public AzureKeyVaultMaterializedConfiguration(KeyVaultClient client, X509Certificate2 publicCertificate, KeyBundle key, Crypto.HashAlgorithmName fileDigestAlgorithm, Crypto.HashAlgorithmName pkcsDigestAlgorithm) { Client = client; Key = key; PublicCertificate = publicCertificate; FileDigestAlgorithm = fileDigestAlgorithm; PkcsDigestAlgorithm = pkcsDigestAlgorithm; }
public Rfc3161TimestampRequest( byte[] messageHash, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, byte[] nonce = null, bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) { if (messageHash == null) { throw new ArgumentNullException(nameof(messageHash)); } int expectedSize; string algorithmIdentifier; if (!ResolveAlgorithm(hashAlgorithm, out expectedSize, out algorithmIdentifier)) { throw new ArgumentOutOfRangeException( nameof(hashAlgorithm), hashAlgorithm, "Hash algorithm is not supported by this method"); } if (messageHash.Length != expectedSize) { throw new ArgumentException("Hash is not the correct size for the identified algorithm", nameof(messageHash)); } if (requestedPolicyId != null && !Rfc3161TimestampUtils.IsLegalOid(requestedPolicyId.Value)) { throw new ArgumentException("Value is not a legal object identifier", nameof(requestedPolicyId)); } if (nonce != null && nonce.Length == 0) { throw new ArgumentException("Nonce must be null or non-empty", nameof(nonce)); } var data = new DataType { _version = 1, _hash = (byte[])messageHash.Clone(), _hashAlgorithm = OpportunisticOid(algorithmIdentifier), _nonce = (byte[])nonce?.Clone(), _requestSignerCertificate = requestSignerCertificates, _extensions = Rfc3161TimestampTokenInfo.ShallowCopy(extensions, preserveNull: true), }; if (requestedPolicyId != null) { data._requestedPolicyId = new Oid(requestedPolicyId.Value, requestedPolicyId.FriendlyName); } RawData = Encode(data); }
protected virtual byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) { throw DerivedClassMustOverride(); }
public override bool VerifyHash(ReadOnlySpan <byte> hash, ReadOnlySpan <byte> signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException(nameof(padding)); } if (padding == RSASignaturePadding.Pkcs1) { int algorithmNid = GetAlgorithmNid(hashAlgorithm); SafeRsaHandle rsa = GetKey(); return(Interop.Crypto.RsaVerify(algorithmNid, hash, signature, rsa)); } else if (padding == RSASignaturePadding.Pss) { RsaPaddingProcessor processor = RsaPaddingProcessor.OpenProcessor(hashAlgorithm); SafeRsaHandle rsa = GetKey(); int requiredBytes = Interop.Crypto.RsaSize(rsa); if (signature.Length != requiredBytes) { return(false); } if (hash.Length != processor.HashLength) { return(false); } byte[] rented = CryptoPool.Rent(requiredBytes); Span <byte> unwrapped = new Span <byte>(rented, 0, requiredBytes); try { int ret = Interop.Crypto.RsaVerificationPrimitive(signature, unwrapped, rsa); CheckReturn(ret); Debug.Assert( ret == requiredBytes, $"RSA_private_encrypt returned {ret} when {requiredBytes} was expected"); return(processor.VerifyPss(hash, unwrapped, KeySize)); } finally { CryptoPool.Return(rented, requiredBytes); } } throw PaddingModeNotSupported(); }
protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) => AsymmetricAlgorithmHelpers.HashData(data, hashAlgorithm);
private static unsafe void PHash( HashAlgorithmName algorithmName, ReadOnlySpan <byte> secret, ReadOnlySpan <byte> prfLabel, ReadOnlySpan <byte> prfSeed, int hashOutputSize, Span <byte> ret) { // https://tools.ietf.org/html/rfc4346#section-5 // // P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + // HMAC_hash(secret, A(2) + seed) + // HMAC_hash(secret, A(3) + seed) + ... // // A(0) = seed // A(i) = HMAC_hash(secret, A(i-1)) // // This is called via PRF, which turns (label || seed) into seed. byte[] secretTmp = new byte[secret.Length]; // Keep secretTmp pinned the whole time it has a secret in it, so it // doesn't get copied around during heap compaction. fixed(byte *pinnedSecretTmp = secretTmp) { secret.CopyTo(secretTmp); try { Span <byte> retSpan = ret; using (IncrementalHash hasher = IncrementalHash.CreateHMAC(algorithmName, secretTmp)) { Span <byte> a = stackalloc byte[hashOutputSize]; Span <byte> p = stackalloc byte[hashOutputSize]; // A(1) hasher.AppendData(prfLabel); hasher.AppendData(prfSeed); if (!hasher.TryGetHashAndReset(a, out int bytesWritten) || bytesWritten != hashOutputSize) { throw new CryptographicException(); } while (true) { // HMAC_hash(secret, A(i) || seed) => p hasher.AppendData(a); hasher.AppendData(prfLabel); hasher.AppendData(prfSeed); if (!hasher.TryGetHashAndReset(p, out bytesWritten) || bytesWritten != hashOutputSize) { throw new CryptographicException(); } int len = Math.Min(p.Length, retSpan.Length); p.Slice(0, len).CopyTo(retSpan); retSpan = retSpan.Slice(len); if (retSpan.Length == 0) { return; } // Build the next A(i) hasher.AppendData(a); if (!hasher.TryGetHashAndReset(a, out bytesWritten) || bytesWritten != hashOutputSize) { throw new CryptographicException(); } } } } finally { Array.Clear(secretTmp, 0, secretTmp.Length); } } }
