public static byte[] Encode(RSA rsa)
{
RSAParameters rsaParameters = rsa.ExportParameters(true);
ASN1 asN1 = new ASN1((byte)48);
asN1.Add(new ASN1((byte)2, new byte[1]));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.Modulus));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.Exponent));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.D));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.P));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.Q));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.DP));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.DQ));
asN1.Add(ASN1Convert.FromUnsignedBigInteger(rsaParameters.InverseQ));
return(asN1.GetBytes());
}
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
byte[] pkraw = key.EncodedKeyValue.RawData;
// compute SKI
switch (algorithm)
{
// hash of the public key, excluding Tag, Length and unused bits values
case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
_subjectKeyIdentifier = SHA1.Create().ComputeHash(pkraw);
break;
// 0100 bit pattern followed by the 60 last bit of the hash
case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
byte[] hash = SHA1.Create().ComputeHash(pkraw);
_subjectKeyIdentifier = new byte [8];
Buffer.BlockCopy(hash, 12, _subjectKeyIdentifier, 0, 8);
_subjectKeyIdentifier [0] = (byte)(0x40 | (_subjectKeyIdentifier [0] & 0x0F));
break;
// hash of the public key, including Tag, Length and unused bits values
case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1:
// CryptoAPI does that hash on the complete subjectPublicKeyInfo (unlike PKIX)
// http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain
ASN1 subjectPublicKeyInfo = new ASN1(0x30);
ASN1 algo = subjectPublicKeyInfo.Add(new ASN1(0x30));
algo.Add(new ASN1(CryptoConfig.EncodeOID(key.Oid.Value)));
algo.Add(new ASN1(key.EncodedParameters.RawData));
// add an extra byte for the unused bits (none)
byte[] full = new byte [pkraw.Length + 1];
Buffer.BlockCopy(pkraw, 0, full, 1, pkraw.Length);
subjectPublicKeyInfo.Add(new ASN1(0x03, full));
_subjectKeyIdentifier = SHA1.Create().ComputeHash(subjectPublicKeyInfo.GetBytes());
break;
default:
throw new ArgumentException("algorithm");
}
_oid = new Oid(oid, friendlyName);
base.Critical = critical;
RawData = Encode();
}
internal byte[] Encode()
{
if (_signingTime.Year <= 1600)
{
throw new ArgumentOutOfRangeException("<= 1600");
}
// Only UTCTIME is supported by FX 2.0
if ((_signingTime.Year < 1950) || (_signingTime.Year >= 2050))
{
throw new CryptographicException("[1950,2049]");
}
string date = _signingTime.ToString("yyMMddHHmmss", CultureInfo.InvariantCulture) + "Z";
ASN1 attr = new ASN1(0x17, Encoding.ASCII.GetBytes(date));
return(attr.GetBytes());
}
public X500DistinguishedName(string distinguishedName, X500DistinguishedNameFlags flag)
{
if (distinguishedName == null)
{
throw new ArgumentNullException("distinguishedName");
}
if ((flag != 0) && ((flag & AllFlags) == 0))
{
throw new ArgumentException("flag");
}
Oid = new Oid();
if (distinguishedName.Length == 0)
{
// empty (0x00) ASN.1 sequence (0x30)
RawData = new byte [2] {
0x30, 0x00
};
DecodeRawData();
}
else
{
ASN1 dn = MX.X501.FromString(distinguishedName);
if ((flag & X500DistinguishedNameFlags.Reversed) != 0)
{
ASN1 rdn = new ASN1(0x30);
for (int i = dn.Count - 1; i >= 0; i--)
{
rdn.Add(dn [i]);
}
dn = rdn;
}
RawData = dn.GetBytes();
if (flag == X500DistinguishedNameFlags.None)
{
name = distinguishedName;
}
else
{
name = Decode(flag);
}
}
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension" /> class using a public key, a hash algorithm identifier, and a value indicating whether the extension is critical. </summary>
/// <param name="key">A <see cref="T:System.Security.Cryptography.X509Certificates.PublicKey" /> object to create a subject key identifier (SKI) from.</param>
/// <param name="algorithm">One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierHashAlgorithm" /> values that identifies which hash algorithm to use.</param>
/// <param name="critical">true if the extension is critical; otherwise, false.</param>
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
byte[] rawData = key.EncodedKeyValue.RawData;
switch (algorithm)
{
case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
this._subjectKeyIdentifier = SHA1.Create().ComputeHash(rawData);
break;
case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
{
byte[] src = SHA1.Create().ComputeHash(rawData);
this._subjectKeyIdentifier = new byte[8];
Buffer.BlockCopy(src, 12, this._subjectKeyIdentifier, 0, 8);
this._subjectKeyIdentifier[0] = (64 | (this._subjectKeyIdentifier[0] & 15));
break;
}
case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1:
{
ASN1 asn = new ASN1(48);
ASN1 asn2 = asn.Add(new ASN1(48));
asn2.Add(new ASN1(CryptoConfig.EncodeOID(key.Oid.Value)));
asn2.Add(new ASN1(key.EncodedParameters.RawData));
byte[] array = new byte[rawData.Length + 1];
Buffer.BlockCopy(rawData, 0, array, 1, rawData.Length);
asn.Add(new ASN1(3, array));
this._subjectKeyIdentifier = SHA1.Create().ComputeHash(asn.GetBytes());
break;
}
default:
throw new ArgumentException("algorithm");
}
this._oid = new Oid("2.5.29.14", "Subject Key Identifier");
base.Critical = critical;
base.RawData = this.Encode();
}
/* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
private ASN1 SubjectPublicKeyInfo()
{
ASN1 keyInfo = new ASN1(0x30);
if (aa is RSA)
{
keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.113549.1.1.1"));
RSAParameters p = (aa as RSA).ExportParameters(false);
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
ASN1 key = new ASN1(0x30);
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Modulus));
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Exponent));
keyInfo.Add(new ASN1(UniqueIdentifier(key.GetBytes())));
}
else if (aa is DSA)
{
DSAParameters p = (aa as DSA).ExportParameters(false);
/* Dss-Parms ::= SEQUENCE {
* p INTEGER,
* q INTEGER,
* g INTEGER }
*/
ASN1 param = new ASN1(0x30);
param.Add(ASN1Convert.FromUnsignedBigInteger(p.P));
param.Add(ASN1Convert.FromUnsignedBigInteger(p.Q));
param.Add(ASN1Convert.FromUnsignedBigInteger(p.G));
keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.10040.4.1", param));
ASN1 key = keyInfo.Add(new ASN1(0x03));
// DSAPublicKey ::= INTEGER -- public key, y
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Y));
}
else
{
throw new NotSupportedException("Unknown Asymmetric Algorithm " + aa.ToString());
}
return(keyInfo);
}
// Class {
// Class {
// Class { Enum },
// Class { OID(NTLMSSP) },
// Class { OctetStream } } }
public byte [] ProcessSpnegoInitialContextTokenResponse()
{
ASN1 top = new ASN1(0xA1);
ASN1 asn = new ASN1(0x30);
ASN1 asn1 = new ASN1(0xA0);
// FIXME: what is this enum?
