527 lines
17 KiB
C#
527 lines
17 KiB
C#
using System;
|
|
using System.Collections;
|
|
using System.IO;
|
|
using Org.BouncyCastle.Asn1;
|
|
using Org.BouncyCastle.Asn1.Cms;
|
|
using Org.BouncyCastle.Asn1.Pkcs;
|
|
using Org.BouncyCastle.Asn1.X509;
|
|
using Org.BouncyCastle.Crypto;
|
|
using Org.BouncyCastle.Crypto.Engines;
|
|
using Org.BouncyCastle.Crypto.IO;
|
|
using Org.BouncyCastle.Crypto.Signers;
|
|
using Org.BouncyCastle.Security;
|
|
using Org.BouncyCastle.Utilities;
|
|
using Org.BouncyCastle.X509;
|
|
|
|
namespace Org.BouncyCastle.Cms;
|
|
|
|
public class SignerInformation
|
|
{
|
|
private static readonly CmsSignedHelper Helper = CmsSignedHelper.Instance;
|
|
|
|
private SignerID sid;
|
|
|
|
private Org.BouncyCastle.Asn1.Cms.SignerInfo info;
|
|
|
|
private AlgorithmIdentifier digestAlgorithm;
|
|
|
|
private AlgorithmIdentifier encryptionAlgorithm;
|
|
|
|
private readonly Asn1Set signedAttributeSet;
|
|
|
|
private readonly Asn1Set unsignedAttributeSet;
|
|
|
|
private CmsProcessable content;
|
|
|
|
private byte[] signature;
|
|
|
|
private DerObjectIdentifier contentType;
|
|
|
|
private IDigestCalculator digestCalculator;
|
|
|
|
private byte[] resultDigest;
|
|
|
|
private Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttributeTable;
|
|
|
|
private Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributeTable;
|
|
|
|
private readonly bool isCounterSignature;
|
|
|
|
public bool IsCounterSignature => isCounterSignature;
|
|
|
|
public DerObjectIdentifier ContentType => contentType;
|
|
|
|
public SignerID SignerID => sid;
|
|
|
|
public int Version => info.Version.Value.IntValue;
|
|
|
|
public AlgorithmIdentifier DigestAlgorithmID => digestAlgorithm;
|
|
|
|
public string DigestAlgOid => digestAlgorithm.Algorithm.Id;
|
|
|
|
public Asn1Object DigestAlgParams => digestAlgorithm.Parameters?.ToAsn1Object();
|
|
|
|
public AlgorithmIdentifier EncryptionAlgorithmID => encryptionAlgorithm;
|
|
|
|
public string EncryptionAlgOid => encryptionAlgorithm.Algorithm.Id;
|
|
|
|
public Asn1Object EncryptionAlgParams => encryptionAlgorithm.Parameters?.ToAsn1Object();
|
|
|
|
public Org.BouncyCastle.Asn1.Cms.AttributeTable SignedAttributes
|
|
{
|
|
get
|
|
{
|
|
if (signedAttributeSet != null && signedAttributeTable == null)
|
|
{
|
|
signedAttributeTable = new Org.BouncyCastle.Asn1.Cms.AttributeTable(signedAttributeSet);
|
|
}
|
|
return signedAttributeTable;
|
|
}
|
|
}
|
|
|
|
public Org.BouncyCastle.Asn1.Cms.AttributeTable UnsignedAttributes
|
|
{
|
|
get
|
|
{
|
|
if (unsignedAttributeSet != null && unsignedAttributeTable == null)
|
|
{
|
|
unsignedAttributeTable = new Org.BouncyCastle.Asn1.Cms.AttributeTable(unsignedAttributeSet);
|
|
}
|
|
return unsignedAttributeTable;
|
|
}
|
|
}
|
|
|
|
internal SignerInformation(Org.BouncyCastle.Asn1.Cms.SignerInfo info, DerObjectIdentifier contentType, CmsProcessable content, IDigestCalculator digestCalculator)
|
|
{
|
|
this.info = info;
|
|
sid = new SignerID();
|
|
this.contentType = contentType;
|
|
isCounterSignature = contentType == null;
|
|
try
|
|
{
|
|
SignerIdentifier signerID = info.SignerID;
|
|
if (signerID.IsTagged)
|
|
{
|
|
Asn1OctetString instance = Asn1OctetString.GetInstance(signerID.ID);
|
|
sid.SubjectKeyIdentifier = instance.GetEncoded();
|
|
}
|
|
else
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber instance2 = Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber.GetInstance(signerID.ID);
|
|
sid.Issuer = instance2.Name;
|
|
sid.SerialNumber = instance2.SerialNumber.Value;
|
|
}
|
|
}
|
|
catch (IOException)
|
|
{
|
|