public Rfc2898DeriveBytes(string password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm) : this(Encoding.UTF8.GetBytes(password), salt, iterations, hashAlgorithm) { }
protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) { return(CngAsymmetricAlgorithmCore.HashData(data, offset, count, hashAlgorithm)); }
public virtual bool TrySignHash(ReadOnlySpan <byte> hash, Span <byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) { byte[] result = SignHash(hash.ToArray(), hashAlgorithm); if (destination.Length >= result.Length) { new ReadOnlySpan <byte>(result).CopyTo(destination); bytesWritten = result.Length; return(true); } bytesWritten = 0; return(false); }
protected virtual bool TryHashData(ReadOnlySpan <byte> data, Span <byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) { byte[] result; byte[] array = ArrayPool <byte> .Shared.Rent(data.Length); try { data.CopyTo(array); result = HashData(array, 0, data.Length, hashAlgorithm); } finally { Array.Clear(array, 0, data.Length); ArrayPool <byte> .Shared.Return(array); } if (destination.Length >= result.Length) { new ReadOnlySpan <byte>(result).CopyTo(destination); bytesWritten = result.Length; return(true); } bytesWritten = 0; return(false); }
public virtual bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { throw DerivedClassMustOverride(); }
public virtual bool VerifyHash(ReadOnlySpan <byte> hash, ReadOnlySpan <byte> signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) => VerifyHash(hash.ToArray(), signature.ToArray(), hashAlgorithm, padding);
public virtual bool VerifyData(ReadOnlySpan <byte> data, ReadOnlySpan <byte> signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException(nameof(padding)); } for (int i = 256; ; i = checked (i * 2)) { int hashLength = 0; byte[] hash = ArrayPool <byte> .Shared.Rent(i); try { if (TryHashData(data, hash, hashAlgorithm, out hashLength)) { return(VerifyHash(new ReadOnlySpan <byte>(hash, 0, hashLength), signature, hashAlgorithm, padding)); } } finally { Array.Clear(hash, 0, hashLength); ArrayPool <byte> .Shared.Return(hash); } } }
public virtual bool TrySignData(ReadOnlySpan <byte> data, Span <byte> destination, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding, out int bytesWritten) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException(nameof(padding)); } if (TryHashData(data, destination, hashAlgorithm, out int hashLength) && TrySignHash(destination.Slice(0, hashLength), destination, hashAlgorithm, padding, out bytesWritten)) { return(true); } bytesWritten = 0; return(false); }
public virtual bool VerifyData(byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { if (data == null) { throw new ArgumentNullException("data"); } if (offset < 0 || offset > data.Length) { throw new ArgumentOutOfRangeException("offset"); } if (count < 0 || count > data.Length - offset) { throw new ArgumentOutOfRangeException("count"); } if (signature == null) { throw new ArgumentNullException("signature"); } if (String.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException("padding"); } byte[] hash = HashData(data, offset, count, hashAlgorithm); return(VerifyHash(hash, signature, hashAlgorithm, padding)); }
public override bool TrySignHash(ReadOnlySpan <byte> hash, Span <byte> destination, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding, out int bytesWritten) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException(nameof(padding)); } RsaPaddingProcessor processor = null; if (padding.Mode == RSASignaturePaddingMode.Pss) { processor = RsaPaddingProcessor.OpenProcessor(hashAlgorithm); } else if (padding != RSASignaturePadding.Pkcs1) { throw new CryptographicException(SR.Cryptography_InvalidPaddingMode); } SecKeyPair keys = GetKeys(); if (keys.PrivateKey == null) { throw new CryptographicException(SR.Cryptography_CSP_NoPrivateKey); } int keySize = KeySize; int rsaSize = RsaPaddingProcessor.BytesRequiredForBitCount(keySize); if (processor == null) { Interop.AppleCrypto.PAL_HashAlgorithm palAlgId = PalAlgorithmFromAlgorithmName(hashAlgorithm, out int expectedSize); if (hash.Length != expectedSize) { // Windows: NTE_BAD_DATA ("Bad Data.") // OpenSSL: RSA_R_INVALID_MESSAGE_LENGTH ("invalid message length") throw new CryptographicException( SR.Format( SR.Cryptography_BadHashSize_ForAlgorithm, hash.Length, expectedSize, hashAlgorithm.Name)); } if (destination.Length < rsaSize) { bytesWritten = 0; return(false); } return(Interop.AppleCrypto.TryGenerateSignature( keys.PrivateKey, hash, destination, palAlgId, out bytesWritten)); } Debug.Assert(padding.Mode == RSASignaturePaddingMode.Pss); if (destination.Length < rsaSize) { bytesWritten = 0; return(false); } byte[] rented = ArrayPool <byte> .Shared.Rent(rsaSize); Span <byte> buf = new Span <byte>(rented, 0, rsaSize); processor.EncodePss(hash, buf, keySize); try { return(Interop.AppleCrypto.TryRsaSignaturePrimitive(keys.PrivateKey, buf, destination, out bytesWritten)); } finally { CryptographicOperations.ZeroMemory(buf); ArrayPool <byte> .Shared.Return(rented); } }
