private static byte[] SignHash(byte[] hash, CngKey key, string algorithm, int saltSize)
{
var paddingIndo = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize);
uint size;
uint status;
status = NCrypt.NCryptSignHash(key.Handle, ref paddingIndo, hash, hash.Length, null, 0, out size, BCrypt.BCRYPT_PAD_PSS);
if (status != BCrypt.ERROR_SUCCESS)
{
throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", status));
}
byte[] signature = new byte[size];
status = NCrypt.NCryptSignHash(key.Handle, ref paddingIndo, hash, hash.Length, signature, signature.Length, out size, BCrypt.BCRYPT_PAD_PSS);
if (status != BCrypt.ERROR_SUCCESS)
{
throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() failed with status code:{0}", status));
}
return(signature);
}
private static bool VerifyHash(byte[] hash, byte[] signature, CngKey key, string algorithm, int saltSize)
{
BCrypt.BCRYPT_PSS_PADDING_INFO bCRYPTPSSPADDINGINFO = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize);
uint num = NCrypt.NCryptVerifySignature(key.Handle, ref bCRYPTPSSPADDINGINFO, hash, (int)hash.Length, signature, (int)signature.Length, 8);
if (num == -2146893818)
{
return(false);
}
if (num != 0)
{
throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", num));
}
return(true);
}
private static bool VerifyHash(byte[] hash, byte[] signature, CngKey key, string algorithm, int saltSize)
{
var paddingIndo = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize);
uint status = NCrypt.NCryptVerifySignature(key.Handle, ref paddingIndo, hash, hash.Length, signature, signature.Length, BCrypt.BCRYPT_PAD_PSS);
if (status == NCrypt.NTE_BAD_SIGNATURE) //honestly it always failing with NTE_INVALID_PARAMETER, but let's stick to public API
{
return(false);
}
if (status != BCrypt.ERROR_SUCCESS)
{
throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", status));
}
return(true);
}
private static byte[] SignHash(byte[] hash, CngKey key, string algorithm, int saltSize)
{
BCrypt.BCRYPT_PSS_PADDING_INFO bcrypt_PSS_PADDING_INFO = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize);
uint num2;
uint num = NCrypt.NCryptSignHash(key.Handle, ref bcrypt_PSS_PADDING_INFO, hash, hash.Length, null, 0, out num2, 8u);
if (num != 0u)
{
throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", num));
}
byte[] array = new byte[num2];
num = NCrypt.NCryptSignHash(key.Handle, ref bcrypt_PSS_PADDING_INFO, hash, hash.Length, array, array.Length, out num2, 8u);
if (num != 0u)
{
throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() failed with status code:{0}", num));
}
return(array);
}
/// <summary>
/// Performs a signing or verification operation.
/// </summary>
/// <param name="action">The delegate that will actually perform the cryptographic operation.</param>
/// <remarks>
/// This method should not throw an error when verifying a signature and
/// the signature is invalid. Rather, the delegate should retain the result of
/// verification and the caller of this method should share that closure and
/// return the result.
/// </remarks>
protected unsafe void SignOrVerify(SignOrVerifyAction action)
{
Requires.NotNull(action, nameof(action));
if (this.SignaturePadding.Value == AsymmetricSignaturePadding.None)
{
action(null, NCryptSignHashFlags.None);
}
else
{
char[] hashAlgorithmName = HashAlgorithmProviderFactory.GetHashAlgorithmName(this.SignatureHash.Value).ToCharArrayWithNullTerminator();
fixed(char *hashAlgorithmNamePointer = &hashAlgorithmName[0])
{
switch (this.SignaturePadding.Value)
{
case AsymmetricSignaturePadding.Pkcs1:
var pkcs1PaddingInfo = new BCrypt.BCRYPT_PKCS1_PADDING_INFO
{
pszAlgId = hashAlgorithmNamePointer,
};
action(&pkcs1PaddingInfo, NCryptSignHashFlags.BCRYPT_PAD_PKCS1);
break;
case AsymmetricSignaturePadding.Pss:
var pssPaddingInfo = new BCrypt.BCRYPT_PSS_PADDING_INFO
{
pszAlgId = hashAlgorithmNamePointer,
cbSalt = hashAlgorithmName.Length,
};
action(&pssPaddingInfo, NCryptSignHashFlags.BCRYPT_PAD_PSS);
break;
default:
throw new NotImplementedException();
}
}
}
}
