| public VerifyHash ( byte hash, byte signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding ) : bool | ||
| hash | byte | |
| signature | byte | |
| hashAlgorithm | HashAlgorithmName | |
| padding | RSASignaturePadding | |
| return | bool | |
static async Task MainAsync(string[] args)
{
var keyClient = new KeyVaultClient((authority, resource, scope) =>
{
var adCredential = new ClientCredential(applicationId, applicationSecret);
var authenticationContext = new AuthenticationContext(authority, null);
return authenticationContext.AcquireToken(resource, adCredential).AccessToken;
});
// Get the key details
var keyIdentifier = "https://testvaultrahul.vault.azure.net/keys/rahulkey/0f653b06c1d94159bc7090596bbf7784";
var key = await keyClient.GetKeyAsync(keyIdentifier);
var publicKey = Convert.ToBase64String(key.Key.N);
using (var rsa = new RSACryptoServiceProvider())
{
var p = new RSAParameters() { Modulus = key.Key.N, Exponent = key.Key.E };
rsa.ImportParameters(p);
var byteData = Encoding.Unicode.GetBytes(textToEncrypt);
// Encrypt and Decrypt
var encryptedText = rsa.Encrypt(byteData, true);
var decryptedData = await keyClient.DecryptDataAsync(keyIdentifier, "RSA_OAEP", encryptedText);
var decryptedText = Encoding.Unicode.GetString(decryptedData.Result);
// Sign and Verify
var hasher = new SHA256CryptoServiceProvider();
var digest = hasher.ComputeHash(byteData);
var signature = await keyClient.SignAsync(keyIdentifier, "RS256", digest);
var isVerified = rsa.VerifyHash(digest, "Sha256", signature.Result);
}
}
// Hash and sign the data
public bool VerifyHash(RSAParameters sendersPublicKey, byte[] signatureToVerify, byte[] encryptedData)
{
RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
SHA1Managed hash = new SHA1Managed();
byte[] hashedData;
rsaCSP.ImportParameters(sendersPublicKey);
hashedData = hash.ComputeHash(encryptedData);
return rsaCSP.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signatureToVerify);
}
// Verify the signature for a specific hash value.
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
if (keyContainer == null)
{
throw new CryptographicUnexpectedOperationException
(_("Crypto_MissingKey"));
}
if (hashAlgorithm == null)
{
throw new CryptographicUnexpectedOperationException
(_("Crypto_PKCS1Hash"));
}
return(keyContainer.VerifyHash
(rgbHash, hashAlgorithm, rgbSignature));
}
private bool MatchesSignature(byte[] key)
{
var signatureData = Convert.FromBase64String(Signature);
using (var rsa = new RSACryptoServiceProvider())
{
rsa.ImportCspBlob(key);
var bodyData = Encoding.Unicode.GetBytes(Body);
using (var hasher = new SHA1Managed())
{
var hash = hasher.ComputeHash(bodyData);
return rsa.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signatureData);
}
}
}
private static bool VerifyHash(Byte[] hash, string publicKey, string sig)
{
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.PersistKeyInCsp = false;
try
{
provider.FromXmlString(publicKey);
}
catch (Exception)
{
throw new FeedReaderException("Could not read public key. It needs to have an xml format, as required by RSACryptoServiceProvider");
}
if (!provider.PublicOnly)
{
throw new FeedReaderException("The given public key contains both private and public parts. Please dont publish your private keys publicly.");
}
return provider.VerifyHash(hash, "sha512", Convert.FromBase64String(sig));
}
public void AllowUpdateIfIDontRequireChecksum()
{
const string NauUpdateFeed =
@"<?xml version=""1.0"" encoding=""utf-8""?>
<Feed RSASignature=""SIGNATURE"">
<Title>My application</Title>
<Link>http://myapp.com/</Link>
<Tasks>
<FileUpdateTask sha256-checksum=""invalidhashButWeCanNotKnowThatNow"" localPath=""test.dll"" updateTo=""remoteFile.dll"" hotswap=""true"">
<Description>update details</Description>
</FileUpdateTask>
<RegistryTask keyName=""asdf"" keyValue=""zsdfgafsdg"" valueKind=""String"">
</RegistryTask>
</Tasks>
</Feed>";
XmlDocument doc = new XmlDocument();
doc.LoadXml(NauUpdateFeed);
// Support for different feed versions
XmlNode root = doc.SelectSingleNode(@"/Feed[version=""1.0""] | /Feed") ?? doc;
