From 7074281b069f84a7c641c5692ce54b8fd5027dd2 Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Sat, 6 Oct 2018 22:29:13 -0400
Subject: [PATCH] Added additional OIDs for CMS signatures.

Fixes #32639
---
 .../src/System/Security/Cryptography/Oids.cs  |   1 +
 .../Cryptography/Pkcs/CmsSignature.RSA.cs     |  33 ++++-
 .../tests/Oids.cs                             |   1 +
 .../tests/SignedCms/SignedCmsTests.cs         |  21 ++++
 .../tests/SignedCms/SignedDocuments.cs        | 118 ++++++++++++++++++
 5 files changed, 173 insertions(+), 1 deletion(-)

diff --git a/src/Common/src/System/Security/Cryptography/Oids.cs b/src/Common/src/System/Security/Cryptography/Oids.cs
index ffc775930ee9..eaf93053f975 100644
--- a/src/Common/src/System/Security/Cryptography/Oids.cs
+++ b/src/Common/src/System/Security/Cryptography/Oids.cs
@@ -20,6 +20,7 @@ internal static partial class Oids
         internal const string Rsa = "1.2.840.113549.1.1.1";
         internal const string RsaOaep = "1.2.840.113549.1.1.7";
         internal const string RsaPss = "1.2.840.113549.1.1.10";
+        internal const string RsaPkcs1Sha1 = "1.2.840.113549.1.1.5";
         internal const string RsaPkcs1Sha256 = "1.2.840.113549.1.1.11";
         internal const string RsaPkcs1Sha384 = "1.2.840.113549.1.1.12";
         internal const string RsaPkcs1Sha512 = "1.2.840.113549.1.1.13";
diff --git a/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs b/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs
index 4a0f1753751e..bd3b26c362a5 100644
--- a/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs
+++ b/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs
@@ -15,12 +15,25 @@ internal partial class CmsSignature
     {
         static partial void PrepareRegistrationRsa(Dictionary<string, CmsSignature> lookup)
         {
-            lookup.Add(Oids.Rsa, new RSAPkcs1CmsSignature());
+            lookup.Add(Oids.Rsa, new RSAPkcs1CmsSignature(null, null));
+            lookup.Add(Oids.RsaPkcs1Sha1, new RSAPkcs1CmsSignature(Oids.RsaPkcs1Sha1, HashAlgorithmName.SHA1));
+            lookup.Add(Oids.RsaPkcs1Sha256, new RSAPkcs1CmsSignature(Oids.RsaPkcs1Sha256, HashAlgorithmName.SHA256));
+            lookup.Add(Oids.RsaPkcs1Sha384, new RSAPkcs1CmsSignature(Oids.RsaPkcs1Sha384, HashAlgorithmName.SHA384));
+            lookup.Add(Oids.RsaPkcs1Sha512, new RSAPkcs1CmsSignature(Oids.RsaPkcs1Sha512, HashAlgorithmName.SHA512));
             lookup.Add(Oids.RsaPss, new RSAPssCmsSignature());
         }
 
         private abstract class RSACmsSignature : CmsSignature
         {
+            private readonly string _signatureAlgorithm;
+            private readonly HashAlgorithmName? _expectedDigest;
+
+            protected RSACmsSignature(string signatureAlgorithm, HashAlgorithmName? expectedDigest)
+            {
+                _signatureAlgorithm = signatureAlgorithm;
+                _expectedDigest = expectedDigest;
+            }
+
             protected override bool VerifyKeyType(AsymmetricAlgorithm key)
             {
                 return (key as RSA) != null;
@@ -39,6 +52,15 @@ internal override bool VerifySignature(
                 ReadOnlyMemory<byte>? signatureParameters,
                 X509Certificate2 certificate)
             {
+                if (_expectedDigest.HasValue && _expectedDigest.Value != digestAlgorithmName)
