protected override void Encode() { ASN1 asn = new ASN1(48); if (this.cA) { asn.Add(new ASN1(1, new byte[] { byte.MaxValue })); } if (this.cA && this.pathLenConstraint >= 0) { asn.Add(ASN1Convert.FromInt32(this.pathLenConstraint)); } this.extnValue = new ASN1(4); this.extnValue.Add(asn); }
protected override void Encode() { ASN1 aSN = new ASN1(48); if (cA) { aSN.Add(new ASN1(1, new byte[1] { 255 })); } if (cA && pathLenConstraint >= 0) { aSN.Add(ASN1Convert.FromInt32(pathLenConstraint)); } extnValue = new ASN1(4); extnValue.Add(aSN); }
internal byte[] Encode() { ASN1 asn = new ASN1(48); foreach (Oid oid in this._enhKeyUsage) { asn.Add(ASN1Convert.FromOid(oid.Value)); } return(asn.GetBytes()); }
internal byte[] Encode() { ASN1 ex = new ASN1(0x30); foreach (Oid oid in _enhKeyUsage) { ex.Add(ASN1Convert.FromOid(oid.Value)); } return(ex.GetBytes()); }
private ASN1 Attribute(string oid, ASN1 value) { ASN1 asn = new ASN1(48); asn.Add(ASN1Convert.FromOid(oid)); ASN1 asn2 = asn.Add(new ASN1(49)); asn2.Add(value); return(asn); }
private ASN1 Attribute(string oid, ASN1 value) { ASN1 attr = new ASN1(0x30); attr.Add(ASN1Convert.FromOid(oid)); ASN1 aset = attr.Add(new ASN1(0x31)); aset.Add(value); return(attr); }
protected override void Encode () { ASN1 seq = new ASN1 (0x30); foreach (string oid in keyPurpose) { seq.Add (ASN1Convert.FromOid (oid)); } extnValue = new ASN1 (0x04); extnValue.Add (seq); }
private ASN1 Attribute(string oid, ASN1 value) { ASN1 aSN = new ASN1(48); aSN.Add(ASN1Convert.FromOid(oid)); ASN1 aSN2 = aSN.Add(new ASN1(49)); aSN2.Add(value); return(aSN); }
public static byte[] Encode(RSA rsa) { RSAParameters rsaparameters = rsa.ExportParameters(true); ASN1 asn = new ASN1(48); asn.Add(new ASN1(2, new byte[1])); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.Modulus)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.Exponent)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.D)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.P)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.Q)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.DP)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.DQ)); asn.Add(ASN1Convert.FromUnsignedBigInteger(rsaparameters.InverseQ)); return(asn.GetBytes()); }
public static byte[] Encode(RSA rsa) { RSAParameters rSAParameters = rsa.ExportParameters(includePrivateParameters: true); ASN1 aSN = new ASN1(48); aSN.Add(new ASN1(2, new byte[1])); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.Modulus)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.Exponent)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.D)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.P)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.Q)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.DP)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.DQ)); aSN.Add(ASN1Convert.FromUnsignedBigInteger(rSAParameters.InverseQ)); return(aSN.GetBytes()); }
protected override void Encode() { extnValue = new ASN1(4); ushort num = (ushort)kubits; byte b = 16; if (num > 0) { b = 15; while (b > 0 && (num & 0x8000) != 32768) { num = (ushort)(num << 1); b = (byte)(b - 1); } if (kubits > 255) { b = (byte)(b - 8); extnValue.Add(new ASN1(3, new byte[3] { b, (byte)kubits, (byte)(kubits >> 8) })); } else { extnValue.Add(new ASN1(3, new byte[2] { b, (byte)kubits })); } } else { extnValue.Add(new ASN1(3, new byte[2] { 7, 0 })); } }
/* SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ private ASN1 SubjectPublicKeyInfo() { ASN1 keyInfo = new ASN1(0x30); if (aa is RSA) { keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.113549.1.1.1")); RSAParameters p = (aa as RSA).ExportParameters(false); /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e */ ASN1 key = new ASN1(0x30); key.Add(ASN1Convert.FromUnsignedBigInteger(p.Modulus)); key.Add(ASN1Convert.FromUnsignedBigInteger(p.Exponent)); keyInfo.Add(new ASN1(UniqueIdentifier(key.GetBytes()))); } else if (aa is DSA) { DSAParameters p = (aa as DSA).ExportParameters(false); /* Dss-Parms ::= SEQUENCE { * p INTEGER, * q INTEGER, * g INTEGER } */ ASN1 param = new ASN1(0x30); param.Add(ASN1Convert.FromUnsignedBigInteger(p.P)); param.Add(ASN1Convert.FromUnsignedBigInteger(p.Q)); param.Add(ASN1Convert.FromUnsignedBigInteger(p.G)); keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.10040.4.1", param)); ASN1 key = keyInfo.Add(new ASN1(0x03)); // DSAPublicKey ::= INTEGER -- public key, y key.Add(ASN1Convert.FromUnsignedBigInteger(p.Y)); } else { throw new NotSupportedException("Unknown Asymmetric Algorithm " + aa.ToString()); } return(keyInfo); }
