private bool IsSafeTransform(string transformAlgorithm) { // All canonicalization algorithms are valid transform algorithms. foreach (string safeAlgorithm in SafeCanonicalizationMethods) { if (string.Equals(safeAlgorithm, transformAlgorithm, StringComparison.OrdinalIgnoreCase)) { return(true); } } foreach (string safeAlgorithm in DefaultSafeTransformMethods) { if (string.Equals(safeAlgorithm, transformAlgorithm, StringComparison.OrdinalIgnoreCase)) { return(true); } } SignedXmlDebugLog.LogUnsafeTransformMethod( this, transformAlgorithm, SafeCanonicalizationMethods, DefaultSafeTransformMethods); return(false); }
private byte[] GetC14NDigest(HashAlgorithm hash) { bool isKeyedHashAlgorithm = hash is KeyedHashAlgorithm; if (isKeyedHashAlgorithm || !_bCacheValid || !SignedInfo.CacheValid) { string baseUri = (_containingDocument == null ? null : _containingDocument.BaseURI); XmlResolver resolver = (_bResolverSet ? _xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); XmlDocument doc = Utils.PreProcessElementInput(SignedInfo.GetXml(), resolver, baseUri); // Add non default namespaces in scope CanonicalXmlNodeList namespaces = (_context == null ? null : Utils.GetPropagatedAttributes(_context)); SignedXmlDebugLog.LogNamespacePropagation(this, namespaces); Utils.AddNamespaces(doc.DocumentElement, namespaces); XmlNodeList nodeList = Utils.AllDescendantNodes(doc.DocumentElement.FirstChild, true); Transform c14nMethodTransform = SignedInfo.CanonicalizationMethodObject; c14nMethodTransform.Resolver = resolver; c14nMethodTransform.BaseURI = baseUri; SignedXmlDebugLog.LogBeginCanonicalization(this, c14nMethodTransform); c14nMethodTransform.LoadInput(nodeList); SignedXmlDebugLog.LogCanonicalizedOutput(this, c14nMethodTransform); _digestedSignedInfo = c14nMethodTransform.GetDigestedOutput(hash); _bCacheValid = !isKeyedHashAlgorithm; } return(_digestedSignedInfo); }
public bool CheckSignatureReturningKey(out AsymmetricAlgorithm signingKey) { SignedXmlDebugLog.LogBeginSignatureVerification(this, _context); signingKey = null; bool bRet = false; AsymmetricAlgorithm key = null; if (!CheckSignatureFormat()) { return(false); } do { key = GetPublicKey(); if (key != null) { bRet = CheckSignature(key); SignedXmlDebugLog.LogVerificationResult(this, key, bRet); } } while (key != null && bRet == false); signingKey = key; return(bRet); }
private bool CheckDigestedReferences() { ArrayList references = m_signature.SignedInfo.References; for (int i = 0; i < references.Count; ++i) { Reference digestedReference = (Reference)references[i]; if (!ReferenceUsesSafeTransformMethods(digestedReference)) { return(false); } SignedXmlDebugLog.LogVerifyReference(this, digestedReference); byte[] calculatedHash = null; try { calculatedHash = digestedReference.CalculateHashValue(_containingDocument, m_signature.ReferencedItems); } catch (CryptoSignedXmlRecursionException) { SignedXmlDebugLog.LogSignedXmlRecursionLimit(this, digestedReference); return(false); } // Compare both hashes SignedXmlDebugLog.LogVerifyReferenceHash(this, digestedReference, calculatedHash, digestedReference.DigestValue); if (!CryptographicEquals(calculatedHash, digestedReference.DigestValue)) { return(false); } } return(true); }
public void ComputeSignature() { SignedXmlDebugLog.LogBeginSignatureComputation(this, _context); BuildDigestedReferences(); // Load the key AsymmetricAlgorithm key = SigningKey; if (key == null) { throw new CryptographicException(SR.Cryptography_Xml_LoadKeyFailed); } // Check the signature algorithm associated with the key so that we can accordingly set the signature method if (SignedInfo.SignatureMethod == null) { if (key is DSA) { SignedInfo.SignatureMethod = XmlDsigDSAUrl; } else if (key is RSA) { // Default to RSA-SHA1 if (SignedInfo.SignatureMethod == null) { SignedInfo.SignatureMethod = XmlDsigRSASHA256Url; } } else { throw new CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed); } } // See if there is a signature description class defined in the Config file SignatureDescription signatureDescription = CryptoHelpers.CreateFromName <SignatureDescription>(SignedInfo.SignatureMethod); if (signatureDescription == null) { throw new CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated); } HashAlgorithm hashAlg = signatureDescription.CreateDigest(); if (hashAlg == null) { throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed); } byte[] hashvalue = GetC14NDigest(hashAlg); AsymmetricSignatureFormatter asymmetricSignatureFormatter = signatureDescription.CreateFormatter(key); SignedXmlDebugLog.LogSigning(this, key, signatureDescription, hashAlg, asymmetricSignatureFormatter); m_signature.SignatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg); }
