// methods private void Decode(byte[] data) { ASN1 encryptedPrivateKeyInfo = new ASN1(data); if (encryptedPrivateKeyInfo.Tag != 0x30) { throw new CryptographicException("invalid EncryptedPrivateKeyInfo"); } ASN1 encryptionAlgorithm = encryptedPrivateKeyInfo [0]; if (encryptionAlgorithm.Tag != 0x30) { throw new CryptographicException("invalid encryptionAlgorithm"); } ASN1 algorithm = encryptionAlgorithm [0]; if (algorithm.Tag != 0x06) { throw new CryptographicException("invalid algorithm"); } _algorithm = ASN1Convert.ToOid(algorithm); // parameters ANY DEFINED BY algorithm OPTIONAL if (encryptionAlgorithm.Count > 1) { ASN1 parameters = encryptionAlgorithm [1]; if (parameters.Tag != 0x30) { throw new CryptographicException("invalid parameters"); } ASN1 salt = parameters [0]; if (salt.Tag != 0x04) { throw new CryptographicException("invalid salt"); } _salt = salt.Value; ASN1 iterationCount = parameters [1]; if (iterationCount.Tag != 0x02) { throw new CryptographicException("invalid iterationCount"); } _iterations = ASN1Convert.ToInt32(iterationCount); } ASN1 encryptedData = encryptedPrivateKeyInfo [1]; if (encryptedData.Tag != 0x04) { throw new CryptographicException("invalid EncryptedData"); } _data = encryptedData.Value; }
// internal stuff internal void Decode(byte[] attribute) { if ((attribute == null) || (attribute [0] != 0x06)) { throw new CryptographicException(Locale.GetText("Expected an OID.")); } ASN1 oid = new ASN1(attribute); _contentType = new Oid(ASN1Convert.ToOid(oid)); _encoded = null; }
protected override void Decode() { keyPurpose = new ArrayList(); ASN1 aSN = new ASN1(extnValue.Value); if (aSN.Tag != 48) { throw new ArgumentException("Invalid ExtendedKeyUsage extension"); } for (int i = 0; i < aSN.Count; i++) { keyPurpose.Add(ASN1Convert.ToOid(aSN[i])); } }
protected override void Decode() { this.policies = new Hashtable(); ASN1 asn = new ASN1(this.extnValue.Value); if (asn.Tag != 48) { throw new ArgumentException("Invalid CertificatePolicies extension"); } for (int i = 0; i < asn.Count; i++) { this.policies.Add(ASN1Convert.ToOid(asn[i][0]), null); } }
protected override void Decode() { this.policies = new Hashtable(); ASN1 asN1 = new ASN1(this.extnValue.Value); if (asN1.Tag != (byte)48) { throw new ArgumentException("Invalid CertificatePolicies extension"); } for (int index = 0; index < asN1.Count; ++index) { this.policies.Add((object)ASN1Convert.ToOid(asN1[index][0]), (object)null); } }
protected override void Decode() { this.keyPurpose = new ArrayList(); ASN1 asn = new ASN1(base.extnValue.Value); if (asn.Tag != 0x30) { throw new ArgumentException("Invalid ExtendedKeyUsage extension"); } for (int i = 0; i < asn.Count; i++) { this.keyPurpose.Add(ASN1Convert.ToOid(asn[i])); } }
private void Decode(byte[] data) { ASN1 aSN = new ASN1(data); if (aSN.Tag != 48) { throw new CryptographicException("invalid EncryptedPrivateKeyInfo"); } ASN1 aSN2 = aSN[0]; if (aSN2.Tag != 48) { throw new CryptographicException("invalid encryptionAlgorithm"); } ASN1 aSN3 = aSN2[0]; if (aSN3.Tag != 6) { throw new CryptographicException("invalid algorithm"); } _algorithm = ASN1Convert.ToOid(aSN3); if (aSN2.Count > 1) { ASN1 aSN4 = aSN2[1]; if (aSN4.Tag != 48) { throw new CryptographicException("invalid parameters"); } ASN1 aSN5 = aSN4[0]; if (aSN5.Tag != 4) { throw new CryptographicException("invalid salt"); } _salt = aSN5.Value; ASN1 aSN6 = aSN4[1]; if (aSN6.Tag != 2) { throw new CryptographicException("invalid iterationCount"); } _iterations = ASN1Convert.ToInt32(aSN6); } ASN1 aSN7 = aSN[1]; if (aSN7.Tag != 4) { throw new CryptographicException("invalid EncryptedData"); } _data = aSN7.Value; }
