internal StrongNameSignatureInformation(AsymmetricAlgorithm publicKey)
        {
            Debug.Assert(publicKey != null, "publicKey != null");

            m_verificationResult = SignatureVerificationResult.Valid;
            m_publicKey          = publicKey;
        }
 internal AuthenticodeSignatureInformation(X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer, X509Chain signatureChain, TimestampInformation timestamp)
 {
     this.m_verificationResult = (SignatureVerificationResult)signer.dwError;
     this.m_hashAlgorithmId    = signer.algHash;
     if (signer.pwszDescription != IntPtr.Zero)
     {
         this.m_description = Marshal.PtrToStringUni(signer.pwszDescription);
     }
     if (signer.pwszDescriptionUrl != IntPtr.Zero)
     {
         Uri.TryCreate(Marshal.PtrToStringUni(signer.pwszDescriptionUrl), UriKind.RelativeOrAbsolute, out this.m_descriptionUrl);
     }
     this.m_signatureChain = signatureChain;
     if ((timestamp != null) && (timestamp.VerificationResult != SignatureVerificationResult.MissingSignature))
     {
         if (timestamp.IsValid)
         {
             this.m_timestamp = timestamp;
         }
         else
         {
             this.m_verificationResult = SignatureVerificationResult.InvalidTimestamp;
         }
     }
     else
     {
         this.m_timestamp = null;
     }
 }
Ejemplo n.º 3
0
        private StrongNameSignatureInformation VerifyStrongNameSignature(XmlElement signatureNode)
        {
            AsymmetricAlgorithm algorithm;

            if (!base.CheckSignatureReturningKey(out algorithm))
            {
                return(new StrongNameSignatureInformation(SignatureVerificationResult.BadDigest));
            }
            SignatureVerificationResult error = VerifyStrongNameSignatureId(signatureNode);

            if (error != SignatureVerificationResult.Valid)
            {
                return(new StrongNameSignatureInformation(error));
            }
            SignatureVerificationResult result2 = VerifyStrongNameSignatureTransforms(base.Signature.SignedInfo);

            if (result2 != SignatureVerificationResult.Valid)
            {
                return(new StrongNameSignatureInformation(result2));
            }
            if (!CompareBytes(this.CalculateManifestPublicKeyToken(), CalculateSignerPublicKeyToken(algorithm)))
            {
                return(new StrongNameSignatureInformation(SignatureVerificationResult.PublicKeyTokenMismatch));
            }
            return(new StrongNameSignatureInformation(algorithm));
        }
        internal AuthenticodeSignatureInformation(X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer,
                                                  X509Chain signatureChain,
                                                  TimestampInformation timestamp) {
            m_verificationResult = (SignatureVerificationResult)signer.dwError;
            m_hashAlgorithmId = signer.algHash;

            if (signer.pwszDescription != IntPtr.Zero) {
                m_description = Marshal.PtrToStringUni(signer.pwszDescription);
            }
            if (signer.pwszDescriptionUrl != IntPtr.Zero) {
                string descriptionUrl = Marshal.PtrToStringUni(signer.pwszDescriptionUrl);
                Uri.TryCreate(descriptionUrl, UriKind.RelativeOrAbsolute, out m_descriptionUrl);
            }

            m_signatureChain = signatureChain;

            // If there was a timestamp, and it was not valid we need to invalidate the entire Authenticode
            // signature as well, since we cannot assume that the signature would have verified without
            // the timestamp.
            if (timestamp != null && timestamp.VerificationResult != SignatureVerificationResult.MissingSignature) {
                if (timestamp.IsValid) {
                    m_timestamp = timestamp;
                }
                else {
                    m_verificationResult = SignatureVerificationResult.InvalidTimestamp;
                }
            }
            else {
                m_timestamp = null;
            }
        }
        internal TimestampInformation(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper) {
            m_hashAlgorithmId = timestamper.algHash;
            m_verificationResult = (SignatureVerificationResult)timestamper.dwError;

            ulong filetime = ((ulong)((uint)timestamper.ftTimestamp.dwHighDateTime) << 32)  |
                              (ulong)((uint)timestamper.ftTimestamp.dwLowDateTime);
            m_timestamp = DateTime.FromFileTimeUtc((long)filetime);

            if (timestamper.pChainContext != IntPtr.Zero) {
                m_timestampChain = new X509Chain(timestamper.pChainContext);
            }
        }
Ejemplo n.º 6
0
        internal TimestampInformation(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper)
        {
            this.m_hashAlgorithmId    = timestamper.algHash;
            this.m_verificationResult = (SignatureVerificationResult)timestamper.dwError;
            ulong num = (((ulong)timestamper.ftTimestamp.dwHighDateTime) << 0x20) | ((ulong)timestamper.ftTimestamp.dwLowDateTime);

