;
} while (mask != 128);
break;
case 0xA2:
// crl issuer
altNames = Asn1Utils.Encode(asn.GetPayload(), 48);
CRLIssuer = new X509AlternativeNameCollection();
CRLIssuer.Decode(altNames);
break;
default:
throw new InvalidDataException("The data is invalid.");
}
} while (asn.MoveNextCurrentLevel());
RawData = rawData;
}
public void Init()
{
algorithm = null;
subjectPublicKey = null;
}
private void Init()
{
Algorithm = null;
SubjectPublicKey = null;
}
private static T MakeInstanceOfAsn1Object <T>(long nodeStartOffset, Asn1Class asn1Class, bool constructed, int tag, SubStream content)
where T : Asn1ObjectBase
{
T foundObject;
Asn1ObjectBase shouldBeType = null;
if (asn1Class == Asn1Class.ContextSpecific)
{
shouldBeType = new Asn1ContextSpecific(constructed, tag, content);
}
else
{
switch ((Asn1Type)tag)
{
case Asn1Type.Eoc:
shouldBeType = new Asn1Eoc();
break;
case Asn1Type.Boolean:
shouldBeType = new Asn1Boolean(content, constructed);
break;
case Asn1Type.Integer:
shouldBeType = new Asn1Integer(content, constructed);
break;
case Asn1Type.BitString:
shouldBeType = new Asn1BitString(content, constructed);
break;
case Asn1Type.OctetString:
shouldBeType = new Asn1OctetString(content, constructed);
break;
case Asn1Type.Null:
shouldBeType = new Asn1Null(constructed);
break;
case Asn1Type.ObjectIdentifier:
shouldBeType = new Asn1ObjectIdentifier(content, constructed);
break;
case Asn1Type.Real:
shouldBeType = new Asn1Real(content, constructed);
break;
case Asn1Type.Enumerated:
shouldBeType = new Asn1Enumerated(content, constructed);
break;
case Asn1Type.Utf8String:
shouldBeType = new Asn1Utf8String(content, constructed);
break;
case Asn1Type.RelativeOid:
shouldBeType = new Asn1RelativeOid(content, constructed);
break;
case Asn1Type.Sequence:
shouldBeType = new Asn1Sequence(asn1Class, content, constructed);
break;
case Asn1Type.Set:
shouldBeType = new Asn1Set(asn1Class, content, constructed);
break;
case Asn1Type.NumericString:
shouldBeType = new Asn1NumericString(content, constructed);
break;
case Asn1Type.PrintableString:
shouldBeType = new Asn1PrintableString(content, constructed);
break;
case Asn1Type.T61String:
shouldBeType = new Asn1T61String(content, constructed);
break;
case Asn1Type.Ia5String:
shouldBeType = new Asn1Ia5String(content, constructed);
break;
case Asn1Type.UtcTime:
shouldBeType = new Asn1UtcTime(content, constructed);
break;
case Asn1Type.GeneralizedTime:
shouldBeType = new Asn1GeneralizedTime(content, constructed);
break;
case Asn1Type.GraphicString:
shouldBeType = new Asn1GraphicString(content, constructed);
break;
case Asn1Type.GeneralString:
shouldBeType = new Asn1GeneralString(content, constructed);
break;
case Asn1Type.UniversalString:
shouldBeType = new Asn1UniversalString(content, constructed);
break;
case Asn1Type.BmpString:
shouldBeType = new Asn1BmpString(content, constructed);
break;
case Asn1Type.ObjectDescriptor:
case Asn1Type.External:
case Asn1Type.EmbeddedPdv:
case Asn1Type.VideotexString:
case Asn1Type.VisibleString:
case Asn1Type.CharacterString:
case Asn1Type.LongForm:
default:
throw new NotSupportedException($"ASN.1 tag {tag} is unsupported.");
}
}
foundObject = shouldBeType as T;
// sanity check
if (foundObject == null)
{
throw new FormatException(FormattableString.Invariant($"ASN.1 node at offset {nodeStartOffset} is of type {shouldBeType.GetType()} but expected type was {typeof(T)}"));
}
return(foundObject);
}
public static string GetHexString(this Asn1BitString val)
{
return(val.Data.GetHexString());
}
