private void Dump(SaveType dumpType) { SaveFileDialog fileDialog = new SaveFileDialog(); if (DialogResult.OK == fileDialog.ShowDialog()) { switch (dumpType) { case SaveType.Node: Asn1.Encode(fileDialog.FileName, this.Asn1Node); break; case SaveType.Data: Asn1.EncodeData(fileDialog.FileName, this.Asn1Node); break; case SaveType.Text: Asn1.ExportText(fileDialog.FileName, this.Asn1Node); break; default: break; } } }
public void Should_serialize_integer_from_bytes() { // Arrange var byteArrays = new byte[][] { new byte[] { 0 }, new byte[] { 127 }, new byte[] { 0, 127 }, new byte[] { 128 }, new byte[] { 1, 0, 0 }, new byte[0], new byte[] { 0, 165, 163, 214, 2, 169, 62 } }.Select(data => new DerInteger(data)); var expectedSerializedValues = new[] { new byte[] { 2, 1, 0 }, new byte[] { 2, 1, 127 }, new byte[] { 2, 2, 0, 127 }, new byte[] { 2, 2, 0, 128 }, // da das 1. Bit zur Vorzeichenerkennung genutzt wird, wird bei >= 128 ein 0-Byte voran gestellt new byte[] { 2, 3, 1, 0, 0 }, new byte[] { 2, 0 }, new byte[] { 2, 7, 0, 165, 163, 214, 2, 169, 62 } }; // Act var result = byteArrays.Select(i => Asn1.Encode(i)).ToArray(); // Assert result.Length.Should().Be(expectedSerializedValues.Length); for (int i = 0; i < expectedSerializedValues.Length; i++) { result[i].Should().Equal(expectedSerializedValues[i]); } }
public void Asn1_ParseItem_reads_packed_size() { const int size = 127; var item = Asn1.ParseItem(("027F" + "AB".Repeat(size)).DecodeHex()); Assert.Equal(size, item.Value.Length); }
public void Asn1_ParseItem_reads_single_byte_size() { const int size = 128; var item = Asn1.ParseItem(("028180" + "AB".Repeat(size)).DecodeHex()); Assert.Equal(size, item.Value.Length); }
private void UpdateHexViewerData() { byte[] data; if (rootNode != null) { using (MemoryStream ms = new MemoryStream()) { Asn1.Encode(ms, rootNode); data = ms.ToArray(); } } else { data = new byte[0]; } hexViewer.View(data); Asn1TreeNode selectedNode = treeView1.SelectedNode as Asn1TreeNode; if (selectedNode != null) { // TODO: length is incorrect for indefinite length nodes hexViewer.Highlight((int)selectedNode.Asn1Node.StartByte, (int)(Asn1.GetTotalByteCount(selectedNode.Asn1Node))); } }
private static void ParseDeadBeefItem(byte tag, Asn1.Kind kind) { var item = Asn1.ParseItem($"{tag:X2}04DEADBEEF".DecodeHex()); Assert.Equal(kind, item.Key); Assert.Equal(new byte[] { 0xDE, 0xAD, 0xBE, 0xEF }, item.Value); }
/** * create with a signer with extra signed/unsigned attributes. */ public TimeStampTokenGenerator( AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { this.key = key; this.cert = cert; this.digestOID = digestOID; this.tsaPolicyOID = tsaPolicyOID; this.unsignedAttr = unsignedAttr; TspUtil.ValidateCertificate(cert); // // add the essCertid // Hashtable signedAttrs; if (signedAttr != null) { signedAttrs = signedAttr.ToHashtable(); } else { signedAttrs = new Hashtable(); } IDigest digest; try { digest = DigestUtilities.GetDigest("SHA-1"); } catch (Exception e) { throw new TspException("Can't find a SHA-1 implementation.", e); } try { byte[] certEncoded = cert.GetEncoded(); digest.BlockUpdate(certEncoded, 0, certEncoded.Length); byte[] hash = DigestUtilities.DoFinal(digest); EssCertID essCertid = new EssCertID(hash); Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(new SigningCertificate(essCertid))); signedAttrs[attr.AttrType] = attr; } catch (CertificateEncodingException e) { throw new TspException("Exception processing certificate.", e); } this.signedAttr = new Asn1.Cms.AttributeTable(signedAttrs); }
