Exemplo n.º 1
0
        private bool VerifyTimeStamp(byte[] obj, bool timeCheck)
        {
            byte[] numArray1 = new byte[this.sdIndex.TimeHashObjectIdLen];
            Buffer.BlockCopy((Array)obj, (int)this.sdIndex.TimestampHashObjectId, (Array)numArray1, 0, numArray1.Length);
            HashAlgorithm hashAlgorithm;

            if (SignedObjectAsn.CompareByteArrays(numArray1, this.sha1Oid))
            {
                CryptoConfig.MapNameToOID("SHA1");
                hashAlgorithm = HashAlgorithm.Create("SHA1");
            }
            else if (SignedObjectAsn.CompareByteArrays(numArray1, this.sha256Oid))
            {
                hashAlgorithm = (HashAlgorithm) new WinSHA256();
            }
            else
            {
                if (!SignedObjectAsn.CompareByteArrays(numArray1, this.md5Oid))
                {
                    return(false);
                }
                CryptoConfig.MapNameToOID("MD5");
                hashAlgorithm = HashAlgorithm.Create("MD5");
            }
            if (this.sdIndex.TimeSignature == 0L)
            {
                hashAlgorithm.Clear();
                return(false);
            }
            byte[] numArray2 = new byte[this.sdIndex.TimeDigestLen];
            Buffer.BlockCopy((Array)obj, (int)this.sdIndex.TimeDigest, (Array)numArray2, 0, numArray2.Length);
            if (!SignedObjectAsn.CompareByteArrays(hashAlgorithm.ComputeHash(obj, (int)this.sdIndex.EncryptedDigestData, (int)this.sdIndex.EncryptedDigestLen), numArray2))
            {
                hashAlgorithm.Clear();
                return(false);
            }
            string hexString = SignedObjectAsn.CreateHexString(obj, this.sdIndex.TimeCertSerial, this.sdIndex.TimeCertSerialLen);
            RSACryptoServiceProvider rsaManaged  = new RSACryptoServiceProvider();
            RSAParameters            rsa         = new RSAParameters();
            X509Certificate2         certInStore = this.FindCertInStore(hexString);

            if (certInStore == null)
            {
                hashAlgorithm.Clear();
                return(false);
            }
            if (!SignedObjectAsn.ConvertX509PublicKey(certInStore, ref rsa))
            {
                hashAlgorithm.Clear();
                return(false);
            }
            try
            {
                ((RSA)rsaManaged).ImportParameters(rsa);
            }
            catch (CryptographicException ex)
            {
                hashAlgorithm.Clear();
                return(false);
            }
            switch (this.VerifyCertChain(this.memCertStore, certInStore.Handle, false))
            {
            case 0:
            case 1:
                byte[] numArray3 = new byte[this.sdIndex.TimeSignatureLen];
                Buffer.BlockCopy((Array)obj, (int)this.sdIndex.TimeSignature, (Array)numArray3, 0, numArray3.Length);
                byte[] buffer = new byte[this.sdIndex.TimeAuthAttributesLen];
                Buffer.BlockCopy((Array)obj, (int)this.sdIndex.TimeAuthAttributes, (Array)buffer, 0, buffer.Length);
                buffer[0] = (byte)49;
                hashAlgorithm.Initialize();
                hashAlgorithm.ComputeHash(buffer);
                //if (!rsaManaged.VerifyHash(hashAlgorithm.Hash, "MD5SHA1", numArray3))
                if (!rsaManaged.VerifyHash(hashAlgorithm.Hash, CryptoConfig.MapNameToOID("MD5SHA1"), numArray3))
                {
                    hashAlgorithm.Clear();
                    return(false);
                }
                hashAlgorithm.Clear();
                if (timeCheck)
                {
                    byte[] numArray4 = new byte[this.sdIndex.UtcTimeLen - 1L];
                    Buffer.BlockCopy((Array)obj, (int)this.sdIndex.UtcTime, (Array)numArray4, 0, numArray4.Length);
                    DateTime dateTime = new DateTime((int)SignedObjectAsn.CharsToInt(BitConverter.ToInt16(numArray4, 0)) + 2000, (int)SignedObjectAsn.CharsToInt(BitConverter.ToInt16(numArray4, 2)), (int)SignedObjectAsn.CharsToInt(BitConverter.ToInt16(numArray4, 4)), (int)SignedObjectAsn.CharsToInt(BitConverter.ToInt16(numArray4, 6)), (int)SignedObjectAsn.CharsToInt(BitConverter.ToInt16(numArray4, 8)), (int)SignedObjectAsn.CharsToInt(BitConverter.ToInt16(numArray4, 10)));
                    if (this.notAfter.CompareTo(dateTime) < 0 && this.notBefore.CompareTo(dateTime) > 0)
                    {
                        return(false);
                    }
                }
                return(true);

