internal static bool RsaVerifyHash(
SafeEvpPKeyHandle pkey,
RSASignaturePaddingMode paddingMode,
IntPtr digestAlgorithm,
ReadOnlySpan <byte> hash,
ReadOnlySpan <byte> signature)
{
int ret = CryptoNative_RsaVerifyHash(
pkey,
paddingMode,
digestAlgorithm,
ref MemoryMarshal.GetReference(hash),
hash.Length,
ref MemoryMarshal.GetReference(signature),
signature.Length);
if (ret == 1)
{
return(true);
}
if (ret == 0)
{
return(false);
}
Debug.Assert(ret == -1);
throw CreateOpenSslCryptographicException();
}
private static extern int CryptoNative_RsaVerifyHash(
SafeEvpPKeyHandle pkey,
RSASignaturePaddingMode paddingMode,
IntPtr digestAlgorithm,
ref byte hash,
int hashLength,
ref byte signature,
int signatureLength);
private static partial int CryptoNative_RsaSignHash(
SafeEvpPKeyHandle pkey,
RSASignaturePaddingMode paddingMode,
IntPtr digestAlgorithm,
ref byte hash,
int hashLength,
ref byte destination,
int destinationLength);
private static RSASignaturePadding ToPadding(this RSASignaturePaddingMode mode)
{
switch (mode)
{
case RSASignaturePaddingMode.Pkcs1: return(RSASignaturePadding.Pkcs1);
case RSASignaturePaddingMode.Pss: return(RSASignaturePadding.Pss);
}
return(null);
}
public static X509CertificateWithKeyInfo GenerateCertificateWithKeyInfo(
string subjectName,
Action <TestCertificateGenerator> modifyGenerator,
NuGet.Common.HashAlgorithmName hashAlgorithm = NuGet.Common.HashAlgorithmName.SHA256,
RSASignaturePaddingMode paddingMode = RSASignaturePaddingMode.Pkcs1,
int publicKeyLength = 2048,
ChainCertificateRequest chainCertificateRequest = null)
{
var rsa = RSA.Create(publicKeyLength);
var cert = GenerateCertificate(subjectName, modifyGenerator, rsa, hashAlgorithm, paddingMode, chainCertificateRequest);
return(new X509CertificateWithKeyInfo(cert, rsa));
}
/// <summary>
/// Create a self signed certificate with bouncy castle.
/// </summary>
public static X509Certificate2 GenerateCertificate(
string subjectName,
Action <TestCertificateGenerator> modifyGenerator,
NuGet.Common.HashAlgorithmName hashAlgorithm = NuGet.Common.HashAlgorithmName.SHA256,
RSASignaturePaddingMode paddingMode = RSASignaturePaddingMode.Pkcs1,
int publicKeyLength = 2048,
ChainCertificateRequest chainCertificateRequest = null)
{
chainCertificateRequest = chainCertificateRequest ?? new ChainCertificateRequest()
{
IsCA = true
};
using (var rsa = RSA.Create(publicKeyLength))
{
return(GenerateCertificate(subjectName, modifyGenerator, rsa, hashAlgorithm, paddingMode, chainCertificateRequest));
}
}
public static void SignaturePadding_InvalidValue()
{
RSASignaturePaddingMode badMode = (RSASignaturePaddingMode)(-1);
// Currently we support all RSASignaturePaddings. However we want to make sure we fail properly
// if an unsupported one is added later, so construct a bogus padding.