// Validation function to see if the signature uses a canonicalization algorithm from our list // of approved algorithm URIs. private bool DoesSignatureUseSafeCanonicalizationMethod() { foreach (string safeAlgorithm in SafeCanonicalizationMethods) { if (string.Equals(safeAlgorithm, SignedInfo.CanonicalizationMethod, StringComparison.OrdinalIgnoreCase)) { return(true); } } SignedXmlDebugLog.LogUnsafeCanonicalizationMethod(this, SignedInfo.CanonicalizationMethod, SafeCanonicalizationMethods); return(false); }
private bool CheckSignedInfo(KeyedHashAlgorithm macAlg) { if (macAlg == null) { throw new ArgumentNullException(nameof(macAlg)); } SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo); int signatureLength; if (m_signature.SignedInfo.SignatureLength == null) { signatureLength = macAlg.HashSize; } else { signatureLength = Convert.ToInt32(m_signature.SignedInfo.SignatureLength, null); } // signatureLength should be less than hash size if (signatureLength < 0 || signatureLength > macAlg.HashSize) { throw new CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } if (signatureLength % 8 != 0) { throw new CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2); } if (m_signature.SignatureValue == null) { throw new CryptographicException(SR.Cryptography_Xml_SignatureValueRequired); } if (m_signature.SignatureValue.Length != signatureLength / 8) { throw new CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } // Calculate the hash byte[] hashValue = GetC14NDigest(macAlg); SignedXmlDebugLog.LogVerifySignedInfo(this, macAlg, hashValue, m_signature.SignatureValue); for (int i = 0; i < m_signature.SignatureValue.Length; i++) { if (m_signature.SignatureValue[i] != hashValue[i]) { return(false); } } return(true); }
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!verifySignatureOnly) { // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (string.Equals(extension.Oid.Value, "2.5.29.15" /* szOID_KEY_USAGE */, StringComparison.OrdinalIgnoreCase)) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage); bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 || (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0; if (!validKeyUsage) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage); return(false); } break; } } // Do the chain verification to make sure the certificate is valid. X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts()); bool chainVerified = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!chainVerified) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain); return(false); } } using (AsymmetricAlgorithm publicKey = Utils.GetAnyPublicKey(certificate)) { if (!CheckSignature(publicKey)) { return(false); } } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); }
public void ComputeSignature(KeyedHashAlgorithm macAlg) { if (macAlg == null) { throw new ArgumentNullException(nameof(macAlg)); } if (!(macAlg is HMAC hash)) { throw new CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch); } int signatureLength; if (m_signature.SignedInfo.SignatureLength == null) { signatureLength = hash.HashSize; } else { signatureLength = Convert.ToInt32(m_signature.SignedInfo.SignatureLength, null); } // signatureLength should be less than hash size if (signatureLength < 0 || signatureLength > hash.HashSize) { throw new CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength); } if (signatureLength % 8 != 0) { throw new CryptographicException(SR.Cryptography_Xml_InvalidSignatureLength2); } BuildDigestedReferences(); SignedInfo.SignatureMethod = hash.HashName switch { "SHA1" => SignedXml.XmlDsigHMACSHA1Url, "SHA256" => SignedXml.XmlDsigMoreHMACSHA256Url, "SHA384" => SignedXml.XmlDsigMoreHMACSHA384Url, "SHA512" => SignedXml.XmlDsigMoreHMACSHA512Url, "MD5" => SignedXml.XmlDsigMoreHMACMD5Url, "RIPEMD160" => SignedXml.XmlDsigMoreHMACRIPEMD160Url, _ => throw new CryptographicException(SR.Cryptography_Xml_SignatureMethodKeyMismatch), }; byte[] hashValue = GetC14NDigest(hash); SignedXmlDebugLog.LogSigning(this, hash); m_signature.SignatureValue = new byte[signatureLength / 8]; Buffer.BlockCopy(hashValue, 0, m_signature.SignatureValue, 0, signatureLength / 8); }