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension" /> class using a public key, a hash algorithm identifier, and a value indicating whether the extension is critical. </summary> /// <param name="key">A <see cref="T:System.Security.Cryptography.X509Certificates.PublicKey" /> object to create a subject key identifier (SKI) from.</param> /// <param name="algorithm">One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierHashAlgorithm" /> values that identifies which hash algorithm to use.</param> /// <param name="critical">true if the extension is critical; otherwise, false.</param> public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) { if (key == null) { throw new ArgumentNullException("key"); } byte[] rawData = key.EncodedKeyValue.RawData; switch (algorithm) { case X509SubjectKeyIdentifierHashAlgorithm.Sha1: this._subjectKeyIdentifier = SHA1.Create().ComputeHash(rawData); break; case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1: { byte[] src = SHA1.Create().ComputeHash(rawData); this._subjectKeyIdentifier = new byte[8]; Buffer.BlockCopy(src, 12, this._subjectKeyIdentifier, 0, 8); this._subjectKeyIdentifier[0] = (64 | (this._subjectKeyIdentifier[0] & 15)); break; } case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1: { ASN1 asn = new ASN1(48); ASN1 asn2 = asn.Add(new ASN1(48)); asn2.Add(new ASN1(CryptoConfig.EncodeOID(key.Oid.Value))); asn2.Add(new ASN1(key.EncodedParameters.RawData)); byte[] array = new byte[rawData.Length + 1]; Buffer.BlockCopy(rawData, 0, array, 1, rawData.Length); asn.Add(new ASN1(3, array)); this._subjectKeyIdentifier = SHA1.Create().ComputeHash(asn.GetBytes()); break; } default: throw new ArgumentException("algorithm"); } this._oid = new Oid("2.5.29.14", "Subject Key Identifier"); base.Critical = critical; base.RawData = this.Encode(); }
/// <summary> /// Encodes the value of the extension to ASN.1. /// </summary> protected override void Encode() { var asn1 = new ASN1(0x04); if (ExtensionValue != null) { asn1.Add(new ASN1(0x04, _extensionValue)); } extnValue = asn1; }
public byte[] GetBytes () { if (InnerList.Count < 1) return null; ASN1 sequence = new ASN1 (0x30); for (int i=0; i < InnerList.Count; i++) { X509Extension x = (X509Extension) InnerList [i]; sequence.Add (x.ASN1); } return sequence.GetBytes (); }
// Class { Class { Class { OctetStream } } } public byte [] ProcessSpnegoProcessContextToken(string user, string pass) { ASN1 asn = new ASN1(0xA1); ASN1 asn2 = new ASN1(0x30); ASN1 asn3 = new ASN1(0xA2); asn3.Add(new ASN1(0x04, ProcessMessageType3(user, pass))); asn2.Add(asn3); asn.Add(asn2); return(asn.GetBytes()); }
// Class { // Class { // Class { Enum }, // Class { OID(NTLMSSP) }, // Class { OctetStream } } } public byte [] ProcessSpnegoInitialContextTokenResponse() { ASN1 top = new ASN1(0xA1); ASN1 asn = new ASN1(0x30); ASN1 asn1 = new ASN1(0xA0); // FIXME: what is this enum? asn1.Add(new ASN1(0x0A, new byte [] { 1 })); // Enum whatever ASN1 asn2 = new ASN1(0xA1); asn2.Add(ASN1Convert.FromOid(Constants.OidNtlmSsp)); ASN1 asn3 = new ASN1(0xA2); asn3.Add(new ASN1(0x04, ProcessMessageType2())); asn.Add(asn1); asn.Add(asn2); asn.Add(asn3); top.Add(asn); return(top.GetBytes()); }
protected override void Encode() { ASN1 aSN = new ASN1(48); foreach (string item in keyPurpose) { aSN.Add(ASN1Convert.FromOid(item)); } extnValue = new ASN1(4); extnValue.Add(aSN); }
protected override void Encode() { ASN1 asn = new ASN1(48); foreach (object obj in this.keyPurpose) { string oid = (string)obj; asn.Add(ASN1Convert.FromOid(oid)); } this.extnValue = new ASN1(4); this.extnValue.Add(asn); }
protected override void Encode() { if (ski == null) { throw new InvalidOperationException("Invalid SubjectKeyIdentifier extension"); } var seq = new ASN1(0x04, ski); extnValue = new ASN1(0x04); extnValue.Add(seq); }
