private static unsafe void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl) { Win32.CRYPT_DATA_BLOB pTimestampSignatureBlob = new Win32.CRYPT_DATA_BLOB(); XmlNamespaceManager nsmgr = new XmlNamespaceManager(licenseDom.NameTable); nsmgr.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS"); nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); nsmgr.AddNamespace("as", "http://schemas.microsoft.com/windows/pki/2005/Authenticode"); byte[] bytes = Encoding.UTF8.GetBytes(licenseDom.OuterXml); fixed(byte *numPtr = bytes) { Win32.CRYPT_DATA_BLOB pSignedLicenseBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr num = new IntPtr((void *)numPtr); pSignedLicenseBlob.cbData = (uint)bytes.Length; pSignedLicenseBlob.pbData = num; int hr = Win32.CertTimestampAuthenticodeLicense(ref pSignedLicenseBlob, timeStampUrl, out pTimestampSignatureBlob); if (hr != 0) { throw new CryptographicException(hr); } } byte[] numArray = new byte[(int)pTimestampSignatureBlob.cbData]; Marshal.Copy(pTimestampSignatureBlob.pbData, numArray, 0, numArray.Length); Win32.HeapFree(Win32.GetProcessHeap(), 0U, pTimestampSignatureBlob.pbData); XmlElement element1 = licenseDom.CreateElement("as", "Timestamp", "http://schemas.microsoft.com/windows/pki/2005/Authenticode"); element1.InnerText = Encoding.UTF8.GetString(numArray); XmlElement element2 = licenseDom.CreateElement("Object", "http://www.w3.org/2000/09/xmldsig#"); element2.AppendChild((XmlNode)element1); (licenseDom.SelectSingleNode("r:license/r:issuer/ds:Signature", nsmgr) as XmlElement).AppendChild((XmlNode)element2); }
private unsafe string VerifyPublicKeyToken() { XmlNamespaceManager nsmgr = new XmlNamespaceManager(this.m_manifestDom.NameTable); nsmgr.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1"); nsmgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); XmlElement xmlElement1 = this.m_manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Modulus", nsmgr) as XmlElement; XmlElement xmlElement2 = this.m_manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Exponent", nsmgr) as XmlElement; if (xmlElement1 == null || xmlElement2 == null) { throw new CryptographicException(-2146762749); } byte[] bytes1 = Encoding.UTF8.GetBytes(xmlElement1.InnerXml); byte[] bytes2 = Encoding.UTF8.GetBytes(xmlElement2.InnerXml); string publicKeyToken1 = SignedCmiManifest.GetPublicKeyToken(this.m_manifestDom); byte[] bytes3 = SignedCmiManifest.HexStringToBytes(publicKeyToken1); byte[] bytes4; fixed(byte *numPtr1 = bytes1) fixed(byte *numPtr2 = bytes2) { Win32.CRYPT_DATA_BLOB pModulusBlob = new Win32.CRYPT_DATA_BLOB(); Win32.CRYPT_DATA_BLOB pExponentBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr ppwszPublicKeyToken = new IntPtr(); pModulusBlob.cbData = (uint)bytes1.Length; pModulusBlob.pbData = new IntPtr((void *)numPtr1); pExponentBlob.cbData = (uint)bytes2.Length; pExponentBlob.pbData = new IntPtr((void *)numPtr2); int publicKeyToken2 = Win32._AxlRSAKeyValueToPublicKeyToken(ref pModulusBlob, ref pExponentBlob, out ppwszPublicKeyToken); if (publicKeyToken2 != 0) { throw new CryptographicException(publicKeyToken2); } bytes4 = SignedCmiManifest.HexStringToBytes(Marshal.PtrToStringUni(ppwszPublicKeyToken)); Win32.HeapFree(Win32.GetProcessHeap(), 0U, ppwszPublicKeyToken); } if (bytes3.Length == 0 || bytes3.Length != bytes4.Length) { throw new CryptographicException(-2146762485); } for (int index = 0; index < bytes3.Length; ++index) { if ((int)bytes3[index] != (int)bytes4[index]) { throw new CryptographicException(-2146762485); } } return(publicKeyToken1); }