asn1.Add(new ASN1(0x0A, new byte [] { 1 })); // Enum whatever
ASN1 asn2 = new ASN1(0xA1);
asn2.Add(ASN1Convert.FromOid(Constants.OidNtlmSsp));
ASN1 asn3 = new ASN1(0xA2);
asn3.Add(new ASN1(0x04, ProcessMessageType2()));
asn.Add(asn1);
asn.Add(asn2);
asn.Add(asn3);
top.Add(asn);
return(top.GetBytes());
}
/*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
static public byte[] Encode(RSA rsa)
{
RSAParameters param = rsa.ExportParameters(true);
ASN1 rsaPrivateKey = new ASN1(0x30);
rsaPrivateKey.Add(new ASN1(0x02, new byte [1] {
0x00
}));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Modulus));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Exponent));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.D));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.P));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Q));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DP));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DQ));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.InverseQ));
return(rsaPrivateKey.GetBytes());
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.X509Certificates.X500DistinguishedName" /> class using the specified string and <see cref="T:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags" /> flag.</summary>
/// <param name="distinguishedName">A string that represents the distinguished name.</param>
/// <param name="flag">An <see cref="T:System.Security.Cryptography.X509Certificates.X500DistinguishedName" /> object that specifies the characteristics of the distinguished name.</param>
public X500DistinguishedName(string distinguishedName, X500DistinguishedNameFlags flag)
{
if (distinguishedName == null)
{
throw new ArgumentNullException("distinguishedName");
}
if (flag != X500DistinguishedNameFlags.None && (flag & (X500DistinguishedNameFlags.Reversed | X500DistinguishedNameFlags.UseSemicolons | X500DistinguishedNameFlags.DoNotUsePlusSign | X500DistinguishedNameFlags.DoNotUseQuotes | X500DistinguishedNameFlags.UseCommas | X500DistinguishedNameFlags.UseNewLines | X500DistinguishedNameFlags.UseUTF8Encoding | X500DistinguishedNameFlags.UseT61Encoding | X500DistinguishedNameFlags.ForceUTF8Encoding)) == X500DistinguishedNameFlags.None)
{
throw new ArgumentException("flag");
}
base.Oid = new Oid();
if (distinguishedName.Length == 0)
{
byte[] array = new byte[2];
array[0] = 48;
base.RawData = array;
this.DecodeRawData();
}
else
{
ASN1 asn = X501.FromString(distinguishedName);
if ((flag & X500DistinguishedNameFlags.Reversed) != X500DistinguishedNameFlags.None)
{
ASN1 asn2 = new ASN1(48);
for (int i = asn.Count - 1; i >= 0; i--)
{
asn2.Add(asn[i]);
}
asn = asn2;
}
base.RawData = asn.GetBytes();
if (flag == X500DistinguishedNameFlags.None)
{
this.name = distinguishedName;
}
else
{
this.name = this.Decode(flag);
}
}
}
///
/// SEQUENCE (a)
/// +- INTEGER (V) // Version - 0 (v1998)
/// +- SEQUENCE (b)
/// | +- OID (oid) // 1.2.840.113549.1.1.1
/// | +- Nil (c)
/// +- OCTETSTRING(PRVKY) (os) // Private Key Parameter
///
/// However, OCTETSTRING(PRVKY) wraps
/// SEQUENCE(
/// INTEGER(0) // Version - 0 (v1998)
/// INTEGER(N)
/// INTEGER(E)
/// INTEGER(D)
/// INTEGER(P)
/// INTEGER(Q)
/// INTEGER(DP)
/// INTEGER(DQ)
/// INTEGER(InvQ)
/// )
public static byte[] RSAKeyToASN1(RSAParameters PrivateKey) {
ASN1 v = ASN1Convert.FromUnsignedBigInteger(new byte[] {0});
ASN1 b = PKCS7.AlgorithmIdentifier ("1.2.840.113549.1.1.1");
ASN1 os = new ASN1(0x30);
os.Add(ASN1Convert.FromUnsignedBigInteger(new byte[] {0}));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.Modulus));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.Exponent));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.D));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.P));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.Q));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.DP));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.DQ));
os.Add(ASN1Convert.FromUnsignedBigInteger(PrivateKey.InverseQ));
ASN1 pem = new ASN1(0x30);
pem.Add(v);
pem.Add(b);
// Make this into an OCTET string
pem.Add(new ASN1(0x04, os.GetBytes()));
return pem.GetBytes();
}
internal byte[] Encode()
{
ASN1 ex = new ASN1(0x30);
if (_certificateAuthority)
{
ex.Add(new ASN1(0x01, new byte[] { 0xFF }));
}
if (_hasPathLengthConstraint)
{
// MS encodes the 0 (pathLengthConstraint is OPTIONAL)
// and in a long form (02 00 versus 02 01 00)
if (_pathLengthConstraint == 0)
{
ex.Add(new ASN1(0x02, new byte[] { 0x00 }));
}
else
{
ex.Add(ASN1Convert.FromInt32(_pathLengthConstraint));
}
}
return(ex.GetBytes());
}
public static byte[] Encode_v15(HashAlgorithm hash, byte[] hashValue, int emLength)
{
if (hashValue.Length != hash.HashSize >> 3)
{
throw new CryptographicException("bad hash length for " + hash.ToString());
}
string text = CryptoConfig.MapNameToOID(hash.ToString());
byte[] array;
if (text != null)
{
ASN1 asn = new ASN1(48);
asn.Add(new ASN1(CryptoConfig.EncodeOID(text)));
asn.Add(new ASN1(5));
ASN1 asn2 = new ASN1(4, hashValue);
ASN1 asn3 = new ASN1(48);
asn3.Add(asn);
asn3.Add(asn2);
array = asn3.GetBytes();
}
else
{
array = hashValue;
}
Buffer.BlockCopy(hashValue, 0, array, array.Length - hashValue.Length, hashValue.Length);
int num = Math.Max(8, emLength - array.Length - 3);
byte[] array2 = new byte[num + array.Length + 3];
array2[1] = 1;
for (int i = 2; i < num + 2; i++)
{
array2[i] = byte.MaxValue;
}
Buffer.BlockCopy(array, 0, array2, num + 3, array.Length);
return(array2);
}
public static byte[] Encode_v15(HashAlgorithm hash, byte[] hashValue, int emLength)
{
if (hashValue.Length != hash.HashSize >> 3)
{
throw new CryptographicException("bad hash length for " + hash.ToString());
}
string oid = CryptoConfig.MapNameToOID(hash.ToString());
byte[] numArray1;
if (oid != null)
{
ASN1 asn1_1 = new ASN1((byte)48);
asn1_1.Add(new ASN1(CryptoConfig.EncodeOID(oid)));
asn1_1.Add(new ASN1((byte)5));
ASN1 asn1_2 = new ASN1((byte)4, hashValue);
ASN1 asN1 = new ASN1((byte)48);
asN1.Add(asn1_1);
asN1.Add(asn1_2);
numArray1 = asN1.GetBytes();
}
else
{
numArray1 = hashValue;
}
Buffer.BlockCopy((Array)hashValue, 0, (Array)numArray1, numArray1.Length - hashValue.Length, hashValue.Length);
int num = System.Math.Max(8, emLength - numArray1.Length - 3);
byte[] numArray2 = new byte[num + numArray1.Length + 3];
numArray2[1] = (byte)1;
for (int index = 2; index < num + 2; ++index)
{
numArray2[index] = byte.MaxValue;
}
Buffer.BlockCopy((Array)numArray1, 0, (Array)numArray2, num + 3, numArray1.Length);
return(numArray2);
}
internal byte[] Encode()
{
ASN1 asn = new ASN1(48);
if (this._certificateAuthority)
{
asn.Add(new ASN1(1, new byte[]
{
byte.MaxValue
}));
}
if (this._hasPathLengthConstraint)
{
if (this._pathLengthConstraint == 0)
{
asn.Add(new ASN1(2, new byte[1]));
}
else
{
asn.Add(ASN1Convert.FromInt32(this._pathLengthConstraint));
}
}
return(asn.GetBytes());
}
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string a = null;
ASN1 asn = null;
int i = 0;
while (i < sd.SignerInfo.AuthenticatedAttributes.Count)
{
ASN1 asn2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i];
