Support for RFC 3161 cryptographic timestamps with RFC 5816 additions

This change adds API to consume, and produce, cryptographic timestamp tokens compliant with RFC 3161, or with the RFC 5816's extensions to support certificate thumbprint algorithms other than SHA-1.

In addition to the low-level production and consumption, accelerator API exists for applying RFC 3161 Appendix A rules for (counter-)signing a SignedCMS SignerInfo signature.

Author: bartonjs

src/Common/src/System/Security/Cryptography/Asn1V2.Serializer.cs

@@ -1411,6 +1411,50 @@ public static T Deserialize<T>(ReadOnlyMemory<byte> source, AsnEncodingRules rul
             return t;
         }
 
+        /// <summary>
+        /// Read the first ASN.1 data element from <paramref name="source"/> encoded under the specified
+        /// encoding rules into the typed structure.
+        /// </summary>
+        /// <typeparam name="T">
+        /// The type to deserialize as.
+        /// In order to be deserialized the type must have sequential layout, be sealed, and be composed of
+        /// members that are also able to be deserialized by this method.
+        /// </typeparam>
+        /// <param name="source">A view of the encoded bytes to be deserialized.</param>
+        /// <param name="ruleSet">The ASN.1 encoding ruleset to use for reading <paramref name="source"/>.</param>
+        /// <param name="bytesRead">Receives the number of bytes read from <paramref name="source"/>.</param>
+        /// <returns>A deserialized instance of <typeparamref name="T"/>.</returns>
+        /// <remarks>
+        /// Except for where required to for avoiding ambiguity, this method does not check that there are
+        /// no cycles in the type graph for <typeparamref name="T"/>.  If <typeparamref name="T"/> is a
+        /// reference type (class) which includes a cycle in the type graph, 
+        /// then it is possible for the data in <paramref name="source"/> to cause
+        /// an arbitrary extension to the maximum stack depth of this routine, leading to a
+        /// <see cref="StackOverflowException"/>.
+        /// 
+        /// If <typeparamref name="T"/> is a value type (struct) the compiler will enforce that there are no
+        /// cycles in the type graph.
+        /// 
+        /// When reference types are used the onus is on the caller of this method to prevent cycles, or to
+        /// mitigate the possibility of the stack overflow.
+        /// </remarks>
+        /// <exception cref="AsnSerializationConstraintException">
+        ///   A portion of <typeparamref name="T"/> is invalid for deserialization.
+        /// </exception>
+        /// <exception cref="CryptographicException">
+        ///   Any of the data in <paramref name="source"/> is invalid for mapping to the return value.
+        /// </exception>
+        public static T Deserialize<T>(ReadOnlyMemory<byte> source, AsnEncodingRules ruleSet, out int bytesRead)
+        {
+            Deserializer deserializer = GetDeserializer(typeof(T), null);
+            AsnReader reader = new AsnReader(source, ruleSet);
+            ReadOnlyMemory<byte> firstElement = reader.PeekEncodedValue();
+
+            T t = (T)deserializer(reader);
+            bytesRead = firstElement.Length;
+            return t;
+        }
+
         /// <summary>
         /// Serialize <paramref name="value"/> into an ASN.1 writer under the specified encoding rules.
         /// </summary>

src/System.Security.Cryptography.Encoding/tests/Asn1/Serializer/SimpleDeserialize.cs

@@ -442,7 +442,7 @@ public static void ReadOptionals(string inputHex, bool hasUtf8, bool hasIa5)
         }
 
         [Fact]
-        public static void TooMuchData()
+        public static void TooMuchDataInValue()
         {
             // This is { IA5String("IA5"), UTF8String("UTF8") }, which is the opposite
             // of the field order of OptionalValues.  SO it will see the UTF8String as null,
@@ -452,6 +452,24 @@ public static void TooMuchData()
             Assert.Throws<CryptographicException>(
                 () => AsnSerializer.Deserialize<OptionalValues>(inputData, AsnEncodingRules.BER));
         }
+
+        [Fact]
+        public static void TooMuchDataForValue()
+        {
+            // Two empty sequences, which is more data than one OptionalValues value.
+            byte[] inputData = "30003000".HexToByteArray();
+
+            OptionalValues parsed = AsnSerializer.Deserialize<OptionalValues>(
+                inputData,
+                AsnEncodingRules.BER,
+                out int bytesRead);
+
+            Assert.NotNull(parsed);
+            Assert.Equal(2, bytesRead);
+
+            Assert.Throws<CryptographicException>(
+                () => AsnSerializer.Deserialize<OptionalValues>(inputData, AsnEncodingRules.BER));
+        }
     }
 