public bool Timestamp(string fileName) { try { AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName); byte[] signature = authenticodeDeformatter.Signature; if (signature != null) { Open(fileName); PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature); pkcs7 = new PKCS7.SignedData(contentInfo.Content); byte[] bytes = Timestamp(pkcs7.SignerInfo.Signature); ASN1 aSN = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes))); ASN1 aSN2 = new ASN1(signature); ASN1 aSN3 = aSN2.Element(1, 160); if (aSN3 == null) { return(false); } ASN1 aSN4 = aSN3.Element(0, 48); if (aSN4 == null) { return(false); } ASN1 aSN5 = aSN4.Element(3, 160); if (aSN5 == null) { aSN5 = new ASN1(160); aSN4.Add(aSN5); } for (int i = 0; i < aSN[1][0][3].Count; i++) { aSN5.Add(aSN[1][0][3][i]); } ASN1 aSN6 = aSN4[aSN4.Count - 1]; ASN1 aSN7 = aSN6[0]; ASN1 aSN8 = aSN7[aSN7.Count - 1]; if (aSN8.Tag != 161) { aSN8 = new ASN1(161); aSN7.Add(aSN8); } aSN8.Add(Attribute("1.2.840.113549.1.9.6", aSN[1][0][4][0])); return(Save(fileName, aSN2.GetBytes())); } } catch (Exception value) { Console.WriteLine(value); } return(false); }
public bool Timestamp(string fileName) { try { AuthenticodeDeformatter authenticodeDeformatter = new AuthenticodeDeformatter(fileName); byte[] signature = authenticodeDeformatter.Signature; if (signature != null) { base.Open(fileName); PKCS7.ContentInfo contentInfo = new PKCS7.ContentInfo(signature); this.pkcs7 = new PKCS7.SignedData(contentInfo.Content); byte[] bytes = this.Timestamp(this.pkcs7.SignerInfo.Signature); ASN1 asn = new ASN1(Convert.FromBase64String(Encoding.ASCII.GetString(bytes))); ASN1 asn2 = new ASN1(signature); ASN1 asn3 = asn2.Element(1, 160); if (asn3 == null) { return(false); } ASN1 asn4 = asn3.Element(0, 48); if (asn4 == null) { return(false); } ASN1 asn5 = asn4.Element(3, 160); if (asn5 == null) { asn5 = new ASN1(160); asn4.Add(asn5); } for (int i = 0; i < asn[1][0][3].Count; i++) { asn5.Add(asn[1][0][3][i]); } ASN1 asn6 = asn4[asn4.Count - 1]; ASN1 asn7 = asn6[0]; ASN1 asn8 = asn7[asn7.Count - 1]; if (asn8.Tag != 161) { asn8 = new ASN1(161); asn7.Add(asn8); } asn8.Add(this.Attribute("1.2.840.113549.1.9.6", asn[1][0][4][0])); return(this.Save(fileName, asn2.GetBytes())); } } catch (Exception value) { Console.WriteLine(value); } return(false); }
protected override ASN1 ToBeSigned(string oid) { ASN1 asn = new ASN1(48); if (this.version > 1) { byte[] data = new byte[] { this.version - 1 }; ASN1 asn2 = asn.Add(new ASN1(160)); asn2.Add(new ASN1(2, data)); } asn.Add(new ASN1(2, this.sn)); asn.Add(PKCS7.AlgorithmIdentifier(oid)); asn.Add(X501.FromString(this.issuer)); ASN1 asn3 = asn.Add(new ASN1(48)); asn3.Add(ASN1Convert.FromDateTime(this.notBefore)); asn3.Add(ASN1Convert.FromDateTime(this.notAfter)); asn.Add(X501.FromString(this.subject)); asn.Add(this.SubjectPublicKeyInfo()); if (this.version > 1) { if (this.issuerUniqueID != null) { asn.Add(new ASN1(161, this.UniqueIdentifier(this.issuerUniqueID))); } if (this.subjectUniqueID != null) { asn.Add(new ASN1(161, this.UniqueIdentifier(this.subjectUniqueID))); } if (this.version > 2 && this.extensions.Count > 0) { asn.Add(new ASN1(163, this.extensions.GetBytes())); } } return(asn); }
protected override void Encode() { ASN1 seq = new ASN1(0x30); if (aki == null) { throw new InvalidOperationException("Invalid AuthorityKeyIdentifier extension"); } seq.Add(new ASN1(0x80, aki)); extnValue = new ASN1(0x04); extnValue.Add(seq); }
protected override ASN1 ToBeSigned(string oid) { ASN1 aSN = new ASN1(48); if (version > 1) { byte[] data = new byte[1] { (byte)(version - 1) }; ASN1 aSN2 = aSN.Add(new ASN1(160)); aSN2.Add(new ASN1(2, data)); } aSN.Add(new ASN1(2, sn)); aSN.Add(PKCS7.AlgorithmIdentifier(oid)); aSN.Add(X501.FromString(issuer)); ASN1 aSN3 = aSN.Add(new ASN1(48)); aSN3.Add(ASN1Convert.FromDateTime(notBefore)); aSN3.Add(ASN1Convert.FromDateTime(notAfter)); aSN.Add(X501.FromString(subject)); aSN.Add(SubjectPublicKeyInfo()); if (version > 1) { if (issuerUniqueID != null) { aSN.Add(new ASN1(161, UniqueIdentifier(issuerUniqueID))); } if (subjectUniqueID != null) { aSN.Add(new ASN1(161, UniqueIdentifier(subjectUniqueID))); } if (version > 2 && extensions.Count > 0) { aSN.Add(new ASN1(163, extensions.GetBytes())); } } return(aSN); }