string text = ASN1Convert.ToOid(asn2[0]);
string text2 = text;
switch (text2)
{
case "1.2.840.113549.1.9.3":
a = ASN1Convert.ToOid(asn2[1][0]);
break;
case "1.2.840.113549.1.9.4":
asn = asn2[1][0];
break;
}
IL_F1:
i++;
continue;
goto IL_F1;
}
if (a != "1.3.6.1.4.1.311.2.1.4")
{
return(false);
}
if (asn == null)
{
return(false);
}
if (!asn.CompareValue(calculatedMessageDigest))
{
return(false);
}
string str = CryptoConfig.MapNameToOID(ha.ToString());
ASN1 asn3 = new ASN1(49);
foreach (object obj in sd.SignerInfo.AuthenticatedAttributes)
{
ASN1 asn4 = (ASN1)obj;
asn3.Add(asn4);
}
ha.Initialize();
byte[] rgbHash = ha.ComputeHash(asn3.GetBytes());
byte[] signature = sd.SignerInfo.Signature;
string issuerName = sd.SignerInfo.IssuerName;
byte[] serialNumber = sd.SignerInfo.SerialNumber;
foreach (X509Certificate x509Certificate in this.coll)
{
if (this.CompareIssuerSerial(issuerName, serialNumber, x509Certificate) && x509Certificate.PublicKey.Length > signature.Length >> 3)
{
this.signingCertificate = x509Certificate;
RSACryptoServiceProvider rsacryptoServiceProvider = (RSACryptoServiceProvider)x509Certificate.RSA;
if (rsacryptoServiceProvider.VerifyHash(rgbHash, str, signature))
{
this.signerChain.LoadCertificates(this.coll);
this.trustedRoot = this.signerChain.Build(x509Certificate);
break;
}
}
}
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
this.trustedTimestampRoot = true;
}
else
{
int j = 0;
while (j < sd.SignerInfo.UnauthenticatedAttributes.Count)
{
ASN1 asn5 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j];
string text3 = ASN1Convert.ToOid(asn5[0]);
string text2 = text3;
if (text2 != null)
{
if (AuthenticodeDeformatter.< > f__switch$map2 == null)
{
AuthenticodeDeformatter.< > f__switch$map2 = new Dictionary <string, int>(1)
{
{
"1.2.840.113549.1.9.6",
0
}
};
}
int num;
if (AuthenticodeDeformatter.< > f__switch$map2.TryGetValue(text2, out num))
{
if (num == 0)
{
PKCS7.SignerInfo cs = new PKCS7.SignerInfo(asn5[1]);
this.trustedTimestampRoot = this.VerifyCounterSignature(cs, signature);
}
}
}
IL_35D:
j++;
continue;
goto IL_35D;
}
}
return(this.trustedRoot && this.trustedTimestampRoot);
}
/* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
private ASN1 SubjectPublicKeyInfo ()
{
ASN1 keyInfo = new ASN1 (0x30);
if (aa is RSA) {
keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.113549.1.1.1"));
RSAParameters p = (aa as RSA).ExportParameters (false);
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
ASN1 key = new ASN1 (0x30);
key.Add (ASN1Convert.FromUnsignedBigInteger (p.Modulus));
key.Add (ASN1Convert.FromUnsignedBigInteger (p.Exponent));
keyInfo.Add (new ASN1 (UniqueIdentifier (key.GetBytes ())));
}
else if (aa is DSA) {
DSAParameters p = (aa as DSA).ExportParameters (false);
/* Dss-Parms ::= SEQUENCE {
* p INTEGER,
* q INTEGER,
* g INTEGER }
*/
ASN1 param = new ASN1 (0x30);
param.Add (ASN1Convert.FromUnsignedBigInteger (p.P));
param.Add (ASN1Convert.FromUnsignedBigInteger (p.Q));
param.Add (ASN1Convert.FromUnsignedBigInteger (p.G));
keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.10040.4.1", param));
ASN1 key = keyInfo.Add (new ASN1 (0x03));
// DSAPublicKey ::= INTEGER -- public key, y
key.Add (ASN1Convert.FromUnsignedBigInteger (p.Y));
}
else
throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ());
return keyInfo;
}
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
// SEQUENCE {
// INTEGER 1
if (cs.Version != 1)
return false;
// SEQUENCE {
// SEQUENCE {
string contentType = null;
ASN1 messageDigest = null;
for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) {
// SEQUENCE {
// OBJECT IDENTIFIER
ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid) {
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.2.840.113549.1.9.5":
// SEQUENCE {
// OBJECT IDENTIFIER
// signingTime (1 2 840 113549 1 9 5)
// SET {
// UTCTime '030124013651Z'
// }
// }
timestamp = ASN1Convert.ToDateTime (attr[1][0]);
break;
default:
break;
}
}
if (contentType != PKCS7.Oid.data)
return false;
// verify message digest
if (messageDigest == null)
return false;
// TODO: must be read from the ASN.1 structure
string hashName = null;
switch (messageDigest.Length) {
case 16:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm ha = HashAlgorithm.Create (hashName);
if (!messageDigest.CompareValue (ha.ComputeHash (signature)))
return false;
// verify signature
byte[] counterSignature = cs.Signature;
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in cs.AuthenticatedAttributes)
aa.Add (a);
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
// we need to try all certificates
string issuer = cs.IssuerName;
byte[] serial = cs.SerialNumber;
foreach (X509Certificate x509 in coll) {
if (CompareIssuerSerial (issuer, serial, x509)) {
if (x509.PublicKey.Length > counterSignature.Length) {
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
// we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service
// and this means copying stuff into our own RSAManaged to get the required flexibility
RSAManaged rsam = new RSAManaged ();
rsam.ImportParameters (rsa.ExportParameters (false));
if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true)) {
timestampChain.LoadCertificates (coll);
return (timestampChain.Build (x509));
}
}
}
}
// no certificate can verify this signature!
return false;
}
public byte[] GetBytes()
{
return(asn.GetBytes());
}
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature)
{
if (cs.Version != 1)
{
return(false);
}
string a = null;
ASN1 aSN = null;
for (int i = 0; i < cs.AuthenticatedAttributes.Count; i++)
{
ASN1 aSN2 = (ASN1)cs.AuthenticatedAttributes[i];
switch (ASN1Convert.ToOid(aSN2[0]))
{
case "1.2.840.113549.1.9.3":
a = ASN1Convert.ToOid(aSN2[1][0]);
break;
case "1.2.840.113549.1.9.4":
aSN = aSN2[1][0];
break;
case "1.2.840.113549.1.9.5":
timestamp = ASN1Convert.ToDateTime(aSN2[1][0]);
break;
}
}
if (a != "1.2.840.113549.1.7.1")
{
return(false);
}
if (aSN == null)
{
return(false);
}
string hashName = null;
switch (aSN.Length)
{
case 16:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm hashAlgorithm = HashAlgorithm.Create(hashName);
if (!aSN.CompareValue(hashAlgorithm.ComputeHash(signature)))
{
return(false);
}
byte[] signature2 = cs.Signature;
ASN1 aSN3 = new ASN1(49);
foreach (ASN1 authenticatedAttribute in cs.AuthenticatedAttributes)
{
aSN3.Add(authenticatedAttribute);
}
byte[] hashValue = hashAlgorithm.ComputeHash(aSN3.GetBytes());
string issuerName = cs.IssuerName;
byte[] serialNumber = cs.SerialNumber;
foreach (X509Certificate item in coll)
{
if (CompareIssuerSerial(issuerName, serialNumber, item) && item.PublicKey.Length > signature2.Length)
{
RSACryptoServiceProvider rSACryptoServiceProvider = (RSACryptoServiceProvider)item.RSA;
RSAManaged rSAManaged = new RSAManaged();
rSAManaged.ImportParameters(rSACryptoServiceProvider.ExportParameters(includePrivateParameters: false));
if (PKCS1.Verify_v15(rSAManaged, hashAlgorithm, hashValue, signature2, tryNonStandardEncoding: true))
{
timestampChain.LoadCertificates(coll);
return(timestampChain.Build(item));
}
}
}
return(false);
}
// that's were the real job is!