+                {
+                    throw new CryptographicException(
+                        SR.Format(
+                            SR.Cryptography_Cms_InvalidSignerHashForSignatureAlg,
+                            digestAlgorithmOid,
+                            _signatureAlgorithm));
+                }
+
                 RSASignaturePadding padding = GetSignaturePadding(
                     signatureParameters,
                     digestAlgorithmOid,
@@ -72,6 +94,11 @@ protected abstract RSASignaturePadding GetSignaturePadding(
 
         private sealed class RSAPkcs1CmsSignature : RSACmsSignature
         {
+            public RSAPkcs1CmsSignature(string signatureAlgorithm, HashAlgorithmName? expectedDigest)
+                : base(signatureAlgorithm, expectedDigest)
+            {
+            }
+
             protected override RSASignaturePadding GetSignaturePadding(
                 ReadOnlyMemory<byte>? signatureParameters,
                 string digestAlgorithmOid,
@@ -170,6 +197,10 @@ protected override bool Sign(
 
         private class RSAPssCmsSignature : RSACmsSignature
         {
+            public RSAPssCmsSignature() : base(null, null)
+            {
+            }
+
             protected override RSASignaturePadding GetSignaturePadding(
                 ReadOnlyMemory<byte>? signatureParameters,
                 string digestAlgorithmOid,
diff --git a/src/System.Security.Cryptography.Pkcs/tests/Oids.cs b/src/System.Security.Cryptography.Pkcs/tests/Oids.cs
index b14136247b18..d98f242b15cf 100644
--- a/src/System.Security.Cryptography.Pkcs/tests/Oids.cs
+++ b/src/System.Security.Cryptography.Pkcs/tests/Oids.cs
@@ -17,6 +17,7 @@ internal static class Oids
 
         // Asymmetric encryption algorithms
         public const string Rsa = "1.2.840.113549.1.1.1";
+        public const string RsaPkcs1Sha256 = "1.2.840.113549.1.1.11";
         public const string Esdh = "1.2.840.113549.1.9.16.3.5";
         public const string Dh = "1.2.840.10046.2.1";
 
diff --git a/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs
index 7c3e07cb6d79..22be26234c92 100644
--- a/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs
+++ b/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs
@@ -1375,6 +1375,27 @@ public static void AddSignerToUnsortedAttributeSignature()
             cms.CheckSignature(true);
         }
 
+        [Fact]
+        public static void CheckSignature_Pkcs1_RsaWithSha256()
+        {
+            SignedCms signedCms = new SignedCms();
+            signedCms.Decode(SignedDocuments.RsaPkcs1Sha256WithRsa);
+
+            // Assert.NoThrows
+            signedCms.CheckSignature(true);
+        }
+
+        [Fact]
+        public static void CheckSignature_Pkcs1_Sha1_Declared_Sha256WithRsa()
+        {
+            SignedCms signedCms = new SignedCms();
+            signedCms.Decode(SignedDocuments.RsaPkcs1SignedSha1DeclaredSha256WithRsa);
+
+            Assert.Throws<CryptographicException>(() => {
+                signedCms.CheckSignature(true);
+            });
+        }
+
         [Theory]
         [InlineData(null, "0102", Oids.Pkcs7Data)]
         [InlineData(null, "010100", Oids.Pkcs7Data)]
diff --git a/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs b/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs
