internal static string FindOidInfo(uint keyType, string keyValue, System.Security.Cryptography.OidGroup oidGroup) { if (keyValue == null) { throw new ArgumentNullException("keyValue"); } if (keyValue.Length == 0) { return(null); } SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle; switch (keyType) { case 1: invalidHandle = StringToAnsiPtr(keyValue); break; case 2: invalidHandle = StringToUniPtr(keyValue); break; } CAPIBase.CRYPT_OID_INFO crypt_oid_info = CAPI.CryptFindOIDInfo(keyType, invalidHandle, oidGroup); if ((crypt_oid_info.pszOID == null) && (oidGroup != System.Security.Cryptography.OidGroup.AllGroups)) { crypt_oid_info = CAPI.CryptFindOIDInfo(keyType, invalidHandle, System.Security.Cryptography.OidGroup.AllGroups); } if (keyType == 1) { return(crypt_oid_info.pwszName); } return(crypt_oid_info.pszOID); }
internal static uint OidToAlgId(string value) { SafeLocalAllocHandle pszOid = StringToAnsiPtr(value); CAPI.CRYPT_OID_INFO pOIDInfo = CAPI.CryptFindOIDInfo(CAPI.CRYPT_OID_INFO_OID_KEY, pszOid, 0); return(pOIDInfo.Algid); }
internal static string FindOidInfo(uint keyType, string keyValue, System.Security.Cryptography.OidGroup oidGroup) { if (keyValue == null) { throw new ArgumentNullException("keyValue"); } if (keyValue.Length == 0) { return(null); } #if MONO switch (keyType) { case CAPI.CRYPT_OID_INFO_OID_KEY: return(CAPI.CryptFindOIDInfoNameFromKey(keyValue, oidGroup)); case CAPI.CRYPT_OID_INFO_NAME_KEY: return(CAPI.CryptFindOIDInfoKeyFromName(keyValue, oidGroup)); default: throw new NotImplementedException(keyType.ToString()); } #else SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle; try { switch (keyType) { case CAPI.CRYPT_OID_INFO_OID_KEY: pvKey = StringToAnsiPtr(keyValue); break; case CAPI.CRYPT_OID_INFO_NAME_KEY: pvKey = StringToUniPtr(keyValue); break; default: Debug.Assert(false); break; } CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup); if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY) { return(pOidInfo.pwszName); } else { return(pOidInfo.pszOID); } } finally { pvKey.Dispose(); } #endif }
internal static string FindOidInfo(uint keyType, string keyValue, OidGroup oidGroup) { if (keyValue == null) { throw new ArgumentNullException("keyValue"); } if (keyValue.Length == 0) { return(null); } SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle; try { switch (keyType) { case CAPI.CRYPT_OID_INFO_OID_KEY: pvKey = StringToAnsiPtr(keyValue); break; case CAPI.CRYPT_OID_INFO_NAME_KEY: pvKey = StringToUniPtr(keyValue); break; default: Debug.Assert(false); break; } CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup); if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY) { return(pOidInfo.pwszName); } else { return(pOidInfo.pszOID); } } finally { pvKey.Dispose(); } }
internal static uint OidToAlgId(string value) { return(CAPI.CryptFindOIDInfo(1U, X509Utils.StringToAnsiPtr(value), 0U).Algid); }
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly) { checked { // We need to find out if DSS parameters inheritance is necessary. If so, we need to // first build the chain to cause CAPI to inherit and set the parameters in the // CERT_PUBKEY_ALG_PARA_PROP_ID extended property. Once we have the parameters in // the property, we then need to retrieve a copy and point to it in the CERT_INFO // structure. SafeLocalAllocHandle pbParameters = SafeLocalAllocHandle.InvalidHandle; CAPI.CERT_CONTEXT pCertContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT)); // Point to SubjectPublicKeyInfo field inside the CERT_INFO structure. IntPtr pSubjectPublicKeyInfo = new IntPtr((long)pCertContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")); // Point to Algorithm field inside the SubjectPublicKeyInfo field. IntPtr pAlgorithm = new IntPtr((long)pSubjectPublicKeyInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm")); // Point to Parameters field inside the Algorithm field. IntPtr pParameters = new IntPtr((long)pAlgorithm + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters")); // Retrieve the pszObjId pointer. IntPtr pObjId = Marshal.ReadIntPtr(pAlgorithm); // Translate the OID to AlgId value. CAPI.CRYPT_OID_INFO pOIDInfo = CAPI.CryptFindOIDInfo(CAPI.CRYPT_OID_INFO_OID_KEY, pObjId, CAPI.CRYPT_PUBKEY_ALG_OID_GROUP_ID); // Is this DSS? if (pOIDInfo.Algid == CAPI.CALG_DSS_SIGN) { bool inheritParameters = false; // This is DSS, so inherit the parameters if necessary. IntPtr pcbData = new IntPtr((long)pParameters + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData")); IntPtr ppbData = new IntPtr((long)pParameters + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData")); if (Marshal.ReadInt32(pcbData) == 0) { inheritParameters = true; } else { // Need to inherit if NULL pbData or *pbData is 0x05 (NULL ASN tag). if (Marshal.ReadIntPtr(ppbData) == IntPtr.Zero) { inheritParameters = true; } else { IntPtr pbData = Marshal.ReadIntPtr(ppbData); if ((uint)Marshal.ReadInt32(pbData) == CAPI.ASN_TAG_NULL) { inheritParameters = true; } } } // Do we need to copy inherited DSS parameters? if (inheritParameters) { // Build the chain to force CAPI to propagate the parameters to // CERT_PUBKEY_ALG_PARA_PROP_ID extended property. SafeCertChainHandle pChainContext = SafeCertChainHandle.InvalidHandle; X509Utils.