private void Parse(byte[] data)
{
try {
decoder = new ASN1(data);
// Certificate
if (decoder.Tag != 0x30)
{
throw new CryptographicException(encoding_error);
}
// Certificate / TBSCertificate
if (decoder [0].Tag != 0x30)
{
throw new CryptographicException(encoding_error);
}
ASN1 tbsCertificate = decoder [0];
int tbs = 0;
// Certificate / TBSCertificate / Version
ASN1 v = decoder [0][tbs];
version = 1; // DEFAULT v1
if ((v.Tag == 0xA0) && (v.Count > 0))
{
// version (optional) is present only in v2+ certs
version += v [0].Value [0]; // zero based
tbs++;
}
// Certificate / TBSCertificate / CertificateSerialNumber
ASN1 sn = decoder [0][tbs++];
if (sn.Tag != 0x02)
{
throw new CryptographicException(encoding_error);
}
serialnumber = sn.Value;
Array.Reverse(serialnumber, 0, serialnumber.Length);
// Certificate / TBSCertificate / AlgorithmIdentifier
tbs++;
// ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
issuer = tbsCertificate.Element(tbs++, 0x30);
m_issuername = X501.ToString(issuer);
ASN1 validity = tbsCertificate.Element(tbs++, 0x30);
ASN1 notBefore = validity [0];
m_from = ASN1Convert.ToDateTime(notBefore);
ASN1 notAfter = validity [1];
m_until = ASN1Convert.ToDateTime(notAfter);
subject = tbsCertificate.Element(tbs++, 0x30);
m_subject = X501.ToString(subject);
ASN1 subjectPublicKeyInfo = tbsCertificate.Element(tbs++, 0x30);
ASN1 algorithm = subjectPublicKeyInfo.Element(0, 0x30);
ASN1 algo = algorithm.Element(0, 0x06);
m_keyalgo = ASN1Convert.ToOid(algo);
// parameters ANY DEFINED BY algorithm OPTIONAL
// so we dont ask for a specific (Element) type and return DER
ASN1 parameters = algorithm [1];
m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes() : null);
ASN1 subjectPublicKey = subjectPublicKeyInfo.Element(1, 0x03);
// we must drop th first byte (which is the number of unused bits
// in the BITSTRING)
int n = subjectPublicKey.Length - 1;
m_publickey = new byte [n];
Buffer.BlockCopy(subjectPublicKey.Value, 1, m_publickey, 0, n);
// signature processing
byte[] bitstring = decoder [2].Value;
// first byte contains unused bits in first byte
signature = new byte [bitstring.Length - 1];
Buffer.BlockCopy(bitstring, 1, signature, 0, signature.Length);
algorithm = decoder [1];
algo = algorithm.Element(0, 0x06);
m_signaturealgo = ASN1Convert.ToOid(algo);
parameters = algorithm [1];
if (parameters != null)
{
m_signaturealgoparams = parameters.GetBytes();
}
else
{
m_signaturealgoparams = null;
}
// Certificate / TBSCertificate / issuerUniqueID
ASN1 issuerUID = tbsCertificate.Element(tbs, 0x81);
if (issuerUID != null)
{
tbs++;
issuerUniqueID = issuerUID.Value;
}
// Certificate / TBSCertificate / subjectUniqueID
ASN1 subjectUID = tbsCertificate.Element(tbs, 0x82);
if (subjectUID != null)
{
tbs++;
subjectUniqueID = subjectUID.Value;
}
// Certificate / TBSCertificate / Extensions
ASN1 extns = tbsCertificate.Element(tbs, 0xA3);
if ((extns != null) && (extns.Count == 1))
{
extensions = new X509ExtensionCollection(extns [0]);
}
else
{
extensions = new X509ExtensionCollection(null);
}
// keep a copy of the original data
m_encodedcert = (byte[])data.Clone();
}
catch (Exception ex) {
throw new CryptographicException(encoding_error, ex);
}
}
public byte[] GetBytes()
{
return(ASN1.GetBytes());
}
internal byte[] Encode ()
{
ASN1 ex = new ASN1 (0x04, _subjectKeyIdentifier);
return ex.GetBytes ();
}
public byte[] GetBytes ()
{
ASN1 sequence = new ASN1 (0x30);
sequence.Add (new ASN1 (0x02, sn));
sequence.Add (ASN1Convert.FromDateTime (revocationDate));
if (extensions.Count > 0)
sequence.Add (new ASN1 (extensions.GetBytes ()));
return sequence.GetBytes ();
}
internal byte[] Encode()
{
ASN1 ex = new ASN1(0x04, _subjectKeyIdentifier);
return(ex.GetBytes());
}
internal byte[] Encode ()
{
ASN1 ex = new ASN1 (0x30);
if (_certificateAuthority)
ex.Add (new ASN1 (0x01, new byte[] { 0xFF }));
if (_hasPathLengthConstraint) {
// MS encodes the 0 (pathLengthConstraint is OPTIONAL)
// and in a long form (02 00 versus 02 01 00)
if (_pathLengthConstraint == 0)
ex.Add (new ASN1 (0x02, new byte[] { 0x00 }));
else
ex.Add (ASN1Convert.FromInt32 (_pathLengthConstraint));
}
return ex.GetBytes ();
}
// PKCS #1 v.2.1, Section 9.2
// EMSA-PKCS1-v1_5-Encode
public static byte[] Encode_v15 (HashAlgorithm hash, byte[] hashValue, int emLength)
{
if (hashValue.Length != (hash.HashSize >> 3))
throw new CryptographicException ("bad hash length for " + hash.ToString ());
// DigestInfo ::= SEQUENCE {
// digestAlgorithm AlgorithmIdentifier,
// digest OCTET STRING
// }
byte[] t = null;
string oid = CryptoConfig.MapNameToOID (hash.ToString ());
if (oid != null)
{
ASN1 digestAlgorithm = new ASN1 (0x30);
digestAlgorithm.Add (new ASN1 (CryptoConfig.EncodeOID (oid)));
digestAlgorithm.Add (new ASN1 (0x05)); // NULL
ASN1 digest = new ASN1 (0x04, hashValue);
ASN1 digestInfo = new ASN1 (0x30);
digestInfo.Add (digestAlgorithm);
digestInfo.Add (digest);
t = digestInfo.GetBytes ();
}
else
{
// There are no valid OID, in this case t = hashValue
// This is the case of the MD5SHA hash algorithm
t = hashValue;
}
Buffer.BlockCopy (hashValue, 0, t, t.Length - hashValue.Length, hashValue.Length);
int PSLength = System.Math.Max (8, emLength - t.Length - 3);
// PS = PSLength of 0xff
// EM = 0x00 | 0x01 | PS | 0x00 | T
byte[] EM = new byte [PSLength + t.Length + 3];
EM [1] = 0x01;
for (int i=2; i < PSLength + 2; i++)
EM[i] = 0xff;
Buffer.BlockCopy (t, 0, EM, PSLength + 3, t.Length);
return EM;
}
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature)
{
if (cs.Version != 1)
{
return(false);
}
string a = null;
ASN1 asn = null;
int i = 0;
while (i < cs.AuthenticatedAttributes.Count)
{
ASN1 asn2 = (ASN1)cs.AuthenticatedAttributes[i];
string text = ASN1Convert.ToOid(asn2[0]);
string text2 = text;
switch (text2)
{
case "1.2.840.113549.1.9.3":
a = ASN1Convert.ToOid(asn2[1][0]);
break;
case "1.2.840.113549.1.9.4":
asn = asn2[1][0];
break;
case "1.2.840.113549.1.9.5":
this.timestamp = ASN1Convert.ToDateTime(asn2[1][0]);
break;
}
IL_FC:
i++;
continue;
goto IL_FC;
}
if (a != "1.2.840.113549.1.7.1")
{
return(false);
}
if (asn == null)
{
return(false);
}
string hashName = null;
int length = asn.Length;
if (length != 16)
{
if (length == 20)
{