RSASignaturePadding badPadding = (RSASignaturePadding)typeof(RSASignaturePadding)
.GetConstructor(BindingFlags.NonPublic | BindingFlags.Instance, new Type[] { typeof(RSASignaturePaddingMode) })
.Invoke(new object[] { badMode });
// Test setter
CmsSigner signer = new CmsSigner();
AssertExtensions.Throws <ArgumentException>("value", () => signer.SignaturePadding = badPadding);
// Test ctor
AssertExtensions.Throws <ArgumentException>("signaturePadding", () => new CmsSigner(
SubjectIdentifierType.IssuerAndSerialNumber,
certificate: null,
privateKey: null,
badPadding));
}
internal static int RsaSignHash(
SafeEvpPKeyHandle pkey,
RSASignaturePaddingMode paddingMode,
IntPtr digestAlgorithm,
ReadOnlySpan <byte> hash,
Span <byte> destination)
{
int written = CryptoNative_RsaSignHash(
pkey,
paddingMode,
digestAlgorithm,
ref MemoryMarshal.GetReference(hash),
hash.Length,
ref MemoryMarshal.GetReference(destination),
destination.Length);
if (written < 0)
{
Debug.Assert(written == -1);
throw CreateOpenSslCryptographicException();
}
return(written);
}
private static X509Certificate2 GenerateCertificate(
string subjectName,
Action <TestCertificateGenerator> modifyGenerator,
RSA rsa,
NuGet.Common.HashAlgorithmName hashAlgorithm,
RSASignaturePaddingMode paddingMode,
ChainCertificateRequest chainCertificateRequest)
{
if (string.IsNullOrEmpty(subjectName))
{
subjectName = "NuGetTest";
}
// Create cert
var subjectDN = $"CN={subjectName}";
var certGen = new TestCertificateGenerator();
var isSelfSigned = true;
X509Certificate2 issuer = null;
DateTimeOffset? notAfter = null;
var keyUsage = X509KeyUsageFlags.DigitalSignature;
if (chainCertificateRequest == null)
{
// Self-signed certificates should have this flag set.
keyUsage |= X509KeyUsageFlags.KeyCertSign;
}
else
{
if (chainCertificateRequest.Issuer != null)
{
isSelfSigned = false;
// for a certificate with an issuer assign Authority Key Identifier
issuer = chainCertificateRequest?.Issuer;
notAfter = issuer.NotAfter.Subtract(TimeSpan.FromMinutes(5));
var publicKey = DotNetUtilities.GetRsaPublicKey(issuer.GetRSAPublicKey());
certGen.Extensions.Add(
new X509Extension(
Oids.AuthorityKeyIdentifier,
new AuthorityKeyIdentifierStructure(publicKey).GetEncoded(),
critical: false));
}
if (chainCertificateRequest.ConfigureCrl)
{
// for a certificate in a chain create CRL distribution point extension
var issuerDN = chainCertificateRequest?.Issuer?.Subject ?? subjectDN;
var crlServerUri = $"{chainCertificateRequest.CrlServerBaseUri}{issuerDN}.crl";
var generalName = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.UniformResourceIdentifier, new DerIA5String(crlServerUri));
var distPointName = new DistributionPointName(new GeneralNames(generalName));
var distPoint = new DistributionPoint(distPointName, null, null);
certGen.Extensions.Add(
new X509Extension(
TestOids.CrlDistributionPoints,
new DerSequence(distPoint).GetDerEncoded(),
critical: false));
}
if (chainCertificateRequest.IsCA)
{
// update key usage with CA cert sign and crl sign attributes
keyUsage |= X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.KeyCertSign;
}
}
var padding = paddingMode.ToPadding();
var request = new CertificateRequest(subjectDN, rsa, hashAlgorithm.ConvertToSystemSecurityHashAlgorithmName(), padding);
bool isCa = isSelfSigned ? true : (chainCertificateRequest?.IsCA ?? false);
certGen.NotAfter = notAfter ?? DateTime.UtcNow.Add(TimeSpan.FromMinutes(30));
certGen.NotBefore = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(30));
var random = new Random();
var serial = random.Next();
var serialNumber = BitConverter.GetBytes(serial);
Array.Reverse(serialNumber);
certGen.SetSerialNumber(serialNumber);
certGen.Extensions.Add(
new X509SubjectKeyIdentifierExtension(request.PublicKey, critical: false));
certGen.Extensions.Add(
new X509KeyUsageExtension(keyUsage, critical: false));
certGen.Extensions.Add(
new X509BasicConstraintsExtension(certificateAuthority: isCa, hasPathLengthConstraint: false, pathLengthConstraint: 0, critical: true));
// Allow changes
modifyGenerator?.Invoke(certGen);
foreach (var extension in certGen.Extensions)
{
request.CertificateExtensions.Add(extension);
}
X509Certificate2 certResult;
if (isSelfSigned)
{
certResult = request.CreateSelfSigned(certGen.NotBefore, certGen.NotAfter);
}
else
{
using (var temp = request.Create(issuer, certGen.NotBefore, certGen.NotAfter, certGen.SerialNumber))
{
certResult = temp.CopyWithPrivateKey(rsa);
}
}
return(new X509Certificate2(certResult.Export(X509ContentType.Pkcs12), password: (string)null, keyStorageFlags: X509KeyStorageFlags.Exportable));
}
private RSASignaturePadding(RSASignaturePaddingMode mode)
{
_mode = mode;
}