            this.m_timestamp = DateTime.FromFileTimeUtc((long)num);
            if (timestamper.pChainContext != IntPtr.Zero)
            {
                this.m_timestampChain = new X509Chain(timestamper.pChainContext);
            }
        }
Ejemplo n.º 7
0
        internal static int HResultForVerificationResult(SignatureVerificationResult verificationResult)
        {
            switch (verificationResult)
            {
            case SignatureVerificationResult.AssemblyIdentityMismatch:
            case SignatureVerificationResult.PublicKeyTokenMismatch:
            case SignatureVerificationResult.PublisherMismatch:
                return(-2146762749);

            case SignatureVerificationResult.ContainingSignatureInvalid:
                return(-2146869232);
            }
            return((int)verificationResult);
        }
        public static bool VerifyReceivedMessage(MessageToReceive messageToReceive)
        {
            SignatureVerificationResult signatureVerificationResult = Verify(
                messageToReceive.legacyAddress,
                messageToReceive.message,
                messageToReceive.signature
                );

            if (signatureVerificationResult == SignatureVerificationResult.SignatureIsValid)
            {
                return(true);
            }
            return(false);
        }
Ejemplo n.º 9
0
        /// <summary>
        ///     Map a verification result to a matching HRESULT
        /// </summary>
        internal static int HResultForVerificationResult(SignatureVerificationResult verificationResult)
        {
            switch (verificationResult)
            {
            case SignatureVerificationResult.AssemblyIdentityMismatch:
            case SignatureVerificationResult.PublicKeyTokenMismatch:
            case SignatureVerificationResult.PublisherMismatch:
                return((int)SignatureVerificationResult.BadSignatureFormat);

            case SignatureVerificationResult.ContainingSignatureInvalid:
                return((int)SignatureVerificationResult.BadDigest);

            default:
                return((int)verificationResult);
            }
        }
        /// <summary>
        ///     Verify the strong name signature has a valid format and applies to this manifest
        /// </summary>
        private StrongNameSignatureInformation VerifyStrongNameSignature(XmlElement signatureNode)
        {
            Debug.Assert(signatureNode != null, "signatureNode != null");

            // Verify that the signature is valid
            AsymmetricAlgorithm key;

            if (!CheckSignatureReturningKey(out key))
            {
                return(new StrongNameSignatureInformation(SignatureVerificationResult.BadDigest));
            }

            // ensure there is an ID element, and it is the strong name id
            SignatureVerificationResult strongNameId = VerifyStrongNameSignatureId(signatureNode);

            if (strongNameId != SignatureVerificationResult.Valid)
            {
                return(new StrongNameSignatureInformation(strongNameId));
            }

            // Verify that the transforms are the ones we expect.
            Debug.Assert(Signature != null && Signature.SignedInfo != null,
                         "XML signature must be verified before getting SN details");
            SignatureVerificationResult transformsValid = VerifyStrongNameSignatureTransforms(Signature.SignedInfo);

            if (transformsValid != SignatureVerificationResult.Valid)
            {
                return(new StrongNameSignatureInformation(transformsValid));
            }

            // ensure the public key token in the manifest identity matches the public key token of the signing
            // strong name key
            if (!CompareBytes(CalculateManifestPublicKeyToken(), CalculateSignerPublicKeyToken(key)))
            {
                return(new StrongNameSignatureInformation(SignatureVerificationResult.PublicKeyTokenMismatch));
            }

            return(new StrongNameSignatureInformation(key));
        }
        internal AuthenticodeSignatureInformation(X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer,
                                                  X509Chain signatureChain,
                                                  TimestampInformation timestamp)
        {
            m_verificationResult = (SignatureVerificationResult)signer.dwError;
            m_hashAlgorithmId    = signer.algHash;

            if (signer.pwszDescription != IntPtr.Zero)
            {
                m_description = Marshal.PtrToStringUni(signer.pwszDescription);
            }
            if (signer.pwszDescriptionUrl != IntPtr.Zero)
            {
                string descriptionUrl = Marshal.PtrToStringUni(signer.pwszDescriptionUrl);
                Uri.TryCreate(descriptionUrl, UriKind.RelativeOrAbsolute, out m_descriptionUrl);
            }

            m_signatureChain = signatureChain;

