Example #1
0
        /// <summary>
        /// Map HashAlgorithm type to string; .NET Framework uses CryptoConfig functionality.
        /// </summary>
        public static string?ToAlgorithmName(this HashAlgorithm hashAlgorithm)
        {
            if (hashAlgorithm is SHA1)
            {
                return(HashAlgorithmNames.SHA1);
            }
            if (hashAlgorithm is SHA256)
            {
                return(HashAlgorithmNames.SHA256);
            }
            if (hashAlgorithm is SHA384)
            {
                return(HashAlgorithmNames.SHA384);
            }
            if (hashAlgorithm is SHA512)
            {
                return(HashAlgorithmNames.SHA512);
            }
            if (hashAlgorithm is MD5)
            {
                return(HashAlgorithmNames.MD5);
            }

            // Fallback to ToString() which can be extended by derived classes
            return(hashAlgorithm.ToString());
        }
		public virtual byte[] CreateSignature (HashAlgorithm hash) 
		{
			if (hash == null)
				throw new ArgumentNullException ("hash");

			SetHashAlgorithm (hash.ToString ());
			return CreateSignature (hash.Hash);
		}
 /// <include file='doc\AsymmetricSignatureDeformatter.uex' path='docs/doc[@for="AsymmetricSignatureDeformatter.VerifySignature"]/*' />
 public virtual bool VerifySignature(HashAlgorithm hash, byte[] rgbSignature)
 {
     if (hash == null)
     {
         throw new ArgumentNullException("hash");
     }
     SetHashAlgorithm(hash.ToString());
     return(VerifySignature(hash.Hash, rgbSignature));
 }
 public virtual bool VerifySignature(HashAlgorithm hash, byte[] rgbSignature)
 {
     if (hash == null)
     {
         throw new ArgumentNullException("hash");
     }
     this.SetHashAlgorithm(hash.ToString());
     return this.VerifySignature(hash.Hash, rgbSignature);
 }
Example #5
0
 public virtual byte[] CreateSignature(HashAlgorithm hash)
 {
     if (hash == null)
     {
         throw new ArgumentNullException("hash");
     }
     this.SetHashAlgorithm(hash.ToString());
     return(this.CreateSignature(hash.Hash));
 }
Example #6
0
 public virtual byte[] CreateSignature(HashAlgorithm hash)
 {
     if (hash == null)
     {
         throw new ArgumentNullException("hash");
     }
     Contract.EndContractBlock();
     SetHashAlgorithm(hash.ToString());
     return(CreateSignature(hash.Hash));
 }
	public virtual void Create () 
	{
		// try the default hash algorithm (created in SetUp)
		Assert.AreEqual (defaultHash, hash.ToString (), "HashAlgorithm.Create()");

		// try to build all hash algorithms
		hash = HashAlgorithm.Create ("SHA");
		Assert.AreEqual (defaultSHA1, hash.ToString (), "HashAlgorithm.Create('SHA')");
		hash = HashAlgorithm.Create ("SHA1");
		Assert.AreEqual (defaultSHA1, hash.ToString (), "HashAlgorithm.Create('SHA1')");
		hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA1");
		Assert.AreEqual (defaultSHA1, hash.ToString (), "HashAlgorithm.Create('System.Security.Cryptography.SHA1')");
		hash = HashAlgorithm.Create ("System.Security.Cryptography.HashAlgorithm" );
		Assert.AreEqual (defaultHash, hash.ToString (), "HashAlgorithm.Create('System.Security.Cryptography.HashAlgorithm')");

		hash = HashAlgorithm.Create ("MD5");
		Assert.AreEqual (defaultMD5, hash.ToString (), "HashAlgorithm.Create('MD5')");
		hash = HashAlgorithm.Create ("System.Security.Cryptography.MD5");
		Assert.AreEqual (defaultMD5, hash.ToString (), "HashAlgorithm.Create('System.Security.Cryptography.MD5')");