private static void ParseDeadBeefItem(byte tag, Asn1.Kind kind) { var item = Asn1.ParseItem(string.Format("{0:X2}04DEADBEEF", tag).DecodeHex()); Assert.AreEqual(kind, item.Key); Assert.AreEqual(new byte[] { 0xDE, 0xAD, 0xBE, 0xEF }, item.Value); }
public void Asn1_ParseItem_reads_multi_byte_size() { const int size = 260; var item = Asn1.ParseItem(("02820104" + "AB".Repeat(size)).DecodeHex()); Assert.Equal(size, item.Value.Length); }
private void treeView1_AfterSelect(object sender, TreeViewEventArgs e) { if (hexViewer.Visible) { Asn1Tag node = (e.Node as Asn1TreeNode).Asn1Node; hexViewer.Highlight((int)node.StartByte, (int)Asn1.GetTotalByteCount(node)); } }
public void Should_serialize_a_sequence() { // Arrange var sequence = new Sequence(new ObjectIdentifier(new Oid("2.5.4.8")), new UTF8String("NRW")); var bytes = Asn1.Encode(sequence); // Assert bytes.Should().Equal(0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x03, 0x4E, 0x52, 0x57); }
public void Should_serialize_integer_from_int() { var ints = new int[] { 0, 127, 128, 256 * 256 }; var asn1ints = ints.Select(i => new DerInteger(i)); var bytes = asn1ints.Select(i => Asn1.Encode(i)).ToArray(); bytes[0].Should().Equal(0x02, 1, 0); bytes[1].Should().Equal(0x02, 1, 127); bytes[2].Should().Equal(0x02, 2, 0, 128); // da das 1. Bit zur Vorzeichenerkennung genutzt wird, wird bei >= 128 ein 0-Byte voran gestellt bytes[3].Should().Equal(0x02, 3, 1, 0, 0); }
/** * create with a signer with extra signed/unsigned attributes. */ public TimeStampTokenGenerator( AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { this.key = key; this.cert = cert; this.digestOID = digestOID; this.tsaPolicyOID = tsaPolicyOID; this.unsignedAttr = unsignedAttr; TspUtil.ValidateCertificate(cert); // // Add the ESSCertID attribute // IDictionary signedAttrs; if (signedAttr != null) { signedAttrs = signedAttr.ToDictionary(); } else { signedAttrs = Platform.CreateHashtable(); } try { byte[] hash = DigestUtilities.CalculateDigest("SHA-1", cert.GetEncoded()); EssCertID essCertid = new EssCertID(hash); Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(new SigningCertificate(essCertid))); signedAttrs[attr.AttrType] = attr; } catch (CertificateEncodingException e) { throw new TspException("Exception processing certificate.", e); } catch (SecurityUtilityException e) { throw new TspException("Can't find a SHA-1 implementation.", e); } this.signedAttr = new Asn1.Cms.AttributeTable(signedAttrs); }
/** * add a signer with extra signed/unsigned attributes. */ public void AddSigner( AsymmetricKeyParameter privateKey, X509Certificate cert, string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { string encOID = GetEncOid(privateKey, digestOID); signerInfs.Add(new SignerInf(this, privateKey, cert, digestOID, encOID, new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), signedAttr)); }
internal SignerInf( CmsSignedGenerator outer, ISignatureFactory sigCalc, SignerIdentifier signerIdentifier, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { this.outer = outer; this.sigCalc = sigCalc; this.signerIdentifier = signerIdentifier; this.digestOID = new DefaultDigestAlgorithmIdentifierFinder().find((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; this.encOID = ((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; }