index a524c3f8496f..4a1e30a7f67d 100644
--- a/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs
+++ b/src/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs
@@ -767,5 +767,123 @@ internal static class SignedDocuments
             "101711B9C6AC5C5776923C699E772B07864755C1AC50F387655C4E67DB356207" +
             "76252A2F4605B97BD3C299D1CD79929273BB86E7DF9E113C92802380ED6D4041" +
             "9DA4C01214D4FA24").HexToByteArray();
+
+        internal static readonly byte[] RsaPkcs1Sha256WithRsa = (
+            "3082071B06092A864886F70D010702A082070C30820708020101310F300D0609" +
+            "6086480165030402010500301606092A864886F70D010701A009040700010203" +
+            "040506A08205223082051E30820406A00302010202100D85090F3FACFF0A9008" +
+            "A12A9FB00A54300D06092A864886F70D01010B05003072310B30090603550406" +
+            "1302555331153013060355040A130C446967694365727420496E633119301706" +
+            "0355040B13107777772E64696769636572742E636F6D3131302F060355040313" +
+            "2844696769436572742053484132204173737572656420494420436F64652053" +
+            "69676E696E67204341301E170D3138303832393030303030305A170D31393039" +
+            "30333132303030305A305B310B3009060355040613025553310B300906035504" +
+            "0813025641311330110603550407130A416C6578616E64726961311430120603" +
+            "55040A130B4B6576696E204A6F6E6573311430120603550403130B4B6576696E" +
+            "204A6F6E657330820122300D06092A864886F70D01010105000382010F003082" +
+            "010A0282010100F1F4542FF6CA57FBC44986EC816F07D1FD50BFD477C412D299" +
+            "1C962D0A22194A4296BCD0751F47CE4932F73871277CE3CDD2C78157599C7A35" +
+            "80CC96A11F7031E3A798F4BAA93988F0E4077D30316252B24337DB26914E1F77" +
+            "9CB4979544514B0234E5388E936B195B91863B258F0C8951454D3668F0C4D456" +
+            "A8497758D21C433626E46F2CFF5A7CC7945F788948998E5F8786E1E990E240BB" +
+            "0780CD258F57761AFB5D42AD8E3D703C3126861E83F191ECE9F0B83221F96214" +
+            "533B2A47977F43715FE501FBC4A4040839DD3EBCA8B67259A7DD0EA9EFAE2200" +
+            "943EFB7D0404B8978B49A445849B5F6898B06269F427F30DBC8DB2FD7963943A" +
+            "8C461760E6A4F30203010001A38201C5308201C1301F0603551D230418301680" +
+            "145AC4B97B2A0AA3A5EA7103C060F92DF665750E58301D0603551D0E04160414" +
+            "33795EB2D84BFAA3F96E5930F64EC6A94C6FD36A300E0603551D0F0101FF0404" +
+            "0302078030130603551D25040C300A06082B0601050507030330770603551D1F" +
+            "0470306E3035A033A031862F687474703A2F2F63726C332E6469676963657274" +
+            "2E636F6D2F736861322D617373757265642D63732D67312E63726C3035A033A0" +
+            "31862F687474703A2F2F63726C342E64696769636572742E636F6D2F73686132" +
+            "2D617373757265642D63732D67312E63726C304C0603551D2004453043303706" +
+            "096086480186FD6C0301302A302806082B06010505070201161C68747470733A" +
+            "2F2F7777772E64696769636572742E636F6D2F4350533008060667810C010401" +
+            "30818406082B0601050507010104783076302406082B06010505073001861868" +
+            "7474703A2F2F6F6373702E64696769636572742E636F6D304E06082B06010505" +
+            "0730028642687474703A2F2F636163657274732E64696769636572742E636F6D" +
+            "2F446967694365727453484132417373757265644944436F64655369676E696E" +