private void Decode(byte[] data) { ASN1 asn = new ASN1(data); if (asn.Tag != 48) { throw new CryptographicException("invalid EncryptedPrivateKeyInfo"); } ASN1 asn2 = asn[0]; if (asn2.Tag != 48) { throw new CryptographicException("invalid encryptionAlgorithm"); } ASN1 asn3 = asn2[0]; if (asn3.Tag != 6) { throw new CryptographicException("invalid algorithm"); } this._algorithm = ASN1Convert.ToOid(asn3); if (asn2.Count > 1) { ASN1 asn4 = asn2[1]; if (asn4.Tag != 48) { throw new CryptographicException("invalid parameters"); } ASN1 asn5 = asn4[0]; if (asn5.Tag != 4) { throw new CryptographicException("invalid salt"); } this._salt = asn5.Value; ASN1 asn6 = asn4[1]; if (asn6.Tag != 2) { throw new CryptographicException("invalid iterationCount"); } this._iterations = ASN1Convert.ToInt32(asn6); } ASN1 asn7 = asn[1]; if (asn7.Tag != 4) { throw new CryptographicException("invalid EncryptedData"); } this._data = asn7.Value; }
private void Decode(byte[] data) { ASN1 asN1_1 = new ASN1(data); if (asN1_1.Tag != (byte)48) { throw new CryptographicException("invalid EncryptedPrivateKeyInfo"); } ASN1 asN1_2 = asN1_1[0]; if (asN1_2.Tag != (byte)48) { throw new CryptographicException("invalid encryptionAlgorithm"); } ASN1 asn1_1 = asN1_2[0]; if (asn1_1.Tag != (byte)6) { throw new CryptographicException("invalid algorithm"); } this._algorithm = ASN1Convert.ToOid(asn1_1); if (asN1_2.Count > 1) { ASN1 asN1_3 = asN1_2[1]; if (asN1_3.Tag != (byte)48) { throw new CryptographicException("invalid parameters"); } ASN1 asN1_4 = asN1_3[0]; if (asN1_4.Tag != (byte)4) { throw new CryptographicException("invalid salt"); } this._salt = asN1_4.Value; ASN1 asn1_2 = asN1_3[1]; if (asn1_2.Tag != (byte)2) { throw new CryptographicException("invalid iterationCount"); } this._iterations = ASN1Convert.ToInt32(asn1_2); } ASN1 asN1_5 = asN1_1[1]; if (asN1_5.Tag != (byte)4) { throw new CryptographicException("invalid EncryptedData"); } this._data = asN1_5.Value; }
protected override void Decode() { policies = new Hashtable(); ASN1 sequence = new ASN1(extnValue.Value); if (sequence.Tag != 0x30) { throw new ArgumentException("Invalid CertificatePolicies extension"); } // for every policy OID for (int i = 0; i < sequence.Count; i++) { policies.Add(ASN1Convert.ToOid(sequence [i][0]), null); } }
protected override void Decode() { keyPurpose = new ArrayList(); ASN1 sequence = new ASN1(extnValue.Value); if (sequence.Tag != 0x30) { throw new ArgumentException("Invalid ExtendedKeyUsage extension"); } // for every policy OID for (int i = 0; i < sequence.Count; i++) { keyPurpose.Add(ASN1Convert.ToOid(sequence [i])); } }
public X509Extension(ASN1 asn1) { if ((asn1.Tag != 0x30) || (asn1.Count < 2)) { throw new ArgumentException(Locale.GetText("Invalid X.509 extension.")); } if (asn1[0].Tag != 0x06) { throw new ArgumentException(Locale.GetText("Invalid X.509 extension.")); } extnOid = ASN1Convert.ToOid(asn1[0]); extnCritical = ((asn1[1].Tag == 0x01) && (asn1[1].Value[0] == 0xFF)); extnValue = asn1 [asn1.Count - 1]; // last element Decode(); }