internal SignerInf( CmsSignedGenerator outer, AsymmetricKeyParameter key, SignerIdentifier signerIdentifier, string digestOID, string encOID, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { this.outer = outer; this.key = key; this.signerIdentifier = signerIdentifier; this.digestOID = digestOID; this.encOID = encOID; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; }
public void OpenFile(string file) { SuspendLayout(); try { using (FileStream fs = new FileStream(file, FileMode.Open, FileAccess.Read)) { try { byte[] pemData = PemReader.ReadPem(fs); using (MemoryStream ms = new MemoryStream(pemData)) { rootNode = Asn1.Decode(ms); } } catch (ArgumentException) { fs.Position = 0; rootNode = Asn1.Decode(fs); } stsFile.Text = string.Concat("File: ", file); stsSize.Text = string.Concat("Size: ", fs.Length.ToString(), " bytes"); Text = string.Concat(TitleBase, " - ", file); } ShowAsn1(rootNode); UpdateHexViewerData(); } catch (Exception ex) { MessageBox.Show(this, "Error while opening file: " + ex.Message, "Error opening file", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1); } ResumeLayout(); }
internal SignerInf( CmsSignedGenerator outer, AsymmetricKeyParameter key, SignerIdentifier signerIdentifier, string digestOID, string encOID, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { string digestName = Helper.GetDigestAlgName(digestOID); string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOID); this.outer = outer; this.sigCalc = new Asn1SignatureFactory(signatureName, key); this.signerIdentifier = signerIdentifier; this.digestOID = digestOID; this.encOID = encOID; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; }
public static RSAParameters DecodeRsaParameters(string pkcs8PrivateKey) { const string PrivateKeyPrefix = "-----BEGIN PRIVATE KEY-----"; const string PrivateKeySuffix = "-----END PRIVATE KEY-----"; Utilities.ThrowIfNullOrEmpty(pkcs8PrivateKey, nameof(pkcs8PrivateKey)); pkcs8PrivateKey = pkcs8PrivateKey.Trim(); if (!pkcs8PrivateKey.StartsWith(PrivateKeyPrefix) || !pkcs8PrivateKey.EndsWith(PrivateKeySuffix)) { throw new ArgumentException( $"PKCS8 data must be contained within '{PrivateKeyPrefix}' and '{PrivateKeySuffix}'.", nameof(pkcs8PrivateKey)); } string base64PrivateKey = pkcs8PrivateKey.Substring(PrivateKeyPrefix.Length, pkcs8PrivateKey.Length - PrivateKeyPrefix.Length - PrivateKeySuffix.Length); // FromBase64String() ignores whitespace, so further Trim()ing isn't required. byte[] pkcs8Bytes = Convert.FromBase64String(base64PrivateKey); object ans1 = Asn1.Decode(pkcs8Bytes); object[] parameters = (object[])((object[])ans1)[2]; var rsaParmeters = new RSAParameters { Modulus = TrimLeadingZeroes((byte[])parameters[1]), Exponent = TrimLeadingZeroes((byte[])parameters[2], alignTo8Bytes: false), D = TrimLeadingZeroes((byte[])parameters[3]), P = TrimLeadingZeroes((byte[])parameters[4]), Q = TrimLeadingZeroes((byte[])parameters[5]), DP = TrimLeadingZeroes((byte[])parameters[6]), DQ = TrimLeadingZeroes((byte[])parameters[7]), InverseQ = TrimLeadingZeroes((byte[])parameters[8]), }; return(rsaParmeters); }