throw new ArgumentException("invalid sid in SignerInfo");
|
|
}
|
|
digestAlgorithm = info.DigestAlgorithm;
|
|
signedAttributeSet = info.AuthenticatedAttributes;
|
|
unsignedAttributeSet = info.UnauthenticatedAttributes;
|
|
encryptionAlgorithm = info.DigestEncryptionAlgorithm;
|
|
signature = info.EncryptedDigest.GetOctets();
|
|
this.content = content;
|
|
this.digestCalculator = digestCalculator;
|
|
}
|
|
|
|
protected SignerInformation(SignerInformation baseInfo)
|
|
{
|
|
info = baseInfo.info;
|
|
contentType = baseInfo.contentType;
|
|
isCounterSignature = baseInfo.IsCounterSignature;
|
|
sid = baseInfo.SignerID;
|
|
digestAlgorithm = info.DigestAlgorithm;
|
|
signedAttributeSet = info.AuthenticatedAttributes;
|
|
unsignedAttributeSet = info.UnauthenticatedAttributes;
|
|
encryptionAlgorithm = info.DigestEncryptionAlgorithm;
|
|
signature = info.EncryptedDigest.GetOctets();
|
|
content = baseInfo.content;
|
|
resultDigest = baseInfo.resultDigest;
|
|
signedAttributeTable = baseInfo.signedAttributeTable;
|
|
unsignedAttributeTable = baseInfo.unsignedAttributeTable;
|
|
}
|
|
|
|
public byte[] GetContentDigest()
|
|
{
|
|
if (resultDigest == null)
|
|
{
|
|
throw new InvalidOperationException("method can only be called after verify.");
|
|
}
|
|
return (byte[])resultDigest.Clone();
|
|
}
|
|
|
|
public byte[] GetSignature()
|
|
{
|
|
return (byte[])signature.Clone();
|
|
}
|
|
|
|
public SignerInformationStore GetCounterSignatures()
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = UnsignedAttributes;
|
|
if (unsignedAttributes == null)
|
|
{
|
|
return new SignerInformationStore(Platform.CreateArrayList(0));
|
|
}
|
|
IList list = Platform.CreateArrayList();
|
|
Asn1EncodableVector all = unsignedAttributes.GetAll(CmsAttributes.CounterSignature);
|
|
foreach (Org.BouncyCastle.Asn1.Cms.Attribute item in all)
|
|
{
|
|
Asn1Set attrValues = item.AttrValues;
|
|
_ = attrValues.Count;
|
|
_ = 1;
|
|
foreach (Asn1Encodable item2 in attrValues)
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.SignerInfo instance = Org.BouncyCastle.Asn1.Cms.SignerInfo.GetInstance(item2.ToAsn1Object());
|
|
string digestAlgName = CmsSignedHelper.Instance.GetDigestAlgName(instance.DigestAlgorithm.Algorithm.Id);
|
|
list.Add(new SignerInformation(instance, null, null, new CounterSignatureDigestCalculator(digestAlgName, GetSignature())));
|
|
}
|
|
}
|
|
return new SignerInformationStore(list);
|
|
}
|
|
|
|
public byte[] GetEncodedSignedAttributes()
|
|
{
|
|
if (signedAttributeSet != null)
|
|
{
|
|
return signedAttributeSet.GetEncoded("DER");
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private bool DoVerify(AsymmetricKeyParameter key)
|
|
{
|
|
string digestAlgName = Helper.GetDigestAlgName(DigestAlgOid);
|
|
IDigest digestInstance = Helper.GetDigestInstance(digestAlgName);
|
|
DerObjectIdentifier algorithm = encryptionAlgorithm.Algorithm;
|
|
Asn1Encodable parameters = encryptionAlgorithm.Parameters;
|
|
ISigner signer;
|
|
if (algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
|
|
{
|
|
if (parameters == null)
|
|
{
|
|
throw new CmsException("RSASSA-PSS signature must specify algorithm parameters");
|
|
}
|
|
try
|
|
{
|
|
RsassaPssParameters instance = RsassaPssParameters.GetInstance(parameters.ToAsn1Object());
|
|
if (!instance.HashAlgorithm.Algorithm.Equals(digestAlgorithm.Algorithm))
|
|
{
|
|
throw new CmsException("RSASSA-PSS signature parameters specified incorrect hash algorithm");
|
|
}
|
|
if (!instance.MaskGenAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdMgf1))
|
|
{
|
|
