Exemplo n.º 1
0
        public static void BuildExpectedRequest_FromHashAndName(bool viaSpan)
        {
            Rfc3161TimestampRequest request = Rfc3161TimestampRequest.CreateFromHash(
                "11806C2441295EA697EA96EE4247C0F9C71EE7638863CB8E29CD941A488FCB5A".HexToByteArray(),
                HashAlgorithmName.SHA256,
                requestSignerCertificates: true);

            VerifyExpectedRequest(request, viaSpan);
        }
Exemplo n.º 2
0
        public static void EmptyNonce()
        {
            byte[] sha256 = new byte[256 / 8];

            Rfc3161TimestampRequest req = Rfc3161TimestampRequest.CreateFromHash(
                sha256,
                HashAlgorithmName.SHA256,
                nonce: Array.Empty <byte>());

            Assert.Equal("00", req.GetNonce().Value.ByteArrayToHex());
        }
Exemplo n.º 3
0
        public static void NoncePaddingZerosIgnored()
        {
            byte[] sha256 = new byte[256 / 8];
            byte[] nonce  = { 0x00, 0x00, 0xFE };

            Rfc3161TimestampRequest req = Rfc3161TimestampRequest.CreateFromHash(
                sha256,
                HashAlgorithmName.SHA256,
                nonce: nonce);

            Assert.Equal("00FE", req.GetNonce().Value.ByteArrayToHex());
        }
Exemplo n.º 4
0
        public static void NegativeNonceIsMadePositive()
        {
            byte[] sha256 = new byte[256 / 8];
            byte[] nonce  = { 0xFE };

            Rfc3161TimestampRequest req = Rfc3161TimestampRequest.CreateFromHash(
                sha256,
                HashAlgorithmName.SHA256,
                nonce: nonce);

            Assert.Equal("00FE", req.GetNonce().Value.ByteArrayToHex());
        }
Exemplo n.º 5
0
        public static void BuildExpectedRequest_FromHashAndOid(bool viaSpan)
        {
            Oid hashAlgorithmId = new Oid("2.16.840.1.101.3.4.2.1", "Nothing should read this friendly name");

            Rfc3161TimestampRequest request = Rfc3161TimestampRequest.CreateFromHash(
                "11806C2441295EA697EA96EE4247C0F9C71EE7638863CB8E29CD941A488FCB5A".HexToByteArray(),
                hashAlgorithmId,
                requestSignerCertificates: true);

            Assert.NotSame(hashAlgorithmId, request.HashAlgorithmId);
            Assert.Equal(hashAlgorithmId.Value, request.HashAlgorithmId.Value);

            VerifyExpectedRequest(request, viaSpan);
        }
Exemplo n.º 6
0
        private static async Task <(TimestampResult, byte[])> SubmitTimestampRequest(Uri timestampUri, Oid digestOid, TimestampNonce nonce, TimeSpan timeout, byte[] digest)
        {
            var timestampRequest = Rfc3161TimestampRequest.CreateFromHash(digest, digestOid, nonce: nonce.Nonce, requestSignerCertificates: true);
            var encodedRequest   = timestampRequest.Encode();
            var client           = new HttpClient
            {
                Timeout = timeout
            };
            var content = new ByteArrayContent(encodedRequest);

            content.Headers.Add("Content-Type", "application/timestamp-query");
            var post = await client.PostAsync(timestampUri, content);

            if (post.StatusCode != HttpStatusCode.OK)
            {
                return(TimestampResult.Failed, null);
            }
            var responseBytes = await post.Content.ReadAsByteArrayAsync();

            var token     = timestampRequest.ProcessResponse(responseBytes, out _);
            var tokenInfo = token.AsSignedCms().Encode();

            return(TimestampResult.Success, tokenInfo);
        }
Exemplo n.º 7
0
        public static void ProcessResponse_Symantec_NoCerts_WithNonce(
            Rfc3161RequestResponseStatus expectedStatus,
            int variant)
        {
            const string Padding = "0403000000";