SHA512Managed sha = new SHA512Managed();
var hash = sha.ComputeHash(Encoding.UTF8.GetBytes(root.InnerXml));
RSACryptoServiceProvider provider = new RSACryptoServiceProvider(1024);
provider.PersistKeyInCsp = false;
var pubKey = provider.ToXmlString(false);
var sigBytes = provider.SignHash(hash, "sha512");
var sig = Convert.ToBase64String(sigBytes);
var update = NauUpdateFeed.Replace("SIGNATURE", sig);
bool isVerified = provider.VerifyHash(hash, "sha512", Convert.FromBase64String(sig));
Assert.IsTrue(isVerified);
var reader = new NAppUpdate.Framework.FeedReaders.NauXmlFeedReaderSigned();
reader.PublicKeys = new string[] { pubKey };
IList<IUpdateTask> updates = reader.Read(update);
Assert.IsTrue(updates != null && updates.Count == 2);
}
private static async Task<string> GetKeys(KeyVaultClient keyVaultClient)
{
var keyIdentifier = "keyIdentifier";
var textToEncrypt = "This is a test message";
var byteData = Encoding.Unicode.GetBytes(textToEncrypt);
var hasher = new SHA256CryptoServiceProvider();
var digest = hasher.ComputeHash(byteData);
var signedResult = await keyVaultClient.SignAsync(
keyIdentifier, JsonWebKeySignatureAlgorithm.RS256, digest);
var isVerified = await keyVaultClient.VerifyAsync(keyIdentifier, "RS256", digest, signedResult.Result);
var keyResult = await keyVaultClient.GetKeyAsync(keyIdentifier);
var jsonWebKey = keyResult.Key.ToString();
var key = JsonConvert.DeserializeObject<JsonWebKey>(jsonWebKey);
var rsa = new RSACryptoServiceProvider();
var p = new RSAParameters() { Modulus = key.N, Exponent = key.E };
rsa.ImportParameters(p);
isVerified = rsa.VerifyHash(digest, "Sha256", signedResult.Result);
return null;
}
/// <summary>
/// Verifies a signed hash against the unsigned version
/// </summary>
/// <param name="Hash">The unsigned hash (should be 64bit string)</param>
/// <param name="SignedHash">The signed hash (should be 64bit string)</param>
/// <param name="Key">The key to use in decryption</param>
/// <returns>True if it is verified, false otherwise</returns>
public static bool VerifyHash(string Hash, string SignedHash, string Key)
{
Hash.ThrowIfNullOrEmpty("Hash");
SignedHash.ThrowIfNullOrEmpty("SignedHash");
Key.ThrowIfNullOrEmpty("Key");
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
RSA.FromXmlString(Key);
byte[] InputArray = SignedHash.FromBase64();
byte[] HashArray = Hash.FromBase64();
bool Result = RSA.VerifyHash(HashArray, CryptoConfig.MapNameToOID("SHA1"), InputArray);
RSA.Clear();
return Result;
}
}
public bool verifyotp()
{
if (skipotp)
return true;
// check if is a fmuv2 and bootloader >= 4 else fail;
// 9 = fmuv2
// 5 = px4 1.x
if (board_type == 9) // &&up.bl_rev >= 4
{
try
{
// get the device sn
byte[] sn = __get_sn();
string line = "";
line="SN: ";
for (int s = 0; s < sn.Length; s += 1)
{
line += sn[s].ToString("X2");
}
print(line);
// 20 bytes - sha1
Array.Resize(ref sn, 20);
if (ByteArrayCompare(sn, new byte[] { 0x00, 0x23, 0x00, 0x30, 0x35, 0x32, 0x47, 0x18, 0x36, 0x34, 0x30, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }))
{
print("Libre bootloader");
libre = true;
}
object obj = new otp();
byte[] test = __read_otp();
ByteArrayToStructure(test, ref obj);
otp otp = (otp)obj;
print("id: " + otp.id_type.ToString("X"));
print("vid: " + otp.vid.ToString("X"));
print("pid: " + otp.pid.ToString("X"));
if (otp.h1 == 'P' &&
otp.h2 == 'X' &&
otp.h3 == '4' &&
otp.h4 == '\0')
{
// no vendor checks yet
byte[] sig = otp.signature;
line = "";
for (int s = 0; s < 512; s += 1)
{
line += test[s].ToString("X2");
if (s % 16 == 15)
{
print(line);
line = "";
}
}
/*
byte[] PEMbuffer = Convert.FromBase64String(@"");
*/
// RSACryptoServiceProvider rsa = DecodeRsaPrivateKey(PEMbuffer);
// RSAParameters rsapublic = rsa.ExportParameters(false);
foreach (var cert in certs)
{
byte[] pubpem = Convert.FromBase64String(cert.Value);
AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(pubpem);
RsaKeyParameters rsaKeyParameters = (RsaKeyParameters)asymmetricKeyParameter;
RSAParameters rsaParameters = new RSAParameters();
rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArrayUnsigned();
rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArrayUnsigned();
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParameters);
bool valid = rsa.VerifyHash(sn, CryptoConfig.MapNameToOID("SHA1"), otp.signature);
if (valid)
{
print("Valid Key");
return true;
}
}
print("Invalid Key");
throw new InvalidKeyException("Invalid Board");
}
else
{
print("Failed Header Check");
throw new FormatException("Failed Header Check");
}
}
catch
{
print("Failed to read Certificate of Authenticity");
throw;
}
}
// not board type 9
return true;
}
public void VerifyHashNullSignature ()
{
byte[] hash = new byte [20];
rsa = new RSACryptoServiceProvider (minKeySize);
rsa.VerifyHash (hash, "1.3.14.3.2.26", null);
}
public void VerifyHashInvalidHashLength ()
{
byte[] hash = new byte [19];
byte[] sign = new byte [(minKeySize << 3)];
rsa = new RSACryptoServiceProvider (minKeySize);
rsa.VerifyHash (hash, "1.3.14.3.2.26", sign);
// note: invalid signature length doesn't throw an exception (but returns false)
}
/// <summary>
/// Verifies a signed hash against the unsigned version
/// </summary>
/// <param name="hash"> The unsigned hash (should be 64bit string) </param>
/// <param name="signedHash"> The signed hash (should be 64bit string) </param>
/// <param name="key"> The key to use in decryption </param>
/// <param name="hashIdentifer">The id of the hash algorithm used (default SHA1)</param>
/// <returns> True if it is verified, false otherwise </returns>
public static bool VerifyHash(string hash, string signedHash, string key, string hashIdentifer = "SHA1")
{
if (string.IsNullOrEmpty(hash))
throw new ArgumentNullException("input");
if (string.IsNullOrEmpty(signedHash))
throw new ArgumentNullException("signedHash");
if (string.IsNullOrEmpty(key))
throw new ArgumentNullException("key");
using (var rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(key);
var inputArray = Convert.FromBase64String(signedHash);
var hashArray = Convert.FromBase64String(hash);
var result = rsa.VerifyHash(hashArray, CryptoConfig.MapNameToOID(hashIdentifer), inputArray);
rsa.Clear();
return result;
}
}
/// <summary>
/// Verifies a signed hash against the unsigned version
/// </summary>
/// <param name="Hash">The unsigned hash (should be 64bit string)</param>
/// <param name="SignedHash">The signed hash (should be 64bit string)</param>
/// <param name="Key">The key to use in decryption</param>
/// <returns>True if it is verified, false otherwise</returns>
public override bool VerifyHash(string Hash, string SignedHash, string Key)
{
Contract.Requires<ArgumentNullException>(!string.IsNullOrEmpty(Key), "Key");
Contract.Requires<ArgumentNullException>(!string.IsNullOrEmpty(Hash), "Hash");
Contract.Requires<ArgumentNullException>(!string.IsNullOrEmpty(SignedHash), "SignedHash");
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
RSA.FromXmlString(Key);
byte[] InputArray = SignedHash.FromBase64();
byte[] HashArray = Hash.FromBase64();
bool Result = RSA.VerifyHash(HashArray, CryptoConfig.MapNameToOID("SHA1"), InputArray);
RSA.Clear();
return Result;
}
}
static bool RunBasicScenario(Session session)
{
try
{
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(session))
{
Log.Comment("Importing RSA public key");
rsa.ImportParameters(RsaSignatureTestData.GetKeyParameters());
Log.Comment("RSA key size: " + rsa.KeySize);
Log.Comment("Verifying SHA-1 signature");
bool verified = rsa.VerifyHash(RsaSignatureTestData.GetHashValue(), MechanismType.SHA_1, RsaSignatureTestData.GetSignatureValue());
Log.Comment("Complete verifying SHA-1 signature");
if (!verified)
{
Log.Comment("Signature failed to verify - fail.");
return false;
}
#if DEFINED_BASE64TRANSFORM
byte[] signature = RsaSignatureTestData.GetSignatureValue();
string before = Convert.ToBase64String(signature);
byte[] after = ConvertToByteArray(before);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, new FromBase64Transform(), CryptoStreamMode.Write);
cs.Write(after, 0, after.Length);
cs.Close();
if (!Compare(ms.ToArray(), signature))