     // RFC 3280 / ITU-T X.509

src/System.Security.Cryptography.Pkcs/ref/System.Security.Cryptography.Pkcs.csproj

@@ -24,6 +24,7 @@
     <ProjectReference Include="..\..\System.Runtime\ref\System.Runtime.csproj" />
     <ProjectReference Include="..\..\System.Security.Cryptography.Csp\ref\System.Security.Cryptography.Csp.csproj" />
     <ProjectReference Include="..\..\System.Security.Cryptography.Encoding\ref\System.Security.Cryptography.Encoding.csproj" />
+    <ProjectReference Include="..\..\System.Security.Cryptography.Primitives\ref\System.Security.Cryptography.Primitives.csproj" />
     <ProjectReference Include="..\..\System.Security.Cryptography.X509Certificates\ref\System.Security.Cryptography.X509Certificates.csproj" />
   </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />

src/System.Security.Cryptography.Pkcs/ref/System.Security.Cryptography.Pkcs.netcoreapp.cs

@@ -5,8 +5,60 @@
 // Changes to this file must follow the http://aka.ms/api-review process.
 // ------------------------------------------------------------------------------
 
+using System.Security.Cryptography.X509Certificates;
+
 namespace System.Security.Cryptography.Pkcs
 {
+    public sealed partial class Rfc3161TimestampRequest
+    {
+        private Rfc3161TimestampRequest() { }
+        public int Version => throw null;
+        public ReadOnlyMemory<byte> GetMessageHash() => throw null;
+        public Oid HashAlgorithmId => throw null;
+        public Oid RequestedPolicyId => throw null;
+        public bool RequestSignerCertificate => throw null;
+        public ReadOnlyMemory<byte>? GetNonce() => throw null;
+        public bool HasExtensions => throw null;
+        public X509ExtensionCollection GetExtensions() => throw null;
+        public byte[] Encode() => throw null;
+        public bool TryEncode(Span<byte> destination, out int bytesWritten) => throw null;
+        public Rfc3161TimestampToken ProcessResponse(ReadOnlyMemory<byte> responseBytes, out int bytesConsumed) => throw null;
+        public static Rfc3161TimestampRequest CreateFromData(ReadOnlySpan<byte> data, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = null, bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) => throw null;
+        public static Rfc3161TimestampRequest CreateFromHash(ReadOnlyMemory<byte> hash, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = null, bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) => throw null;
+        public static Rfc3161TimestampRequest CreateFromHash(ReadOnlyMemory<byte> hash, Oid hashAlgorithmId, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = null, bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) => throw null;
+        public static Rfc3161TimestampRequest CreateFromSignerInfo(SignerInfo signerInfo, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = null, bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) => throw null;
+        public static bool TryDecode(ReadOnlyMemory<byte> encodedBytes, out Rfc3161TimestampRequest request, out int bytesConsumed) => throw null;
+    }
+    public sealed partial class Rfc3161TimestampToken
+    {
+        private Rfc3161TimestampToken() { }
+        public Rfc3161TimestampTokenInfo TokenInfo => throw null;
+        public SignedCms AsSignedCms() => throw null;
+        public bool VerifySignatureForHash(ReadOnlySpan<byte> hash, HashAlgorithmName hashAlgorithm, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) => throw null;
+        public bool VerifySignatureForHash(ReadOnlySpan<byte> hash, Oid hashAlgorithmId, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) => throw null;
+        public bool VerifySignatureForData(ReadOnlySpan<byte> data, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) => throw null;
+        public bool VerifySignatureForSignerInfo(SignerInfo signerInfo, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) => throw null;
+        public static bool TryDecode(ReadOnlyMemory<byte> encodedBytes, out Rfc3161TimestampToken token, out int bytesConsumed) => throw null;
+    }
+    public sealed partial class Rfc3161TimestampTokenInfo
+    {
+        public Rfc3161TimestampTokenInfo(Oid policyId, Oid hashAlgorithmId, ReadOnlyMemory<byte> messageHash, ReadOnlyMemory<byte> serialNumber, DateTimeOffset timestamp, long? accuracyInMicroseconds=null, bool isOrdering=false, ReadOnlyMemory<byte>? nonce=null, ReadOnlyMemory<byte>? timestampAuthorityName=null, X509ExtensionCollection extensions =null) { throw null; }
+        public int Version => throw null;
+        public Oid PolicyId=> throw null;
+        public Oid HashAlgorithmId => throw null;
+        public ReadOnlyMemory<byte> GetMessageHash() { throw null; }
+        public ReadOnlyMemory<byte> GetSerialNumber() { throw null; }
+        public DateTimeOffset Timestamp => throw null;
+        public long? AccuracyInMicroseconds => throw null;
+        public bool IsOrdering => throw null;
+        public ReadOnlyMemory<byte>? GetNonce() { throw null; }
+        public ReadOnlyMemory<byte>? GetTimestampAuthorityName() { throw null; }
+        public bool HasExtensions => throw null;
+        public X509ExtensionCollection GetExtensions() { throw null; }
+        public byte[] Encode() => throw null;
+        public bool TryEncode(Span<byte> destination, out int bytesWritten) => throw null;
+        public static bool TryDecode(ReadOnlyMemory<byte> encodedBytes, out Rfc3161TimestampTokenInfo timestampTokenInfo, out int bytesConsumed) { throw null; }
+    }
     public sealed partial class SignerInfo
     {
         public Oid SignatureAlgorithm => throw null;

