//
// Constructors.
//
public Pkcs9ContentType()
: base(Oid.FromOidValue(Oids.ContentType, OidGroup.ExtensionOrAttribute))
{
}
public static AlgorithmIdentifier ToAlgorithmIdentifier(this CRYPT_ALGORITHM_IDENTIFIER cryptAlgorithmIdentifer)
{
string oidValue = cryptAlgorithmIdentifer.pszObjId.ToStringAnsi();
AlgId algId = oidValue.ToAlgId();
int keyLength;
switch (algId)
{
case AlgId.CALG_RC2:
{
if (cryptAlgorithmIdentifer.Parameters.cbData == 0)
{
keyLength = 0;
}
else
{
CRYPT_RC2_CBC_PARAMETERS rc2Parameters;
unsafe
{
int cbSize = sizeof(CRYPT_RC2_CBC_PARAMETERS);
if (!Interop.Crypt32.CryptDecodeObject(CryptDecodeObjectStructType.PKCS_RC2_CBC_PARAMETERS, cryptAlgorithmIdentifer.Parameters.pbData, (int)(cryptAlgorithmIdentifer.Parameters.cbData), &rc2Parameters, ref cbSize))
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
}
switch (rc2Parameters.dwVersion)
{
case CryptRc2Version.CRYPT_RC2_40BIT_VERSION:
keyLength = KeyLengths.Rc2_40Bit;
break;
case CryptRc2Version.CRYPT_RC2_56BIT_VERSION:
keyLength = KeyLengths.Rc2_56Bit;
break;
case CryptRc2Version.CRYPT_RC2_64BIT_VERSION:
keyLength = KeyLengths.Rc2_64Bit;
break;
case CryptRc2Version.CRYPT_RC2_128BIT_VERSION:
keyLength = KeyLengths.Rc2_128Bit;
break;
default:
keyLength = 0;
break;
}
}
break;
}
case AlgId.CALG_RC4:
{
int saltLength = 0;
if (cryptAlgorithmIdentifer.Parameters.cbData != 0)
{
using (SafeHandle sh = Interop.Crypt32.CryptDecodeObjectToMemory(CryptDecodeObjectStructType.X509_OCTET_STRING, cryptAlgorithmIdentifer.Parameters.pbData, (int)cryptAlgorithmIdentifer.Parameters.cbData))
{
unsafe
{
DATA_BLOB *pDataBlob = (DATA_BLOB *)(sh.DangerousGetHandle());
saltLength = (int)(pDataBlob->cbData);
}
}
}
// For RC4, keyLength = 128 - (salt length * 8).
keyLength = KeyLengths.Rc4Max_128Bit - saltLength * 8;
break;
}
case AlgId.CALG_DES:
// DES key length is fixed at 64 (or 56 without the parity bits).
keyLength = KeyLengths.Des_64Bit;
break;
case AlgId.CALG_3DES:
// 3DES key length is fixed at 192 (or 168 without the parity bits).
keyLength = KeyLengths.TripleDes_192Bit;
break;
default:
// We've exhausted all the algorithm types that the desktop used to set the KeyLength for. Key lengths are not a viable way of
// identifying algorithms in the long run so we will not extend this list any further.
keyLength = 0;
break;
}
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Oid.FromOidValue(oidValue, OidGroup.All), keyLength);
return(algorithmIdentifier);
}
internal X509Extension(string oidValue)
{
base.Oid = Oid.FromOidValue(oidValue, OidGroup.ExtensionOrAttribute);
}
public AlgorithmIdentifier()
: this(Oid.FromOidValue(Oids.TripleDesCbc, OidGroup.EncryptionAlgorithm), 0)
{
}
public EnvelopedCms(ContentInfo contentInfo)
: this(contentInfo, new AlgorithmIdentifier(Oid.FromOidValue(Oids.Aes256Cbc, OidGroup.EncryptionAlgorithm)))
{
}
private bool TryGetTimestamp(PackageDigitalSignature packageSignature, out Timestamp timestamp)
{
bool isValidTimestampSignature = false;
if (packageSignature == null)
{
throw new ArgumentNullException(nameof(packageSignature));
}
timestamp = new Timestamp()
{
SignedOn = DateTime.MaxValue
};
XmlNamespaceManager namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("ds", "http://schemas.openxmlformats.org/package/2006/digital-signature");
// Obtain timestamp from Signature Xml if there is one.
XmlElement element = packageSignature.Signature.GetXml();
XmlNode encodedTimeNode = element.SelectNodes("//ds:TimeStamp/ds:EncodedTime", namespaceManager).OfType <XmlNode>().FirstOrDefault();
// If timestamp found, verify it.
if (encodedTimeNode != null && encodedTimeNode.InnerText != null)
{
byte[] binaryTimestamp = null;
try
{
binaryTimestamp = Convert.FromBase64String(encodedTimeNode.InnerText);
}
catch (FormatException)
{
return(false);
}
IntPtr TSContextPtr = IntPtr.Zero;
IntPtr TSSignerPtr = IntPtr.Zero;
IntPtr StoreHandle = IntPtr.Zero;
// Ensure timestamp corresponds to package signature
isValidTimestampSignature = WinCrypt.CryptVerifyTimeStampSignature(binaryTimestamp,
(uint)binaryTimestamp.Length,
packageSignature.SignatureValue,
(uint)packageSignature.SignatureValue.Length,
IntPtr.Zero,
out TSContextPtr,
out TSSignerPtr,
out StoreHandle);
if (isValidTimestampSignature)
{
var timestampContext = (CRYPT_TIMESTAMP_CONTEXT)Marshal.PtrToStructure(TSContextPtr, typeof(CRYPT_TIMESTAMP_CONTEXT));
var timestampInfo = (CRYPT_TIMESTAMP_INFO)Marshal.PtrToStructure(timestampContext.pTimeStamp, typeof(CRYPT_TIMESTAMP_INFO));
unchecked
{
uint low = (uint)timestampInfo.ftTime.dwLowDateTime;
long ftTimestamp = (((long)timestampInfo.ftTime.dwHighDateTime) << 32) | low;
timestamp.SignedOn = DateTime.FromFileTime(ftTimestamp);
}
// Get the algorithm name based on the OID.