            // If there was a timestamp, and it was not valid we need to invalidate the entire Authenticode
            // signature as well, since we cannot assume that the signature would have verified without
            // the timestamp.
            if (timestamp != null && timestamp.VerificationResult != SignatureVerificationResult.MissingSignature)
            {
                if (timestamp.IsValid)
                {
                    m_timestamp = timestamp;
                }
                else
                {
                    m_verificationResult = SignatureVerificationResult.InvalidTimestamp;
                }
            }
            else
            {
                m_timestamp = null;
            }
        }
        private AuthenticodeSignatureInformation VerifyAuthenticodeSignature(XmlElement signatureNode,
                                                                             X509RevocationFlag revocationFlag,
                                                                             X509RevocationMode revocationMode)
        {
            Debug.Assert(signatureNode != null, "signatureNode != null");

            // See if there is an Authenticode signature on the manifest
            XmlElement licenseNode = signatureNode.SelectSingleNode("ds:KeyInfo/msrel:RelData/r:license",
                                                                    m_namespaceManager) as XmlElement;

            if (licenseNode == null)
            {
                return(null);
            }

            // Make sure that the signature is for this manifest
            SignatureVerificationResult identityVerification = VerifyAuthenticodeSignatureIdentity(licenseNode);

            if (identityVerification != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(identityVerification));
            }

            SignatureVerificationResult hashVerification = VerifyAuthenticodeExpectedHash(licenseNode);

            if (hashVerification != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(hashVerification));
            }

            // Verify the signature, extracting information about it
            AuthenticodeSignatureInformation authenticodeSignature = null;

            X509Native.AXL_AUTHENTICODE_SIGNER_INFO signer = new X509Native.AXL_AUTHENTICODE_SIGNER_INFO();
            signer.cbSize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_SIGNER_INFO));

            X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO timestamper = new X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO();
            timestamper.cbsize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO));

            RuntimeHelpers.PrepareConstrainedRegions();
            try {
                byte[] licenseXml = Encoding.UTF8.GetBytes(licenseNode.OuterXml);
                X509Native.AxlVerificationFlags verificationFlags = MapRevocationFlags(revocationFlag,
                                                                                       revocationMode);

                unsafe
                {
                    fixed(byte *pLicenseXml = licenseXml)
                    {
                        // Safe since we're verifying the size of this buffer is correct
                        CapiNative.CRYPTOAPI_BLOB xmlBlob = new CapiNative.CRYPTOAPI_BLOB();
                        xmlBlob.cbData = licenseXml.Length;
                        xmlBlob.pbData = new IntPtr(pLicenseXml);

                        int hrVerify = X509Native.UnsafeNativeMethods.CertVerifyAuthenticodeLicense(ref xmlBlob,
                                                                                                    verificationFlags,
                                                                                                    ref signer,
                                                                                                    ref timestamper);

                        if (hrVerify == (int)SignatureVerificationResult.MissingSignature)
                        {
                            return(new AuthenticodeSignatureInformation(SignatureVerificationResult.MissingSignature));
                        }
                    }
                }

                X509Chain signatureChain = BuildSignatureChain(signer,
                                                               licenseNode,
                                                               revocationFlag,
                                                               revocationMode);

                TimestampInformation timestamp = GetTimestampInformation(timestamper,
                                                                         licenseNode);

                authenticodeSignature = new AuthenticodeSignatureInformation(signer,
                                                                             signatureChain,
                                                                             timestamp);
            }
            finally {
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeSignerInfo(ref signer);
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeTimestamperInfo(ref timestamper);
            }

            // Verify the signing certificate matches the expected publisher
            Debug.Assert(authenticodeSignature != null, "authenticodeSignature != null");
            if (authenticodeSignature.SigningCertificate == null)
            {
                return(new AuthenticodeSignatureInformation(authenticodeSignature.VerificationResult));
            }

            SignatureVerificationResult publisherMatch = VerifyAuthenticodePublisher(authenticodeSignature.SigningCertificate);

            if (publisherMatch != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(publisherMatch));
            }

            return(authenticodeSignature);
        }
Ejemplo n.º 13
0
 internal TimestampInformation(SignatureVerificationResult error)
 {
     Debug.Assert(error != SignatureVerificationResult.Valid, "error != SignatureVerificationResult.Valid");
     m_verificationResult = error;
 }
Ejemplo n.º 14
0
        private unsafe AuthenticodeSignatureInformation VerifyAuthenticodeSignature(XmlElement signatureNode, X509RevocationFlag revocationFlag, X509RevocationMode revocationMode)
        {
            XmlElement licenseNode = signatureNode.SelectSingleNode("ds:KeyInfo/msrel:RelData/r:license", this.m_namespaceManager) as XmlElement;

            if (licenseNode == null)
            {
                return(null);
            }
            SignatureVerificationResult error = this.VerifyAuthenticodeSignatureIdentity(licenseNode);

            if (error != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(error));
            }
            SignatureVerificationResult result2 = this.VerifyAuthenticodeExpectedHash(licenseNode);

            if (result2 != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(result2));
            }
            AuthenticodeSignatureInformation information = null;