private unsafe void VerifyLicense(CmiManifestVerifyFlags verifyFlags, bool oldFormat) { XmlNamespaceManager namespaceManager = new XmlNamespaceManager(this.m_manifestDom.NameTable); namespaceManager.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1"); namespaceManager.AddNamespace("asm2", "urn:schemas-microsoft-com:asm.v2"); namespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); namespaceManager.AddNamespace("msrel", "http://schemas.microsoft.com/windows/rel/2005/reldata"); namespaceManager.AddNamespace("r", "urn:mpeg:mpeg21:2003:01-REL-R-NS"); namespaceManager.AddNamespace("as", "http://schemas.microsoft.com/windows/pki/2005/Authenticode"); XmlElement xmlElement = this.m_manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/msrel:RelData/r:license", namespaceManager) as XmlElement; if (xmlElement == null) { return; } this.VerifyAssemblyIdentity(namespaceManager); this.m_authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(-2146762485); byte[] bytes = Encoding.UTF8.GetBytes(xmlElement.OuterXml); fixed(byte *numPtr = bytes) { Win32.AXL_SIGNER_INFO pSignerInfo = new Win32.AXL_SIGNER_INFO(); pSignerInfo.cbSize = (uint)Marshal.SizeOf(typeof(Win32.AXL_SIGNER_INFO)); Win32.AXL_TIMESTAMPER_INFO pTimestamperInfo = new Win32.AXL_TIMESTAMPER_INFO(); pTimestamperInfo.cbSize = (uint)Marshal.SizeOf(typeof(Win32.AXL_TIMESTAMPER_INFO)); Win32.CRYPT_DATA_BLOB pLicenseBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr num = new IntPtr((void *)numPtr); pLicenseBlob.cbData = (uint)bytes.Length; pLicenseBlob.pbData = num; int hr = Win32.CertVerifyAuthenticodeLicense(ref pLicenseBlob, (uint)verifyFlags, out pSignerInfo, out pTimestamperInfo); if (-2146762496 != (int)pSignerInfo.dwError) { this.m_authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(pSignerInfo, pTimestamperInfo); } Win32.CertFreeAuthenticodeSignerInfo(ref pSignerInfo); Win32.CertFreeAuthenticodeTimestamperInfo(ref pTimestamperInfo); if (hr != 0) { throw new CryptographicException(hr); } } if (oldFormat) { return; } this.VerifyPublisherIdentity(namespaceManager); }
private static void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlgorithm snKey, bool useSha256) { // Make sure we can find the publicKeyToken attribute. XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable); nsm.AddNamespace("asm", AssemblyNamespaceUri); XmlElement assemblyIdentity = manifestDom.SelectSingleNode("asm:assembly/asm:assemblyIdentity", nsm) as XmlElement; if (assemblyIdentity == null) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } if (!assemblyIdentity.HasAttribute("publicKeyToken")) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } byte[] cspPublicKeyBlob = (GetFixedRSACryptoServiceProvider((RSACryptoServiceProvider)snKey, useSha256)).ExportCspBlob(false); if (cspPublicKeyBlob == null || cspPublicKeyBlob.Length == 0) { throw new CryptographicException(Win32.NTE_BAD_KEY); } // Now compute the public key token. unsafe { fixed(byte *pbPublicKeyBlob = cspPublicKeyBlob) { Win32.CRYPT_DATA_BLOB publicKeyBlob = new Win32.CRYPT_DATA_BLOB(); publicKeyBlob.cbData = (uint)cspPublicKeyBlob.Length; publicKeyBlob.pbData = new IntPtr(pbPublicKeyBlob); IntPtr pPublicKeyToken = new IntPtr(); int hr = Win32._AxlPublicKeyBlobToPublicKeyToken(ref publicKeyBlob, ref pPublicKeyToken); if (hr != Win32.S_OK) { throw new CryptographicException(hr); } string publicKeyToken = Marshal.PtrToStringUni(pPublicKeyToken); Win32.HeapFree(Win32.GetProcessHeap(), 0, pPublicKeyToken); assemblyIdentity.SetAttribute("publicKeyToken", publicKeyToken); } } }
