private static extern int AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
SafeSecKeyRefHandle privateKey,
ref byte pbDataHash,
int cbDataHash,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut);
private static partial int RsaDecryptOaep(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbData,
int cbData,
PAL_HashAlgorithm mgfAlgorithm,
out SafeCFDataHandle pEncryptedOut,
out SafeCFErrorHandle pErrorOut);
private static extern int RsaDecryptOaep(
SafeSecKeyRefHandle publicKey,
ref byte pbData,
int cbData,
PAL_HashAlgorithm mgfAlgorithm,
out SafeCFDataHandle pEncryptedOut,
out SafeCFErrorHandle pErrorOut);
private static SafeCFDataHandle NativeCreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm)
{
int result = AppleCryptoNative_SecKeyCreateSignature(
privateKey,
dataHash,
hashAlgorithm,
signatureAlgorithm,
out SafeCFDataHandle signature,
out SafeCFErrorHandle errorHandle);
using (errorHandle)
{
switch (result)
{
case kSuccess:
return(signature);
case kErrorSeeError:
throw CreateExceptionForCFError(errorHandle);
case kPlatformNotSupported:
throw new PlatformNotSupportedException();
default:
Debug.Fail($"create signature returned {result}");
throw new CryptographicException();
}
}
}
private static int RsaDecryptOaep(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbData,
int cbData,
PAL_HashAlgorithm mgfAlgorithm,
out SafeCFDataHandle pEncryptedOut,
out SafeCFErrorHandle pErrorOut) =>
RsaDecryptOaep(publicKey, ref MemoryMarshal.GetReference(pbData), cbData, mgfAlgorithm, out pEncryptedOut, out pErrorOut);
private static int RsaDecryptOaep(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbData,
int cbData,
PAL_HashAlgorithm mgfAlgorithm,
out SafeCFDataHandle pEncryptedOut,
out SafeCFErrorHandle pErrorOut) =>
RsaDecryptOaep(publicKey, ref pbData.DangerousGetPinnableReference(), cbData, mgfAlgorithm, out pEncryptedOut, out pErrorOut);
private static unsafe extern int AppleCryptoNative_SecKeyCreateSignature(
SafeSecKeyRefHandle privateKey,
byte *pbDataHash,
int cbDataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut);
private static extern int AppleCryptoNative_VerifySignatureWithHashAlgorithm(
SafeSecKeyRefHandle publicKey,
ref byte pbDataHash,
int cbDataHash,
ref byte pbSignature,
int cbSignature,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFErrorHandle pErrorOut);
private static int AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> pbDataHash,
int cbDataHash,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut) =>
AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
privateKey, ref pbDataHash.DangerousGetPinnableReference(), cbDataHash, hashAlgorithm, out pSignatureOut, out pErrorOut);
private static unsafe extern int AppleCryptoNative_SecKeyVerifySignature(
SafeSecKeyRefHandle publicKey,
byte *pbDataHash,
int cbDataHash,
byte *pbSignature,
int cbSignature,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFErrorHandle pErrorOut);
internal static unsafe partial int HmacOneShot(
PAL_HashAlgorithm algorithm,
byte *pKey,
int cbKey,
byte *pData,
int cbData,
byte *pOutput,
int cbOutput,
int *cbDigest);
private static int AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> pbDataHash,
int cbDataHash,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut) =>
AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
privateKey, ref MemoryMarshal.GetReference(pbDataHash), cbDataHash, hashAlgorithm, out pSignatureOut, out pErrorOut);
private static extern unsafe int AppleCryptoNative_Pbkdf2(
PAL_HashAlgorithm prfAlgorithm,
byte *password,
int passwordLen,
byte *salt,
int saltLen,
int iterations,
byte *derivedKey,
int derivedKeyLen,
out int errorCode);
internal static byte[] CreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm)
{