            default:
                hashAlgorithm.Clear();
                return(false);
            }
        }
Exemplo n.º 2
0
        public SignedObjRet ValidateSignature(byte[] signedObj, HashAlgorithm preHash, SignedDataIndex inIndex)
        {
            long num1 = 0;

            if (signedObj.Length == 0)
            {
                return(SignedObjRet.InvalidSignature);
            }
            if (inIndex == null)
            {
                this.sdIndex = new SignedDataIndex(signedObj);
                if (!this.sdIndex.FindTags())
                {
                    return(SignedObjRet.InvalidSignature);
                }
            }
            else
            {
                this.sdIndex = inIndex;
            }
            this.CleanUp();
            byte[] numArray1 = new byte[this.signedDataOid.Length];
            Buffer.BlockCopy((Array)signedObj, (int)this.sdIndex.SignedDataObjectId, (Array)numArray1, 0, numArray1.Length);
            if (!SignedObjectAsn.CompareByteArrays(this.signedDataOid, numArray1) || this.sdIndex.CertList == 0L)
            {
                return(SignedObjRet.InvalidSignature);
            }
            long certListLen  = this.sdIndex.CertListLen;
            long certListData = this.sdIndex.CertListData;

            while (certListLen > 0L)
            {
                long   length = AbstractSyntaxNotationType.GetCurrentTypeLen(signedObj, ref certListData, false) + AbstractSyntaxNotationType.GetCurrentTagLen(signedObj, ref certListData, false);
                byte[] cert   = new byte[length];
                Buffer.BlockCopy((Array)signedObj, (int)certListData, (Array)cert, 0, (int)length);
                certListLen -= (long)cert.Length;
                if (!this.SetupMemStore(cert))
                {
                    return(SignedObjRet.InvalidSignature);
                }
                certListData += length;
            }
            this.sigCert = this.FindCertInStore(SignedObjectAsn.CreateHexString(signedObj, this.sdIndex.SignatureCertSerial, this.sdIndex.SignatureCertSerialLen));
            if (this.sigCert == null)
            {
                return(SignedObjRet.InvalidSignature);
            }
            this.signerCert = this.sigCert.Handle;
            RSAParameters rsa = new RSAParameters();