src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Helpers.cs

@@ -56,6 +56,22 @@ internal static HashAlgorithmName GetDigestAlgorithm(string oidValue)
             }
         }
 
+        internal static string GetOidFromHashAlgorithm(HashAlgorithmName algName)
+        {
+            if (algName == HashAlgorithmName.MD5)
+                return Oids.Md5;
+            if (algName == HashAlgorithmName.SHA1)
+                return Oids.Sha1;
+            if (algName == HashAlgorithmName.SHA256)
+                return Oids.Sha256;
+            if (algName == HashAlgorithmName.SHA384)
+                return Oids.Sha384;
+            if (algName == HashAlgorithmName.SHA512)
+                return Oids.Sha512;
+
+            throw new CryptographicException(SR.Cryptography_Cms_UnknownAlgorithm, algName.Name);
+        }
+
         /// <summary>
         /// This is not just a convenience wrapper for Array.Resize(). In DEBUG builds, it forces the array to move in memory even if no resize is needed. This should be used by
         /// helper methods that do anything of the form "call a native api once to get the estimated size, call it again to get the data and return the data in a byte[] array."

src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Oids.cs

@@ -2,10 +2,6 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-using System;
-using System.Text;
-using System.Diagnostics;
-
 namespace Internal.Cryptography
 {
     internal static class Oids
@@ -24,6 +20,8 @@ internal static class Oids
         public const string DocumentDescription = "1.3.6.1.4.1.311.88.2.2";
         public const string MessageDigest = "1.2.840.113549.1.9.4";
         public const string CounterSigner = "1.2.840.113549.1.9.6";
+        public const string SigningCertificate = "1.2.840.113549.1.9.16.2.12";
+        public const string SigningCertificateV2 = "1.2.840.113549.1.9.16.2.47";
         public const string DocumentName = "1.3.6.1.4.1.311.88.2.1";
 
         // Key wrap algorithms
@@ -64,5 +62,9 @@ internal static class Oids
         // Cert Extensions
         public const string SubjectKeyIdentifier = "2.5.29.14";
         public const string KeyUsage = "2.5.29.15";
+
+        // RFC3161 Timestamping
+        public const string TstInfo = "1.2.840.113549.1.9.16.1.4";
+        public const string TimeStampingPurpose = "1.3.6.1.5.5.7.3.8";
     }
 }

src/System.Security.Cryptography.Pkcs/src/Resources/Strings.resx

@@ -244,6 +244,21 @@
   <data name="Cryptography_Pkcs_PssParametersSaltMismatch" xml:space="preserve">
     <value>PSS salt size {0} is not supported by this platform with hash algorithm {1}.</value>
   </data>
+  <data name="Cryptography_TimestampReq_BadNonce" xml:space="preserve">
+    <value>The response from the timestamping server did not match the request nonce.</value>
+  </data>
+  <data name="Cryptography_TimestampReq_BadResponse" xml:space="preserve">
+    <value>The response from the timestamping server was not understood.</value>
+  </data>
+  <data name="Cryptography_TimestampReq_Failure" xml:space="preserve">
+    <value>The timestamping server did not grant the request. The request status is '{0}' with failure info '{1}'.</value>
+  </data>
+  <data name="Cryptography_TimestampReq_NoCertFound" xml:space="preserve">
+    <value>The timestamping request required the TSA certificate in the response, but it was not found.</value>
+  </data>
+  <data name="Cryptography_TimestampReq_UnexpectedCertFound" xml:space="preserve">
+    <value>The timestamping request required the TSA certificate not be included in the response, but certificates were present.</value>
+  </data>
   <data name="InvalidOperation_DuplicateItemNotAllowed" xml:space="preserve">
     <value>Duplicate items are not allowed in the collection.</value>
   </data>