/// <summary> /// Enabling encryption /// </summary> /// <param name="packet">EncryptionRequestPacket</param> private void ModernEnableEncryption(IPacket packet) { var request = (EncryptionRequestPacket)packet; var hash = Asn1.GetServerIDHash(request.PublicKey, request.SharedKey, request.ServerId); if (!Yggdrasil.ClientAuth(_minecraft.AccessToken, _minecraft.SelectedProfile, hash)) { throw new Exception("Yggdrasil error: Not authenticated."); } var rsaParameter = Asn1.GetRsaParameters(request.PublicKey); var encryptedSecret = Asn1.EncryptData(rsaParameter, request.SharedKey); var encryptedVerify = Asn1.EncryptData(rsaParameter, request.VerificationToken); BeginSendPacket(new EncryptionResponsePacket { SharedSecret = encryptedSecret, VerificationToken = encryptedVerify }, null, null); _stream.InitializeEncryption(request.SharedKey); }
/** * add a signer with extra signed/unsigned attributes. * @throws NoSuchAlgorithmException * @throws InvalidKeyException */ public void AddSigner( AsymmetricKeyParameter privateKey, X509Certificate cert, string digestOid, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { AddSigner(privateKey, cert, digestOid, new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr)); }
/** * add a signer with extra signed/unsigned attributes. * @throws NoSuchAlgorithmException * @throws InvalidKeyException */ public void AddSigner( AsymmetricKeyParameter privateKey, byte[] subjectKeyID, string digestOid, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { AddSigner(privateKey, subjectKeyID, digestOid, new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr)); }
internal SignerInf(CmsSignedGenerator outer, AsymmetricKeyParameter key, SignerIdentifier signerIdentifier, string digestOID, string encOID, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { _outer = outer; _key = key; _signerIdentifier = signerIdentifier; _digestOID = digestOID; _encOID = encOID; _sAttr = sAttr; _unsAttr = unsAttr; _baseSignedTable = baseSignedTable; }
public void Should_serialize_a_certificate_signing_request() { /* * var keyManager = new FileKeyStore(Environment.CurrentDirectory); * var rsa = keyManager.GetOrCreateKey("test.startliste.info"); * var key = rsa.ExportParameters(true); */ var key = RSAPrivateKey.ParsePem(@" -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAq57sJKTDY5K3w9Gf40xDhpHwyOshO2EXEg4doP4tX6+eAHUP h04Kb3/X2jfgdQHGjTYMyv9Q0AZ5msMOUjxnxbt1GvhVih/yaDOqjysWbBXbRWFZ 5eBk6PHbYmPTVcfE9RyyNS8bp9ykZgJoU0Q1V2UxjQX5JkMJLnFxegKkw/fSZizj IlUSjnDCP13Gs/cmualyqxlZipsSzaAuasoeIT/qanick3UL+tATIJJ8Zytacntj Gca9ZMs6xtmvSkumEd2d6pBsIItEwRIG0+9MFb7q7yTySiewFs/+5duEpIL+K83k IX0nB+15TsjZFnJ+6rLY+YRifjc8vVZHeFD8iwIDAQABAoIBAERetQuqGe7mqc/Y iH5YSQRoyoh4Z45M0RCP0Azthaz7fRIIkI2iMPUXdKoKHaDveqaR9EnAqfSdx784 WtG3H849rlr2uLkkngEWKCoOC8o2cNq0fEhge0Lz6ybIxw4C3juZ2YLnh/h5JYNA DUiywR9WgIWCbi3ogdVfO0pUmEg7IG6Q0KLPicabLwcrBKDAloBdS/q7aeFrSEIG 0Hu+CJCKPterdYbFmJ5zHFmOYvToIkX5AYT+G1EfaGx4FHly0wC1eSZIaU/krNd/ U9vdMA2gd8alcG/GwOih5RunIJoGad20hh6gLsw8KHX0s2GDlRvk2Q71cH2YEdo4 SXe7Tw0CgYEA3epZNvO/gZj/YM5ljcn6Hxf2/RscqreH2K4GM0yTp6OEOvm6Dg4t 9JOA+6YxT3Dbf8aEcWDleDcJJY4EfkL4Lqq2dn4vbF+AevVAH1Ml6/ZJwvFuqcMk 9g8FJQqO/Ul/MrFHhi4oXzg3dZPeMKZTN2ACZHiKTwzC0GtCzXdRGVUCgYEAxfsA 1CCUpgsjKvhBxLvpVqIEi5gzMarO7UvgVprvZ/0NFGkgrQC5c3Hhs5mrsf8pB1Gf EJvTaFGGgr9o2+JzVXs9PJ1njEoelS35PUrHZ8raW2TWJQVAToCfzbylPTY0sJEl iX++fJJa7AjgYPcriOiZbtBTZHBiqpdAKsC+Pl8CgYEAh25J3BuNuE3jLPVJTOsC 1o8NkRJGwHkZUseByTTmt9w3Crb1MTa+HREYGnwmg9DgZG6GzZrQ8DjGQEEXxOai B/jvOglwb7co9eFOrM9VyVeZVHt7iecqW3B3N0/mS/XaxtkiSWVKBjKMxhjj9NTM 3HKfgyl9Xxjum7uaHULAH7ECgYATPwJmnMA2oBCMJdQm7umRHXD5rRMU+fjhwqWN ZcRuRIBYApxFlTNyEJkTX5X8WMTBTGL9N1jG5F4CKd9kuM/jeHaMhPTDA5WThQOc vL9DzMmLZvMWaDtHJmPimTsrBzD6FTIj+sIm1Ad4uKgvZPfbeFkqF6BzvCUrVkbL oS8dWwKBgGevHLbGPIeNjrAN3YK3T0VaeB60aigK1PRb+qHL4TDngK2wG6Xy6XVd