// methods private void Decode(byte[] data) { ASN1 privateKeyInfo = new ASN1(data); if (privateKeyInfo.Tag != 0x30) { throw new CryptographicException("invalid PrivateKeyInfo"); } ASN1 version = privateKeyInfo [0]; if (version.Tag != 0x02) { throw new CryptographicException("invalid version"); } _version = version.Value [0]; ASN1 privateKeyAlgorithm = privateKeyInfo [1]; if (privateKeyAlgorithm.Tag != 0x30) { throw new CryptographicException("invalid algorithm"); } ASN1 algorithm = privateKeyAlgorithm [0]; if (algorithm.Tag != 0x06) { throw new CryptographicException("missing algorithm OID"); } _algorithm = ASN1Convert.ToOid(algorithm); ASN1 privateKey = privateKeyInfo [2]; _key = privateKey.Value; // attributes [0] IMPLICIT Attributes OPTIONAL if (privateKeyInfo.Count > 3) { ASN1 attributes = privateKeyInfo [3]; for (int i = 0; i < attributes.Count; i++) { _list.Add(attributes [i]); } } }
[Test] // bug #75780 public void FromString_Quoted() { ASN1 asn = X501.FromString("CN=\"foo, bar\", C=US"); Assert.AreEqual(0x30, asn.Tag, "Tag"); Assert.AreEqual(2, asn.Count, "Count"); Assert.AreEqual(0x31, asn[0].Tag, "Tag-0"); Assert.AreEqual(1, asn[0].Count, "Count-0"); Assert.AreEqual("2.5.4.3", ASN1Convert.ToOid(asn[0][0][0]), "OID-0"); Assert.AreEqual("foo, bar", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0"); Assert.AreEqual(0x31, asn[1].Tag, "Tag-1"); Assert.AreEqual(1, asn[1].Count, "Count-1"); Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[1][0][0]), "OID-1"); Assert.AreEqual("US", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1"); }
public EncryptedData(ASN1 asn1) : this() { if ((asn1.Tag != 0x30) || (asn1.Count < 2)) { throw new ArgumentException("Invalid EncryptedData"); } if (asn1 [0].Tag != 0x02) { throw new ArgumentException("Invalid version"); } _version = asn1 [0].Value [0]; ASN1 encryptedContentInfo = asn1 [1]; if (encryptedContentInfo.Tag != 0x30) { throw new ArgumentException("missing EncryptedContentInfo"); } ASN1 contentType = encryptedContentInfo [0]; if (contentType.Tag != 0x06) { throw new ArgumentException("missing EncryptedContentInfo.ContentType"); } _content = new ContentInfo(ASN1Convert.ToOid(contentType)); ASN1 contentEncryptionAlgorithm = encryptedContentInfo [1]; if (contentEncryptionAlgorithm.Tag != 0x30) { throw new ArgumentException("missing EncryptedContentInfo.ContentEncryptionAlgorithmIdentifier"); } _encryptionAlgorithm = new ContentInfo(ASN1Convert.ToOid(contentEncryptionAlgorithm [0])); _encryptionAlgorithm.Content = contentEncryptionAlgorithm [1]; ASN1 encryptedContent = encryptedContentInfo [2]; if (encryptedContent.Tag != 0x80) { throw new ArgumentException("missing EncryptedContentInfo.EncryptedContent"); } _encrypted = encryptedContent.Value; }
public void FromString_UnrecognizedEncoding() { // from rfc2253 ASN1 asn = X501.FromString("1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB"); Assert.AreEqual(0x30, asn.Tag, "Tag"); Assert.AreEqual(3, asn.Count, "Count"); Assert.AreEqual(0x31, asn[0].Tag, "Tag-0"); Assert.AreEqual(1, asn[0].Count, "Count-0"); Assert.AreEqual("1.3.6.1.4.1.1466.0", ASN1Convert.ToOid(asn[0][0][0]), "OID-0"); ASN1 octetstring = asn[0][0][1]; Assert.AreEqual(0x04, octetstring.Tag, "Value-Tag"); Assert.AreEqual(2, octetstring.Length, "Value-Length"); Assert.AreEqual("4869", BitConverter.ToString(octetstring.Value), "Value-Value"); }