            string inputHex =
                "308203B23003020100308203A906092A864886F70D010702A082039A30820396" +
                "020103310D300B060960864801650304020130820122060B2A864886F70D0109" +
                "100104A08201110482010D30820109020101060B6086480186F8450107170330" +
                "31300D06096086480165030402010500042011806C2441295EA697EA96EE4247" +
                "C0F9C71EE7638863CB8E29CD941A488FCB5A021500D19949957B5677CF5F5581" +
                "630A597827BA80EFD6180F32303138303130353137303931365A300302011E02" +
                "0E3230313830313035313730373030A08186A48183308180310B300906035504" +
                "0613025553311D301B060355040A131453796D616E74656320436F72706F7261" +
                "74696F6E311F301D060355040B131653796D616E746563205472757374204E65" +
                "74776F726B3131302F0603550403132853796D616E7465632053484132353620" +
                "54696D655374616D70696E67205369676E6572202D2047323182025A30820256" +
                "02010130818B3077310B3009060355040613025553311D301B060355040A1314" +
                "53796D616E74656320436F72706F726174696F6E311F301D060355040B131653" +
                "796D616E746563205472757374204E6574776F726B312830260603550403131F" +
                "53796D616E746563205348413235362054696D655374616D70696E6720434102" +
                "105458F2AAD741D644BC84A97BA09652E6300B0609608648016503040201A081" +
                "A4301A06092A864886F70D010903310D060B2A864886F70D0109100104301C06" +
                "092A864886F70D010905310F170D3138303130353137303931365A302F06092A" +
                "864886F70D01090431220420ACA421A6482F4722320ECF53223F8D15099329CA" +
                "4ADFD71EC562631F522C85553037060B2A864886F70D010910022F3128302630" +
                "2430220420CF7AC17AD047ECD5FDC36822031B12D4EF078B6F2B4C5E6BA41F8F" +
                "F2CF4BAD67300B06092A864886F70D010101048201008F4020CFAE55355A0545" +
                "1A1250CCE1439A2DDD62915C81A1C7661888A74F9D0792922051CD426792D3A1" +
                "ED3DC47C6AF2281A9A02ED89C605BB9FB7FD63FAF27335FE45A7681E5904C68C" +
                "C30E5DBB37D127C437785F07BD2EF20C31EB0341AB2FA6F9D70C43ADA15C082E" +
                "E630D64E59CBB06918F094D6B5B19C9C74DC7B203E2F86EC638761E244B279DB" +
                "DAFDC87143288A488398FDFAABBAD82D992EFC9845BE9ABF19D00754E4064D24" +
                "6C8B2C16012FA147B25000570F41C2BE9126082095A4CCA3E2FA3C5C694C1E6B" +
                "BC7BFF4CA8EA692A07B8B9E6AB8E3114701080923A9A83DD6A4257C4248C865F" +
                "C51BA0D8DA57FB5692039F4B102608AECA217204BBD4" + Padding;

            byte[] inputBytes = inputHex.HexToByteArray();

            ReadOnlyMemory <byte> nonce             = "3230313830313035313730373030".HexToByteArray();
            HashAlgorithmName     hashAlgorithmName = HashAlgorithmName.SHA256;

            byte[] hash = "11806C2441295EA697EA96EE4247C0F9C71EE7638863CB8E29CD941A488FCB5A".HexToByteArray();

            if (expectedStatus == Rfc3161RequestResponseStatus.NonceMismatch)
            {
                nonce = new byte[] { 9, 8, 7, 6 };
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.HashMismatch)
            {
                if (variant == 0)
                {
                    hash[0] ^= 0xFF;
                }
                else
                {
                    hashAlgorithmName = HashAlgorithmName.SHA384;
                }
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.VersionTooNew)
            {
                // Change the TSTInfo.Version value.
                // Since the certificate isn't embedded the signature check doesn't happen.