iQoWlyFgiNQ/qJcD8dcVwT83KvogfIGb/PLZ9LLRkt4g4ZEKj76gaQIr/U/DVB2I yXgq378FifWsRemLckRjOC+T0brxqxzqPflbe+c2AHZgMSjuRplC -----END RSA PRIVATE KEY-----").Key; var data = new CertificateRequestData("test.startliste.info", key) { C = "DE", S = "NRW", L = "Werther", O = "Aero Club Bünde", OU = "" }; var csr = Pkcs10.Encode(data); var der = Pkcs10.EncodeAsDer(data); var base64 = Pkcs10.EncodeAsBase64(data); var bytes = Asn1.Encode(csr); Assert.Equal( @"-----BEGIN NEW CERTIFICATE REQUEST----- MIICZDCCAUwCAQAwHzEdMBsGA1UEAwwUdGVzdC5zdGFydGxpc3RlLmluZm8wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrnuwkpMNjkrfD0Z/jTEOGkfDI 6yE7YRcSDh2g/i1fr54AdQ+HTgpvf9faN+B1AcaNNgzK/1DQBnmaww5SPGfFu3Ua +FWKH/JoM6qPKxZsFdtFYVnl4GTo8dtiY9NVx8T1HLI1Lxun3KRmAmhTRDVXZTGN BfkmQwkucXF6AqTD99JmLOMiVRKOcMI/Xcaz9ya5qXKrGVmKmxLNoC5qyh4hP+pq eJyTdQv60BMgknxnK1pye2MZxr1kyzrG2a9KS6YR3Z3qkGwgi0TBEgbT70wVvurv JPJKJ7AWz/7l24Skgv4rzeQhfScH7XlOyNkWcn7qstj5hGJ+Nzy9Vkd4UPyLAgMB AAGgADANBgkqhkiG9w0BAQsFAAOCAQEALuD1Xha1+qUH1eiXlMO6xiFUtKPMnwR1 XgYf7OILUnFvG4gdE80clIKR8smLOg59nURhIzHhPRacT5jRmcbl4zruZhL8yCuV JOacbdoV69iElZ4BODJwHmJPGajcAw89bUFLezPwRflDlVuiw8/ldAQWsyWtnKVI n9IgTWDEDboUIrUgv+sRwEue+fOCEtVOj1X4Yi0jOCsnihzn0pQNvvU/w9Vpe5Jr Gm1FyD6z3pdGktxJKW3ns+xYcova+2nQeSbuVFHA/OTmIckrDa87EUJNbNVWLtwo FXTQmRtze3w5yKOadkSEyr6FG3qq+3IukRgiuxK12SsN7dE0sIO7ow== -----END NEW CERTIFICATE REQUEST-----".Replace("\r\n", "\n"), base64); File.WriteAllBytes(@"request.der", der); File.WriteAllText(@"request.txt", base64); // openssl req -in r:\request.txt -noout -text }
/** * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. * * @param key signing key to use * @param cert certificate containing corresponding public key * @param encryptionOID digest encryption algorithm OID * @param digestOID digest algorithm OID * @param signedAttr table of attributes to be included in signature * @param unsignedAttr table of attributes to be included as unsigned */ public void AddSigner( IAsymmetricKeyParameter privateKey, X509Certificate cert, string encryptionOID, string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { doAddSigner(privateKey, GetSignerIdentifier(cert), encryptionOID, digestOID, new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), signedAttr); }
public Asn1TreeNode(Asn1Tag asn1Node) { this.Asn1Node = asn1Node; // Use data length instead of full byte count this.Text = string.Concat("(", asn1Node.StartByte, ", ", (asn1Node.IndefiniteLength ? "inf" : Asn1.GetTotalByteCount(asn1Node).ToString()), ") ", asn1Node.ShortDescription); if (!asn1Node.Constructed) { this.Text += string.Concat(": ", asn1Node.DataText); } if (asn1Node.Class == Asn1.Class.Universal && asn1Node.Identifier <= 31) { this.ImageIndex = Asn1ImageIndexes[asn1Node.Identifier]; } else { this.ImageIndex = 32; } this.SelectedImageIndex = this.ImageIndex; this.ContextMenu = CreateContextMenu(); }
/** * add a signer with extra signed/unsigned attributes. * * @param key signing key to use * @param subjectKeyID subjectKeyID of corresponding public key * @param digestOID digest algorithm OID * @param signedAttr table of attributes to be included in signature * @param unsignedAttr table of attributes to be included as unsigned */ public void AddSigner( AsymmetricKeyParameter privateKey, byte[] subjectKeyID, string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { AddSigner(privateKey, subjectKeyID, GetEncOid(privateKey, digestOID), digestOID, signedAttr, unsignedAttr); }