public ContentInfo(ASN1 asn1) { // SEQUENCE with 1 or 2 elements if ((asn1.Tag != 0x30) || ((asn1.Count < 1) && (asn1.Count > 2))) { throw new ArgumentException("Invalid ASN1"); } if (asn1[0].Tag != 0x06) { throw new ArgumentException("Invalid contentType"); } contentType = ASN1Convert.ToOid(asn1[0]); if (asn1.Count > 1) { if (asn1[1].Tag != 0xA0) { throw new ArgumentException("Invalid content"); } content = asn1[1]; } }
private void Decode(byte[] data) { ASN1 asn = new ASN1(data); if (asn.Tag != 48) { throw new CryptographicException("invalid PrivateKeyInfo"); } ASN1 asn2 = asn[0]; if (asn2.Tag != 2) { throw new CryptographicException("invalid version"); } this._version = (int)asn2.Value[0]; ASN1 asn3 = asn[1]; if (asn3.Tag != 48) { throw new CryptographicException("invalid algorithm"); } ASN1 asn4 = asn3[0]; if (asn4.Tag != 6) { throw new CryptographicException("missing algorithm OID"); } this._algorithm = ASN1Convert.ToOid(asn4); ASN1 asn5 = asn[2]; this._key = asn5.Value; if (asn.Count > 3) { ASN1 asn6 = asn[3]; for (int i = 0; i < asn6.Count; i++) { this._list.Add(asn6[i]); } } }
private void Decode(byte[] data) { ASN1 asN1_1 = new ASN1(data); if (asN1_1.Tag != (byte)48) { throw new CryptographicException("invalid PrivateKeyInfo"); } ASN1 asN1_2 = asN1_1[0]; if (asN1_2.Tag != (byte)2) { throw new CryptographicException("invalid version"); } this._version = (int)asN1_2.Value[0]; ASN1 asN1_3 = asN1_1[1]; if (asN1_3.Tag != (byte)48) { throw new CryptographicException("invalid algorithm"); } ASN1 asn1 = asN1_3[0]; if (asn1.Tag != (byte)6) { throw new CryptographicException("missing algorithm OID"); } this._algorithm = ASN1Convert.ToOid(asn1); this._key = asN1_1[2].Value; if (asN1_1.Count <= 3) { return; } ASN1 asN1_4 = asN1_1[3]; for (int index = 0; index < asN1_4.Count; ++index) { this._list.Add((object)asN1_4[index]); } }
private void Decode(byte[] data) { ASN1 aSN = new ASN1(data); if (aSN.Tag != 48) { throw new CryptographicException("invalid PrivateKeyInfo"); } ASN1 aSN2 = aSN[0]; if (aSN2.Tag != 2) { throw new CryptographicException("invalid version"); } _version = aSN2.Value[0]; ASN1 aSN3 = aSN[1]; if (aSN3.Tag != 48) { throw new CryptographicException("invalid algorithm"); } ASN1 aSN4 = aSN3[0]; if (aSN4.Tag != 6) { throw new CryptographicException("missing algorithm OID"); } _algorithm = ASN1Convert.ToOid(aSN4); ASN1 aSN5 = aSN[2]; _key = aSN5.Value; if (aSN.Count > 3) { ASN1 aSN6 = aSN[3]; for (int i = 0; i < aSN6.Count; i++) { _list.Add(aSN6[i]); } } }
public void FromString_OID() { // adapted from rfc2253 ASN1 asn = X501.FromString("1.3.6.1.4.1.1466.0=Mono,O=Test,C=GB"); Assert.AreEqual(0x30, asn.Tag, "Tag"); Assert.AreEqual(3, asn.Count, "Count"); Assert.AreEqual(0x31, asn[0].Tag, "Tag-0"); Assert.AreEqual(1, asn[0].Count, "Count-0"); Assert.AreEqual("1.3.6.1.4.1.1466.0", ASN1Convert.ToOid(asn[0][0][0]), "OID-0"); Assert.AreEqual("Mono", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0"); Assert.AreEqual(0x31, asn[1].Tag, "Tag-1"); Assert.AreEqual(1, asn[1].Count, "Count-1"); Assert.AreEqual("2.5.4.10", ASN1Convert.ToOid(asn[1][0][0]), "OID-1"); Assert.AreEqual("Test", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1"); Assert.AreEqual(0x31, asn[2].Tag, "Tag-2"); Assert.AreEqual(1, asn[2].Count, "Count-2"); Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[2][0][0]), "OID-2"); Assert.AreEqual("GB", Encoding.ASCII.GetString(asn[2][0][1].Value), "Value-2"); }