throw new CmsException("RSASSA-PSS signature parameters specified unknown MGF");
|
|
}
|
|
IDigest digest = DigestUtilities.GetDigest(instance.HashAlgorithm.Algorithm);
|
|
int intValue = instance.SaltLength.Value.IntValue;
|
|
byte b = (byte)instance.TrailerField.Value.IntValue;
|
|
if (b != 1)
|
|
{
|
|
throw new CmsException("RSASSA-PSS signature parameters must have trailerField of 1");
|
|
}
|
|
signer = new PssSigner(new RsaBlindedEngine(), digest, intValue);
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
throw new CmsException("failed to set RSASSA-PSS signature parameters", e);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
string algorithm2 = digestAlgName + "with" + Helper.GetEncryptionAlgName(EncryptionAlgOid);
|
|
signer = Helper.GetSignatureInstance(algorithm2);
|
|
}
|
|
try
|
|
{
|
|
if (digestCalculator != null)
|
|
{
|
|
resultDigest = digestCalculator.GetDigest();
|
|
}
|
|
else
|
|
{
|
|
if (content != null)
|
|
{
|
|
content.Write(new DigestSink(digestInstance));
|
|
}
|
|
else if (signedAttributeSet == null)
|
|
{
|
|
throw new CmsException("data not encapsulated in signature - use detached constructor.");
|
|
}
|
|
resultDigest = DigestUtilities.DoFinal(digestInstance);
|
|
}
|
|
}
|
|
catch (IOException e2)
|
|
{
|
|
throw new CmsException("can't process mime object to create signature.", e2);
|
|
}
|
|
Asn1Object singleValuedSignedAttribute = GetSingleValuedSignedAttribute(CmsAttributes.ContentType, "content-type");
|
|
if (singleValuedSignedAttribute == null)
|
|
{
|
|
if (!isCounterSignature && signedAttributeSet != null)
|
|
{
|
|
throw new CmsException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (isCounterSignature)
|
|
{
|
|
throw new CmsException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
|
|
}
|
|
if (!(singleValuedSignedAttribute is DerObjectIdentifier))
|
|
{
|
|
throw new CmsException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
|
|
}
|
|
DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)singleValuedSignedAttribute;
|
|
if (!derObjectIdentifier.Equals(contentType))
|
|
{
|
|
throw new CmsException("content-type attribute value does not match eContentType");
|
|
}
|
|
}
|
|
Asn1Object singleValuedSignedAttribute2 = GetSingleValuedSignedAttribute(CmsAttributes.MessageDigest, "message-digest");
|
|
if (singleValuedSignedAttribute2 == null)
|
|
{
|
|
if (signedAttributeSet != null)
|
|
{
|
|
throw new CmsException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (!(singleValuedSignedAttribute2 is Asn1OctetString))
|
|
{
|
|
throw new CmsException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
|
|
}
|
|
Asn1OctetString asn1OctetString = (Asn1OctetString)singleValuedSignedAttribute2;
|
|
if (!Arrays.AreEqual(resultDigest, asn1OctetString.GetOctets()))
|
|
{
|
|
throw new CmsException("message-digest attribute value does not match calculated value");
|
|
}
|
|
}
|
|
Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttributes = SignedAttributes;
|
|
if (signedAttributes != null && signedAttributes.GetAll(CmsAttributes.CounterSignature).Count > 0)
|
|
{
|
|
throw new CmsException("A countersignature attribute MUST NOT be a signed attribute");
|
|
}
|
|
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = UnsignedAttributes;
|
|
if (unsignedAttributes != null)
|
|
{
|
|
foreach (Org.BouncyCastle.Asn1.Cms.Attribute item in unsignedAttributes.GetAll(CmsAttributes.CounterSignature))
|
|
{
|
|
if (item.AttrValues.Count < 1)
|
|
{
|
|
throw new CmsException("A countersignature attribute MUST contain at least one AttributeValue");
|
|
}
|
|
}
|
|
}
|
|
try
|
|
{
|
|