// If we have a signature format validation callback, check to see if this signature's format (not // the signautre itself) is valid according to the validator. A return value of true indicates that // the signature format is acceptable, false means that the format is not valid. private bool CheckSignatureFormat() { if (_signatureFormatValidator == null) { // No format validator means that we default to accepting the signature. (This is // effectively compatibility mode with v3.5). return(true); } SignedXmlDebugLog.LogBeginCheckSignatureFormat(this, _signatureFormatValidator); bool formatValid = _signatureFormatValidator(this); SignedXmlDebugLog.LogFormatValidationResult(this, formatValid); return(formatValid); }
private void BuildDigestedReferences() { // Default the DigestMethod and Canonicalization ArrayList references = SignedInfo.References; // Reset the cache _refProcessed = new bool[references.Count]; _refLevelCache = new int[references.Count]; ReferenceLevelSortOrder sortOrder = new ReferenceLevelSortOrder(); sortOrder.References = references; // Don't alter the order of the references array list ArrayList sortedReferences = new ArrayList(); foreach (Reference reference in references) { sortedReferences.Add(reference); } sortedReferences.Sort(sortOrder); CanonicalXmlNodeList nodeList = new CanonicalXmlNodeList(); foreach (DataObject obj in m_signature.ObjectList) { nodeList.Add(obj.GetXml()); } foreach (Reference reference in sortedReferences) { // If no DigestMethod has yet been set, default it to sha1 if (reference.DigestMethod == null) { reference.DigestMethod = Reference.DefaultDigestMethod; } SignedXmlDebugLog.LogSigningReference(this, reference); reference.UpdateHashValue(_containingDocument, nodeList); // If this reference has an Id attribute, add it if (reference.Id != null) { nodeList.Add(reference.GetXml()); } } }
private bool CheckSignedInfo(AsymmetricAlgorithm key) { if (key == null) { throw new ArgumentNullException(nameof(key)); } SignedXmlDebugLog.LogBeginCheckSignedInfo(this, m_signature.SignedInfo); SignatureDescription signatureDescription = CryptoHelpers.CreateFromName <SignatureDescription>(SignatureMethod); if (signatureDescription == null) { throw new CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated); } // Let's see if the key corresponds with the SignatureMethod Type ta = Type.GetType(signatureDescription.KeyAlgorithm); if (!IsKeyTheCorrectAlgorithm(key, ta)) { return(false); } HashAlgorithm hashAlgorithm = signatureDescription.CreateDigest(); if (hashAlgorithm == null) { throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed); } byte[] hashval = GetC14NDigest(hashAlgorithm); AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = signatureDescription.CreateDeformatter(key); SignedXmlDebugLog.LogVerifySignedInfo(this, key, signatureDescription, hashAlgorithm, asymmetricSignatureDeformatter, hashval, m_signature.SignatureValue); return(asymmetricSignatureDeformatter.VerifySignature(hashval, m_signature.SignatureValue)); }
public bool CheckSignature(KeyedHashAlgorithm macAlg) { if (!CheckSignatureFormat()) { return(false); } if (!CheckSignedInfo(macAlg)) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo); return(false); } if (!CheckDigestedReferences()) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References); return(false); } SignedXmlDebugLog.LogVerificationResult(this, macAlg, true); return(true); }
public bool CheckSignature(AsymmetricAlgorithm key) { if (!CheckSignatureFormat()) { return(false); } if (!CheckSignedInfo(key)) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_SignedInfo); return(false); } // Now is the time to go through all the references and see if their DigestValues are good if (!CheckDigestedReferences()) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_References); return(false); } SignedXmlDebugLog.LogVerificationResult(this, key, true); return(true); }