public void FromString_EscapingComma() { // from rfc2253 ASN1 asn = X501.FromString("CN=L. Eagle,O=Sue\\, Grabbit and Runn,C=GB"); Assert.AreEqual(0x30, asn.Tag, "Tag"); Assert.AreEqual(3, asn.Count, "Count"); Assert.AreEqual(0x31, asn[0].Tag, "Tag-0"); Assert.AreEqual(1, asn[0].Count, "Count-0"); Assert.AreEqual("2.5.4.3", ASN1Convert.ToOid(asn[0][0][0]), "OID-0"); Assert.AreEqual("L. Eagle", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0"); Assert.AreEqual(0x31, asn[1].Tag, "Tag-1"); Assert.AreEqual(1, asn[1].Count, "Count-1"); Assert.AreEqual("2.5.4.10", ASN1Convert.ToOid(asn[1][0][0]), "OID-1"); Assert.AreEqual("Sue, Grabbit and Runn", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1"); Assert.AreEqual(0x31, asn[2].Tag, "Tag-2"); Assert.AreEqual(1, asn[2].Count, "Count-2"); Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[2][0][0]), "OID-2"); Assert.AreEqual("GB", Encoding.ASCII.GetString(asn[2][0][1].Value), "Value-2"); }
public void FromString_EscapingCarriageReturn() { // from rfc2253 ASN1 asn = X501.FromString(@"CN=Before\0DAfter,O=Test,C=GB"); Assert.AreEqual(0x30, asn.Tag, "Tag"); Assert.AreEqual(3, asn.Count, "Count"); Assert.AreEqual(0x31, asn[0].Tag, "Tag-0"); Assert.AreEqual(1, asn[0].Count, "Count-0"); Assert.AreEqual("2.5.4.3", ASN1Convert.ToOid(asn[0][0][0]), "OID-0"); Assert.AreEqual("Before\rAfter", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0"); Assert.AreEqual(0x31, asn[1].Tag, "Tag-1"); Assert.AreEqual(1, asn[1].Count, "Count-1"); Assert.AreEqual("2.5.4.10", ASN1Convert.ToOid(asn[1][0][0]), "OID-1"); Assert.AreEqual("Test", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1"); Assert.AreEqual(0x31, asn[2].Tag, "Tag-2"); Assert.AreEqual(1, asn[2].Count, "Count-2"); Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[2][0][0]), "OID-2"); Assert.AreEqual("GB", Encoding.ASCII.GetString(asn[2][0][1].Value), "Value-2"); }
public RecipientInfo(ASN1 data) { if (data.Tag != 0x30) { throw new ArgumentException("Invalid RecipientInfo"); } ASN1 version = data [0]; if (version.Tag != 0x02) { throw new ArgumentException("missing Version"); } _version = version.Value [0]; // issuerAndSerialNumber IssuerAndSerialNumber ASN1 subjectIdentifierType = data [1]; if ((subjectIdentifierType.Tag == 0x80) && (_version == 3)) { _ski = subjectIdentifierType.Value; } else { _issuer = X501.ToString(subjectIdentifierType [0]); _serial = subjectIdentifierType [1].Value; } ASN1 keyEncryptionAlgorithm = data [2]; _oid = ASN1Convert.ToOid(keyEncryptionAlgorithm [0]); ASN1 encryptedKey = data [3]; _key = encryptedKey.Value; }
private void Parse(byte[] crl) { string text = "Input data cannot be coded as a valid CRL."; try { ASN1 aSN = new ASN1(encoded); if (aSN.Tag != 48 || aSN.Count != 3) { throw new CryptographicException(text); } ASN1 aSN2 = aSN[0]; if (aSN2.Tag != 48 || aSN2.Count < 3) { throw new CryptographicException(text); } int num = 0; if (aSN2[num].Tag == 2) { version = (byte)(aSN2[num++].Value[0] + 1); } else { version = 1; } signatureOID = ASN1Convert.ToOid(aSN2[num++][0]); issuer = X501.ToString(aSN2[num++]); thisUpdate = ASN1Convert.ToDateTime(aSN2[num++]); ASN1 aSN3 = aSN2[num++]; if (aSN3.Tag == 23 || aSN3.Tag == 24) { nextUpdate = ASN1Convert.ToDateTime(aSN3); aSN3 = aSN2[num++]; } entries = new ArrayList(); if (aSN3 != null && aSN3.Tag == 48) { ASN1 aSN4 = aSN3; for (int i = 0; i < aSN4.Count; i++) { entries.Add(new X509CrlEntry(aSN4[i])); } } else { num--; } ASN1 aSN5 = aSN2[num]; if (aSN5 != null && aSN5.Tag == 160 && aSN5.Count == 1) { extensions = new X509ExtensionCollection(aSN5[0]); } else { extensions = new X509ExtensionCollection(null); } string b = ASN1Convert.ToOid(aSN[1][0]); if (signatureOID != b) { throw new CryptographicException(text + " [Non-matching signature algorithms in CRL]"); } byte[] value = aSN[2].Value; signature = new byte[value.Length - 1]; Buffer.BlockCopy(value, 1, signature, 0, signature.Length); } catch { throw new CryptographicException(text); IL_024f :; } }
