Пример #1
0
        protected override ASN1 ToBeSigned(string oid)
        {
            // TBSCertificate
            ASN1 tbsCert = new ASN1(0x30);

            if (version > 1)
            {
                // TBSCertificate / [0] Version DEFAULT v1,
                byte[] ver = { (byte)(version - 1) };
                ASN1   v   = tbsCert.Add(new ASN1(0xA0));
                v.Add(new ASN1(0x02, ver));
            }

            // TBSCertificate / CertificateSerialNumber,
            tbsCert.Add(new ASN1(0x02, sn));

            // TBSCertificate / AlgorithmIdentifier,
            tbsCert.Add(PKCS7.AlgorithmIdentifier(oid));

            // TBSCertificate / Name
            tbsCert.Add(X501.FromString(issuer));

            // TBSCertificate / Validity
            ASN1 validity = tbsCert.Add(new ASN1(0x30));

            // TBSCertificate / Validity / Time
            validity.Add(ASN1Convert.FromDateTime(notBefore));
            // TBSCertificate / Validity / Time
            validity.Add(ASN1Convert.FromDateTime(notAfter));

            // TBSCertificate / Name
            tbsCert.Add(X501.FromString(subject));

            // TBSCertificate / SubjectPublicKeyInfo
            tbsCert.Add(SubjectPublicKeyInfo());

            if (version > 1)
            {
                // TBSCertificate / [1]  IMPLICIT UniqueIdentifier OPTIONAL
                if (issuerUniqueID != null)
                {
                    tbsCert.Add(new ASN1(0xA1, UniqueIdentifier(issuerUniqueID)));
                }

                // TBSCertificate / [2]  IMPLICIT UniqueIdentifier OPTIONAL
                if (subjectUniqueID != null)
                {
                    tbsCert.Add(new ASN1(0xA1, UniqueIdentifier(subjectUniqueID)));
                }

                // TBSCertificate / [3]  Extensions OPTIONAL
                if ((version > 2) && (extensions.Count > 0))
                {
                    tbsCert.Add(new ASN1(0xA3, extensions.GetBytes()));
                }
            }

            return(tbsCert);
        }
Пример #2
0
        private byte[] Build(ASN1 tbs, string hashoid, byte[] signature)
        {
            ASN1 builder = new ASN1(0x30);

            builder.Add(tbs);
            builder.Add(PKCS7.AlgorithmIdentifier(hashoid));
            // first byte of BITSTRING is the number of unused bits in the first byte
            byte[] bitstring = new byte [signature.Length + 1];
            Buffer.BlockCopy(signature, 0, bitstring, 1, signature.Length);
            builder.Add(new ASN1(0x03, bitstring));
            return(builder.GetBytes());
        }
Пример #3
0
        /* SubjectPublicKeyInfo  ::=  SEQUENCE  {
         *      algorithm            AlgorithmIdentifier,
         *      subjectPublicKey     BIT STRING  }
         */
        private ASN1 SubjectPublicKeyInfo()
        {
            ASN1 keyInfo = new ASN1(0x30);

            if (aa is RSA)
            {
                keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.113549.1.1.1"));
                RSAParameters p = (aa as RSA).ExportParameters(false);

                /* RSAPublicKey ::= SEQUENCE {
                 *       modulus            INTEGER,    -- n
                 *       publicExponent     INTEGER  }  -- e
                 */
                ASN1 key = new ASN1(0x30);
                key.Add(ASN1Convert.FromUnsignedBigInteger(p.Modulus));
                key.Add(ASN1Convert.FromUnsignedBigInteger(p.Exponent));
                keyInfo.Add(new ASN1(UniqueIdentifier(key.GetBytes())));
            }
            else if (aa is DSA)
            {
                DSAParameters p = (aa as DSA).ExportParameters(false);

                /* Dss-Parms  ::=  SEQUENCE  {
                 *       p             INTEGER,
                 *       q             INTEGER,
                 *       g             INTEGER  }
                 */
                ASN1 param = new ASN1(0x30);
                param.Add(ASN1Convert.FromUnsignedBigInteger(p.P));
                param.Add(ASN1Convert.FromUnsignedBigInteger(p.Q));
                param.Add(ASN1Convert.FromUnsignedBigInteger(p.G));
                keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.10040.4.1", param));
                ASN1 key = keyInfo.Add(new ASN1(0x03));
                // DSAPublicKey ::= INTEGER  -- public key, y
                key.Add(ASN1Convert.FromUnsignedBigInteger(p.Y));
            }
            else
            {
                throw new NotSupportedException("Unknown Asymmetric Algorithm " + aa.ToString());
            }
            return(keyInfo);
        }
Пример #4
0
            internal ASN1 GetASN1()
            {
                if ((key == null) || (hashAlgorithm == null))
                {
                    return(null);
                }
                byte[] ver        = { version };
                ASN1   signerInfo = new ASN1(0x30);

                // version Version -> Version ::= INTEGER
                signerInfo.Add(new ASN1(0x02, ver));
                // issuerAndSerialNumber IssuerAndSerialNumber,
                signerInfo.Add(PKCS7.IssuerAndSerialNumber(x509));
                // digestAlgorithm DigestAlgorithmIdentifier,
                string hashOid = CryptoConfig.MapNameToOID(hashAlgorithm);

                signerInfo.Add(AlgorithmIdentifier(hashOid));
                // authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
                ASN1 aa = null;

                if (authenticatedAttributes.Count > 0)
                {
                    aa = signerInfo.Add(new ASN1(0xA0));
                    authenticatedAttributes.Sort(new SortedSet());
                    foreach (ASN1 attr in authenticatedAttributes)
                    {
                        aa.Add(attr);
                    }
                }
                // digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
                if (key is RSA)
                {
                    signerInfo.Add(AlgorithmIdentifier(PKCS7.Oid.rsaEncryption));

                    if (aa != null)
                    {
                        // Calculate the signature here; otherwise it must be set from SignedData
                        RSAPKCS1SignatureFormatter r = new RSAPKCS1SignatureFormatter(key);
                        r.SetHashAlgorithm(hashAlgorithm);
                        byte[] tbs = aa.GetBytes();
                        tbs [0] = 0x31;                         // not 0xA0 for signature
                        HashAlgorithm ha      = HashAlgorithm.Create(hashAlgorithm);
                        byte[]        tbsHash = ha.ComputeHash(tbs);
                        signature = r.CreateSignature(tbsHash);
                    }
                }
                else if (key is DSA)
                {
                    throw new NotImplementedException("not yet");
                }
                else
                {
                    throw new CryptographicException("Unknown assymetric algorithm");
                }
                // encryptedDigest EncryptedDigest,
                signerInfo.Add(new ASN1(0x04, signature));
                // unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
                if (unauthenticatedAttributes.Count > 0)
                {
                    ASN1 ua = signerInfo.Add(new ASN1(0xA1));
                    unauthenticatedAttributes.Sort(new SortedSet());
                    foreach (ASN1 attr in unauthenticatedAttributes)
                    {
                        ua.Add(attr);
                    }
                }
                return(signerInfo);
            }