hashName = "SHA1";
}
}
else
{
hashName = "MD5";
}
HashAlgorithm hashAlgorithm = HashAlgorithm.Create(hashName);
if (!asn.CompareValue(hashAlgorithm.ComputeHash(signature)))
{
return(false);
}
byte[] signature2 = cs.Signature;
ASN1 asn3 = new ASN1(49);
foreach (object obj in cs.AuthenticatedAttributes)
{
ASN1 asn4 = (ASN1)obj;
asn3.Add(asn4);
}
byte[] hashValue = hashAlgorithm.ComputeHash(asn3.GetBytes());
string issuerName = cs.IssuerName;
byte[] serialNumber = cs.SerialNumber;
foreach (X509Certificate x509Certificate in this.coll)
{
if (this.CompareIssuerSerial(issuerName, serialNumber, x509Certificate) && x509Certificate.PublicKey.Length > signature2.Length)
{
RSACryptoServiceProvider rsacryptoServiceProvider = (RSACryptoServiceProvider)x509Certificate.RSA;
RSAManaged rsamanaged = new RSAManaged();
rsamanaged.ImportParameters(rsacryptoServiceProvider.ExportParameters(false));
if (PKCS1.Verify_v15(rsamanaged, hashAlgorithm, hashValue, signature2, true))
{
this.timestampChain.LoadCertificates(this.coll);
return(this.timestampChain.Build(x509Certificate));
}
}
}
return(false);
}
internal byte[] Encode()
{
ASN1 asn = new ASN1(4, this._subjectKeyIdentifier);
return(asn.GetBytes());
}
public byte[] GetBytes ()
{
ASN1 privateKeyAlgorithm = new ASN1 (0x30);
privateKeyAlgorithm.Add (ASN1Convert.FromOid (_algorithm));
privateKeyAlgorithm.Add (new ASN1 (0x05)); // ASN.1 NULL
ASN1 pki = new ASN1 (0x30);
pki.Add (new ASN1 (0x02, new byte [1] { (byte) _version }));
pki.Add (privateKeyAlgorithm);
pki.Add (new ASN1 (0x04, _key));
if (_list.Count > 0) {
ASN1 attributes = new ASN1 (0xA0);
foreach (ASN1 attribute in _list) {
attributes.Add (attribute);
}
pki.Add (attributes);
}
return pki.GetBytes ();
}
private void Parse(byte[] data)
{
try
{
this.decoder = new ASN1(data);
if (this.decoder.Tag != 48)
{
throw new CryptographicException(X509Certificate.encoding_error);
}
if (this.decoder[0].Tag != 48)
{
throw new CryptographicException(X509Certificate.encoding_error);
}
ASN1 asn = this.decoder[0];
int num = 0;
ASN1 asn2 = this.decoder[0][num];
this.version = 1;
if (asn2.Tag == 160 && asn2.Count > 0)
{
this.version += (int)asn2[0].Value[0];
num++;
}
ASN1 asn3 = this.decoder[0][num++];
if (asn3.Tag != 2)
{
throw new CryptographicException(X509Certificate.encoding_error);
}
this.serialnumber = asn3.Value;
Array.Reverse(this.serialnumber, 0, this.serialnumber.Length);
num++;
this.issuer = asn.Element(num++, 48);
this.m_issuername = X501.ToString(this.issuer);
ASN1 asn4 = asn.Element(num++, 48);
ASN1 time = asn4[0];
this.m_from = ASN1Convert.ToDateTime(time);
ASN1 time2 = asn4[1];
this.m_until = ASN1Convert.ToDateTime(time2);
this.subject = asn.Element(num++, 48);
this.m_subject = X501.ToString(this.subject);
ASN1 asn5 = asn.Element(num++, 48);
ASN1 asn6 = asn5.Element(0, 48);
ASN1 asn7 = asn6.Element(0, 6);
this.m_keyalgo = ASN1Convert.ToOid(asn7);
ASN1 asn8 = asn6[1];
this.m_keyalgoparams = ((asn6.Count <= 1) ? null : asn8.GetBytes());
ASN1 asn9 = asn5.Element(1, 3);
int num2 = asn9.Length - 1;
this.m_publickey = new byte[num2];
Buffer.BlockCopy(asn9.Value, 1, this.m_publickey, 0, num2);
byte[] value = this.decoder[2].Value;
this.signature = new byte[value.Length - 1];
Buffer.BlockCopy(value, 1, this.signature, 0, this.signature.Length);
asn6 = this.decoder[1];
asn7 = asn6.Element(0, 6);
this.m_signaturealgo = ASN1Convert.ToOid(asn7);
asn8 = asn6[1];
if (asn8 != null)
{
this.m_signaturealgoparams = asn8.GetBytes();
}
else
{
this.m_signaturealgoparams = null;
}
ASN1 asn10 = asn.Element(num, 129);
if (asn10 != null)
{
num++;
this.issuerUniqueID = asn10.Value;
}
ASN1 asn11 = asn.Element(num, 130);
if (asn11 != null)
{
num++;
this.subjectUniqueID = asn11.Value;
}
ASN1 asn12 = asn.Element(num, 163);
if (asn12 != null && asn12.Count == 1)
{
this.extensions = new X509ExtensionCollection(asn12[0]);
}
else
{
this.extensions = new X509ExtensionCollection(null);
}
this.m_encodedcert = (byte[])data.Clone();
}
catch (Exception inner)
{
throw new CryptographicException(X509Certificate.encoding_error, inner);
}
}
public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
{
if (key == null)
throw new ArgumentNullException ("key");
byte[] pkraw = key.EncodedKeyValue.RawData;
// compute SKI
switch (algorithm) {
// hash of the public key, excluding Tag, Length and unused bits values
case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
_subjectKeyIdentifier = SHA1.Create ().ComputeHash (pkraw);
break;
// 0100 bit pattern followed by the 60 last bit of the hash
case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
byte[] hash = SHA1.Create ().ComputeHash (pkraw);
_subjectKeyIdentifier = new byte [8];
Buffer.BlockCopy (hash, 12, _subjectKeyIdentifier, 0, 8);
_subjectKeyIdentifier [0] = (byte) (0x40 | (_subjectKeyIdentifier [0] & 0x0F));
break;
// hash of the public key, including Tag, Length and unused bits values
case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1:
// CryptoAPI does that hash on the complete subjectPublicKeyInfo (unlike PKIX)
// http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain
ASN1 subjectPublicKeyInfo = new ASN1 (0x30);
ASN1 algo = subjectPublicKeyInfo.Add (new ASN1 (0x30));
algo.Add (new ASN1 (CryptoConfig.EncodeOID (key.Oid.Value)));
algo.Add (new ASN1 (key.EncodedParameters.RawData));
// add an extra byte for the unused bits (none)
byte[] full = new byte [pkraw.Length + 1];
Buffer.BlockCopy (pkraw, 0, full, 1, pkraw.Length);
subjectPublicKeyInfo.Add (new ASN1 (0x03, full));
_subjectKeyIdentifier = SHA1.Create ().ComputeHash (subjectPublicKeyInfo.GetBytes ());
break;
default:
throw new ArgumentException ("algorithm");
}
_oid = new Oid (oid, friendlyName);
base.Critical = critical;
RawData = Encode ();
}
// Note: PKCS#8 doesn't define how to generate the key required for encryption
// so you're on your own. Just don't try to copy the big guys too much ;)
// Netscape: http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt
// Microsoft: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
public byte[] GetBytes ()
{
if (_algorithm == null)
throw new CryptographicException ("No algorithm OID specified");
ASN1 encryptionAlgorithm = new ASN1 (0x30);