src/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj

@@ -225,11 +225,19 @@
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\CertificateChoiceAsn.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\ContentInfoAsn.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\EncapsulatedContentInfoAsn.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\GeneralName.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\IssuerAndSerialNumberAsn.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\MessageImprint.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\PssParamsAsn.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\Rfc3161Accuracy.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\Rfc3161TimeStampReq.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\Rfc3161TimeStampResp.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\Rfc3161TstInfo.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\SignedDataAsn.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\SignerIdentifierAsn.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\Asn1\SignerInfoAsn.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\SigningCertificateAsn.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Asn1\X509ExtensionAsn.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\CmsSignature.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\CmsSignature.ECDsa.cs" />
     <Compile Include="System\Security\Cryptography\Pkcs\CmsSignature.RSA.cs" />
@@ -242,6 +250,10 @@
   </ItemGroup>
   <ItemGroup Condition="'$(TargetGroup)' == 'netcoreapp'">
     <Compile Include="System\Security\Cryptography\Pkcs\CmsSignature.DSA.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Rfc3161RequestResponseStatus.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Rfc3161TimestampRequest.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Rfc3161TimestampToken.cs" />
+    <Compile Include="System\Security\Cryptography\Pkcs\Rfc3161TimestampTokenInfo.cs" />
   </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
 </Project>

src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/AlgorithmIdentifierAsn.cs

@@ -15,6 +15,8 @@ namespace System.Security.Cryptography.Pkcs.Asn1
     //   parameters ANY DEFINED BY algorithm OPTIONAL  }
     internal struct AlgorithmIdentifierAsn
     {
+        internal static readonly ReadOnlyMemory<byte> ExplicitDerNull = new byte[] { 0x05, 0x00 };
+
         [ObjectIdentifier(PopulateFriendlyName = true)]
         public Oid Algorithm;
 

src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/GeneralName.cs

@@ -0,0 +1,87 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System.Runtime.InteropServices;
+using System.Security.Cryptography.Asn1;
+
+namespace System.Security.Cryptography.Pkcs.Asn1
+{
+    [Choice]
+    [StructLayout(LayoutKind.Sequential)]
+    internal struct GeneralName
+    {
+        [ExpectedTag(0, ExplicitTag = true)]
+        internal OtherName? OtherName;
+
+        [ExpectedTag(1, ExplicitTag = true)]
+        [IA5String]
+        internal string Rfc822Name;
+
+        [ExpectedTag(2, ExplicitTag = true)]
+        [IA5String]
+        internal string DnsName;
+
+        [ExpectedTag(3, ExplicitTag = true)]
+        [AnyValue]
+        internal ReadOnlyMemory<byte>? X400Address;
+
+        [ExpectedTag(4, ExplicitTag = true)]
+        [AnyValue]
+        internal ReadOnlyMemory<byte>? DirectoryName;
+
+        [ExpectedTag(5, ExplicitTag = true)]
+        internal EdiPartyName? EdiPartyName;
+
+        [ExpectedTag(6, ExplicitTag = true)]
+        [IA5String]
+        internal string Uri;
+
+        [ExpectedTag(7, ExplicitTag = true)]
+        [OctetString]
+        internal ReadOnlyMemory<byte>? IPAddress;
+
+        [ExpectedTag(8, ExplicitTag = true)]
+        [ObjectIdentifier]
+        internal string RegisteredId;
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal struct OtherName
+    {
+        internal string TypeId;
+
+        [ExpectedTag(0, ExplicitTag = true)]
+        [AnyValue]
+        internal ReadOnlyMemory<byte> Value;
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal struct EdiPartyName
+    {
+        [OptionalValue]
+        internal DirectoryString? NameAssigner;
+
+        internal DirectoryString PartyName;
+    }
+
+    [Choice]
+    [StructLayout(LayoutKind.Sequential)]
+    internal struct DirectoryString
+    {
+        [ExpectedTag(TagClass.Universal, (int)UniversalTagNumber.TeletexString)]
+        internal ReadOnlyMemory<byte>? TeletexString;
+
+        [PrintableString]
+        internal string PrintableString;
+
+        [ExpectedTag(TagClass.Universal, (int)UniversalTagNumber.UniversalString)]
+        internal ReadOnlyMemory<byte>? UniversalString;
+
+        [UTF8String]
+        internal string Utf8String;
+
+        [BMPString]
+        internal string BMPString;
+    }
+}