                // Address determined by data inspection
                Assert.Equal(1, inputBytes[81]);
                inputBytes[81] = 2;
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.DoesNotParse)
            {
                if (variant == 0)
                {
                    // Change the id-aa-signing-certificateV2 into id-aa-binary-signing-time
                    // Now the signer has no ESSCertIdV2 (and it already doesn't have an ESSCertId)

                    // Address determined by data inspection
                    Assert.Equal(47, inputBytes[634]);
                    inputBytes[634] = 46;
                }
                else if (variant == 1)
                {
                    // Change one of the SEQUENCE values in ESSCertIdV2 to SET

                    // Address determined by data inspection
                    Assert.Equal(0x30, inputBytes[639]);
                    inputBytes[639] = 0x31;
                }
                else if (variant == 2)
                {
                    // Corrupt the structure of the TSTInfo

                    // Address determined by data inspection
                    Assert.Equal(0x02, inputBytes[79]);
                    inputBytes[79] = 0x04;
                }
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.Accepted)
            {
                if (variant == 1)
                {
                    // Tamper with the hash in the ESSCertIdV2.  This will be accepted because
                    // the cert is unknown.

                    // Address determined by data inspection
                    Assert.Equal(0x7A, inputBytes[646]);
                    inputBytes[646] ^= 0xFF;
                }
            }
            Rfc3161TimestampRequest request = Rfc3161TimestampRequest.CreateFromHash(
                hash,
                hashAlgorithmName,
                nonce: nonce,
                requestSignerCertificates: expectedStatus == Rfc3161RequestResponseStatus.RequestedCertificatesMissing);

            ProcessResponse(expectedStatus, request, inputBytes, Padding.Length / 2);
        }
Exemplo n.º 8
0
        public static void ProcessResponse_FreeTsa_WithCerts_NoNonce(Rfc3161RequestResponseStatus expectedStatus, int variant)
        {
            const string Padding = "0400";