private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl) { Win32.CRYPT_DATA_BLOB timestampBlob = new Win32.CRYPT_DATA_BLOB(); XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable); nsm.AddNamespace("r", LicenseNamespaceUri); nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsm.AddNamespace("as", AuthenticodeNamespaceUri); byte[] licenseXml = Encoding.UTF8.GetBytes(licenseDom.OuterXml); unsafe { fixed(byte *pbLicense = licenseXml) { Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr pvLicense = new IntPtr(pbLicense); licenseBlob.cbData = (uint)licenseXml.Length; licenseBlob.pbData = pvLicense; int hr = Win32.CertTimestampAuthenticodeLicense(ref licenseBlob, timeStampUrl, ref timestampBlob); if (hr != Win32.S_OK) { throw new CryptographicException(hr); } } } byte[] timestampSignature = new byte[timestampBlob.cbData]; Marshal.Copy(timestampBlob.pbData, timestampSignature, 0, timestampSignature.Length); Win32.HeapFree(Win32.GetProcessHeap(), 0, timestampBlob.pbData); XmlElement asTimestamp = licenseDom.CreateElement("as", "Timestamp", AuthenticodeNamespaceUri); asTimestamp.InnerText = Encoding.UTF8.GetString(timestampSignature); XmlElement dsObject = licenseDom.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl); dsObject.AppendChild(asTimestamp); XmlElement signatureNode = licenseDom.SelectSingleNode("r:license/r:issuer/ds:Signature", nsm) as XmlElement; signatureNode.AppendChild(dsObject); }
private static unsafe void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlgorithm snKey) { XmlNamespaceManager nsmgr = new XmlNamespaceManager(manifestDom.NameTable); nsmgr.AddNamespace("asm", "urn:schemas-microsoft-com:asm.v1"); XmlElement xmlElement = manifestDom.SelectSingleNode("asm:assembly/asm:assemblyIdentity", nsmgr) as XmlElement; if (xmlElement == null) { throw new CryptographicException(-2146762749); } if (!xmlElement.HasAttribute("publicKeyToken")) { throw new CryptographicException(-2146762749); } byte[] numArray = ((RSACryptoServiceProvider)snKey).ExportCspBlob(false); if (numArray == null || numArray.Length == 0) { throw new CryptographicException(-2146893821); fixed(byte *numPtr = numArray) { Win32.CRYPT_DATA_BLOB pCspPublicKeyBlob = new Win32.CRYPT_DATA_BLOB(); pCspPublicKeyBlob.cbData = (uint)numArray.Length; pCspPublicKeyBlob.pbData = new IntPtr((void *)numPtr); IntPtr ppwszPublicKeyToken = new IntPtr(); int publicKeyToken = Win32._AxlPublicKeyBlobToPublicKeyToken(ref pCspPublicKeyBlob, out ppwszPublicKeyToken); if (publicKeyToken != 0) { throw new CryptographicException(publicKeyToken); } string stringUni = Marshal.PtrToStringUni(ppwszPublicKeyToken); Win32.HeapFree(Win32.GetProcessHeap(), 0U, ppwszPublicKeyToken); xmlElement.SetAttribute("publicKeyToken", stringUni); } }
private static void ReplacePublicKeyToken(XmlDocument manifestDom, AsymmetricAlgorithm snKey) { // Make sure we can find the publicKeyToken attribute. XmlNamespaceManager nsm = new XmlNamespaceManager(manifestDom.NameTable); nsm.AddNamespace("asm", AssemblyNamespaceUri); XmlElement assemblyIdentity = manifestDom.SelectSingleNode("asm:assembly/asm:assemblyIdentity", nsm) as XmlElement; if (assemblyIdentity == null) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } if (!assemblyIdentity.HasAttribute("publicKeyToken")) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } byte[] cspPublicKeyBlob = ((RSACryptoServiceProvider)snKey).ExportCspBlob(false); if (cspPublicKeyBlob == null || cspPublicKeyBlob.Length == 0) { throw new CryptographicException(Win32.NTE_BAD_KEY); } // Now compute the public key token. unsafe { fixed (byte* pbPublicKeyBlob = cspPublicKeyBlob) { Win32.CRYPT_DATA_BLOB publicKeyBlob = new Win32.CRYPT_DATA_BLOB(); publicKeyBlob.cbData = (uint)cspPublicKeyBlob.Length; publicKeyBlob.pbData = new IntPtr(pbPublicKeyBlob); IntPtr pPublicKeyToken = new IntPtr(); int hr = Win32._AxlPublicKeyBlobToPublicKeyToken(ref publicKeyBlob, ref pPublicKeyToken); if (hr != Win32.S_OK) { throw new CryptographicException(hr); } string publicKeyToken = Marshal.PtrToStringUni(pPublicKeyToken); Win32.HeapFree(Win32.GetProcessHeap(), 0, pPublicKeyToken); assemblyIdentity.SetAttribute("publicKeyToken", publicKeyToken); } } }
private string VerifyPublicKeyToken() { XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable); nsm.AddNamespace("asm", AssemblyNamespaceUri); nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); XmlElement snModulus = _manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Modulus", nsm) as XmlElement; XmlElement snExponent = _manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/ds:KeyValue/ds:RSAKeyValue/ds:Exponent", nsm) as XmlElement; if (snModulus == null || snExponent == null) { throw new CryptographicException(Win32.TRUST_E_SUBJECT_FORM_UNKNOWN); } byte[] modulus = Encoding.UTF8.GetBytes(snModulus.InnerXml); byte[] exponent = Encoding.UTF8.GetBytes(snExponent.InnerXml); string tokenString = GetPublicKeyToken(_manifestDom); byte[] publicKeyToken = HexStringToBytes(tokenString); byte[] computedPublicKeyToken; unsafe { fixed (byte* pbModulus = modulus) { fixed (byte* pbExponent = exponent) { Win32.CRYPT_DATA_BLOB modulusBlob = new Win32.CRYPT_DATA_BLOB(); Win32.CRYPT_DATA_BLOB exponentBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr pComputedToken = new IntPtr(); modulusBlob.cbData = (uint)modulus.Length; modulusBlob.pbData = new IntPtr(pbModulus); exponentBlob.cbData = (uint)exponent.Length; exponentBlob.pbData = new IntPtr(pbExponent); // Now compute the public key token. int hr = Win32._AxlRSAKeyValueToPublicKeyToken(ref modulusBlob, ref exponentBlob, ref pComputedToken); if (hr != Win32.S_OK) { throw new CryptographicException(hr); } computedPublicKeyToken = HexStringToBytes(Marshal.PtrToStringUni(pComputedToken)); Win32.HeapFree(Win32.GetProcessHeap(), 0, pComputedToken); } } } // Do they match? if (publicKeyToken.Length == 0 || publicKeyToken.Length != computedPublicKeyToken.Length) { throw new CryptographicException(Win32.TRUST_E_FAIL); } for (int i = 0; i < publicKeyToken.Length; i++) { if (publicKeyToken[i] != computedPublicKeyToken[i]) { throw new CryptographicException(Win32.TRUST_E_FAIL); } } return tokenString; }
// // Privates. // private void VerifyLicense(CmiManifestVerifyFlags verifyFlags, bool oldFormat) { XmlNamespaceManager nsm = new XmlNamespaceManager(_manifestDom.NameTable); nsm.AddNamespace("asm", AssemblyNamespaceUri); nsm.AddNamespace("asm2", AssemblyV2NamespaceUri); nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsm.AddNamespace("msrel", MSRelNamespaceUri); nsm.AddNamespace("r", LicenseNamespaceUri); nsm.AddNamespace("as", AuthenticodeNamespaceUri); // We are done if no license. XmlElement licenseNode = _manifestDom.SelectSingleNode("asm:assembly/ds:Signature/ds:KeyInfo/msrel:RelData/r:license", nsm) as XmlElement; if (licenseNode == null) { return; } // Make sure this license is for this manifest. VerifyAssemblyIdentity(nsm); // Found a license, so