encryptionAlgorithm.Add (ASN1Convert.FromOid (_algorithm));
// parameters ANY DEFINED BY algorithm OPTIONAL
if ((_iterations > 0) || (_salt != null)) {
ASN1 salt = new ASN1 (0x04, _salt);
ASN1 iterations = ASN1Convert.FromInt32 (_iterations);
ASN1 parameters = new ASN1 (0x30);
parameters.Add (salt);
parameters.Add (iterations);
encryptionAlgorithm.Add (parameters);
}
// encapsulates EncryptedData into an OCTET STRING
ASN1 encryptedData = new ASN1 (0x04, _data);
ASN1 encryptedPrivateKeyInfo = new ASN1 (0x30);
encryptedPrivateKeyInfo.Add (encryptionAlgorithm);
encryptedPrivateKeyInfo.Add (encryptedData);
return encryptedPrivateKeyInfo.GetBytes ();
}
internal byte[] Encode ()
{
ASN1 ex = new ASN1 (0x30);
foreach (Oid oid in _enhKeyUsage) {
ex.Add (ASN1Convert.FromOid (oid.Value));
}
return ex.GetBytes ();
}
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string a = null;
ASN1 aSN = null;
for (int i = 0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 aSN2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i];
switch (ASN1Convert.ToOid(aSN2[0]))
{
case "1.2.840.113549.1.9.3":
a = ASN1Convert.ToOid(aSN2[1][0]);
break;
case "1.2.840.113549.1.9.4":
aSN = aSN2[1][0];
break;
}
}
if (a != "1.3.6.1.4.1.311.2.1.4")
{
return(false);
}
if (aSN == null)
{
return(false);
}
if (!aSN.CompareValue(calculatedMessageDigest))
{
return(false);
}
string str = CryptoConfig.MapNameToOID(ha.ToString());
ASN1 aSN3 = new ASN1(49);
foreach (ASN1 authenticatedAttribute in sd.SignerInfo.AuthenticatedAttributes)
{
aSN3.Add(authenticatedAttribute);
}
ha.Initialize();
byte[] rgbHash = ha.ComputeHash(aSN3.GetBytes());
byte[] signature = sd.SignerInfo.Signature;
string issuerName = sd.SignerInfo.IssuerName;
byte[] serialNumber = sd.SignerInfo.SerialNumber;
foreach (X509Certificate item in coll)
{
if (CompareIssuerSerial(issuerName, serialNumber, item) && item.PublicKey.Length > signature.Length >> 3)
{
signingCertificate = item;
RSACryptoServiceProvider rSACryptoServiceProvider = (RSACryptoServiceProvider)item.RSA;
if (rSACryptoServiceProvider.VerifyHash(rgbHash, str, signature))
{
signerChain.LoadCertificates(coll);
trustedRoot = signerChain.Build(item);
break;
}
}
}
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
trustedTimestampRoot = true;
}
else
{
for (int j = 0; j < sd.SignerInfo.UnauthenticatedAttributes.Count; j++)
{
ASN1 aSN4 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j];
switch (ASN1Convert.ToOid(aSN4[0]))
{
case "1.2.840.113549.1.9.6":
{
PKCS7.SignerInfo cs = new PKCS7.SignerInfo(aSN4[1]);
trustedTimestampRoot = VerifyCounterSignature(cs, signature);
break;
}
}
}
}
return(trustedRoot && trustedTimestampRoot);
}
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName)
private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string contentType = null;
ASN1 messageDigest = null;
// string spcStatementType = null;
// string spcSpOpusInfo = null;
for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.3.6.1.4.1.311.2.1.11":
// spcStatementType (Microsoft code signing)
// possible values
// - individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
// - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
// spcStatementType = ASN1Convert.ToOid (attr[1][0][0]);
break;
case "1.3.6.1.4.1.311.2.1.12":
// spcSpOpusInfo (Microsoft code signing)
/* try {
spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value);
}
catch (NullReferenceException) {
spcSpOpusInfo = null;
}*/
break;
default:
break;
}
}
if (contentType != spcIndirectDataContext)
return false;
// verify message digest
if (messageDigest == null)
return false;
if (!messageDigest.CompareValue (calculatedMessageDigest))
return false;
// verify signature
string hashOID = CryptoConfig.MapNameToOID (ha.ToString ());
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes)
aa.Add (a);
ha.Initialize ();
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
byte[] signature = sd.SignerInfo.Signature;
// we need to find the specified certificate
string issuer = sd.SignerInfo.IssuerName;
byte[] serial = sd.SignerInfo.SerialNumber;
foreach (X509Certificate x509 in coll)
{
if (CompareIssuerSerial (issuer, serial, x509))
{
// don't verify is key size don't match
if (x509.PublicKey.Length > (signature.Length >> 3))
{
// return the signing certificate even if the signature isn't correct
// (required behaviour for 2.0 support)
signingCertificate = x509;
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
if (rsa.VerifyHash (p7hash, hashOID, signature))
{
signerChain.LoadCertificates (coll);
trustedRoot = signerChain.Build (x509);
break;
}
}
}
}
// timestamp signature is optional
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
trustedTimestampRoot = true;
}
else
{
for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++)
{
ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case PKCS7.Oid.countersignature:
// SEQUENCE {
// OBJECT IDENTIFIER
// countersignature (1 2 840 113549 1 9 6)
// SET {
PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]);
trustedTimestampRoot = VerifyCounterSignature (cs, signature);
break;
default:
// we don't support other unauthenticated attributes
break;
}
}
}
return (trustedRoot && trustedTimestampRoot);
}
private void Parse(byte[] data)
{
try
{
this.decoder = new ASN1(data);
if (this.decoder.Tag != 0x30)
{
throw new CryptographicException(encoding_error);
}
if (this.decoder[0].Tag != 0x30)
{
throw new CryptographicException(encoding_error);
}
ASN1 asn = this.decoder[0];
int index = 0;
ASN1 asn2 = this.decoder[0][index];
this.version = 1;
if ((asn2.Tag == 160) && (asn2.Count > 0))
{
this.version += asn2[0].Value[0];
index++;
}
ASN1 asn3 = this.decoder[0][index++];
if (asn3.Tag != 2)
{
throw new CryptographicException(encoding_error);
}
this.serialnumber = asn3.Value;
Array.Reverse(this.serialnumber, 0, this.serialnumber.Length);
index++;
this.issuer = asn.Element(index++, 0x30);
this.m_issuername = X501.ToString(this.issuer);
ASN1 asn4 = asn.Element(index++, 0x30);
ASN1 time = asn4[0];
this.m_from = ASN1Convert.ToDateTime(time);
ASN1 asn6 = asn4[1];
this.m_until = ASN1Convert.ToDateTime(asn6);
this.subject = asn.Element(index++, 0x30);
this.m_subject = X501.ToString(this.subject);