            if (!SignedObjectAsn.ConvertX509PublicKey(this.sigCert, ref rsa))
            {
                return(SignedObjRet.InvalidSignature);
            }
            using (RSACryptoServiceProvider rsaManaged = new RSACryptoServiceProvider())
            {
                ((RSA)rsaManaged).ImportParameters(rsa);
                byte[] authenticodeSigHash = this.ComputeAuthenticodeSigHash(signedObj, preHash);
                num1 = this.sdIndex.EncryptedDigest;
                byte[] numArray2 = new byte[this.sdIndex.EncryptedDigestLen];
                Buffer.BlockCopy((Array)signedObj, (int)this.sdIndex.EncryptedDigestData, (Array)numArray2, 0, numArray2.Length);
                string str;
                if (preHash.Hash.Length == 20)
                {
                    str = CryptoConfig.MapNameToOID("SHA1");
                }
                else
                {
                    str = preHash.Hash.Length != 32 ? CryptoConfig.MapNameToOID("MD5") : "2.16.840.1.101.3.4.2.1";
                }
                if (!rsaManaged.VerifyHash(authenticodeSigHash, str, numArray2))
                {
                    return(SignedObjRet.InvalidSignature);
                }
            }
            X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String("-----BEGIN CERTIFICATE-----MIIDrDCCApSgAwIBAgIQM2O00UXfpQityCo2+LaytDANBgkqhkiG9w0BAQUFADBw\nMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXSGV3bGV0dC1QYWNrYXJkIENvbXBhbnkx\nPzA9BgNVBAMTNkhld2xldHQtUGFja2FyZCBQcmludGluZyBEZXZpY2UgSW5mcmFz\ndHJ1Y3R1cmUgUm9vdCBDQTAeFw0wNTA1MjQwMDAwMDBaFw0zODAxMDEyMzU5NTla\nMHAxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdIZXdsZXR0LVBhY2thcmQgQ29tcGFu\neTE/MD0GA1UEAxM2SGV3bGV0dC1QYWNrYXJkIFByaW50aW5nIERldmljZSBJbmZy\nYXN0cnVjdHVyZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAoT+gCaPVpaL3pZhIzso7zBiUxEldsASpXzfgUQdguxJsNVIoqNOQ3IUefmUf\ndfmYrf0ksh0bBNwVp7JlP/vtK01EbXefRHVRPwVIjYqmMPrOUjfVAam8SrOnA3rw\nVxyBJRedg2+gnwkZQ4prPKkMcnyd1p1/86SQPsLGJJx9zRleZ7Ix5QKJAGeH1ED0\n89E7uJYbOsd1XclsdunlNByrG9Z9b2/l95YaF3GLSiB4g82/flfEw7lZOtjBMHiL\nEl0BUTRMuaSherT5KDW5mApE4R82UvnPNTyVz2yb7DTU+MBc4WRClV/wtj2GkVaA\nvt1KyUODNujmkMAtI565aJFgrQIDAQABo0IwQDASBgNVHRMBAf8ECDAGAQH/AgEB\nMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUjPJcdcgMB+Kxa9uR0J3xCg9pdp4wDQYJ\nKoZIhvcNAQEFBQADggEBAEu1SPC8j53+eHkh9uYrj+38+Zl7sd0dLxOZdQ+cQs67\nahOKYcXU9kBAnKDNIfIXP1tnMbBTxCSG2WCum42cbrdvg1FxeQkY/bRyiDZgijGm\nEAsXCqGd1HJzCbLIjcTbqzXBjUWulj0KP743GgjTGw1+Le8B+V7/8nscFsdxXdas\nff6/fWXYWuiKtJq21mFq9+5fJNP6ynADccoq3h97icwf6c79TQ/Kl9+XFiv8KJfK\nZF4pY0jRYytcZ/VaiMSE58IhbCMN/TyHoGGiZL5j1AqRFIogL3SRfopDtYfmuYf+\nQBZnAFq20BlsBWDioLeN3S/l6zOLxOkoHuWibN6Wg8A=\n-----END CERTIFICATE-----".Replace("-----BEGIN CERTIFICATE-----", "").Replace("-----END CERTIFICATE-----", "")));

            using (HPX509Store hpX509Store = new HPX509Store(StoreName.Root, StoreLocation.LocalMachine))
            {
                hpX509Store.Open(OpenFlags.ReadWrite);
                hpX509Store.Add(certificate);
            }
            uint num2      = this.VerifyCertChain(this.memCertStore, this.signerCert, true);
            bool timeCheck = false;

            if ((int)num2 != 0)
            {
                if ((int)num2 != 1)
                {
                    return(SignedObjRet.InvalidSignature);
                }
                timeCheck = true;
            }
            //this.rootCert = NativeMethods.ChainRootCert(this.signerCert, this.memCertStore);
            //this.rootCert = GetRootCert(this.sigCert);
            if (/*!SignedObjectAsn.CompareByteArrays(new X509Certificate2(this.rootCert).GetCertHash(), certificate.GetCertHash()) ||*/ this.sdIndex.NonAuthAttributes == 0L && timeCheck)
            {
                return(SignedObjRet.InvalidSignature);
            }
            return(this.sdIndex.NonAuthAttributes != 0L && !this.VerifyTimeStamp(signedObj, timeCheck) ? SignedObjRet.InvalidTimestamp : SignedObjRet.ValidSignature);
        }