signer.Init(forSigning: false, key);
|
|
if (signedAttributeSet == null)
|
|
{
|
|
if (digestCalculator != null)
|
|
{
|
|
return VerifyDigest(resultDigest, key, GetSignature());
|
|
}
|
|
if (content != null)
|
|
{
|
|
try
|
|
{
|
|
content.Write(new SignerSink(signer));
|
|
}
|
|
catch (SignatureException ex)
|
|
{
|
|
throw new CmsStreamException("signature problem: " + ex);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
byte[] encodedSignedAttributes = GetEncodedSignedAttributes();
|
|
signer.BlockUpdate(encodedSignedAttributes, 0, encodedSignedAttributes.Length);
|
|
}
|
|
return signer.VerifySignature(GetSignature());
|
|
}
|
|
catch (InvalidKeyException e3)
|
|
{
|
|
throw new CmsException("key not appropriate to signature in message.", e3);
|
|
}
|
|
catch (IOException e4)
|
|
{
|
|
throw new CmsException("can't process mime object to create signature.", e4);
|
|
}
|
|
catch (SignatureException ex2)
|
|
{
|
|
throw new CmsException("invalid signature format in message: " + ex2.Message, ex2);
|
|
}
|
|
}
|
|
|
|
private bool IsNull(Asn1Encodable o)
|
|
{
|
|
if (!(o is Asn1Null))
|
|
{
|
|
return o == null;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
private DigestInfo DerDecode(byte[] encoding)
|
|
{
|
|
if (encoding[0] != 48)
|
|
{
|
|
throw new IOException("not a digest info object");
|
|
}
|
|
DigestInfo instance = DigestInfo.GetInstance(Asn1Object.FromByteArray(encoding));
|
|
if (instance.GetEncoded().Length != encoding.Length)
|
|
{
|
|
throw new CmsException("malformed RSA signature");
|
|
}
|
|
return instance;
|
|
}
|
|
|
|
private bool VerifyDigest(byte[] digest, AsymmetricKeyParameter key, byte[] signature)
|
|
{
|
|
string encryptionAlgName = Helper.GetEncryptionAlgName(EncryptionAlgOid);
|
|
try
|
|
{
|
|
if (encryptionAlgName.Equals("RSA"))
|
|
{
|
|
IBufferedCipher bufferedCipher = CmsEnvelopedHelper.Instance.CreateAsymmetricCipher("RSA/ECB/PKCS1Padding");
|
|
bufferedCipher.Init(forEncryption: false, key);
|
|
byte[] encoding = bufferedCipher.DoFinal(signature);
|
|
DigestInfo digestInfo = DerDecode(encoding);
|
|
if (!digestInfo.AlgorithmID.Algorithm.Equals(digestAlgorithm.Algorithm))
|
|
{
|
|
return false;
|
|
}
|
|
if (!IsNull(digestInfo.AlgorithmID.Parameters))
|
|
{
|
|
return false;
|
|
}
|
|
byte[] digest2 = digestInfo.GetDigest();
|
|
return Arrays.ConstantTimeAreEqual(digest, digest2);
|
|
}
|
|
if (encryptionAlgName.Equals("DSA"))
|
|
{
|
|
ISigner signer = SignerUtilities.GetSigner("NONEwithDSA");
|
|
signer.Init(forSigning: false, key);
|
|
signer.BlockUpdate(digest, 0, digest.Length);
|
|
return signer.VerifySignature(signature);
|
|
}
|
|
throw new CmsException("algorithm: " + encryptionAlgName + " not supported in base signatures.");
|
|
}
|
|
catch (SecurityUtilityException ex)
|
|
{
|
|
throw ex;
|
|
}
|
|
catch (GeneralSecurityException ex2)
|
|
{
|
|
throw new CmsException("Exception processing signature: " + ex2, ex2);
|
|
}
|
|
catch (IOException ex3)
|
|
{
|
|
throw new CmsException("Exception decoding signature: " + ex3, ex3);
|
|
}
|
|
}
|
|
|
|
public bool Verify(AsymmetricKeyParameter pubKey)
|
|
{
|
|
if (pubKey.IsPrivate)
|
|
{
|
|
throw new ArgumentException("Expected public key", "pubKey");
|
|
}
|
|
GetSigningTime();
|
|
return DoVerify(pubKey);
|
|
}
|
|
|
|
public bool Verify(X509Certificate cert)
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.Time signingTime = GetSigningTime();
|
|
if (signingTime != null)
|
|
{
|
|
cert.CheckValidity(signingTime.Date);
|
|
}
|
|
return DoVerify(cert.GetPublicKey());
|
|
}
|
|
|
|
public Org.BouncyCastle.Asn1.Cms.SignerInfo ToSignerInfo()