protected override ASN1 ToBeSigned(string oid) { ASN1 asN1_1 = new ASN1((byte)48); if (this.version > (byte)1) { byte[] data = new byte[1] { (byte)((uint)this.version - 1U) }; asN1_1.Add(new ASN1((byte)160)).Add(new ASN1((byte)2, data)); } asN1_1.Add(new ASN1((byte)2, this.sn)); asN1_1.Add(PKCS7.AlgorithmIdentifier(oid)); asN1_1.Add(X501.FromString(this.issuer)); ASN1 asN1_2 = asN1_1.Add(new ASN1((byte)48)); asN1_2.Add(ASN1Convert.FromDateTime(this.notBefore)); asN1_2.Add(ASN1Convert.FromDateTime(this.notAfter)); asN1_1.Add(X501.FromString(this.subject)); asN1_1.Add(this.SubjectPublicKeyInfo()); if (this.version > (byte)1) { if (this.issuerUniqueID != null) { asN1_1.Add(new ASN1((byte)161, this.UniqueIdentifier(this.issuerUniqueID))); } if (this.subjectUniqueID != null) { asN1_1.Add(new ASN1((byte)161, this.UniqueIdentifier(this.subjectUniqueID))); } if (this.version > (byte)2 && this.extensions.Count > 0) { asN1_1.Add(new ASN1((byte)163, this.extensions.GetBytes())); } } return(asN1_1); }
/// /// SEQUENCE (a) /// +- INTEGER (V) // Version - 0 (v1998) /// +- SEQUENCE (b) /// | +- OID (oid) // 1.2.840.113549.1.1.1 /// | +- Nil (c) /// +- OCTETSTRING(PRVKY) (os) // Private Key Parameter /// /// However, OCTETSTRING(PRVKY) wraps /// SEQUENCE( /// INTEGER(0) // Version - 0 (v1998) /// INTEGER(N) /// INTEGER(E) /// INTEGER(D) /// INTEGER(P) /// INTEGER(Q) /// INTEGER(DP) /// INTEGER(DQ) /// INTEGER(InvQ) /// ) public static byte[] RSAKeyToASN1(RSAParameters PrivateKey) { ASN1 v = ASN1Convert.FromUnsignedBigInteger(new byte[] {0}); ASN1 b = PKCS7.AlgorithmIdentifier ("1.2.840.113549.1.1.1"); ASN1 os = new ASN1(0x30); os.Add(ASN1Convert.FromUnsignedBigInteger(new byte[] {0})); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.Modulus)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.Exponent)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.D)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.P)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.Q)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.DP)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.DQ)); os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.InverseQ)); ASN1 pem = new ASN1(0x30); pem.Add(v); pem.Add(b); // Make this into an OCTET string pem.Add(new ASN1(0x04, os.GetBytes())); return pem.GetBytes(); }
private byte[] Header(byte[] fileHash, string hashAlgorithm) { string hashOid = CryptoConfig.MapNameToOID(hashAlgorithm); ASN1 content = new ASN1(0x30); ASN1 c1 = content.Add(new ASN1(0x30)); c1.Add(ASN1Convert.FromOid(spcPelmageData)); c1.Add(new ASN1(0x30, obsolete)); ASN1 c2 = content.Add(new ASN1(0x30)); c2.Add(AlgorithmIdentifier(hashOid)); c2.Add(new ASN1(0x04, fileHash)); pkcs7.HashName = hashAlgorithm; pkcs7.Certificates.AddRange(certs); pkcs7.ContentInfo.ContentType = spcIndirectDataContext; pkcs7.ContentInfo.Content.Add(content); pkcs7.SignerInfo.Certificate = certs [0]; pkcs7.SignerInfo.Key = rsa; ASN1 opus = null; if (url == null) { opus = Attribute(spcSpOpusInfo, Opus(description, null)); } else { opus = Attribute(spcSpOpusInfo, Opus(description, url.ToString())); } pkcs7.SignerInfo.AuthenticatedAttributes.Add(opus); // When using the MS Root Agency (test) we can't include this attribute in the signature or it won't validate! // pkcs7.SignerInfo.AuthenticatedAttributes.Add (Attribute (spcStatementType, new ASN1 (0x30, ASN1Convert.FromOid (commercialCodeSigning).GetBytes ()))); pkcs7.GetASN1(); // sign return(pkcs7.SignerInfo.Signature); }
/* * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER, -- (inverse of q) mod p * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ static public byte[] Encode(RSA rsa) { RSAParameters param = rsa.ExportParameters(true); ASN1 rsaPrivateKey = new ASN1(0x30); rsaPrivateKey.Add(new ASN1(0x02, new byte [1] { 0x00 })); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Modulus)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Exponent)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.D)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.P)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Q)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DP)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DQ)); rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.InverseQ)); return(rsaPrivateKey.GetBytes()); }