		hash = HashAlgorithm.Create ("SHA256");
		Assert.AreEqual (defaultSHA256, hash.ToString (), "HashAlgorithm.Create('SHA256')");
		hash = HashAlgorithm.Create ("SHA-256");
		Assert.AreEqual (defaultSHA256, hash.ToString (), "HashAlgorithm.Create('SHA-256')");
		hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA256");
		Assert.AreEqual (defaultSHA256, hash.ToString (), "HashAlgorithm.Create('System.Security.Cryptography.SHA256')");
	
		hash = HashAlgorithm.Create ("SHA384");
		Assert.AreEqual (defaultSHA384, hash.ToString (), "HashAlgorithm.Create('SHA384')");
		hash = HashAlgorithm.Create ("SHA-384");
		Assert.AreEqual (defaultSHA384, hash.ToString (), "HashAlgorithm.Create('SHA-384')");
		hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA384");
		Assert.AreEqual (defaultSHA384, hash.ToString (), "HashAlgorithm.Create('System.Security.Cryptography.SHA384')");
	
		hash = HashAlgorithm.Create ("SHA512");
		Assert.AreEqual (defaultSHA512, hash.ToString (), "HashAlgorithm.Create('SHA512')");
		hash = HashAlgorithm.Create ("SHA-512");
		Assert.AreEqual (defaultSHA512, hash.ToString (), "HashAlgorithm.Create('SHA-512')");
		hash = HashAlgorithm.Create ("System.Security.Cryptography.SHA512");
		Assert.AreEqual (defaultSHA512, hash.ToString (), "HashAlgorithm.Create('System.Security.Cryptography.SHA512')");
	
		// try to build invalid implementation
		hash = HashAlgorithm.Create ("InvalidHash");
		Assert.IsNull (hash, "HashAlgorithm.Create('InvalidHash')");
	}
 public virtual bool VerifySignature(HashAlgorithm hash, byte[] rgbSignature) {
     if (hash == null) throw new ArgumentNullException("hash");
     Contract.EndContractBlock();
     SetHashAlgorithm(hash.ToString());
     return VerifySignature(hash.Hash, rgbSignature);
 }
        public static bool CompareHashes(HashAlgorithm algorithm1, HashAlgorithm algorithm2, byte[] data)
        {
            algorithm1.Initialize();
            algorithm2.Initialize();

            byte[] hash1 = algorithm1.ComputeHash(data);
            byte[] hash2 = algorithm2.ComputeHash(data);

            if (!CompareBytes(hash1, hash2))
            {
                Log.Comment("ERROR - HASH VALUE MISCOMPARISON!\n");
                Log.Comment("Algorithm 1 : " + algorithm1.ToString());
                Log.Comment("Algorithm 2 : " + algorithm2.ToString());
                Log.Comment("Data: " + ByteArrayToString(data));
                return false;
            }

            return true;
        }
Example #10
0
		// PKCS #1 v.2.1, Section 9.2
		// EMSA-PKCS1-v1_5-Encode
		public static byte[] Encode_v15 (HashAlgorithm hash, byte[] hashValue, int emLength) 
		{
			if (hashValue.Length != (hash.HashSize >> 3))
				throw new CryptographicException ("bad hash length for " + hash.ToString ());

			// DigestInfo ::= SEQUENCE {
			//	digestAlgorithm AlgorithmIdentifier,
			//	digest OCTET STRING
			// }
		
			byte[] t = null;

			string oid = CryptoConfig.MapNameToOID (hash.ToString ());
			if (oid != null)
			{
				ASN1 digestAlgorithm = new ASN1 (0x30);
				digestAlgorithm.Add (new ASN1 (CryptoConfig.EncodeOID (oid)));
				digestAlgorithm.Add (new ASN1 (0x05));		// NULL
				ASN1 digest = new ASN1 (0x04, hashValue);
				ASN1 digestInfo = new ASN1 (0x30);
				digestInfo.Add (digestAlgorithm);
				digestInfo.Add (digest);

				t = digestInfo.GetBytes ();
			}
			else
			{
				// There are no valid OID, in this case t = hashValue
				// This is the case of the MD5SHA hash algorithm
				t = hashValue;
			}

