internal static string FindOidInfo(uint keyType, string keyValue, System.Security.Cryptography.OidGroup oidGroup)
{
if (keyValue == null)
{
throw new ArgumentNullException("keyValue");
}
if (keyValue.Length == 0)
{
return(null);
}
SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle;
switch (keyType)
{
case 1:
invalidHandle = StringToAnsiPtr(keyValue);
break;
case 2:
invalidHandle = StringToUniPtr(keyValue);
break;
}
CAPIBase.CRYPT_OID_INFO crypt_oid_info = CAPI.CryptFindOIDInfo(keyType, invalidHandle, oidGroup);
if ((crypt_oid_info.pszOID == null) && (oidGroup != System.Security.Cryptography.OidGroup.AllGroups))
{
crypt_oid_info = CAPI.CryptFindOIDInfo(keyType, invalidHandle, System.Security.Cryptography.OidGroup.AllGroups);
}
if (keyType == 1)
{
return(crypt_oid_info.pwszName);
}
return(crypt_oid_info.pszOID);
}
internal static uint OidToAlgId(string value)
{
SafeLocalAllocHandle pszOid = StringToAnsiPtr(value);
CAPI.CRYPT_OID_INFO pOIDInfo = CAPI.CryptFindOIDInfo(CAPI.CRYPT_OID_INFO_OID_KEY, pszOid, 0);
return(pOIDInfo.Algid);
}
internal static string FindOidInfo(uint keyType, string keyValue, System.Security.Cryptography.OidGroup oidGroup)
{
if (keyValue == null)
{
throw new ArgumentNullException("keyValue");
}
if (keyValue.Length == 0)
{
return(null);
}
#if MONO
switch (keyType)
{
case CAPI.CRYPT_OID_INFO_OID_KEY:
return(CAPI.CryptFindOIDInfoNameFromKey(keyValue, oidGroup));
case CAPI.CRYPT_OID_INFO_NAME_KEY:
return(CAPI.CryptFindOIDInfoKeyFromName(keyValue, oidGroup));
default:
throw new NotImplementedException(keyType.ToString());
}
#else
SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle;
try {
switch (keyType)
{
case CAPI.CRYPT_OID_INFO_OID_KEY:
pvKey = StringToAnsiPtr(keyValue);
break;
case CAPI.CRYPT_OID_INFO_NAME_KEY:
pvKey = StringToUniPtr(keyValue);
break;
default:
Debug.Assert(false);
break;
}
CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup);
if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY)
{
return(pOidInfo.pwszName);
}
else
{
return(pOidInfo.pszOID);
}
}
finally {
pvKey.Dispose();
}
#endif
}
internal static string FindOidInfo(uint keyType, string keyValue, OidGroup oidGroup)
{
if (keyValue == null)
{
throw new ArgumentNullException("keyValue");
}
if (keyValue.Length == 0)
{
return(null);
}
SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle;
try {
switch (keyType)
{
case CAPI.CRYPT_OID_INFO_OID_KEY:
pvKey = StringToAnsiPtr(keyValue);
break;
case CAPI.CRYPT_OID_INFO_NAME_KEY:
pvKey = StringToUniPtr(keyValue);
break;
default:
Debug.Assert(false);
break;
}
CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup);
if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY)
{
return(pOidInfo.pwszName);
}
else
{
return(pOidInfo.pszOID);
}
}
finally {
pvKey.Dispose();
}
}
internal static uint OidToAlgId(string value)
{
return(CAPI.CryptFindOIDInfo(1U, X509Utils.StringToAnsiPtr(value), 0U).Algid);
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
checked {
// We need to find out if DSS parameters inheritance is necessary. If so, we need to
// first build the chain to cause CAPI to inherit and set the parameters in the
// CERT_PUBKEY_ALG_PARA_PROP_ID extended property. Once we have the parameters in
// the property, we then need to retrieve a copy and point to it in the CERT_INFO
// structure.
SafeLocalAllocHandle pbParameters = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_CONTEXT pCertContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
// Point to SubjectPublicKeyInfo field inside the CERT_INFO structure.