public byte[] GetBytes() { if (this.InnerList.Count < 1) { return((byte[])null); } ASN1 asN1 = new ASN1((byte)48); for (int index = 0; index < this.InnerList.Count; ++index) { X509Extension inner = (X509Extension)this.InnerList[index]; asN1.Add(inner.ASN1); } return(asN1.GetBytes()); }
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature) { // SEQUENCE { // INTEGER 1 if (cs.Version != 1) return false; // SEQUENCE { // SEQUENCE { string contentType = null; ASN1 messageDigest = null; for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) { // SEQUENCE { // OBJECT IDENTIFIER ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.2.840.113549.1.9.5": // SEQUENCE { // OBJECT IDENTIFIER // signingTime (1 2 840 113549 1 9 5) // SET { // UTCTime '030124013651Z' // } // } timestamp = ASN1Convert.ToDateTime (attr[1][0]); break; default: break; } } if (contentType != PKCS7.Oid.data) return false; // verify message digest if (messageDigest == null) return false; // TODO: must be read from the ASN.1 structure string hashName = null; switch (messageDigest.Length) { case 16: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm ha = HashAlgorithm.Create (hashName); if (!messageDigest.CompareValue (ha.ComputeHash (signature))) return false; // verify signature byte[] counterSignature = cs.Signature; string hashOID = CryptoConfig.MapNameToOID (hashName); // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in cs.AuthenticatedAttributes) aa.Add (a); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); // we need to try all certificates string issuer = cs.IssuerName; byte[] serial = cs.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { // don't verify if key size don't match if (x509.PublicKey.Length > (counterSignature.Length >> 3)) { RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; if (rsa.VerifyHash (p7hash, hashOID, counterSignature)) { timestampChain.LoadCertificates (coll); return (timestampChain.Build (x509)); } } } } // no certificate can verify this signature! return false; }
internal ASN1 GetASN1(byte encoding) { byte encode = encoding; if (encode == 0xFF) encode = SelectBestEncoding(); ASN1 asn1 = new ASN1(0x30); asn1.Add(ASN1Convert.FromOid(oid)); switch (encode) { case 0x13: // PRINTABLESTRING asn1.Add(new ASN1(0x13, Encoding.ASCII.GetBytes(attrValue))); break; case 0x16: // IA5STRING asn1.Add(new ASN1(0x16, Encoding.ASCII.GetBytes(attrValue))); break; case 0x1E: // BMPSTRING asn1.Add(new ASN1(0x1E, Encoding.BigEndianUnicode.GetBytes(attrValue))); break; } return asn1; }
public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) { if (key == null) throw new ArgumentNullException ("key"); byte[] pkraw = key.EncodedKeyValue.RawData; // compute SKI switch (algorithm) { // hash of the public key, excluding Tag, Length and unused bits values case X509SubjectKeyIdentifierHashAlgorithm.Sha1: _subjectKeyIdentifier = SHA1.Create ().ComputeHash (pkraw); break; // 0100 bit pattern followed by the 60 last bit of the hash case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1: byte[] hash = SHA1.Create ().ComputeHash (pkraw); _subjectKeyIdentifier = new byte [8]; Buffer.BlockCopy (hash, 12, _subjectKeyIdentifier, 0, 8); _subjectKeyIdentifier [0] = (byte) (0x40 | (_subjectKeyIdentifier [0] & 0x0F)); break; // hash of the public key, including Tag, Length and unused bits values case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1: // CryptoAPI does that hash on the complete subjectPublicKeyInfo (unlike PKIX) // http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain ASN1 subjectPublicKeyInfo = new ASN1 (0x30); ASN1 algo = subjectPublicKeyInfo.Add (new ASN1 (0x30)); algo.Add (new ASN1 (CryptoConfig.EncodeOID (key.Oid.Value))); algo.Add (new ASN1 (key.EncodedParameters.RawData)); // add an extra byte for the unused bits (none) byte[] full = new byte [pkraw.Length + 1]; Buffer.BlockCopy (pkraw, 0, full, 1, pkraw.Length); subjectPublicKeyInfo.Add (new ASN1 (0x03, full)); _subjectKeyIdentifier = SHA1.Create ().ComputeHash (subjectPublicKeyInfo.GetBytes ()); break; default: throw new ArgumentException ("algorithm"); } _oid = new Oid (oid, friendlyName); base.Critical = critical; RawData = Encode (); }
