public override byte[] SignHash(byte[] hash)
{
CheckDisposed();
ValidateKeyDigestCombination(KeySize, hash.Length);
// We know from ValidateKeyDigestCombination that the key size and hash size are matched up
// according to RFC 7518 Sect. 3.1.
if (KeySize == 256)
{
return(context.SignDigest(hash, HashAlgorithmName.SHA256, KeyVaultSignatureAlgorithm.ECDsa));
}
if (KeySize == 384)
{
return(context.SignDigest(hash, HashAlgorithmName.SHA384, KeyVaultSignatureAlgorithm.ECDsa));
}
if (KeySize == 521) //ES512 uses nistP521
{
return(context.SignDigest(hash, HashAlgorithmName.SHA512, KeyVaultSignatureAlgorithm.ECDsa));
}
throw new ArgumentException("Digest length is not valid for the key size.", nameof(hash));
}
/// <inheritdoc/>
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
CheckDisposed();
// Key Vault only supports PKCSv1 padding
if (padding.Mode != RSASignaturePaddingMode.Pkcs1)
{
throw new CryptographicException("Unsupported padding mode");
}
try
{
return(context.SignDigest(hash, hashAlgorithm, KeyVaultSignatureAlgorithm.RSAPkcs15));
}
catch (Exception e)
{
throw new CryptographicException("Error calling Key Vault", e);
}
}