using (SafeCFDataHandle signature = NativeCreateSignature(privateKey, dataHash, hashAlgorithm, signatureAlgorithm))
{
return(CoreFoundation.CFGetData(signature));
}
}
internal static bool TryCreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
Span <byte> destination,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out int bytesWritten)
{
using (SafeCFDataHandle signature = NativeCreateSignature(privateKey, dataHash, hashAlgorithm, signatureAlgorithm))
{
return(CoreFoundation.TryCFWriteData(signature, destination, out bytesWritten));
}
}
private static unsafe int RsaDecryptOaep(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbData,
int cbData,
PAL_HashAlgorithm mgfAlgorithm,
out SafeCFDataHandle pEncryptedOut,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pbDataPtr = &pbData.DangerousGetPinnableReference())
{
return(RsaDecryptOaep(publicKey, pbDataPtr, cbData, mgfAlgorithm, out pEncryptedOut, out pErrorOut));
}
}
private static unsafe int AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> pbDataHash,
int cbDataHash,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pbDataHashPtr = &pbDataHash.DangerousGetPinnableReference())
{
return(AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
privateKey, pbDataHashPtr, cbDataHash, hashAlgorithm, out pSignatureOut, out pErrorOut));
}
}
private static int AppleCryptoNative_VerifySignatureWithHashAlgorithm(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbDataHash,
ReadOnlySpan <byte> pbSignature,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFErrorHandle pErrorOut) =>
AppleCryptoNative_VerifySignatureWithHashAlgorithm(
publicKey,
ref MemoryMarshal.GetReference(pbDataHash),
pbDataHash.Length,
ref MemoryMarshal.GetReference(pbSignature),
pbSignature.Length,
hashAlgorithm,
out pErrorOut);
private static unsafe int AppleCryptoNative_VerifySignatureWithHashAlgorithm(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbDataHash,
int cbDataHash,
ReadOnlySpan <byte> pbSignature,
int cbSignature,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pbDataHashPtr = &pbDataHash.DangerousGetPinnableReference())
fixed(byte *pbSignaturePtr = &pbSignature.DangerousGetPinnableReference())
{
return(AppleCryptoNative_VerifySignatureWithHashAlgorithm(publicKey, pbDataHashPtr, cbDataHash, pbSignaturePtr, cbSignature, hashAlgorithm, out pErrorOut));
}
}
private static int AppleCryptoNative_VerifySignatureWithHashAlgorithm(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> pbDataHash,
int cbDataHash,
ReadOnlySpan <byte> pbSignature,
int cbSignature,
PAL_HashAlgorithm hashAlgorithm,
out SafeCFErrorHandle pErrorOut) =>
AppleCryptoNative_VerifySignatureWithHashAlgorithm(
publicKey,
ref pbDataHash.DangerousGetPinnableReference(),
cbDataHash,
ref pbSignature.DangerousGetPinnableReference(),
cbSignature,
hashAlgorithm,
out pErrorOut);
internal static bool VerifySignature(
SafeSecKeyRefHandle publicKey,
byte[] dataHash,
byte[] signature,
PAL_HashAlgorithm hashAlgorithm)
{
Debug.Assert(publicKey != null, "publicKey != null");
Debug.Assert(dataHash != null, "dataHash != null");
Debug.Assert(signature != null, "signature != null");
Debug.Assert(hashAlgorithm != PAL_HashAlgorithm.Unknown);
SafeCFErrorHandle error;
int ret = AppleCryptoNative_VerifySignatureWithHashAlgorithm(
publicKey,
dataHash,
dataHash.Length,
signature,
signature.Length,
hashAlgorithm,
out error);
const int True = 1;
const int False = 0;
const int kErrorSeeError = -2;
using (error)
{
switch (ret)
{
case True:
return(true);
case False:
return(false);
case kErrorSeeError:
throw CreateExceptionForCFError(error);
default:
Debug.Fail($"VerifySignature returned {ret}");
throw new CryptographicException();
}
}
}
internal static byte[] GenerateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm)
{
Debug.Assert(privateKey != null, "privateKey != null");