// PKCS #1 v.2.1, Section 9.2 // EMSA-PKCS1-v1_5-Encode public static byte[] Encode_v15 (HashAlgorithm hash, byte[] hashValue, int emLength) { if (hashValue.Length != (hash.HashSize >> 3)) throw new CryptographicException ("bad hash length for " + hash.ToString ()); // DigestInfo ::= SEQUENCE { // digestAlgorithm AlgorithmIdentifier, // digest OCTET STRING // } byte[] t = null; string oid = CryptoConfig.MapNameToOID (hash.ToString ()); if (oid != null) { ASN1 digestAlgorithm = new ASN1 (0x30); digestAlgorithm.Add (new ASN1 (CryptoConfig.EncodeOID (oid))); digestAlgorithm.Add (new ASN1 (0x05)); // NULL ASN1 digest = new ASN1 (0x04, hashValue); ASN1 digestInfo = new ASN1 (0x30); digestInfo.Add (digestAlgorithm); digestInfo.Add (digest); t = digestInfo.GetBytes (); } else { // There are no valid OID, in this case t = hashValue // This is the case of the MD5SHA hash algorithm t = hashValue; } Buffer.BlockCopy (hashValue, 0, t, t.Length - hashValue.Length, hashValue.Length); int PSLength = System.Math.Max (8, emLength - t.Length - 3); // PS = PSLength of 0xff // EM = 0x00 | 0x01 | PS | 0x00 | T byte[] EM = new byte [PSLength + t.Length + 3]; EM [1] = 0x01; for (int i=2; i < PSLength + 2; i++) EM[i] = 0xff; Buffer.BlockCopy (t, 0, EM, PSLength + 3, t.Length); return EM; }
/* * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER, -- (inverse of q) mod p * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ static public byte[] Encode (RSA rsa) { RSAParameters param = rsa.ExportParameters (true); ASN1 rsaPrivateKey = new ASN1 (0x30); rsaPrivateKey.Add (new ASN1 (0x02, new byte [1] { 0x00 })); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Modulus)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Exponent)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.D)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.P)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Q)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DP)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DQ)); rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.InverseQ)); return rsaPrivateKey.GetBytes (); }
/* SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ private ASN1 SubjectPublicKeyInfo () { ASN1 keyInfo = new ASN1 (0x30); if (aa is RSA) { keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.113549.1.1.1")); RSAParameters p = (aa as RSA).ExportParameters (false); /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e */ ASN1 key = new ASN1 (0x30); key.Add (ASN1Convert.FromUnsignedBigInteger (p.Modulus)); key.Add (ASN1Convert.FromUnsignedBigInteger (p.Exponent)); keyInfo.Add (new ASN1 (UniqueIdentifier (key.GetBytes ()))); } else if (aa is DSA) { DSAParameters p = (aa as DSA).ExportParameters (false); /* Dss-Parms ::= SEQUENCE { * p INTEGER, * q INTEGER, * g INTEGER } */ ASN1 param = new ASN1 (0x30); param.Add (ASN1Convert.FromUnsignedBigInteger (p.P)); param.Add (ASN1Convert.FromUnsignedBigInteger (p.Q)); param.Add (ASN1Convert.FromUnsignedBigInteger (p.G)); keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.10040.4.1", param)); ASN1 key = keyInfo.Add (new ASN1 (0x03)); // DSAPublicKey ::= INTEGER -- public key, y key.Add (ASN1Convert.FromUnsignedBigInteger (p.Y)); } else throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ()); return keyInfo; }
protected override ASN1 ToBeSigned (string oid) { // TBSCertificate ASN1 tbsCert = new ASN1 (0x30); if (version > 1) { // TBSCertificate / [0] Version DEFAULT v1, byte[] ver = { (byte)(version - 1) }; ASN1 v = tbsCert.Add (new ASN1 (0xA0)); v.Add (new ASN1 (0x02, ver)); } // TBSCertificate / CertificateSerialNumber, tbsCert.Add (new ASN1 (0x02, sn)); // TBSCertificate / AlgorithmIdentifier, tbsCert.Add (PKCS7.AlgorithmIdentifier (oid)); // TBSCertificate / Name tbsCert.Add (X501.FromString (issuer)); // TBSCertificate / Validity ASN1 validity = tbsCert.Add (new ASN1 (0x30)); // TBSCertificate / Validity / Time validity.Add (ASN1Convert.FromDateTime (notBefore)); // TBSCertificate / Validity / Time validity.Add (ASN1Convert.FromDateTime (notAfter)); // TBSCertificate / Name tbsCert.Add (X501.FromString (subject)); // TBSCertificate / SubjectPublicKeyInfo tbsCert.Add (SubjectPublicKeyInfo ()); if (version > 1) { // TBSCertificate / [1] IMPLICIT UniqueIdentifier OPTIONAL if (issuerUniqueID != null) tbsCert.Add (new ASN1 (0xA1, UniqueIdentifier (issuerUniqueID))); // TBSCertificate / [2] IMPLICIT UniqueIdentifier OPTIONAL if (subjectUniqueID != null) tbsCert.Add (new ASN1 (0xA1, UniqueIdentifier (subjectUniqueID))); // TBSCertificate / [3] Extensions OPTIONAL if ((version > 2) && (extensions.Count > 0)) tbsCert.Add (new ASN1 (0xA3, extensions.GetBytes ())); } return tbsCert; }
public byte[] GetBytes () { ASN1 sequence = new ASN1 (0x30); sequence.Add (new ASN1 (0x02, sn)); sequence.Add (ASN1Convert.FromDateTime (revocationDate)); if (extensions.Count > 0) sequence.Add (new ASN1 (extensions.GetBytes ())); return sequence.GetBytes (); }
internal byte[] Encode () { ASN1 ex = new ASN1 (0x30); if (_certificateAuthority) ex.Add (new ASN1 (0x01, new byte[] { 0xFF })); if (_hasPathLengthConstraint) { // MS encodes the 0 (pathLengthConstraint is OPTIONAL) // and in a long form (02 00 versus 02 01 00) if (_pathLengthConstraint == 0) ex.Add (new ASN1 (0x02, new byte[] { 0x00 })); else ex.Add (ASN1Convert.FromInt32 (_pathLengthConstraint)); } return ex.GetBytes (); }
public byte[] GetBytes () { ASN1 privateKeyAlgorithm = new ASN1 (0x30); privateKeyAlgorithm.Add (ASN1Convert.FromOid (_algorithm)); privateKeyAlgorithm.Add (new ASN1 (0x05)); // ASN.1 NULL ASN1 pki = new ASN1 (0x30); pki.Add (new ASN1 (0x02, new byte [1] { (byte) _version })); pki.Add (privateKeyAlgorithm); pki.Add (new ASN1 (0x04, _key)); if (_list.Count > 0) { ASN1 attributes = new ASN1 (0xA0); foreach (ASN1 attribute in _list) { attributes.Add (attribute); } pki.Add (attributes); } return pki.GetBytes (); }
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName) private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) { string contentType = null; ASN1 messageDigest = null; // string spcStatementType = null; // string spcSpOpusInfo = null; for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) { ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.3.6.1.4.1.311.2.1.11": // spcStatementType (Microsoft code signing) // possible values // - individualCodeSigning (1 3 6 1 4 1 311 2 1 21) // - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) // spcStatementType = ASN1Convert.ToOid (attr[1][0][0]); break; case "1.3.6.1.4.1.311.2.1.12": // spcSpOpusInfo (Microsoft code signing) /* try { spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value); } catch (NullReferenceException) { spcSpOpusInfo = null; }*/ break; default: break; } } if (contentType != spcIndirectDataContext) return false; // verify message digest if (messageDigest == null) return false; if (!messageDigest.CompareValue (calculatedMessageDigest)) return false; // verify signature string hashOID = CryptoConfig.MapNameToOID (ha.ToString ()); // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes) aa.Add (a); ha.Initialize (); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); byte[] signature = sd.SignerInfo.Signature; // we need to find the specified certificate string issuer = sd.SignerInfo.IssuerName; byte[] serial = sd.SignerInfo.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { // don't verify is key size don't match if (x509.PublicKey.Length > (signature.Length >> 3)) { // return the signing certificate even if the signature isn't correct // (required behaviour for 2.0 support) signingCertificate = x509; RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; if (rsa.VerifyHash (p7hash, hashOID, signature)) { signerChain.LoadCertificates (coll); trustedRoot = signerChain.Build (x509); break; } } } } // timestamp signature is optional if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) { trustedTimestampRoot = true; } else { for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++) { ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case PKCS7.Oid.countersignature: // SEQUENCE { // OBJECT IDENTIFIER // countersignature (1 2 840 113549 1 9 6) // SET { PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]); trustedTimestampRoot = VerifyCounterSignature (cs, signature); break; default: // we don't support other unauthenticated attributes break; } } } return (trustedRoot && trustedTimestampRoot); }