ASN1 asn7 = asn.Element(index++, 0x30);
ASN1 asn8 = asn7.Element(0, 0x30);
ASN1 asn9 = asn8.Element(0, 6);
this.m_keyalgo = ASN1Convert.ToOid(asn9);
ASN1 asn10 = asn8[1];
this.m_keyalgoparams = (asn8.Count <= 1) ? null : asn10.GetBytes();
ASN1 asn11 = asn7.Element(1, 3);
int count = asn11.Length - 1;
this.m_publickey = new byte[count];
Buffer.BlockCopy(asn11.Value, 1, this.m_publickey, 0, count);
byte[] src = this.decoder[2].Value;
this.signature = new byte[src.Length - 1];
Buffer.BlockCopy(src, 1, this.signature, 0, this.signature.Length);
asn8 = this.decoder[1];
asn9 = asn8.Element(0, 6);
this.m_signaturealgo = ASN1Convert.ToOid(asn9);
asn10 = asn8[1];
if (asn10 != null)
{
this.m_signaturealgoparams = asn10.GetBytes();
}
else
{
this.m_signaturealgoparams = null;
}
ASN1 asn12 = asn.Element(index, 0x81);
if (asn12 != null)
{
index++;
this.issuerUniqueID = asn12.Value;
}
ASN1 asn13 = asn.Element(index, 130);
if (asn13 != null)
{
index++;
this.subjectUniqueID = asn13.Value;
}
ASN1 asn14 = asn.Element(index, 0xa3);
if ((asn14 != null) && (asn14.Count == 1))
{
this.extensions = new X509ExtensionCollection(asn14[0]);
}
else
{
this.extensions = new X509ExtensionCollection(null);
}
this.m_encodedcert = (byte[])data.Clone();
}
catch (Exception exception)
{
throw new CryptographicException(encoding_error, exception);
}
}
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName)
private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string contentType = null;
ASN1 messageDigest = null;
// string spcStatementType = null;
// string spcSpOpusInfo = null;
for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) {
ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid) {
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.3.6.1.4.1.311.2.1.11":
// spcStatementType (Microsoft code signing)
// possible values
// - individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
// - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
// spcStatementType = ASN1Convert.ToOid (attr[1][0][0]);
break;
case "1.3.6.1.4.1.311.2.1.12":
// spcSpOpusInfo (Microsoft code signing)
/* try {
spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value);
}
catch (NullReferenceException) {
spcSpOpusInfo = null;
}*/
break;
default:
break;
}
}
if (contentType != spcIndirectDataContext)
return false;
// verify message digest
if (messageDigest == null)
return false;
if (!messageDigest.CompareValue (calculatedMessageDigest))
return false;
// verify signature
string hashOID = CryptoConfig.MapNameToOID (ha.ToString ());
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes)
aa.Add (a);
ha.Initialize ();
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
byte[] signature = sd.SignerInfo.Signature;
// we need to find the specified certificate
string issuer = sd.SignerInfo.IssuerName;
byte[] serial = sd.SignerInfo.SerialNumber;
foreach (X509Certificate x509 in coll) {
if (CompareIssuerSerial (issuer, serial, x509)) {
// don't verify is key size don't match
if (x509.PublicKey.Length > (signature.Length >> 3)) {
// return the signing certificate even if the signature isn't correct
// (required behaviour for 2.0 support)
signingCertificate = x509;
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
if (rsa.VerifyHash (p7hash, hashOID, signature)) {
signerChain.LoadCertificates (coll);
trustedRoot = signerChain.Build (x509);
break;
}
}
}
}
// timestamp signature is optional
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) {
trustedTimestampRoot = true;
} else {
for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++) {
ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid) {
case PKCS7.Oid.countersignature:
// SEQUENCE {
// OBJECT IDENTIFIER
// countersignature (1 2 840 113549 1 9 6)
// SET {
PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]);
trustedTimestampRoot = VerifyCounterSignature (cs, signature);
break;
default:
// we don't support other unauthenticated attributes
break;
}
}
}
return (trustedRoot && trustedTimestampRoot);
}
private byte[] UniqueIdentifier (byte[] id)
{
// UniqueIdentifier ::= BIT STRING
ASN1 uid = new ASN1 (0x03);
// first byte in a BITSTRING is the number of unused bits in the first byte
byte[] v = new byte [id.Length + 1];
Buffer.BlockCopy (id, 0, v, 1, id.Length);
uid.Value = v;
return uid.GetBytes ();
}
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
// SEQUENCE {
// INTEGER 1
if (cs.Version != 1)
return false;
// SEQUENCE {
// SEQUENCE {
string contentType = null;
ASN1 messageDigest = null;
for (int i=0; i < cs.AuthenticatedAttributes.Count; i++)
{
// SEQUENCE {
// OBJECT IDENTIFIER
ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.2.840.113549.1.9.5":
// SEQUENCE {
// OBJECT IDENTIFIER
// signingTime (1 2 840 113549 1 9 5)
// SET {
// UTCTime '030124013651Z'
// }
// }
timestamp = ASN1Convert.ToDateTime (attr[1][0]);
break;
default:
break;
}
}
if (contentType != PKCS7.Oid.data)
return false;
// verify message digest
if (messageDigest == null)
return false;
// TODO: must be read from the ASN.1 structure
string hashName = null;
switch (messageDigest.Length)
{
case 16:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm ha = HashAlgorithm.Create (hashName);
if (!messageDigest.CompareValue (ha.ComputeHash (signature)))
return false;
// verify signature
byte[] counterSignature = cs.Signature;
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in cs.AuthenticatedAttributes)
aa.Add (a);
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
// we need to try all certificates
string issuer = cs.IssuerName;
byte[] serial = cs.SerialNumber;
foreach (X509Certificate x509 in coll)
{
if (CompareIssuerSerial (issuer, serial, x509))
{
if (x509.PublicKey.Length > counterSignature.Length)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
// we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service
// and this means copying stuff into our own RSAManaged to get the required flexibility
RSAManaged rsam = new RSAManaged ();
rsam.ImportParameters (rsa.ExportParameters (false));
if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true))
{
timestampChain.LoadCertificates (coll);
return (timestampChain.Build (x509));
}
}
}
}
// no certificate can verify this signature!