			Buffer.BlockCopy (hashValue, 0, t, t.Length - hashValue.Length, hashValue.Length);
	
			int PSLength = System.Math.Max (8, emLength - t.Length - 3);
			// PS = PSLength of 0xff
	
			// EM = 0x00 | 0x01 | PS | 0x00 | T
			byte[] EM = new byte [PSLength + t.Length + 3];
			EM [1] = 0x01;
			for (int i=2; i < PSLength + 2; i++)
				EM[i] = 0xff;
			Buffer.BlockCopy (t, 0, EM, PSLength + 3, t.Length);
	
			return EM;
		}
		//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName) 
		private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) 
		{
			string contentType = null;
			ASN1 messageDigest = null;
//			string spcStatementType = null;
//			string spcSpOpusInfo = null;

			for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) {
				ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i];
				string oid = ASN1Convert.ToOid (attr[0]);
				switch (oid) {
					case "1.2.840.113549.1.9.3":
						// contentType
						contentType = ASN1Convert.ToOid (attr[1][0]);
						break;
					case "1.2.840.113549.1.9.4":
						// messageDigest
						messageDigest = attr[1][0];
						break;
					case "1.3.6.1.4.1.311.2.1.11":
						// spcStatementType (Microsoft code signing)
						// possible values
						// - individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
						// - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
//						spcStatementType = ASN1Convert.ToOid (attr[1][0][0]);
						break;
					case "1.3.6.1.4.1.311.2.1.12":
						// spcSpOpusInfo (Microsoft code signing)
/*						try {
							spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value);
						}
						catch (NullReferenceException) {
							spcSpOpusInfo = null;
						}*/
						break;
					default:
						break;
				}
			}
			if (contentType != spcIndirectDataContext)
				return false;

			// verify message digest
			if (messageDigest == null)
				return false;
			if (!messageDigest.CompareValue (calculatedMessageDigest))
				return false;

			// verify signature
			string hashOID = CryptoConfig.MapNameToOID (ha.ToString ());
			
			// change to SET OF (not [0]) as per PKCS #7 1.5
			ASN1 aa = new ASN1 (0x31);
			foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes)
				aa.Add (a);
			ha.Initialize ();
			byte[] p7hash = ha.ComputeHash (aa.GetBytes ());

			byte[] signature = sd.SignerInfo.Signature;
			// we need to find the specified certificate
			string issuer = sd.SignerInfo.IssuerName;
			byte[] serial = sd.SignerInfo.SerialNumber;
			foreach (X509Certificate x509 in coll) {
				if (CompareIssuerSerial (issuer, serial, x509)) {
					// don't verify is key size don't match
					if (x509.PublicKey.Length > (signature.Length >> 3)) {
						RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
						if (rsa.VerifyHash (p7hash, hashOID, signature)) {
							signerChain.LoadCertificates (coll);
							trustedRoot = signerChain.Build (x509);
							signingCertificate = x509;
							break; 
						}
					}
				}
			}

			for (int i=0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++) {
				ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes [i];
				string oid = ASN1Convert.ToOid (attr [0]);
				switch (oid) {
					case PKCS7.Oid.countersignature:
						// SEQUENCE {
						//   OBJECT IDENTIFIER
						//     countersignature (1 2 840 113549 1 9 6)
						//   SET {
						PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr [1]);
						trustedTimestampRoot = VerifyCounterSignature (cs, signature);
						break;
					default:
						// we don't support other unauthenticated attributes
						break;
				}
			}

			return (trustedRoot && trustedTimestampRoot);
		}