+            "6743412E637274300C0603551D130101FF04023000300D06092A864886F70D01" +
+            "010B0500038201010045B9D9868E494BD02635D0E42DDE80B37A865C389CFDD9" +
+            "9BFC9B62E2C169A73B5EABF282607439EFF5C61630886DEB63415B53683446A7" +
+            "3041686C326BA35FF0029FEF603D7C80FA0177A4DE35013529B01F759FD50414" +
+            "79BDBB6B93B18144CB14E431BC144146848EF8ADB0E28952EAD1BB49E8547FFE" +
+            "9934817036338B20C4E0B9D7C6A4E5BE3D57157F21904A5C864946313EA6B7D9" +
+            "50EE0235B5D2CD01490AD2B2A1AB5F66EC8986D64A1D9D239C131E09E5CA1C02" +
+            "A75F2D7EC07E4C858856A6A58AB94DEAC8B3D3A5BBF492EE2463B156E6A0660B" +
+            "B452E35922D00456F0DEE0ED15A8BF8FFF31008756B14EEE0AC14BCF19A3CD16" +
+            "819DC990F5F45CDE21318201B2308201AE0201013081863072310B3009060355" +
+            "04061302555331153013060355040A130C446967694365727420496E63311930" +
+            "17060355040B13107777772E64696769636572742E636F6D3131302F06035504" +
+            "03132844696769436572742053484132204173737572656420494420436F6465" +
+            "205369676E696E6720434102100D85090F3FACFF0A9008A12A9FB00A54300D06" +
+            "096086480165030402010500300D06092A864886F70D01010B050004820100E2" +
+            "980C5A30EC00729D1CFA826D7A65B43FF6806B5E0ABA23A78E4F1CAA3F6436EF" +
+            "00941C6947A9B8F20D0757B5346CF640AA217F7361BEEFF2BC997FB1D3597BF3" +
+            "D7457BD4A94062FB03660F9D86710BE2FC99876A848251F4965E1B16192714C8" +
+            "F9788C09CCDE83603ADC919297BA496E921B95F3BD9554A873E09912640FCFAA" +
+            "D9DD1441D1851E637031D390C038223AE64B048E806462DDBAC98C156BE2EE47" +
+            "2B78166BDB1612848B535ADC3F0E7BE52991A17F48AFDCCC1698A236BA338930" +
+            "50EBAAC4460DAA35185C16670F597E0E6E0CB0AA83F51AAEF452F3367DD9350A" +
+            "8A49A5A8F79DF8E921303AB5D6646A482F0F59D9980310E1AE3EE8D77CB857").HexToByteArray();
+
+        internal static readonly byte[] RsaPkcs1SignedSha1DeclaredSha256WithRsa = (
+            "3082071306092A864886F70D010702A082070430820700020101310B30090605" +
+            "2B0E03021A0500301606092A864886F70D010701A009040700010203040506A0" +
+            "8205223082051E30820406A00302010202100D85090F3FACFF0A9008A12A9FB0" +
+            "0A54300D06092A864886F70D01010B05003072310B3009060355040613025553" +
+            "31153013060355040A130C446967694365727420496E6331193017060355040B" +
+            "13107777772E64696769636572742E636F6D3131302F06035504031328446967" +
+            "69436572742053484132204173737572656420494420436F6465205369676E69" +
+            "6E67204341301E170D3138303832393030303030305A170D3139303930333132" +
+            "303030305A305B310B3009060355040613025553310B30090603550408130256" +
+            "41311330110603550407130A416C6578616E6472696131143012060355040A13" +
+            "0B4B6576696E204A6F6E6573311430120603550403130B4B6576696E204A6F6E" +
+            "657330820122300D06092A864886F70D01010105000382010F003082010A0282" +
+            "010100F1F4542FF6CA57FBC44986EC816F07D1FD50BFD477C412D2991C962D0A" +
+            "22194A4296BCD0751F47CE4932F73871277CE3CDD2C78157599C7A3580CC96A1" +
+            "1F7031E3A798F4BAA93988F0E4077D30316252B24337DB26914E1F779CB49795" +
+            "44514B0234E5388E936B195B91863B258F0C8951454D3668F0C4D456A8497758" +
+            "D21C433626E46F2CFF5A7CC7945F788948998E5F8786E1E990E240BB0780CD25" +
