Mono.Security.Cryptography/CryptoService.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

//
// Author:
//   Jb Evain (jbevain@gmail.com)
//
// Copyright (c) 2008 - 2015 Jb Evain
// Copyright (c) 2008 - 2011 Novell, Inc.
//
// Licensed under the MIT/X11 license.
//

using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
using System.Runtime.Serialization;

using Mono.Security.Cryptography;

using Mono.Cecil.PE;

namespace Mono.Cecil {

	// Most of this code has been adapted
	// from Jeroen Frijters' fantastic work
	// in IKVM.Reflection.Emit. Thanks!

	static class CryptoService {

		public static byte [] GetPublicKey (WriterParameters parameters)
		{
			using (var rsa = parameters.CreateRSA ()) {
				var cspBlob = CryptoConvert.ToCapiPublicKeyBlob (rsa);
				var publicKey = new byte [12 + cspBlob.Length];
				Buffer.BlockCopy (cspBlob, 0, publicKey, 12, cspBlob.Length);
				// The first 12 bytes are documented at:
				// http://msdn.microsoft.com/library/en-us/cprefadd/html/grfungethashfromfile.asp
				// ALG_ID - Signature
				publicKey [1] = 36;
				// ALG_ID - Hash
				publicKey [4] = 4;
				publicKey [5] = 128;
				// Length of Public Key (in bytes)
				publicKey [8] = (byte) (cspBlob.Length >> 0);
				publicKey [9] = (byte) (cspBlob.Length >> 8);
				publicKey [10] = (byte) (cspBlob.Length >> 16);
				publicKey [11] = (byte) (cspBlob.Length >> 24);
				return publicKey;
			}
		}

		public static void StrongName (Stream stream, ImageWriter writer, WriterParameters parameters)
		{
			int strong_name_pointer;

			var strong_name = CreateStrongName (parameters, HashStream (stream, writer, out strong_name_pointer));
			PatchStrongName (stream, strong_name_pointer, strong_name);
		}

		static void PatchStrongName (Stream stream, int strong_name_pointer, byte [] strong_name)
		{
			stream.Seek (strong_name_pointer, SeekOrigin.Begin);
			stream.Write (strong_name, 0, strong_name.Length);
		}

		static byte [] CreateStrongName (WriterParameters parameters, byte [] hash)
		{
			const string hash_algo = "SHA1";

			using (var rsa = parameters.CreateRSA ()) {
				var formatter = new RSAPKCS1SignatureFormatter (rsa);
				formatter.SetHashAlgorithm (hash_algo);

				byte [] signature = formatter.CreateSignature (hash);
				Array.Reverse (signature);

				return signature;
			}
		}

		static byte [] HashStream (Stream stream, ImageWriter writer, out int strong_name_pointer)
		{
			const int buffer_size = 8192;

			var text = writer.text;
			var header_size = (int) writer.GetHeaderSize ();
			var text_section_pointer = (int) text.PointerToRawData;
			var strong_name_directory = writer.GetStrongNameSignatureDirectory ();

			if (strong_name_directory.Size == 0)
				throw new InvalidOperationException ();

			strong_name_pointer = (int) (text_section_pointer
				+ (strong_name_directory.VirtualAddress - text.VirtualAddress));
			var strong_name_length = (int) strong_name_directory.Size;

			var sha1 = new SHA1Managed ();
			var buffer = new byte [buffer_size];
			using (var crypto_stream = new CryptoStream (Stream.Null, sha1, CryptoStreamMode.Write)) {
				stream.Seek (0, SeekOrigin.Begin);
				CopyStreamChunk (stream, crypto_stream, buffer, header_size);

				stream.Seek (text_section_pointer, SeekOrigin.Begin);
				CopyStreamChunk (stream, crypto_stream, buffer, (int) strong_name_pointer - text_section_pointer);

				stream.Seek (strong_name_length, SeekOrigin.Current);
				CopyStreamChunk (stream, crypto_stream, buffer, (int) (stream.Length - (strong_name_pointer + strong_name_length)));
			}

			return sha1.Hash;
		}

		public static void CopyStreamChunk (Stream stream, Stream dest_stream, byte [] buffer, int length)
		{
			while (length > 0) {
				int read = stream.Read (buffer, 0, System.Math.Min (buffer.Length, length));
				dest_stream.Write (buffer, 0, read);
				length -= read;
			}
		}

		public static byte [] ComputeHash (string file)
		{
			if (!File.Exists (file))
				return Empty<byte>.Array;

			using (var stream = new FileStream (file, FileMode.Open, FileAccess.Read, FileShare.Read))
				return ComputeHash (stream);
		}

		public static byte [] ComputeHash (Stream stream)
		{
			const int buffer_size = 8192;

			var sha1 = new SHA1Managed ();
			var buffer = new byte [buffer_size];

			using (var crypto_stream = new CryptoStream (Stream.Null, sha1, CryptoStreamMode.Write))
				CopyStreamChunk (stream, crypto_stream, buffer, (int) stream.Length);

			return sha1.Hash;
		}

		public static byte [] ComputeHash (params ByteBuffer [] buffers)
		{
			var sha1 = new SHA1Managed ();

			using (var crypto_stream = new CryptoStream (Stream.Null, sha1, CryptoStreamMode.Write)) {
				for (int i = 0; i < buffers.Length; i++) {
					crypto_stream.Write (buffers [i].buffer, 0, buffers [i].length);
				}
			}

			return sha1.Hash;
		}

		public static Guid ComputeGuid (byte [] hash)
		{
			// From corefx/src/System.Reflection.Metadata/src/System/Reflection/Metadata/BlobContentId.cs
			var guid = new byte [16];
			Buffer.BlockCopy (hash, 0, guid, 0, 16);

			// modify the guid data so it decodes to the form of a "random" guid ala rfc4122
			guid [7] = (byte) ((guid [7] & 0x0f) | (4 << 4));
			guid [8] = (byte) ((guid [8] & 0x3f) | (2 << 6));

			return new Guid (guid);
		}
	}

	static partial class Mixin {

		public static RSA CreateRSA (this WriterParameters writer_parameters)
		{
			byte [] key;
			string key_container;

			if (writer_parameters.StrongNameKeyBlob != null)
				return CryptoConvert.FromCapiKeyBlob (writer_parameters.StrongNameKeyBlob);

			if (writer_parameters.StrongNameKeyContainer != null)
				key_container = writer_parameters.StrongNameKeyContainer;
			else if (!TryGetKeyContainer (writer_parameters.StrongNameKeyPair, out key, out key_container))
				return CryptoConvert.FromCapiKeyBlob (key);

			var parameters = new CspParameters {
				Flags = CspProviderFlags.UseMachineKeyStore,
				KeyContainerName = key_container,
				KeyNumber = 2,
			};

			return new RSACryptoServiceProvider (parameters);
		}

		static bool TryGetKeyContainer (ISerializable key_pair, out byte [] key, out string key_container)
		{
			var info = new SerializationInfo (typeof (StrongNameKeyPair), new FormatterConverter ());
			key_pair.GetObjectData (info, new StreamingContext ());

			key = (byte []) info.GetValue ("_keyPairArray", typeof (byte []));
			key_container = info.GetString ("_keyPairContainer");
			return key_container != null;
		}
	}
}