            X509Native.AXL_AUTHENTICODE_SIGNER_INFO pSignerInfo = new X509Native.AXL_AUTHENTICODE_SIGNER_INFO {
                cbSize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_SIGNER_INFO))
            };
            X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO pTimestamperInfo = new X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO {
                cbsize = Marshal.SizeOf(typeof(X509Native.AXL_AUTHENTICODE_TIMESTAMPER_INFO))
            };
            RuntimeHelpers.PrepareConstrainedRegions();
            try
            {
                byte[] bytes = Encoding.UTF8.GetBytes(licenseNode.OuterXml);
                X509Native.AxlVerificationFlags dwFlags = MapRevocationFlags(revocationFlag, revocationMode);
                try
                {
                    fixed(byte *numRef = bytes)
                    {
                        CapiNative.CRYPTOAPI_BLOB pLicenseBlob = new CapiNative.CRYPTOAPI_BLOB {
                            cbData = bytes.Length,
                            pbData = new IntPtr((void *)numRef)
                        };
                        if (X509Native.UnsafeNativeMethods.CertVerifyAuthenticodeLicense(ref pLicenseBlob, dwFlags, ref pSignerInfo, ref pTimestamperInfo) == -2146762496)
                        {
                            return(new AuthenticodeSignatureInformation(SignatureVerificationResult.MissingSignature));
                        }
                    }
                }
                finally
                {
                    numRef = null;
                }
                X509Chain            signatureChain       = this.BuildSignatureChain(pSignerInfo, licenseNode, revocationFlag, revocationMode);
                TimestampInformation timestampInformation = this.GetTimestampInformation(pTimestamperInfo, licenseNode);
                information = new AuthenticodeSignatureInformation(pSignerInfo, signatureChain, timestampInformation);
            }
            finally
            {
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeSignerInfo(ref pSignerInfo);
                X509Native.UnsafeNativeMethods.CertFreeAuthenticodeTimestamperInfo(ref pTimestamperInfo);
            }
            if (information.SigningCertificate == null)
            {
                return(new AuthenticodeSignatureInformation(information.VerificationResult));
            }
            SignatureVerificationResult result3 = this.VerifyAuthenticodePublisher(information.SigningCertificate);

            if (result3 != SignatureVerificationResult.Valid)
            {
                return(new AuthenticodeSignatureInformation(result3));
            }
            return(information);
        }
 internal TimestampInformation(SignatureVerificationResult error) {
     Debug.Assert(error != SignatureVerificationResult.Valid, "error != SignatureVerificationResult.Valid");
     m_verificationResult = error;
 }
Ejemplo n.º 16
0
 public override SignatureVerificationResult VerifySignature(string path, string parent)
 {
     return(SignatureVerificationResult.UnsupportedFileTypeResult(path, parent));
 }
 /// <summary>
 ///     Create an Authenticode signature information for a signature which is not valid
 /// </summary>
 internal AuthenticodeSignatureInformation(SignatureVerificationResult error) {
     Debug.Assert(error != SignatureVerificationResult.Valid);
     m_verificationResult = error;
 }
        internal StrongNameSignatureInformation(SignatureVerificationResult error)
        {
            Debug.Assert(error != SignatureVerificationResult.Valid, "error != SignatureVerificationResult.Valid");

            m_verificationResult = error;
        }
 internal StrongNameSignatureInformation(AsymmetricAlgorithm publicKey)
 {
     this.m_verificationResult = SignatureVerificationResult.Valid;
     this.m_publicKey          = publicKey;
 }
 internal StrongNameSignatureInformation(SignatureVerificationResult error)
 {
     this.m_verificationResult = error;
 }
        internal StrongNameSignatureInformation(AsymmetricAlgorithm publicKey) {
            Debug.Assert(publicKey != null, "publicKey != null");

            m_verificationResult = SignatureVerificationResult.Valid;
            m_publicKey = publicKey;
        }
 internal AuthenticodeSignatureInformation(SignatureVerificationResult error)
 {
     this.m_verificationResult = error;
 }
 /// <summary>
 ///     Create an Authenticode signature information for a signature which is not valid
 /// </summary>
 internal AuthenticodeSignatureInformation(SignatureVerificationResult error)
 {
     Debug.Assert(error != SignatureVerificationResult.Valid);
     m_verificationResult = error;
 }
Ejemplo n.º 24
0
 internal TimestampInformation(SignatureVerificationResult error)
 {
     this.m_verificationResult = error;
 }
        internal StrongNameSignatureInformation(SignatureVerificationResult error) {
            Debug.Assert(error != SignatureVerificationResult.Valid, "error != SignatureVerificationResult.Valid");

            m_verificationResult = error;
        }