+            "8F57761AFB5D42AD8E3D703C3126861E83F191ECE9F0B83221F96214533B2A47" +
+            "977F43715FE501FBC4A4040839DD3EBCA8B67259A7DD0EA9EFAE2200943EFB7D" +
+            "0404B8978B49A445849B5F6898B06269F427F30DBC8DB2FD7963943A8C461760" +
+            "E6A4F30203010001A38201C5308201C1301F0603551D230418301680145AC4B9" +
+            "7B2A0AA3A5EA7103C060F92DF665750E58301D0603551D0E0416041433795EB2" +
+            "D84BFAA3F96E5930F64EC6A94C6FD36A300E0603551D0F0101FF040403020780" +
+            "30130603551D25040C300A06082B0601050507030330770603551D1F0470306E" +
+            "3035A033A031862F687474703A2F2F63726C332E64696769636572742E636F6D" +
+            "2F736861322D617373757265642D63732D67312E63726C3035A033A031862F68" +
+            "7474703A2F2F63726C342E64696769636572742E636F6D2F736861322D617373" +
+            "757265642D63732D67312E63726C304C0603551D200445304330370609608648" +
+            "0186FD6C0301302A302806082B06010505070201161C68747470733A2F2F7777" +
+            "772E64696769636572742E636F6D2F4350533008060667810C01040130818406" +
+            "082B0601050507010104783076302406082B060105050730018618687474703A" +
+            "2F2F6F6373702E64696769636572742E636F6D304E06082B0601050507300286" +
+            "42687474703A2F2F636163657274732E64696769636572742E636F6D2F446967" +
+            "694365727453484132417373757265644944436F64655369676E696E6743412E" +
+            "637274300C0603551D130101FF04023000300D06092A864886F70D01010B0500" +
+            "038201010045B9D9868E494BD02635D0E42DDE80B37A865C389CFDD99BFC9B62" +
+            "E2C169A73B5EABF282607439EFF5C61630886DEB63415B53683446A73041686C" +
+            "326BA35FF0029FEF603D7C80FA0177A4DE35013529B01F759FD5041479BDBB6B" +
+            "93B18144CB14E431BC144146848EF8ADB0E28952EAD1BB49E8547FFE99348170" +
+            "36338B20C4E0B9D7C6A4E5BE3D57157F21904A5C864946313EA6B7D950EE0235" +
+            "B5D2CD01490AD2B2A1AB5F66EC8986D64A1D9D239C131E09E5CA1C02A75F2D7E" +
+            "C07E4C858856A6A58AB94DEAC8B3D3A5BBF492EE2463B156E6A0660BB452E359" +
+            "22D00456F0DEE0ED15A8BF8FFF31008756B14EEE0AC14BCF19A3CD16819DC990" +
+            "F5F45CDE21318201AE308201AA0201013081863072310B300906035504061302" +
+            "555331153013060355040A130C446967694365727420496E6331193017060355" +
+            "040B13107777772E64696769636572742E636F6D3131302F0603550403132844" +
+            "696769436572742053484132204173737572656420494420436F646520536967" +
+            "6E696E6720434102100D85090F3FACFF0A9008A12A9FB00A54300906052B0E03" +
+            "021A0500300D06092A864886F70D01010B050004820100EAEEB9E1D4BFB979F1" +
+            "A1C00EE1EC45069366CDD7489A0671F6DC9E3353F7FAEDCE7B87BD467ADFC850" +
+            "877414966E7EB39C33367ABB03B3AA8BB1438BD952484CB807451499CAE8FDC9" +
+            "527304D459D82CA039087560B5D3D0EA03DEA1B9472EFC44CBB55DD9A3C6A5C8" +
+            "DFFD0786D5523F22604B412D6FC5A15E2D6285D7AB76EC216DE859391D129D51" +
+            "6C27348EDAE7DC43335D12242D939CAF05385A118235F5B1E342EC034E70F655" +
+            "793FF2FE037558EC2F45BD2683704F8FFD49B910131F4F2804B4282C5C36E41C" +
+            "9E4E4F93446D44E3106760D265C5C7A849CF03426ACCB294712E51313D5414A7" +
+            "8227AB79F6B18E2A2054E3FA781DAA2998EB33EDDCDA80").HexToByteArray();
     }
 }