IntPtr pSubjectPublicKeyInfo = new IntPtr((long)pCertContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo"));
// Point to Algorithm field inside the SubjectPublicKeyInfo field.
IntPtr pAlgorithm = new IntPtr((long)pSubjectPublicKeyInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"));
// Point to Parameters field inside the Algorithm field.
IntPtr pParameters = new IntPtr((long)pAlgorithm + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"));
// Retrieve the pszObjId pointer.
IntPtr pObjId = Marshal.ReadIntPtr(pAlgorithm);
// Translate the OID to AlgId value.
CAPI.CRYPT_OID_INFO pOIDInfo = CAPI.CryptFindOIDInfo(CAPI.CRYPT_OID_INFO_OID_KEY, pObjId, CAPI.CRYPT_PUBKEY_ALG_OID_GROUP_ID);
// Is this DSS?
if (pOIDInfo.Algid == CAPI.CALG_DSS_SIGN)
{
bool inheritParameters = false;
// This is DSS, so inherit the parameters if necessary.
IntPtr pcbData = new IntPtr((long)pParameters + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData"));
IntPtr ppbData = new IntPtr((long)pParameters + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData"));
if (Marshal.ReadInt32(pcbData) == 0)
{
inheritParameters = true;
}
else
{
// Need to inherit if NULL pbData or *pbData is 0x05 (NULL ASN tag).
if (Marshal.ReadIntPtr(ppbData) == IntPtr.Zero)
{
inheritParameters = true;
}
else
{
IntPtr pbData = Marshal.ReadIntPtr(ppbData);
if ((uint)Marshal.ReadInt32(pbData) == CAPI.ASN_TAG_NULL)
{
inheritParameters = true;
}
}
}
// Do we need to copy inherited DSS parameters?
if (inheritParameters)
{
// Build the chain to force CAPI to propagate the parameters to
// CERT_PUBKEY_ALG_PARA_PROP_ID extended property.
SafeCertChainHandle pChainContext = SafeCertChainHandle.InvalidHandle;
X509Utils.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER),
X509Utils.GetCertContext(certificate),
null,
null,
null,
X509RevocationMode.NoCheck,
X509RevocationFlag.ExcludeRoot,
DateTime.Now,
new TimeSpan(0, 0, 0), // default
ref pChainContext);
pChainContext.Dispose();
// The parameter is inherited in the extended property, but not copied
// to CERT_INFO, so we need to do it ourselves.
uint cbParameters = 0;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate),
CAPI.CERT_PUBKEY_ALG_PARA_PROP_ID,
pbParameters,
ref cbParameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cbParameters > 0)
{
pbParameters = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbParameters));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate),
CAPI.CERT_PUBKEY_ALG_PARA_PROP_ID,
pbParameters,
ref cbParameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(pcbData, (int)cbParameters);
Marshal.WriteIntPtr(ppbData, pbParameters.DangerousGetHandle());
}
}
}
// Is this counter signer?
if (m_parentSignerInfo == null)
{
// Just plain signer.
if (!CAPI.CryptMsgControl(m_signedCms.GetCryptMsgHandle(),
0,
CAPI.CMSG_CTRL_VERIFY_SIGNATURE,
pCertContext.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
else
{
// Counter signer, so need to first find parent signer's index.
int index = -1;
int lastWin32Error = 0;
// Since we allow the same signer to sign more than once,
// we must than try all signatures of the same signer.
while (true)
{
try {
// Find index of parent signer.
index = PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), m_parentSignerInfo, index + 1);
}
catch (CryptographicException) {
// Did we ever find a signature of the same signer?
if (lastWin32Error == 0)
{
// No. So we just re-throw, which is most likely CAPI.CRYPT_E_SIGNER_NOT_FOUND.
throw;
}
else
{
// Yes. Throw previous error, which is most likely CAPI.NTE_BAD_SIGNATURE.
throw new CryptographicException(lastWin32Error);
}
}
// Now get the parent encoded singer info.