timestamp.SignatureAlgorithm = Oid.FromOidValue(timestampInfo.HashAlgorithm.pszObjId, OidGroup.HashAlgorithm).FriendlyName;
X509Certificate2 certificate = new X509Certificate2(packageSignature.Signer);
timestamp.EffectiveDate = certificate.NotBefore;
timestamp.ExpiryDate = certificate.NotAfter;
}
if (IntPtr.Zero != TSContextPtr)
{
WinCrypt.CryptMemFree(TSContextPtr);
}
if (IntPtr.Zero != TSSignerPtr)
{
WinCrypt.CertFreeCertificateContext(TSSignerPtr);
}
if (IntPtr.Zero != StoreHandle)
{
WinCrypt.CertCloseStore(StoreHandle, 0);
}
}
return(isValidTimestampSignature);
}
//
// Constructors.
//
public Pkcs9MessageDigest() :
base(Oid.FromOidValue(Oids.MessageDigest, OidGroup.ExtensionOrAttribute))
{
}
public static void LookupOidByValue_Method_NullInput()
{
Assert.Throws <ArgumentNullException>(() => Oid.FromOidValue(null, OidGroup.HashAlgorithm));
}
public static void LookupOidByValue_Method_BadInput(string badInput)
{
Assert.Throws <CryptographicException>(() => Oid.FromOidValue(badInput, OidGroup.HashAlgorithm));
}
public static void LookupOidByValue_Method_WrongGroup(string oidValue, string friendlyName)
{
// Oid group is implemented strictly - no fallback to OidGroup.All as with many other parts of Crypto.
Assert.Throws <CryptographicException>(() => Oid.FromOidValue(oidValue, OidGroup.EncryptionAlgorithm));
}
public Oid GetSignatureAlgorithm()
{
var algorithm = Instance.GetSignatureAlgorithm();
return(Oid.FromOidValue(algorithm, OidGroup.SignatureAlgorithm));
}
public SignedCms(SubjectIdentifierType signerIdentifierType) :
this(signerIdentifierType,
new ContentInfo(Oid.FromOidValue(CAPI.szOID_RSA_data, OidGroup.ExtensionOrAttribute), new byte[0]),
false)
{
}
//
// Constructors.
//
public SignedCms() :
this(SubjectIdentifierType.IssuerAndSerialNumber,
new ContentInfo(Oid.FromOidValue(CAPI.szOID_RSA_data, OidGroup.ExtensionOrAttribute), new byte[0]),
false)
{
}
private static TstInfo ReadTstInfo(IntPtr pTstInfo)
{
var info = (Rfc3161TimestampWin32.CRYPT_TIMESTAMP_INFO)Marshal.PtrToStructure(pTstInfo, typeof(Rfc3161TimestampWin32.CRYPT_TIMESTAMP_INFO));
TstInfo tstInfo = new TstInfo
{
Version = info.dwVersion,
PolicyId = Marshal.PtrToStringAnsi(info.pszTSAPolicyId),
HashedMessage = CopyFromNative(ref info.HashedMessage),
SerialNumber = CopyFromNative(ref info.SerialNumber),
IsOrdering = info.fOrdering,
Nonce = CopyFromNative(ref info.Nonce),
TsaName = CopyFromNative(ref info.Tsa),
};
// Convert to BigEndian.
Array.Reverse(tstInfo.SerialNumber);
string hashAlgOidValue = Marshal.PtrToStringAnsi(info.HashAlgorithm.pszOid);
Oid hashAlgOid;
try
{
hashAlgOid = Oid.FromOidValue(hashAlgOidValue, OidGroup.HashAlgorithm);
}
catch (CryptographicException)
{
hashAlgOid = new Oid(hashAlgOidValue, hashAlgOidValue);
}
tstInfo.HashAlgorithmId = hashAlgOid;
long filetime = info.ftTime.dwHighDateTime;
filetime <<= 32;
filetime |= (info.ftTime.dwLowDateTime & 0xFFFFFFFFL);
tstInfo.Timestamp = DateTimeOffset.FromFileTime(filetime).ToUniversalTime();
if (info.pvAccuracy != IntPtr.Zero)
{
var accuracy = (Rfc3161TimestampWin32.CRYPT_TIMESTAMP_ACCURACY)Marshal.PtrToStructure(info.pvAccuracy, typeof(Rfc3161TimestampWin32.CRYPT_TIMESTAMP_ACCURACY));
long accuracyMicroSeconds =
accuracy.dwSeconds * 1_000_000L +
accuracy.dwMillis * 1000L +
accuracy.dwSeconds;
tstInfo.AccuracyInMicroseconds = accuracyMicroSeconds;
}
if (info.cExtension > 0)
{
throw new NotImplementedException();
}
if (tstInfo.HashedMessage == null || tstInfo.SerialNumber == null)
{
throw new CryptographicException();
}
return(tstInfo);
}