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature) { // SEQUENCE { // INTEGER 1 if (cs.Version != 1) return false; // SEQUENCE { // SEQUENCE { string contentType = null; ASN1 messageDigest = null; for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) { // SEQUENCE { // OBJECT IDENTIFIER ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.2.840.113549.1.9.5": // SEQUENCE { // OBJECT IDENTIFIER // signingTime (1 2 840 113549 1 9 5) // SET { // UTCTime '030124013651Z' // } // } timestamp = ASN1Convert.ToDateTime (attr[1][0]); break; default: break; } } if (contentType != PKCS7.Oid.data) return false; // verify message digest if (messageDigest == null) return false; // TODO: must be read from the ASN.1 structure string hashName = null; switch (messageDigest.Length) { case 16: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm ha = HashAlgorithm.Create (hashName); if (!messageDigest.CompareValue (ha.ComputeHash (signature))) return false; // verify signature byte[] counterSignature = cs.Signature; // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in cs.AuthenticatedAttributes) aa.Add (a); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); // we need to try all certificates string issuer = cs.IssuerName; byte[] serial = cs.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { if (x509.PublicKey.Length > counterSignature.Length) { RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; // we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service // and this means copying stuff into our own RSAManaged to get the required flexibility RSAManaged rsam = new RSAManaged (); rsam.ImportParameters (rsa.ExportParameters (false)); if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true)) { timestampChain.LoadCertificates (coll); return (timestampChain.Build (x509)); } } } } // no certificate can verify this signature! return false; }
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName) private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha) { string contentType = null; ASN1 messageDigest = null; // string spcStatementType = null; // string spcSpOpusInfo = null; for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++) { ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.3.6.1.4.1.311.2.1.11": // spcStatementType (Microsoft code signing) // possible values // - individualCodeSigning (1 3 6 1 4 1 311 2 1 21) // - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) // spcStatementType = ASN1Convert.ToOid (attr[1][0][0]); break; case "1.3.6.1.4.1.311.2.1.12": // spcSpOpusInfo (Microsoft code signing) /* try { spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value); } catch (NullReferenceException) { spcSpOpusInfo = null; }*/ break; default: break; } } if (contentType != spcIndirectDataContext) return false; // verify message digest if (messageDigest == null) return false; if (!messageDigest.CompareValue (calculatedMessageDigest)) return false; // verify signature string hashOID = CryptoConfig.MapNameToOID (ha.ToString ()); // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes) aa.Add (a); ha.Initialize (); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); byte[] signature = sd.SignerInfo.Signature; // we need to find the specified certificate string issuer = sd.SignerInfo.IssuerName; byte[] serial = sd.SignerInfo.