            string inputHex =
                "30820D2D300302010030820D2406092A864886F70D010702A0820D1530820D11" +
                "020103310B300906052B0E03021A050030820196060B2A864886F70D01091001" +
                "04A0820185048201813082017D02010106042A0304013031300D060960864801" +
                "65030402010500042011806C2441295EA697EA96EE4247C0F9C71EE7638863CB" +
                "8E29CD941A488FCB5A020306A5C1181632303138303130343136353634302E35" +
                "39373334385A300A020101800201F48101640101FFA0820111A482010D308201" +
                "093111300F060355040A13084672656520545341310C300A060355040B130354" +
                "534131763074060355040D136D54686973206365727469666963617465206469" +
                "676974616C6C79207369676E7320646F63756D656E747320616E642074696D65" +
                "207374616D70207265717565737473206D616465207573696E67207468652066" +
                "7265657473612E6F7267206F6E6C696E65207365727669636573311830160603" +
                "550403130F7777772E667265657473612E6F72673122302006092A864886F70D" +
                "0109011613627573696C657A617340676D61696C2E636F6D3112301006035504" +
                "071309577565727A62757267310B3009060355040613024445310F300D060355" +
                "0408130642617965726EA082080530820801308205E9A003020102020900C1E9" +
                "86160DA8E982300D06092A864886F70D01010D05003081953111300F06035504" +
                "0A130846726565205453413110300E060355040B1307526F6F74204341311830" +
                "160603550403130F7777772E667265657473612E6F72673122302006092A8648" +
                "86F70D0109011613627573696C657A617340676D61696C2E636F6D3112301006" +
                "035504071309577565727A62757267310F300D0603550408130642617965726E" +
                "310B3009060355040613024445301E170D3136303331333031353733395A170D" +
                "3236303331313031353733395A308201093111300F060355040A130846726565" +
                "20545341310C300A060355040B130354534131763074060355040D136D546869" +
                "73206365727469666963617465206469676974616C6C79207369676E7320646F" +
                "63756D656E747320616E642074696D65207374616D7020726571756573747320" +
                "6D616465207573696E672074686520667265657473612E6F7267206F6E6C696E" +
                "65207365727669636573311830160603550403130F7777772E66726565747361" +
                "2E6F72673122302006092A864886F70D0109011613627573696C657A61734067" +
                "6D61696C2E636F6D3112301006035504071309577565727A62757267310B3009" +
                "060355040613024445310F300D0603550408130642617965726E30820222300D" +
                "06092A864886F70D01010105000382020F003082020A0282020100B591048C4E" +
                "486F34E9DC08627FC2375162236984B82CB130BEFF517CFC38F84BCE5C65A874" +
                "DAB2621AE0BCE7E33563E0EDE934FD5F8823159F07848808227460C1ED882617" +
                "06F4281334359DFBB81BD1353FC179610AF1A8C8C865DC00EA23B3A89BE6BD03" +
                "BA85A9EC827D60565905E22D6A584ED1380AE150280CEE397E98A012F3804640" +
                "07862443BC077CB95F421AF31712D9683CDB6DFFBAF3C8BA5BA566AE523D459D" +
                "6177346D4D840E27886B7C01C5B890D78A2E27BBA8DD2F9A2812E157D62F921C" +
                "65962548069DCDB7D06DE181DE0E9570D66F87220CE28B628AB55906F3EE0C21" +
                "0F7051E8F4858AF8B9A92D09E46AF2D9CBA5BFCFAD168CDF604491A4B06603B1" +
                "14CAF7031F065E7EEEFA53C575F3490C059D2E32DDC76AC4D4C4C710683B97FD" +
                "1BE591BC61055186D88F9A0391B307B6F91ED954DAA36F9ACD6A1E14AA2E4ADF" +
                "17464B54DB18DBB6FFE30080246547370436CE4E77BAE5DE6FE0F3F9D6E7FFBE" +
                "B461E794E92FB0951F8AAE61A412CCE9B21074635C8BE327AE1A0F6B4A646EB0" +
                "F8463BC63BF845530435D19E802511EC9F66C3496952D8BECB69B0AA4D4C41F6" +
                "0515FE7DCBB89319CDDA59BA6AEA4BE3CEAE718E6FCB6CCD7DB9FC50BB15B12F" +
                "3665B0AA307289C2E6DD4B111CE48BA2D9EFDB5A6B9A506069334FB34F6FC7AE" +
                "330F0B34208AAC80DF3266FDD90465876BA2CB898D9505315B6E7B0203010001" +
                "A38201DB308201D730090603551D1304023000301D0603551D0E041604146E76" +
                "0B7B4E4F9CE160CA6D2CE927A2A294B37737301F0603551D23041830168014FA" +
                "550D8C346651434CF7E7B3A76C95AF7AE6A497300B0603551D0F0404030206C0" +
                "30160603551D250101FF040C300A06082B06010505070308306306082B060105" +
                "0507010104573055302A06082B06010505073002861E687474703A2F2F777777" +
                "2E667265657473612E6F72672F7473612E637274302706082B06010505073001" +