uint cbParentEncodedSignerInfo = 0;
SafeLocalAllocHandle pbParentEncodedSignerInfo = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(m_signedCms.GetCryptMsgHandle(),
CAPI.CMSG_ENCODED_SIGNER,
(uint)index,
out pbParentEncodedSignerInfo,
out cbParentEncodedSignerInfo);
// Try next signer if we can't get parent of this signer.
if (cbParentEncodedSignerInfo == 0)
{
lastWin32Error = CAPI.CRYPT_E_NO_SIGNER;
continue;
}
fixed(byte *pbEncodedSignerInfo = m_encodedSignerInfo)
{
if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
pbParentEncodedSignerInfo.DangerousGetHandle(),
cbParentEncodedSignerInfo,
new IntPtr(pbEncodedSignerInfo),
(uint)m_encodedSignerInfo.Length,
pCertContext.pCertInfo))
{
// Cache the error, and try next signer.
lastWin32Error = Marshal.GetLastWin32Error();
continue;
}
}
// Keep alive.
pbParentEncodedSignerInfo.Dispose();
// The signature is successfully verified.
break;
}
}
// Verfiy the cert if requested.
if (!verifySignatureOnly)
{
int hr = VerifyCertificate(certificate, extraStore);
if (hr != CAPI.S_OK)
{
throw new CryptographicException(hr);
}
}
// Keep alive.
pbParameters.Dispose();
}
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_CONTEXT certContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
IntPtr ptr1 = new IntPtr((long)new IntPtr((long)certContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")) + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"));
IntPtr num1 = new IntPtr((long)ptr1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"));
if ((int)CAPI.CryptFindOIDInfo(1U, Marshal.ReadIntPtr(ptr1), 3U).Algid == 8704)
{
bool flag = false;
IntPtr ptr2 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData"));
IntPtr ptr3 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData"));
if (Marshal.ReadInt32(ptr2) == 0)
{
flag = true;
}
else if (Marshal.ReadIntPtr(ptr3) == IntPtr.Zero)
{
flag = true;
}
else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr3)) == 5)
{
flag = true;
}
if (flag)
{
SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
X509Utils.BuildChain(new IntPtr(0L), X509Utils.GetCertContext(certificate), (X509Certificate2Collection)null, (OidCollection)null, (OidCollection)null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref invalidHandle);
invalidHandle.Dispose();
uint pcbData = 0U;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0U)
{
pvData1 = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(ptr2, (int)pcbData);
Marshal.WriteIntPtr(ptr3, pvData1.DangerousGetHandle());
}
}
}
if (this.m_parentSignerInfo == null)
{
if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 1U, certContext.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
else
{
int num2 = -1;
int hr = 0;
SafeLocalAllocHandle pvData2;
while (true)
{
try
{
num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1);
}
catch (CryptographicException ex)
{
if (hr != 0)
{
throw new CryptographicException(hr);
}
throw;
}
uint cbData = 0U;
pvData2 = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 28U, (uint)num2, out pvData2, out cbData);
if ((int)cbData == 0)
{
hr = -2146885618;
}
else
{
fixed(byte *numPtr = this.m_encodedSignerInfo)
{
if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 65537U, pvData2.DangerousGetHandle(), cbData, new IntPtr((void *)numPtr), (uint)this.m_encodedSignerInfo.Length, certContext.pCertInfo))
{
hr = Marshal.GetLastWin32Error();
}
else
{
break;
}
}
}
}
// ISSUE: fixed variable is out of scope
// ISSUE: __unpin statement
__unpin(numPtr);
pvData2.Dispose();
}
if (!verifySignatureOnly)
{
int hr = SignerInfo.VerifyCertificate(certificate, extraStore);
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
pvData1.Dispose();
}
internal static uint OidToAlgId(string value)
{
SafeLocalAllocHandle pvKey = StringToAnsiPtr(value);
return(CAPI.CryptFindOIDInfo(1, pvKey, System.Security.Cryptography.OidGroup.AllGroups).Algid);
}