public override bool VerifyHash(ReadOnlySpan <byte> hash, ReadOnlySpan <byte> signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException(nameof(padding)); } if (padding == RSASignaturePadding.Pkcs1) { Interop.AppleCrypto.PAL_HashAlgorithm palAlgId = PalAlgorithmFromAlgorithmName(hashAlgorithm, out int expectedSize); return(Interop.AppleCrypto.VerifySignature(GetKeys().PublicKey, hash, signature, palAlgId)); } else if (padding.Mode == RSASignaturePaddingMode.Pss) { RsaPaddingProcessor processor = RsaPaddingProcessor.OpenProcessor(hashAlgorithm); SafeSecKeyRefHandle publicKey = GetKeys().PublicKey; int keySize = KeySize; int rsaSize = RsaPaddingProcessor.BytesRequiredForBitCount(keySize); if (signature.Length != rsaSize) { return(false); } if (hash.Length != processor.HashLength) { return(false); } byte[] rented = ArrayPool <byte> .Shared.Rent(rsaSize); Span <byte> unwrapped = new Span <byte>(rented, 0, rsaSize); try { if (!Interop.AppleCrypto.TryRsaVerificationPrimitive( publicKey, signature, unwrapped, out int bytesWritten)) { Debug.Fail($"TryRsaVerificationPrimitive with a pre-allocated buffer"); throw new CryptographicException(); } Debug.Assert(bytesWritten == rsaSize); return(processor.VerifyPss(hash, unwrapped, keySize)); } finally { unwrapped.Clear(); ArrayPool <byte> .Shared.Return(rented); } } throw new CryptographicException(SR.Cryptography_InvalidPaddingMode); }
public virtual bool VerifyHash(ReadOnlySpan <byte> hash, ReadOnlySpan <byte> signature, HashAlgorithmName hashAlgorithm) => VerifyHash(hash.ToArray(), signature.ToArray(), hashAlgorithm);
protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) { return(CngAsymmetricAlgorithmCore.HashData(data, hashAlgorithm)); }
public virtual bool TrySignData(ReadOnlySpan <byte> data, Span <byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } if (TryHashData(data, destination, hashAlgorithm, out int hashLength) && TrySignHash(destination.Slice(0, hashLength), destination, hashAlgorithm, out bytesWritten)) { return(true); } bytesWritten = 0; return(false); }
private static HashAlgorithm GetHashAlgorithm(HashAlgorithmName hashAlgorithm) => hashAlgorithm.Name switch { "MD5" => MD5.Create(),
public virtual bool VerifyData(ReadOnlySpan <byte> data, ReadOnlySpan <byte> signature, HashAlgorithmName hashAlgorithm) { if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw HashAlgorithmNameNullOrEmpty(); } for (int i = 512; ; i = checked (i * 2)) { int hashLength = 0; byte[] hash = ArrayPool <byte> .Shared.Rent(i); try { if (TryHashData(data, hash, hashAlgorithm, out hashLength)) { return(VerifyHash(new ReadOnlySpan <byte>(hash, 0, hashLength), signature, hashAlgorithm)); } } finally { Array.Clear(hash, 0, hashLength); ArrayPool <byte> .Shared.Return(hash); } } }
protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) => AsymmetricAlgorithmHelpers.HashData(data, offset, count, hashAlgorithm);
public abstract byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm); //=> throw DerivedClassMustOverride();
protected override bool TryHashData(ReadOnlySpan <byte> data, Span <byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten) => AsymmetricAlgorithmHelpers.TryHashData(data, destination, hashAlgorithm, out bytesWritten);
public abstract byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm); //=> throw DerivedClassMustOverride(); public abstract bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm); // => throw DerivedClassMustOverride();
protected abstract byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm); // => throw DerivedClassMustOverride();
protected abstract byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm); // => throw DerivedClassMustOverride(); protected abstract byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm); // => throw DerivedClassMustOverride();
public static System.Security.Cryptography.IncrementalHash CreateHMAC(System.Security.Cryptography.HashAlgorithmName hashAlgorithm, byte[] key) { throw null; }
protected virtual byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) { throw DerivedClassMustOverride(); }