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { // don't verify is key size don't match if (x509.PublicKey.Length > (signature.Length >> 3)) { // return the signing certificate even if the signature isn't correct // (required behaviour for 2.0 support) signingCertificate = x509; RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; if (rsa.VerifyHash (p7hash, hashOID, signature)) { signerChain.LoadCertificates (coll); trustedRoot = signerChain.Build (x509); break; } } } } // timestamp signature is optional if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0) { trustedTimestampRoot = true; } else { for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++) { ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case PKCS7.Oid.countersignature: // SEQUENCE { // OBJECT IDENTIFIER // countersignature (1 2 840 113549 1 9 6) // SET { PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]); trustedTimestampRoot = VerifyCounterSignature (cs, signature); break; default: // we don't support other unauthenticated attributes break; } } } return (trustedRoot && trustedTimestampRoot); }
private string GetHashName() { var _hashName = ""; ASN1 _algorithmId = GetVidSequence(); { ASN1 _hashAlgorithm = _algorithmId[0]; if (_hashAlgorithm.Tag != 0x30 || _hashAlgorithm.Count < 1) { throw new ProxyException("not exist hash algorithm"); } ASN1 _algorithm = _hashAlgorithm[0]; if (_algorithm.Tag != 0x06) { throw new ProxyException("invalid algorithm tag"); } var _idNumber = ASN1Convert.ToOid(_algorithm); if (_idNumber == "1.3.14.3.2.26") { _hashName = "SHA1"; } else if (_idNumber == "2.16.840.1.101.3.4.2.1") { _hashName = "SHA256"; } else { throw new ProxyException("invalid hash name"); } /* * 1.3.14.3.2.2 - md4WithRSA * 1.3.14.3.2.3 - md5WithRSA * 1.3.14.3.2.4 - md4WithRSAEncryption * 1.3.14.3.2.6 - desECB * 1.3.14.3.2.7 - desCBC * 1.3.14.3.2.8 - desOFB * 1.3.14.3.2.9 - desCFB * 1.3.14.3.2.10 - desMAC * 1.3.14.3.2.11 - rsaSignature * 1.3.14.3.2.12 - dsa * 1.3.14.3.2.13 - dsaWithSHA * 1.3.14.3.2.14 - mdc2WithRSASignature * 1.3.14.3.2.15 - shaWithRSASignature * 1.3.14.3.2.16 - dhWithCommonModulus * 1.3.14.3.2.17 - desEDE * 1.3.14.3.2.18 - sha * 1.3.14.3.2.19 - mdc-2 * 1.3.14.3.2.20 - dsaCommon * 1.3.14.3.2.21 - dsaCommonWithSHA * 1.3.14.3.2.22 - rsaKeyTransport * 1.3.14.3.2.23 - keyed-hash-seal * 1.3.14.3.2.24 - md2WithRSASignature * 1.3.14.3.2.25 - md5WithRSASignature * 1.3.14.3.2.26 - SHA-1 hash algorithm * 1.3.14.3.2.27 - dsa With SHA1 * 1.3.14.3.2.28 - dsa With SHA1 with Common Parameters * 1.3.14.3.2.29 - SHA1 with RSA signature * 2.16.840.1.101.3.4.2.1 - SHA-256 hash algorithm */ } return(_hashName); }