private void doAddSigner( AsymmetricKeyParameter privateKey, SignerIdentifier signerIdentifier, string encryptionOID, string digestOID, CmsAttributeTableGenerator signedAttrGen, CmsAttributeTableGenerator unsignedAttrGen, Asn1.Cms.AttributeTable baseSignedTable) { signerInfs.Add(new SignerInf(this, privateKey, signerIdentifier, digestOID, encryptionOID, signedAttrGen, unsignedAttrGen, baseSignedTable)); }
internal protected virtual Asn1Set GetAttributeSet( Asn1.Cms.AttributeTable attr) { return attr == null ? null : new DerSet(attr.ToAsn1EncodableVector()); }
public TimeStampToken( Asn1.Cms.ContentInfo contentInfo) : this(new CmsSignedData(contentInfo)) { }
private bool DoVerify( AsymmetricKeyParameter key, Asn1.Cms.AttributeTable signedAttrTable) { string digestName = Helper.GetDigestAlgName(this.DigestAlgOid); IDigest digest = Helper.GetDigestInstance(digestName); DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.ObjectID; Asn1Encodable sigParams = this.encryptionAlgorithm.Parameters; ISigner sig; if (sigAlgOid.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdRsassaPss)) { // RFC 4056 2.2 // When the id-RSASSA-PSS algorithm identifier is used for a signature, // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params. if (sigParams == null) throw new CmsException("RSASSA-PSS signature must specify algorithm parameters"); try { // TODO Provide abstract configuration mechanism Asn1.Pkcs.RsassaPssParameters pss = Asn1.Pkcs.RsassaPssParameters.GetInstance( sigParams.ToAsn1Object()); if (!pss.HashAlgorithm.ObjectID.Equals(this.digestAlgorithm.ObjectID)) throw new CmsException("RSASSA-PSS signature parameters specified incorrect hash algorithm"); if (!pss.MaskGenAlgorithm.ObjectID.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1)) throw new CmsException("RSASSA-PSS signature parameters specified unknown MGF"); IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.ObjectID); int saltLength = pss.SaltLength.Value.IntValue; byte trailerField = (byte) pss.TrailerField.Value.IntValue; // RFC 4055 3.1 // The value MUST be 1, which represents the trailer field with hexadecimal value 0xBC if (trailerField != 1) throw new CmsException("RSASSA-PSS signature parameters must have trailerField of 1"); sig = new PssSigner(new RsaBlindedEngine(), pssDigest, saltLength); } catch (Exception e) { throw new CmsException("failed to set RSASSA-PSS signature parameters", e); } } else { // TODO Probably too strong a check at the moment // if (sigParams != null) // throw new CmsException("unrecognised signature parameters provided"); string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(this.EncryptionAlgOid); sig = Helper.GetSignatureInstance(signatureName); } try { sig.Init(false, key); if (signedAttributes == null) { if (content != null) { content.Write(new CmsSignedDataGenerator.SigOutputStream(sig)); content.Write(new CmsSignedDataGenerator.DigOutputStream(digest)); resultDigest = DigestUtilities.DoFinal(digest); } else { resultDigest = digestCalculator.GetDigest(); // need to decrypt signature and check message bytes return VerifyDigest(resultDigest, key, this.GetSignature()); } } else { byte[] hash; if (content != null) { content.Write( new CmsSignedDataGenerator.DigOutputStream(digest)); hash = DigestUtilities.DoFinal(digest); } else if (digestCalculator != null) { hash = digestCalculator.GetDigest(); } else { hash = null; } resultDigest = hash; Asn1.Cms.Attribute dig = signedAttrTable[Asn1.Cms.CmsAttributes.MessageDigest]; Asn1.Cms.Attribute type = signedAttrTable[Asn1.Cms.CmsAttributes.ContentType]; if (dig == null) { throw new SignatureException("no hash for content found in signed attributes"); } if (type == null && !contentType.Equals(CmsAttributes.CounterSignature)) { throw new SignatureException("no content type id found in signed attributes"); } Asn1Object hashObj = dig.AttrValues[0].ToAsn1Object(); if (hashObj is Asn1OctetString) { byte[] signedHash = ((Asn1OctetString)hashObj).GetOctets(); if (!Arrays.AreEqual(hash, signedHash)) { throw new SignatureException("content hash found in signed attributes different"); } } else if (hashObj is DerNull) { if (hash != null) { throw new SignatureException("NULL hash found in signed attributes when one expected"); } } if (type != null) { DerObjectIdentifier typeOID = (DerObjectIdentifier)type.AttrValues[0]; if (!typeOID.Equals(contentType)) { throw new SignatureException("contentType in signed attributes different"); } } byte[] tmp = this.GetEncodedSignedAttributes(); sig.BlockUpdate(tmp, 0, tmp.Length); } return sig.VerifySignature(this.GetSignature()); } catch (InvalidKeyException e) { throw new CmsException( "key not appropriate to signature in message.", e); } catch (IOException e) { throw new CmsException( "can't process mime object to create signature.", e); } catch (SignatureException e) { throw new CmsException( "invalid signature format in message: " + e.Message, e); } }
private static void ParseDeadBeefItem(byte tag, Asn1.Kind kind) { var item = Asn1.ParseItem(string.Format("{0:X2}04DEADBEEF", tag).DecodeHex()); Assert.AreEqual(kind, item.Key); Assert.AreEqual(new byte[] {0xDE, 0xAD, 0xBE, 0xEF}, item.Value); }
public void Asn1_ParseItem_throws_on_invalid_tag() { Asn1.ParseItem("0D04DEADBEEF".DecodeHex()); }
/** * add a signer with extra signed/unsigned attributes. * * @param key signing key to use * @param cert certificate containing corresponding public key * @param digestOID digest algorithm OID * @param signedAttr table of attributes to be included in signature * @param unsignedAttr table of attributes to be included as unsigned */ public void AddSigner( AsymmetricKeyParameter privateKey, X509Certificate cert, string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { AddSigner(privateKey, cert, GetEncOid(privateKey, digestOID), digestOID, signedAttr, unsignedAttr); }
/** * Return a signer information object with the passed in unsigned * attributes replacing the ones that are current associated with * the object passed in. * * @param signerInformation the signerInfo to be used as the basis. * @param unsignedAttributes the unsigned attributes to add. * @return a copy of the original SignerInformationObject with the changed attributes. */ public static SignerInformation ReplaceUnsignedAttributes( SignerInformation signerInformation, Asn1.Cms.AttributeTable unsignedAttributes) { SignerInfo sInfo = signerInformation.info; Asn1Set unsignedAttr = null; if (unsignedAttributes != null) { unsignedAttr = new DerSet(unsignedAttributes.ToAsn1EncodableVector()); } return new SignerInformation( new SignerInfo( sInfo.SignerID, sInfo.DigestAlgorithm, sInfo.AuthenticatedAttributes, sInfo.DigestEncryptionAlgorithm, sInfo.EncryptedDigest, unsignedAttr), signerInformation.contentType, signerInformation.content, null); }