                "861B687474703A2F2F7777772E667265657473612E6F72673A32353630303706" +
                "03551D1F0430302E302CA02AA0288626687474703A2F2F7777772E6672656574" +
                "73612E6F72672F63726C2F726F6F745F63612E63726C3081C60603551D200481" +
                "BE3081BB3081B80601003081B2303306082B060105050702011627687474703A" +
                "2F2F7777772E667265657473612E6F72672F667265657473615F6370732E6874" +
                "6D6C303206082B060105050702011626687474703A2F2F7777772E6672656574" +
                "73612E6F72672F667265657473615F6370732E706466304706082B0601050507" +
                "0202303B1A394672656554534120747275737465642074696D657374616D7069" +
                "6E6720536F667477617265206173206120536572766963652028536161532930" +
                "0D06092A864886F70D01010D05000382020100A5C944E2C6FAC0A14D930A7FD0" +
                "A0B172B41FC1483C3E957C68A2BCD9B9764F1A950161FD72472D41A5EED27778" +
                "6203B5422240FB3A26CDE176087B6FB1011DF4CC19E2571AA4A051109665E94C" +
                "46F50BD2ADEE6AC4137E251B25A39DABDA451515D8FF9E07209E8EC20B7874F7" +
                "E1A0EDE7C00937FE84A334F8B3265CED2D8ED9DF61396583677FEB382C1EE3B2" +
                "3E6EA5F05DF30DE7B9F89005D25266F612F39C8B4F6DABA6D7BFBAC19632B906" +
                "37329F52A6F066A10E43EAA81F849A6C5FE3FE8B5EA23275F687F2052E502EA6" +
                "C30762A668CCE07871DD8E97E315BBA929E25589977A0A312CE96C5106B1437C" +
                "779F2B361B182888F3EE8A234374FA063E956192627F7C431073965D1260928E" +
                "BA009E803429AE324CF96F042354F37BCA5AFDDC79F79346AB388BFC79F01DC9" +
                "861254EA6CC129941076B83D20556F3BE51326837F2876F7833B370E7C3D4105" +
                "23827D4F53400C72218D75229FF10C6F8893A9A3A1C0C42BB4C898C13DF41C7F" +
                "6573B4FC56515971A610A7B0D2857C8225A9FB204EACECA2E8971AA1AF87886A" +
                "2AE3C72FE0A0AAE842980A77BEF16B92115458090D982B5946603764E75A0AD3" +
                "D11454B9986F678B9AB6AFE8497033AE3ABFD4EB43B7BC9DEE68815949E64815" +
                "82A82E785277F2282107EFE390200E0508ACB8EA82EA2505276F3C9DA2A3D3B4" +
                "AD38BBF8842BDA36FC2448291F558DC02DD1E03182035A308203560201013081" +
                "A33081953111300F060355040A130846726565205453413110300E060355040B" +
                "1307526F6F74204341311830160603550403130F7777772E667265657473612E" +
                "6F72673122302006092A864886F70D0109011613627573696C657A617340676D" +
                "61696C2E636F6D3112301006035504071309577565727A62757267310F300D06" +
                "03550408130642617965726E310B3009060355040613024445020900C1E98616" +
                "0DA8E982300906052B0E03021A0500A0818C301A06092A864886F70D01090331" +
                "0D060B2A864886F70D0109100104301C06092A864886F70D010905310F170D31" +
                "38303130343136353634305A302306092A864886F70D01090431160414029AC1" +
                "0A42471FBD0586C107BE51F79FA3080004302B060B2A864886F70D010910020C" +
                "311C301A301830160414916DA3D860ECCA82E34BC59D1793E7E968875F14300D" +
                "06092A864886F70D01010105000482020093555D4EA36895232E8D8E3FBAFFD1" +
                "B625FF0C61363411AD1ECF5A53DEBC6A233046539971BD8B50EEAC06E8CE72F2" +
                "DC12C28C01F3AEC0D8276955703E88FD043829F7E67A1781C5BBB949897FBD12" +
                "9ED0E81F252E35FE3E398453783C136A6FAC9B2F519936079C878AF389324D72" +
                "83C0396A94B432C52344BDC9F561110894978900B0EA8121AB937341A08F1BF3" +
                "109C41871CD81456C45F41DA306E164F143FCA9FC708C545B6F9A7032541C2AB" +
                "8B6A8C37114AB66AC142226C740EA695E701E434AE225A488E0484089C785F3D" +
                "873FCE5D8A8D75DE6AA6AB5915C5C11CE76263A463DF4BA07FE164D989DB9055" +
                "54B4207A2C622DF10808F0078F40CC75C7B2B9C161C11A17231C2EFABEB50047" +
                "E7FD76B13A011225ECFB9C8185E82A724C9175C4763D6353F1C3992AE9E6EF0D" +
                "6D32867DF84CD98F55AD0E1B260B48899019FA903F257FCC2DBA5893FF840A99" +
                "E22EB0B20E43868C75A2463E38740B79AF183CD5B6AE50D1D6FE5C2D397C2257" +
                "87C682AF575A7554201725C444747FD6C4644B0029B3BBFE39265ADA82020D5C" +
                "7EB9DEAAA4EEF9EF404CEEC73C4BC907E0E4006BD9CAA41852F12BE13B1279AF" +
                "62D502B5A721B4A4ABE3939DBE114E7C473F29719D1B580E8CE92BE2143E8DFA" +
                "480C07A6CAE881893678BDF0828F7286E47D76A251C6899F41C75728AFADABE6" +
                "6A47E3E28EB64E734356A6374E4CB05EC3" + Padding;