instantiate signer info property. _authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(Win32.TRUST_E_FAIL); unsafe { byte[] licenseXml = Encoding.UTF8.GetBytes(licenseNode.OuterXml); fixed (byte* pbLicense = licenseXml) { Win32.AXL_SIGNER_INFO signerInfo = new Win32.AXL_SIGNER_INFO(); signerInfo.cbSize = (uint)Marshal.SizeOf<Win32.AXL_SIGNER_INFO>(); Win32.AXL_TIMESTAMPER_INFO timestamperInfo = new Win32.AXL_TIMESTAMPER_INFO(); timestamperInfo.cbSize = (uint)Marshal.SizeOf<Win32.AXL_TIMESTAMPER_INFO>(); Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr pvLicense = new IntPtr(pbLicense); licenseBlob.cbData = (uint)licenseXml.Length; licenseBlob.pbData = pvLicense; int hr = Win32.CertVerifyAuthenticodeLicense(ref licenseBlob, (uint)verifyFlags, ref signerInfo, ref timestamperInfo); if (Win32.TRUST_E_NOSIGNATURE != (int)signerInfo.dwError) { _authenticodeSignerInfo = new CmiAuthenticodeSignerInfo(signerInfo, timestamperInfo); } Win32.CertFreeAuthenticodeSignerInfo(ref signerInfo); Win32.CertFreeAuthenticodeTimestamperInfo(ref timestamperInfo); if (hr != Win32.S_OK) { throw new CryptographicException(hr); } } } if (!oldFormat) // Make sure we have the intended Authenticode signer. VerifyPublisherIdentity(nsm); }
private static void TimestampSignedLicenseDom(XmlDocument licenseDom, string timeStampUrl) { Win32.CRYPT_DATA_BLOB timestampBlob = new Win32.CRYPT_DATA_BLOB(); XmlNamespaceManager nsm = new XmlNamespaceManager(licenseDom.NameTable); nsm.AddNamespace("r", LicenseNamespaceUri); nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsm.AddNamespace("as", AuthenticodeNamespaceUri); byte[] licenseXml = Encoding.UTF8.GetBytes(licenseDom.OuterXml); unsafe { fixed (byte* pbLicense = licenseXml) { Win32.CRYPT_DATA_BLOB licenseBlob = new Win32.CRYPT_DATA_BLOB(); IntPtr pvLicense = new IntPtr(pbLicense); licenseBlob.cbData = (uint)licenseXml.Length; licenseBlob.pbData = pvLicense; int hr = Win32.CertTimestampAuthenticodeLicense(ref licenseBlob, timeStampUrl, ref timestampBlob); if (hr != Win32.S_OK) { throw new CryptographicException(hr); } } } byte[] timestampSignature = new byte[timestampBlob.cbData]; Marshal.Copy(timestampBlob.pbData, timestampSignature, 0, timestampSignature.Length); Win32.HeapFree(Win32.GetProcessHeap(), 0, timestampBlob.pbData); XmlElement asTimestamp = licenseDom.CreateElement("as", "Timestamp", AuthenticodeNamespaceUri); asTimestamp.InnerText = Encoding.UTF8.GetString(timestampSignature); XmlElement dsObject = licenseDom.CreateElement("Object", SignedXml.XmlDsigNamespaceUrl); dsObject.AppendChild(asTimestamp); XmlElement signatureNode = licenseDom.SelectSingleNode("r:license/r:issuer/ds:Signature", nsm) as XmlElement; signatureNode.AppendChild(dsObject); }
internal static extern int _AxlPublicKeyBlobToPublicKeyToken([In] ref Win32.CRYPT_DATA_BLOB pCspPublicKeyBlob, [In, Out] ref IntPtr ppwszPublicKeyToken);
internal static extern int _AxlRSAKeyValueToPublicKeyToken([In] ref Win32.CRYPT_DATA_BLOB pModulusBlob, [In] ref Win32.CRYPT_DATA_BLOB pExponentBlob, [In, Out] ref IntPtr ppwszPublicKeyToken);
internal static extern int CertVerifyAuthenticodeLicense([In] ref Win32.CRYPT_DATA_BLOB pLicenseBlob, [In] uint dwFlags, [In, Out] ref Win32.AXL_SIGNER_INFO pSignerInfo, [In, Out] ref Win32.AXL_TIMESTAMPER_INFO pTimestamperInfo);
internal static extern int CertTimestampAuthenticodeLicense([In] ref Win32.CRYPT_DATA_BLOB pSignedLicenseBlob, [In] string pwszTimestampURI, [In, Out] ref Win32.CRYPT_DATA_BLOB pTimestampSignatureBlob);