// Note: PKCS#8 doesn't define how to generate the key required for encryption // so you're on your own. Just don't try to copy the big guys too much ;) // Netscape: http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt // Microsoft: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt public byte[] GetBytes () { if (_algorithm == null) throw new CryptographicException ("No algorithm OID specified"); ASN1 encryptionAlgorithm = new ASN1 (0x30); encryptionAlgorithm.Add (ASN1Convert.FromOid (_algorithm)); // parameters ANY DEFINED BY algorithm OPTIONAL if ((_iterations > 0) || (_salt != null)) { ASN1 salt = new ASN1 (0x04, _salt); ASN1 iterations = ASN1Convert.FromInt32 (_iterations); ASN1 parameters = new ASN1 (0x30); parameters.Add (salt); parameters.Add (iterations); encryptionAlgorithm.Add (parameters); } // encapsulates EncryptedData into an OCTET STRING ASN1 encryptedData = new ASN1 (0x04, _data); ASN1 encryptedPrivateKeyInfo = new ASN1 (0x30); encryptedPrivateKeyInfo.Add (encryptionAlgorithm); encryptedPrivateKeyInfo.Add (encryptedData); return encryptedPrivateKeyInfo.GetBytes (); }
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature) { // SEQUENCE { // INTEGER 1 if (cs.Version != 1) return false; // SEQUENCE { // SEQUENCE { string contentType = null; ASN1 messageDigest = null; for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) { // SEQUENCE { // OBJECT IDENTIFIER ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.2.840.113549.1.9.5": // SEQUENCE { // OBJECT IDENTIFIER // signingTime (1 2 840 113549 1 9 5) // SET { // UTCTime '030124013651Z' // } // } timestamp = ASN1Convert.ToDateTime (attr[1][0]); break; default: break; } } if (contentType != PKCS7.Oid.data) return false; // verify message digest if (messageDigest == null) return false; // TODO: must be read from the ASN.1 structure string hashName = null; switch (messageDigest.Length) { case 16: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm ha = HashAlgorithm.Create (hashName); if (!messageDigest.CompareValue (ha.ComputeHash (signature))) return false; // verify signature byte[] counterSignature = cs.Signature; // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in cs.AuthenticatedAttributes) aa.Add (a); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); // we need to try all certificates string issuer = cs.IssuerName; byte[] serial = cs.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { if (x509.PublicKey.Length > counterSignature.Length) { RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; // we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service // and this means copying stuff into our own RSAManaged to get the required flexibility RSAManaged rsam = new RSAManaged (); rsam.ImportParameters (rsa.ExportParameters (false)); if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true)) { timestampChain.LoadCertificates (coll); return (timestampChain.Build (x509)); } } } } // no certificate can verify this signature! return false; }
public X500DistinguishedName (string distinguishedName, X500DistinguishedNameFlags flag) { if (distinguishedName == null) throw new ArgumentNullException ("distinguishedName"); if ((flag != 0) && ((flag & AllFlags) == 0)) throw new ArgumentException ("flag"); Oid = new Oid (); if (distinguishedName.Length == 0) { // empty (0x00) ASN.1 sequence (0x30) RawData = new byte [2] { 0x30, 0x00 }; DecodeRawData (); } else { var dn = MX.X501.FromString (distinguishedName); if ((flag & X500DistinguishedNameFlags.Reversed) != 0) { ASN1 rdn = new ASN1 (0x30); for (int i = dn.Count - 1; i >= 0; i--) rdn.Add (dn [i]); dn = rdn; } RawData = dn.GetBytes (); if (flag == X500DistinguishedNameFlags.None) name = distinguishedName; else name = Decode (flag); } }
internal byte[] Encode () { ASN1 ex = new ASN1 (0x30); foreach (Oid oid in _enhKeyUsage) { ex.Add (ASN1Convert.FromOid (oid.Value)); } return ex.GetBytes (); }