/// <summary> /// Parses and checks contents of the DICE extension /// </summary> /// <param name="c">Certificate to validate</param> /// <returns>Extension is well formed</returns> bool CheckDICEExtension(X509Certificate c) { var criticalOids = c.GetCriticalExtensionOids(); if (criticalOids.Contains(DICEExtensionOid)) { Error("DICE extension is marked critical and should be non-critical"); return(false); } var nonCriticalOids = c.GetNonCriticalExtensionOids(); if (!nonCriticalOids.Contains(DICEExtensionOid)) { Error("DICE extension not found"); return(false); } var diceExtension = c.GetExtensionValue(new DerObjectIdentifier(DICEExtensionOid)); try { DerOctetString envelope = (DerOctetString)DerOctetString.FromByteArray(diceExtension.GetEncoded()); DerSequence seq = (DerSequence)DerSequence.FromByteArray(envelope.GetOctets()); // first field is version number var versionNumber = (DerInteger)seq[0]; if (versionNumber.PositiveValue.IntValue != 1) { Error($"DICE Extension has Wrong version number. Expecing {DICEExtensionVersionNumber}, cert contains {versionNumber.ToString()}"); return(false); } // second field is DeviceID var devIdPubKey = SubjectPublicKeyInfo.GetInstance(seq[1]); // will check it's good later PubKeyInfoFromDICEExtension = devIdPubKey; // third field contains {hashOid, hashVal} var hashEnvelope = (DerSequence)seq[2]; var hashAlg = (DerObjectIdentifier)hashEnvelope[0]; if (hashAlg.Id != NistObjectIdentifiers.IdSha256.ToString()) { Error("DICE Extension hash alg is wrong. "); return(false); } var hashVal = (DerOctetString)hashEnvelope[1]; if (hashVal.GetOctets().Length != 32) { Error("DICE Extension hash value length is wrong. "); return(false); } } catch (Exception e) { Error($"Failed to parse the DICE extension. Parsing exception was {e.ToString()}"); return(false); } return(true); }
public void Decode(byte[] data) { if (data == null) { throw ExceptionUtility.ArgumentNull("data"); } try { var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence; var s0 = s[0] as Asn1Sequence; var s1 = (s[1] as Asn1TaggedObject).GetObject() as Asn1Sequence; var s11 = (s1[1] as Asn1TaggedObject).GetObject() as Asn1Sequence; var s1101 = (s11[0] as Asn1Sequence)[1] as Asn1Sequence; SessionEncryptedKey = new GostKeyExchangeInfo { EncryptionParamSet = (s1[0] as DerObjectIdentifier).Id, EncryptedKey = (s0[0] as DerOctetString).GetOctets(), Mac = (s0[1] as DerOctetString).GetOctets(), Ukm = (s1[2] as DerOctetString).GetOctets() }; TransportParameters = new GostKeyExchangeParameters { PublicKeyParamSet = (s1101[0] as DerObjectIdentifier).Id, DigestParamSet = (s1101[1] as DerObjectIdentifier).Id, EncryptionParamSet = s1101.Count > 2 ? (s1101[2] as DerObjectIdentifier).Id : null, PublicKey = (DerOctetString.FromByteArray((s11[1] as DerBitString).GetBytes()) as DerOctetString).GetOctets(), PrivateKey = null }; } catch (Exception exception) { throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "GostR3410KeyTransportDecode"); } }
public static byte[] ExtractSignerId(this SignerID selector) { //In case of SignerID it seems to be the encoded Octet String (bug?) return(Asn1OctetString.GetInstance(DerOctetString.FromByteArray(selector.SubjectKeyIdentifier)).GetOctets()); }