            byte[] inputBytes                       = inputHex.HexToByteArray();
            ReadOnlyMemory <byte>?nonce             = null;
            HashAlgorithmName     hashAlgorithmName = HashAlgorithmName.SHA256;

            byte[] hash = "11806C2441295EA697EA96EE4247C0F9C71EE7638863CB8E29CD941A488FCB5A".HexToByteArray();

            if (expectedStatus == Rfc3161RequestResponseStatus.NonceMismatch)
            {
                nonce = new byte[] { 9, 8, 7, 6 };
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.HashMismatch)
            {
                if (variant == 0)
                {
                    hash[0] ^= 0xFF;
                }
                else
                {
                    hashAlgorithmName = HashAlgorithmName.SHA384;
                }
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.RequestFailed)
            {
                // Address determined by data inspection
                Assert.Equal(0, inputBytes[8]);
                inputBytes[8] = 3;
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.VersionTooNew)
            {
                // Address determined by data inspection
                Assert.Equal(1, inputBytes[79]);
                inputBytes[79] = 2;
            }
            else if (expectedStatus == Rfc3161RequestResponseStatus.DoesNotParse)
            {
                if (variant == 0)
                {
                    // Change the PkiStatus from a SEQUENCE to a SET.

                    // Address determined by data inspection
                    Assert.Equal(0x30, inputBytes[4]);
                    inputBytes[4] = 0x31;
                }
                else if (variant == 1)
                {
                    // Change the SET OF (digestAlgorithms) in the token CMS to SEQUENCE OF

                    // Address determined by data inspection
                    Assert.Equal(0x31, inputBytes[35]);
                    inputBytes[35] = 0x30;
                }
                else if (variant == 2)
                {
                    // Change the id-signedData value to id-data.

                    // Address determined by data inspection
                    Assert.Equal(2, inputBytes[23]);
                    inputBytes[23] = 1;
                }
                else if (variant == 3)
                {
                    // Change the id-ct-TSTInfo into id-ct-receipt

                    // Address determined by data inspection
                    Assert.Equal(4, inputBytes[64]);
                    inputBytes[64] = 1;
                }
                else if (variant == 4)
                {
                    // Change the id-aa-signing-certificate into id-aa-content-hint
                    // Now the signer has no ESSCertId (and it already doesn't have an ESSCertIdV2)

                    // Address determined by data inspection
                    Assert.Equal(12, inputBytes[2815]);
                    inputBytes[2815] = 4;
                }
                else if (variant == 5)
                {
                    // Alter a byte in the certificate required hash value, ESSCertId mismatches

                    // Address determined by data inspection
                    Assert.Equal(0xD8, inputBytes[2829]);
                    inputBytes[2829] ^= 0xFF;
                }
                else if (variant == 6)
                {
                    // Alter the signerInfo signature algorithm to say it's the PKCS#1 module

                    // Address determined by data inspection
                    Assert.Equal(1, inputBytes[2858]);
                    inputBytes[2858] = 0;
                }
                else if (variant == 7)
                {
                    // Change the TSTInfo.Version value, which breaks the signature.

                    // Address determined by data inspection
                    Assert.Equal(1, inputBytes[79]);
                    inputBytes[79] = 2;
                }
                else if (variant == 7)
                {
                    // Change one of the SEQUENCE values in ESSCertId to SET

                    // Address determined by data inspection
                    Assert.Equal(0x30, inputBytes[2820]);
                    inputBytes[2820] = 0x31;
                }
            }

            Rfc3161TimestampRequest request = Rfc3161TimestampRequest.CreateFromHash(
                hash,
                hashAlgorithmName,
                nonce: nonce,
                requestSignerCertificates: expectedStatus != Rfc3161RequestResponseStatus.UnexpectedCertificates);

            if (!SignatureSupport.SupportsRsaSha1Signatures &&
                expectedStatus != Rfc3161RequestResponseStatus.RequestFailed)
            {
                expectedStatus = Rfc3161RequestResponseStatus.DoesNotParse;
            }

            ProcessResponse(expectedStatus, request, inputBytes, Padding.Length / 2);
        }