private ASN1 GetVidSequence() { ASN1 _subjectAltName = null; { foreach (X509Extension _ext in X509Cert2.Extensions) { if (_ext.Oid.Value == "2.5.29.17") { _subjectAltName = new ASN1(_ext.RawData); break; } } if (_subjectAltName == null) { throw new ProxyException("can not find subject alter name extension"); } if (_subjectAltName.Tag != 0x30 || _subjectAltName.Count < 1) { throw new ProxyException("invalid subject alter name"); } } ASN1 _algorithmId = null; { for (int i = 0; i < _subjectAltName.Count; i++) { if (_subjectAltName[i].Tag == 0xA0) { _algorithmId = _subjectAltName[i]; break; } } if (_algorithmId == null) { throw new ProxyException("not exist algorithm id"); } if (_algorithmId.Tag != 0xA0 || _algorithmId.Count < 2) { throw new ProxyException("invalid virtual identity"); } ASN1 _algorithm = _algorithmId[0]; if (_algorithm.Tag != 0x06) { throw new ProxyException("invalid algorithm tag"); } var _idNumber = ASN1Convert.ToOid(_algorithm); if (_idNumber != "1.2.410.200004.10.1.1") { throw new ProxyException("invalid vid algorithm"); } } _algorithmId = _algorithmId[1]; { if (_algorithmId.Tag != 0xA0 || _algorithmId.Count < 1) { throw new ProxyException("invalid virtual identity"); } _algorithmId = _algorithmId[0]; if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 2) { throw new ProxyException("invalid virtual identity"); } //ASN1 _realName = _algorithmId[0]; } _algorithmId = _algorithmId[1]; { if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 1) { throw new ProxyException("invalid virtual identity"); } _algorithmId = _algorithmId[0]; if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 2) { throw new ProxyException("invalid virtual identity"); } ASN1 _algorithm = _algorithmId[0]; if (_algorithm.Tag != 0x06) { throw new ProxyException("invalid algorithm tag"); } var _idNumber = ASN1Convert.ToOid(_algorithm); if (_idNumber != "1.2.410.200004.10.1.1.1") { throw new ProxyException("invalid vid algorithm"); } } _algorithmId = _algorithmId[1]; if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 2) { throw new ProxyException("invalid virtual identity"); } return(_algorithmId); }
// TODO: INCOMPLETE public SignerInfo(ASN1 asn1) : this() { if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 5)) { throw new ArgumentException("Invalid SignedData"); } // version Version if (asn1[0][0].Tag != 0x02) { throw new ArgumentException("Invalid version"); } version = asn1[0][0].Value[0]; // issuerAndSerialNumber IssuerAndSerialNumber ASN1 subjectIdentifierType = asn1 [0][1]; if ((subjectIdentifierType.Tag == 0x80) && (version == 3)) { ski = subjectIdentifierType.Value; } else { issuer = X501.ToString(subjectIdentifierType [0]); serial = subjectIdentifierType [1].Value; } // digestAlgorithm DigestAlgorithmIdentifier ASN1 digestAlgorithm = asn1 [0][2]; hashAlgorithm = ASN1Convert.ToOid(digestAlgorithm [0]); // authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL int n = 3; ASN1 authAttributes = asn1 [0][n]; if (authAttributes.Tag == 0xA0) { n++; for (int i = 0; i < authAttributes.Count; i++) { authenticatedAttributes.Add(authAttributes [i]); } } // digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier n++; // ASN1 digestEncryptionAlgorithm = asn1 [0][n++]; // string digestEncryptionAlgorithmOid = ASN1Convert.ToOid (digestEncryptionAlgorithm [0]); // encryptedDigest EncryptedDigest ASN1 encryptedDigest = asn1 [0][n++]; if (encryptedDigest.Tag == 0x04) { signature = encryptedDigest.Value; } // unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL ASN1 unauthAttributes = asn1 [0][n]; if ((unauthAttributes != null) && (unauthAttributes.Tag == 0xA1)) { for (int i = 0; i < unauthAttributes.Count; i++) { unauthenticatedAttributes.Add(unauthAttributes [i]); } } }