Debug.Assert(hashAlgorithm != PAL_HashAlgorithm.Unknown, "hashAlgorithm != PAL_HashAlgorithm.Unknown");
return(ExecuteTransform(
dataHash,
(ReadOnlySpan <byte> source, out SafeCFDataHandle signature, out SafeCFErrorHandle error) =>
AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
privateKey,
source,
hashAlgorithm,
out signature,
out error)));
}
internal static bool TryGenerateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> source,
Span <byte> destination,
PAL_HashAlgorithm hashAlgorithm,
out int bytesWritten)
{
Debug.Assert(privateKey != null, "privateKey != null");
Debug.Assert(hashAlgorithm != PAL_HashAlgorithm.Unknown, "hashAlgorithm != PAL_HashAlgorithm.Unknown");
return(TryExecuteTransform(
source,
destination,
out bytesWritten,
delegate(ReadOnlySpan <byte> innerSource, out SafeCFDataHandle outputHandle, out SafeCFErrorHandle errorHandle)
{
return AppleCryptoNative_GenerateSignatureWithHashAlgorithm(
privateKey, innerSource, hashAlgorithm, out outputHandle, out errorHandle);
}));
}
private static unsafe int AppleCryptoNative_SecKeyCreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pDataHash = dataHash)
{
return(AppleCryptoNative_SecKeyCreateSignature(
privateKey,
pDataHash,
dataHash.Length,
hashAlgorithm,
signatureAlgorithm,
out pSignatureOut,
out pErrorOut));
}
}
internal static bool VerifySignature(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> dataHash,
ReadOnlySpan <byte> signature,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm)
{
const int Valid = 1;
const int Invalid = 0;
int result = AppleCryptoNative_SecKeyVerifySignature(
publicKey,
dataHash,
signature,
hashAlgorithm,
signatureAlgorithm,
out SafeCFErrorHandle errorHandle);
using (errorHandle)
{
switch (result)
{
case Valid:
return(true);
case Invalid:
return(false);
case kErrorSeeError:
throw CreateExceptionForCFError(errorHandle);
case kPlatformNotSupported:
throw new PlatformNotSupportedException();
default:
Debug.Fail($"verify signature returned {result}");
throw new CryptographicException();
}
}
}
private static unsafe int AppleCryptoNative_SecKeyVerifySignature(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> dataHash,
ReadOnlySpan <byte> signature,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pDataHash = dataHash)
fixed(byte *pSignature = signature)
{
return(AppleCryptoNative_SecKeyVerifySignature(
publicKey,
pDataHash,
dataHash.Length,
pSignature,
signature.Length,
hashAlgorithm,
signatureAlgorithm,
out pErrorOut));
}
}
internal static unsafe void Pbkdf2(
PAL_HashAlgorithm prfAlgorithm,
ReadOnlySpan <byte> password,
ReadOnlySpan <byte> salt,
int iterations,
Span <byte> destination)
{
fixed(byte *pPassword = password)
fixed(byte *pSalt = salt)
fixed(byte *pDestination = destination)
{
int ccStatus;
int ret = AppleCryptoNative_Pbkdf2(
prfAlgorithm,
pPassword,
password.Length,
pSalt,
salt.Length,
iterations,
pDestination,
destination.Length,
&ccStatus);
if (ret == 0)
{
throw Interop.AppleCrypto.CreateExceptionForCCError(
ccStatus,
Interop.AppleCrypto.CCCryptorStatus);
}
if (ret != 1)
{
Debug.Fail($"Pbkdf2 failed with invalid input {ret}");
throw new CryptographicException();
}
}
}
internal static unsafe extern int DigestOneShot(PAL_HashAlgorithm algorithm, byte *pbData, int cbData, byte *pbOutput, int cbOutput, out int cbDigest);
internal static extern SafeDigestCtxHandle DigestCreate(PAL_HashAlgorithm algorithm, out int cbDigest);
internal static extern SafeDigestCtxHandle DigestCreate(PAL_HashAlgorithm algorithm, out int cbDigest);
internal static unsafe partial int DigestOneShot(PAL_HashAlgorithm algorithm, byte *pbData, int cbData, byte *pbOutput, int cbOutput, int *cbDigest);
internal static extern SafeHmacHandle HmacCreate(PAL_HashAlgorithm algorithm, ref int cbDigest);