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER), X509Utils.GetCertContext(certificate), null, null, null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), // default ref pChainContext); pChainContext.Dispose(); // The parameter is inherited in the extended property, but not copied // to CERT_INFO, so we need to do it ourselves. uint cbParameters = 0; if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), CAPI.CERT_PUBKEY_ALG_PARA_PROP_ID, pbParameters, ref cbParameters)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (cbParameters > 0) { pbParameters = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbParameters)); if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), CAPI.CERT_PUBKEY_ALG_PARA_PROP_ID, pbParameters, ref cbParameters)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } Marshal.WriteInt32(pcbData, (int)cbParameters); Marshal.WriteIntPtr(ppbData, pbParameters.DangerousGetHandle()); } } } // Is this counter signer? if (m_parentSignerInfo == null) { // Just plain signer. if (!CAPI.CryptMsgControl(m_signedCms.GetCryptMsgHandle(), 0, CAPI.CMSG_CTRL_VERIFY_SIGNATURE, pCertContext.pCertInfo)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } else { // Counter signer, so need to first find parent signer's index. int index = -1; int lastWin32Error = 0; // Since we allow the same signer to sign more than once, // we must than try all signatures of the same signer. while (true) { try { // Find index of parent signer. index = PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), m_parentSignerInfo, index + 1); } catch (CryptographicException) { // Did we ever find a signature of the same signer? if (lastWin32Error == 0) { // No. So we just re-throw, which is most likely CAPI.CRYPT_E_SIGNER_NOT_FOUND. throw; } else { // Yes. Throw previous error, which is most likely CAPI.NTE_BAD_SIGNATURE. throw new CryptographicException(lastWin32Error); } } // Now get the parent encoded singer info. uint cbParentEncodedSignerInfo = 0; SafeLocalAllocHandle pbParentEncodedSignerInfo = SafeLocalAllocHandle.InvalidHandle; PkcsUtils.GetParam(m_signedCms.GetCryptMsgHandle(), CAPI.CMSG_ENCODED_SIGNER, (uint)index, out pbParentEncodedSignerInfo, out cbParentEncodedSignerInfo); // Try next signer if we can't get parent of this signer. if (cbParentEncodedSignerInfo == 0) { lastWin32Error = CAPI.CRYPT_E_NO_SIGNER; continue; } fixed(byte *pbEncodedSignerInfo = m_encodedSignerInfo) { if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING, pbParentEncodedSignerInfo.DangerousGetHandle(), cbParentEncodedSignerInfo, new IntPtr(pbEncodedSignerInfo), (uint)m_encodedSignerInfo.Length, pCertContext.pCertInfo)) { // Cache the error, and try next signer. lastWin32Error = Marshal.GetLastWin32Error(); continue; } } // Keep alive. pbParentEncodedSignerInfo.Dispose(); // The signature is successfully verified. break; } } // Verfiy the cert if requested. if (!verifySignatureOnly) { int hr = VerifyCertificate(certificate, extraStore); if (hr != CAPI.S_OK) { throw new CryptographicException(hr); } } // Keep alive. pbParameters.Dispose(); } }
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly) { SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle; CAPI.CERT_CONTEXT certContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT)); IntPtr ptr1 = new IntPtr((long)new IntPtr((long)certContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")) + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm")); IntPtr num1 = new IntPtr((long)ptr1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters")); if ((int)CAPI.CryptFindOIDInfo(1U, Marshal.ReadIntPtr(ptr1), 3U).Algid == 8704) { bool flag = false; IntPtr ptr2 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData")); IntPtr ptr3 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData")); if (Marshal.ReadInt32(ptr2) == 0) { flag = true; } else if (Marshal.ReadIntPtr(ptr3) == IntPtr.Zero) { flag = true; } else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr3)) == 5) { flag = true; } if (flag) { SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle; X509Utils.BuildChain(new IntPtr(0L), X509Utils.GetCertContext(certificate), (X509Certificate2Collection)null, (OidCollection)null, (OidCollection)null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref invalidHandle); invalidHandle.Dispose(); uint pcbData = 0U; if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (pcbData > 0U) { pvData1 = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData)); if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } Marshal.WriteInt32(ptr2, (int)pcbData); Marshal.WriteIntPtr(ptr3, pvData1.DangerousGetHandle()); } } } if (this.m_parentSignerInfo == null) { if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 1U, certContext.pCertInfo)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } else { int num2 = -1; int hr = 0; SafeLocalAllocHandle pvData2; while (true) { try { num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1); } catch (CryptographicException ex) { if (hr != 0) { throw new CryptographicException(hr); } throw; } uint cbData = 0U; pvData2 = SafeLocalAllocHandle.InvalidHandle; PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 28U, (uint)num2, out pvData2, out cbData); if ((int)cbData == 0) { hr = -2146885618; } else { fixed(byte *numPtr = this.m_encodedSignerInfo) { if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 65537U, pvData2.DangerousGetHandle(), cbData, new IntPtr((void *)numPtr), (uint)this.m_encodedSignerInfo.Length, certContext.pCertInfo)) { hr = Marshal.GetLastWin32Error(); } else { break; } } } } // ISSUE: fixed variable is out of scope // ISSUE: __unpin statement __unpin(numPtr); pvData2.Dispose(); } if (!verifySignatureOnly) { int hr = SignerInfo.VerifyCertificate(certificate, extraStore); if (hr != 0) { throw new CryptographicException(hr); } } pvData1.Dispose(); }
internal static uint OidToAlgId(string value) { SafeLocalAllocHandle pvKey = StringToAnsiPtr(value); return(CAPI.CryptFindOIDInfo(1, pvKey, System.Security.Cryptography.OidGroup.AllGroups).Algid); }