return false;
}
internal byte[] Encode()
{
ASN1 md = new ASN1(0x04, _messageDigest);
return(md.GetBytes());
}
/*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
static public byte[] Encode (RSA rsa)
{
RSAParameters param = rsa.ExportParameters (true);
ASN1 rsaPrivateKey = new ASN1 (0x30);
rsaPrivateKey.Add (new ASN1 (0x02, new byte [1] { 0x00 }));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Modulus));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Exponent));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.D));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.P));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.Q));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DP));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.DQ));
rsaPrivateKey.Add (ASN1Convert.FromUnsignedBigInteger (param.InverseQ));
return rsaPrivateKey.GetBytes ();
}
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature)
{
if (cs.Version == 1)
{
string str = null;
ASN1 asn = null;
for (int i = 0; i < cs.AuthenticatedAttributes.Count; i++)
{
ASN1 asn2 = (ASN1)cs.AuthenticatedAttributes[i];
string key = ASN1Convert.ToOid(asn2[0]);
if (key != null)
{
if (__f__switch_map3 == null)
{
Dictionary <string, int> dictionary = new Dictionary <string, int>(3)
{
{
"1.2.840.113549.1.9.3",
0
},
{
"1.2.840.113549.1.9.4",
1
},
{
"1.2.840.113549.1.9.5",
2
}
};
__f__switch_map3 = dictionary;
}
if (__f__switch_map3.TryGetValue(key, out int num2))
{
switch (num2)
{
case 0:
str = ASN1Convert.ToOid(asn2[1][0]);
break;
case 1:
asn = asn2[1][0];
break;
case 2:
this.timestamp = ASN1Convert.ToDateTime(asn2[1][0]);
break;
}
}
}
}
if (str != "1.2.840.113549.1.7.1")
{
return(false);
}
if (asn == null)
{
return(false);
}
string hashName = null;
switch (asn.Length)
{
case 0x10:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm hash = HashAlgorithm.Create(hashName);
if (asn.CompareValue(hash.ComputeHash(signature)))
{
byte[] buffer = cs.Signature;
ASN1 asn3 = new ASN1(0x31);
IEnumerator enumerator = cs.AuthenticatedAttributes.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
ASN1 current = (ASN1)enumerator.Current;
asn3.Add(current);
}
}
finally
{
if (enumerator is IDisposable disposable)
{
disposable.Dispose();
}
}
byte[] hashValue = hash.ComputeHash(asn3.GetBytes());
string issuerName = cs.IssuerName;
byte[] serialNumber = cs.SerialNumber;
X509CertificateCollection.X509CertificateEnumerator enumerator2 = this.coll.GetEnumerator();
try
{
while (enumerator2.MoveNext())
{
X509Certificate current = enumerator2.Current;
if (this.CompareIssuerSerial(issuerName, serialNumber, current) &&
(current.PublicKey.Length > buffer.Length))
{
RSACryptoServiceProvider rSA = (RSACryptoServiceProvider)current.RSA;
RSAManaged rsa = new RSAManaged();
rsa.ImportParameters(rSA.ExportParameters(false));
if (PKCS1.Verify_v15(rsa, hash, hashValue, buffer, true))
{
this.timestampChain.LoadCertificates(this.coll);
return(this.timestampChain.Build(current));
}
}
}
}
finally
{
if (enumerator2 is IDisposable disposable2)
{
disposable2.Dispose();
}
}
}
}
return(false);
}
private bool VerifySignature(PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string str = null;
ASN1 asn = null;
string str3;
Dictionary <string, int> dictionary;
for (int i = 0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 asn2 = (ASN1)sd.SignerInfo.AuthenticatedAttributes[i];
str3 = ASN1Convert.ToOid(asn2[0]);
if (str3 != null)
{
if (__f__switch_map1 == null)
{
dictionary = new Dictionary <string, int>(4)
{
{
"1.2.840.113549.1.9.3",
0
},
{
"1.2.840.113549.1.9.4",
1
},
{
"1.3.6.1.4.1.311.2.1.11",
2
},
{
"1.3.6.1.4.1.311.2.1.12",
3
}
};
__f__switch_map1 = dictionary;
}
if (__f__switch_map1.TryGetValue(str3, out int num2))
{
switch (num2)
{
case 0:
str = ASN1Convert.ToOid(asn2[1][0]);
break;
case 1:
asn = asn2[1][0];
break;
}
}
}
}
if (str != "1.3.6.1.4.1.311.2.1.4")
{
return(false);
}
if (asn == null)
{
return(false);
}
if (!asn.CompareValue(calculatedMessageDigest))
{
return(false);
}
string str4 = CryptoConfig.MapNameToOID(ha.ToString());
ASN1 asn3 = new ASN1(0x31);
IEnumerator enumerator = sd.SignerInfo.AuthenticatedAttributes.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
ASN1 current = (ASN1)enumerator.Current;
asn3.Add(current);
}
}
finally
{
if (enumerator is IDisposable disposable)
{
disposable.Dispose();
}
}
ha.Initialize();
byte[] rgbHash = ha.ComputeHash(asn3.GetBytes());
byte[] signature = sd.SignerInfo.Signature;
string issuerName = sd.SignerInfo.IssuerName;
byte[] serialNumber = sd.SignerInfo.SerialNumber;
X509CertificateCollection.X509CertificateEnumerator enumerator2 = this.coll.GetEnumerator();
try
{
while (enumerator2.MoveNext())
{
X509Certificate current = enumerator2.Current;
if (this.CompareIssuerSerial(issuerName, serialNumber, current) &&
(current.PublicKey.Length > (signature.Length >> 3)))
{
this.signingCertificate = current;
RSACryptoServiceProvider rSA = (RSACryptoServiceProvider)current.RSA;
if (rSA.VerifyHash(rgbHash, str4, signature))
{
this.signerChain.LoadCertificates(this.coll);
this.trustedRoot = this.signerChain.Build(current);
goto Label_0295;
}
}
}
}
finally
{
if (enumerator2 is IDisposable disposable2)
{
disposable2.Dispose();
}
}
Label_0295:
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
this.trustedTimestampRoot = true;
}
else
{
for (int j = 0; j < sd.SignerInfo.UnauthenticatedAttributes.Count; j++)
{
ASN1 asn5 = (ASN1)sd.SignerInfo.UnauthenticatedAttributes[j];
str3 = ASN1Convert.ToOid(asn5[0]);
if (str3 != null)
{
if (__f__switch_map2 == null)
{
dictionary = new Dictionary <string, int>(1)
{
{
"1.2.840.113549.1.9.6",
0
}
};
__f__switch_map2 = dictionary;
}
if (__f__switch_map2.TryGetValue(str3, out int num2) && (num2 == 0))
{
PKCS7.SignerInfo cs = new PKCS7.SignerInfo(asn5[1]);
this.trustedTimestampRoot = this.VerifyCounterSignature(cs, signature);
}
}
}
}
return(this.trustedRoot && this.trustedTimestampRoot);
}
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
// SEQUENCE {
// INTEGER 1
if (cs.Version != 1)
return false;
// SEQUENCE {
// SEQUENCE {
string contentType = null;
ASN1 messageDigest = null;
for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) {
// SEQUENCE {
// OBJECT IDENTIFIER
ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid) {
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.2.840.113549.1.9.5":
// SEQUENCE {
// OBJECT IDENTIFIER
// signingTime (1 2 840 113549 1 9 5)
// SET {
// UTCTime '030124013651Z'
// }
// }
timestamp = ASN1Convert.ToDateTime (attr[1][0]);
break;
default:
break;
}
}
if (contentType != PKCS7.Oid.data)
return false;
// verify message digest
if (messageDigest == null)
return false;
// TODO: must be read from the ASN.1 structure
string hashName = null;
switch (messageDigest.Length) {
case 16:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm ha = HashAlgorithm.Create (hashName);
if (!messageDigest.CompareValue (ha.ComputeHash (signature)))
return false;
// verify signature
byte[] counterSignature = cs.Signature;
string hashOID = CryptoConfig.MapNameToOID (hashName);
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in cs.AuthenticatedAttributes)
aa.Add (a);
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
// we need to try all certificates
string issuer = cs.IssuerName;
byte[] serial = cs.SerialNumber;
foreach (X509Certificate x509 in coll) {
if (CompareIssuerSerial (issuer, serial, x509)) {
// don't verify if key size don't match
if (x509.PublicKey.Length > (counterSignature.Length >> 3)) {
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
if (rsa.VerifyHash (p7hash, hashOID, counterSignature)) {
timestampChain.LoadCertificates (coll);
return (timestampChain.Build (x509));
}
}
}
}
// no certificate can verify this signature!
return false;
}