|
|
{
|
|
return info;
|
|
}
|
|
|
|
private Asn1Object GetSingleValuedSignedAttribute(DerObjectIdentifier attrOID, string printableName)
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = UnsignedAttributes;
|
|
if (unsignedAttributes != null && unsignedAttributes.GetAll(attrOID).Count > 0)
|
|
{
|
|
throw new CmsException("The " + printableName + " attribute MUST NOT be an unsigned attribute");
|
|
}
|
|
Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttributes = SignedAttributes;
|
|
if (signedAttributes == null)
|
|
{
|
|
return null;
|
|
}
|
|
Asn1EncodableVector all = signedAttributes.GetAll(attrOID);
|
|
switch (all.Count)
|
|
{
|
|
case 0:
|
|
return null;
|
|
case 1:
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.Attribute attribute = (Org.BouncyCastle.Asn1.Cms.Attribute)all[0];
|
|
Asn1Set attrValues = attribute.AttrValues;
|
|
if (attrValues.Count != 1)
|
|
{
|
|
throw new CmsException("A " + printableName + " attribute MUST have a single attribute value");
|
|
}
|
|
return attrValues[0].ToAsn1Object();
|
|
}
|
|
default:
|
|
throw new CmsException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " + printableName + " attribute");
|
|
}
|
|
}
|
|
|
|
private Org.BouncyCastle.Asn1.Cms.Time GetSigningTime()
|
|
{
|
|
Asn1Object singleValuedSignedAttribute = GetSingleValuedSignedAttribute(CmsAttributes.SigningTime, "signing-time");
|
|
if (singleValuedSignedAttribute == null)
|
|
{
|
|
return null;
|
|
}
|
|
try
|
|
{
|
|
return Org.BouncyCastle.Asn1.Cms.Time.GetInstance(singleValuedSignedAttribute);
|
|
}
|
|
catch (ArgumentException)
|
|
{
|
|
throw new CmsException("signing-time attribute value not a valid 'Time' structure");
|
|
}
|
|
}
|
|
|
|
public static SignerInformation ReplaceUnsignedAttributes(SignerInformation signerInformation, Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes)
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.SignerInfo signerInfo = signerInformation.info;
|
|
Asn1Set unauthenticatedAttributes = null;
|
|
if (unsignedAttributes != null)
|
|
{
|
|
unauthenticatedAttributes = new DerSet(unsignedAttributes.ToAsn1EncodableVector());
|
|
}
|
|
return new SignerInformation(new Org.BouncyCastle.Asn1.Cms.SignerInfo(signerInfo.SignerID, signerInfo.DigestAlgorithm, signerInfo.AuthenticatedAttributes, signerInfo.DigestEncryptionAlgorithm, signerInfo.EncryptedDigest, unauthenticatedAttributes), signerInformation.contentType, signerInformation.content, null);
|
|
}
|
|
|
|
public static SignerInformation AddCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners)
|
|
{
|
|
Org.BouncyCastle.Asn1.Cms.SignerInfo signerInfo = signerInformation.info;
|
|
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInformation.UnsignedAttributes;
|
|
Asn1EncodableVector asn1EncodableVector = ((unsignedAttributes == null) ? new Asn1EncodableVector() : unsignedAttributes.ToAsn1EncodableVector());
|
|
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector();
|
|
foreach (SignerInformation signer in counterSigners.GetSigners())
|
|
{
|
|
asn1EncodableVector2.Add(signer.ToSignerInfo());
|
|
}
|
|
asn1EncodableVector.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.CounterSignature, new DerSet(asn1EncodableVector2)));
|
|
return new SignerInformation(new Org.BouncyCastle.Asn1.Cms.SignerInfo(signerInfo.SignerID, signerInfo.DigestAlgorithm, signerInfo.AuthenticatedAttributes, signerInfo.DigestEncryptionAlgorithm, signerInfo.EncryptedDigest, new DerSet(asn1EncodableVector)), signerInformation.contentType, signerInformation.content, null);
|
|
}
|
|
}
|