/** * add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. * * @param key signing key to use * @param subjectKeyID subjectKeyID of corresponding public key * @param encryptionOID digest encryption algorithm OID * @param digestOID digest algorithm OID * @param signedAttr table of attributes to be included in signature * @param unsignedAttr table of attributes to be included as unsigned */ public void AddSigner( AsymmetricKeyParameter privateKey, byte[] subjectKeyID, string encryptionOID, string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { doAddSigner(privateKey, GetSignerIdentifier(subjectKeyID), encryptionOID, digestOID, new DefaultSignedAttributeTableGenerator(signedAttr), new SimpleAttributeTableGenerator(unsignedAttr), signedAttr); }
private void CheckAttribute(byte[] expected, Asn1.Cms.Attribute attr) { DerOctetString value = (DerOctetString)attr.AttrValues[0]; Assert.AreEqual(new DerOctetString(expected), value); }
private bool DoVerify( AsymmetricKeyParameter key, Asn1.Cms.AttributeTable signedAttrTable) { string digestName = Helper.GetDigestAlgName(this.DigestAlgOid); string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(this.EncryptionAlgOid); ISigner sig = Helper.GetSignatureInstance(signatureName); IDigest digest = Helper.GetDigestInstance(digestName); try { sig.Init(false, key); if (signedAttributes == null) { if (content != null) { content.Write(new CmsSignedDataGenerator.SigOutputStream(sig)); content.Write(new CmsSignedDataGenerator.DigOutputStream(digest)); _resultDigest = DigestUtilities.DoFinal(digest); } else { _resultDigest = _digest; // need to decrypt signature and check message bytes return VerifyDigest(_digest, key, this.GetSignature()); } } else { byte[] hash; if (content != null) { content.Write( new CmsSignedDataGenerator.DigOutputStream(digest)); hash = DigestUtilities.DoFinal(digest); } else { hash = _digest; } _resultDigest = hash; Asn1.Cms.Attribute dig = signedAttrTable[Asn1.Cms.CmsAttributes.MessageDigest]; Asn1.Cms.Attribute type = signedAttrTable[Asn1.Cms.CmsAttributes.ContentType]; if (dig == null) { throw new SignatureException("no hash for content found in signed attributes"); } if (type == null) { throw new SignatureException("no content type id found in signed attributes"); } Asn1Object hashObj = dig.AttrValues[0].ToAsn1Object(); if (hashObj is Asn1OctetString) { byte[] signedHash = ((Asn1OctetString)hashObj).GetOctets(); if (!Arrays.AreEqual(hash, signedHash)) { throw new SignatureException("content hash found in signed attributes different"); } } else if (hashObj is DerNull) { if (hash != null) { throw new SignatureException("NULL hash found in signed attributes when one expected"); } } DerObjectIdentifier typeOID = (DerObjectIdentifier)type.AttrValues[0]; if (!typeOID.Equals(contentType)) { throw new SignatureException("contentType in signed attributes different"); } { byte[] tmp = this.GetEncodedSignedAttributes(); sig.BlockUpdate(tmp, 0, tmp.Length); } } return sig.VerifySignature(this.GetSignature()); } catch (InvalidKeyException e) { throw new CmsException( "key not appropriate to signature in message.", e); } catch (IOException e) { throw new CmsException( "can't process mime object to create signature.", e); } catch (SignatureException e) { throw new CmsException( "invalid signature format in message: " + e.Message, e); } }
public void Asn1_ParseItem_throws_on_invalid_tag() { Exceptions.AssertThrowsInternalError(() => Asn1.ParseItem("0D04DEADBEEF".DecodeHex()), "Unknown ASN.1 tag 13"); }