// What we want to do is pump the input throug the TransformChain and then // hash the output of the chain document is the document context for resolving relative references internal byte[] CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList) { // refList is a list of elements that might be targets of references // Now's the time to create our hashing algorithm _hashAlgorithm = CryptoHelpers.CreateFromName <HashAlgorithm>(_digestMethod); if (_hashAlgorithm == null) { throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed); } // Let's go get the target. string baseUri = (document == null ? System.Environment.CurrentDirectory + "\\" : document.BaseURI); Stream hashInputStream = null; WebResponse response = null; Stream inputStream = null; XmlResolver resolver = (SignedXml.ResolverSet ? SignedXml._xmlResolver : new XmlSecureResolver(new XmlUrlResolver(), baseUri)); byte[] hashval = null; try { switch (_refTargetType) { case ReferenceTargetType.Stream: // This is the easiest case. We already have a stream, so just pump it through the TransformChain hashInputStream = TransformChain.TransformToOctetStream((Stream)_refTarget, resolver, baseUri); break; case ReferenceTargetType.UriReference: // Second-easiest case -- dereference the URI & pump through the TransformChain // handle the special cases where the URI is null (meaning whole doc) // or the URI is just a fragment (meaning a reference to an embedded Object) if (_uri == null) { // In the case of a Uri-less reference, we will simply pass null to the transform chain. // The first transform in the chain is expected to know how to retrieve the data to hash. hashInputStream = TransformChain.TransformToOctetStream((Stream)null, resolver, baseUri); } else if (_uri.Length == 0 || _uri == "#xpointer(/)") { // This is the self-referential case. First, check that we have a document context. // The Enveloped Signature does not discard comments as per spec; those will be omitted during the transform chain process if (document == null) { throw new CryptographicException(SR.Format(SR.Cryptography_Xml_SelfReferenceRequiresContext, _uri)); } // Normalize the containing document XmlDocument doc = Utils.PreProcessDocumentInput(document, resolver, baseUri); // Remove comments only if URI is "" if (_uri.Length == 0) { Utils.DiscardComments(doc); } hashInputStream = TransformChain.TransformToOctetStream(doc, resolver, baseUri); } else if (_uri[0] == '#') { // If we get here, then we are constructing a Reference to an embedded DataObject // referenced by an Id = attribute. Go find the relevant object bool discardComments = true; string idref = Utils.GetIdFromLocalUri(_uri, out discardComments); XmlElement elem = SignedXml.GetIdElement(document, idref); if (elem == null) { // Go throw the referenced items passed in if (refList != null) { foreach (XmlNode node in refList) { XmlElement tempElem = node.SelectSingleNode("//*[@Id='" + idref + "']") as XmlElement; //XmlElement tempElem = node as XmlElement; //if ((tempElem != null) && (Utils.HasAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl)) // && (Utils.GetAttribute(tempElem, "Id", SignedXml.XmlDsigNamespaceUrl).Equals(idref))) if (tempElem != null) { // copy fragment to document with root, create nodelsit elem = tempElem; XmlDocument doc = Utils.PreProcessElementInput(elem, resolver, baseUri); if (_signedXml._context != null) { CanonicalXmlNodeList namespaces = Utils.GetPropagatedAttributes(_signedXml._context); Utils.AddNamespaces(doc.DocumentElement, namespaces); } elem = doc.DocumentElement.FirstChild as XmlElement; break; } } } if (elem == null) { throw new CryptographicException(SR.Cryptography_Xml_InvalidReference); } } else { // create node list from document XmlDocument doc = Utils.PreProcessElementInput(elem, resolver, baseUri); CanonicalXmlNodeList namespaces = Utils.GetPropagatedAttributes(elem); Utils.AddNamespaces(doc.DocumentElement, namespaces); elem = doc.DocumentElement.FirstChild as XmlElement; } hashInputStream = TransformChain.TransformToOctetStream(Utils.AllDescendantNodes(elem, !discardComments), typeof(XmlNodeList), resolver, baseUri); } else { throw new CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri); } break; case ReferenceTargetType.XmlElement: // We need to create a DocumentNavigator out of the XmlElement hashInputStream = TransformChain.TransformToOctetStream(Utils.AllDescendantNodes((XmlNode)_refTarget, true), typeof(XmlNodeList), resolver, baseUri); break; default: throw new CryptographicException(SR.Cryptography_Xml_UriNotResolved, _uri); } // Compute the new hash value hashInputStream = SignedXmlDebugLog.LogReferenceData(this, hashInputStream); hashval = _hashAlgorithm.ComputeHash(hashInputStream); } finally { if (hashInputStream != null) { hashInputStream.Close(); } if (response != null) { response.Close(); } if (inputStream != null) { inputStream.Close(); } } return(hashval); }