{
Log.Comment("Base64 Transform failed.");
return false;
}
#endif
}
}
catch (Exception e)
{
Log.Comment("Fail - got an exception");
Log.Exception("",e);
return false;
}
return true;
}
static bool RunRSAExceptionTest(Session session)
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(session);
rsa.ImportParameters(RsaSignatureTestData.GetKeyParameters());
byte[] r = new byte[16]; r[0] = 9; // Fake MD5 hash value
try
{
if (rsa.VerifyHash(r, MechanismType.MD5, RsaSignatureTestData.GetSignatureValue()))
{
Log.Comment("Should fail for a faked hash");
return false;
}
}
catch (CryptographicException)
{ }
try
{
rsa.VerifyHash(RsaSignatureTestData.GetHashValue(), (MechanismType)(0xffffffff), RsaSignatureTestData.GetSignatureValue());
Log.Comment("Shoul throw");
return false;
}
catch (CryptographicException)
{
}
try
{
rsa.VerifyHash(null, MechanismType.SHA_1, null);
Log.Comment("Shoul throw");
return false;
}
catch (ArgumentNullException)
{
}
byte[] hash = RsaSignatureTestData.GetHashValue();
byte[] sig = RsaSignatureTestData.GetSignatureValue();
hash[0] = 9;
if (rsa.VerifyHash(hash, MechanismType.SHA_1, sig))
{
Log.Comment("VerifyHash should return false, because I changed one byte.");
return false;
}
return true;
}
void SignHash (string name, int size)
{
string oid = CryptoConfig.MapNameToOID (name);
byte [] hash = new byte [size];
rsa = new RSACryptoServiceProvider (1024);
byte [] signature = rsa.SignHash (hash, oid);
Assert.IsTrue (rsa.VerifyHash (hash, oid, signature), name);
Assert.IsTrue (rsa.VerifyHash (hash, oid, signature), "OID");
}
public static void VerifySig(XmlDocument sigDoc)
{
try
{
XmlElement envelope = sigDoc.DocumentElement;
XmlElement securityElem = LameXpath.SelectSingleNode(sigDoc, Elem.Security);
if (securityElem != null)
{
XmlAttribute mustUndAtt = securityElem.Attributes[Attrib.mustUnderstand, Ns.soap];
if (mustUndAtt != null)
{
mustUndAtt.Value = "0";
}
}
XmlElement sigElem = LameXpath.SelectSingleNode(sigDoc, Elem.Signature);
if (sigElem == null)
{
return;
}
XmlElement sigValElem = LameXpath.SelectSingleNode(sigElem, Elem.SignatureValue);
byte[] baSigVal = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(sigValElem.InnerText);
bool comments = false;
bool exclusive = true;
System.Security.Cryptography.SHA1CryptoServiceProvider shaCsp = new System.Security.Cryptography.SHA1CryptoServiceProvider();
XmlElement sigMethElem = LameXpath.SelectSingleNode(sigElem, Elem.SignatureMethod);
string segMeth = sigMethElem.Attributes["Algorithm"].Value;
XmlElement signedInfoElem = LameXpath.SelectSingleNode(sigElem, Elem.SignedInfo);
XmlDocument xdSignedInfo = new XmlDocument();
xdSignedInfo.LoadXml(signedInfoElem.OuterXml);
XmlCanonicalizer xc = new XmlCanonicalizer(comments, exclusive);
MemoryStream ms = (MemoryStream)xc.Canonicalize(xdSignedInfo);
byte [] baMs = new byte[ms.Length];
ms.Read(baMs, 0, baMs.Length);
ArrayList keyInfoRefElem = LameXpath.SelectChildNodes(sigElem, Elem.SecurityTokenReference, Elem.Reference);
XmlElement keyInfoRef = (XmlElement)keyInfoRefElem[0];
string secTokUri = keyInfoRef.Attributes["URI"].Value;
secTokUri = secTokUri.TrimStart(new char[] { '#' });
XmlElement secTokElem = LameXpath.SelectSingleNode(secTokUri, sigDoc);
if (secTokElem.LocalName == Elem.UsernameToken)
{
XmlElement nonce = LameXpath.SelectSingleNode(secTokElem, Elem.Nonce);
XmlElement created = LameXpath.SelectSingleNode(secTokElem, Elem.Created);
//DerivedKeyGenerator seems to be off by 1?
//byte [] baKey = P_SHA1.DeriveKey(ClearPassword, StrKeyLabel, nonce.InnerText, created.InnerText, NumKeyBytes);
byte [] baKey = P_SHA1.DeriveKey(SigObj.ClearPassword, StrKeyLabel, nonce.InnerText, created.InnerText, NumKeyBytes);
HMACSHA1 hmacSha = new HMACSHA1(baKey);
byte [] baSig = hmacSha.ComputeHash(baMs);
OpenNETCF.Security.Cryptography.Internal.Format.SameBytes(baSigVal, baSig);
}
else if (secTokElem.LocalName == Elem.BinarySecurityToken)
{
byte[] baCert = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(secTokElem.InnerText);
X509Certificate cert = new X509Certificate(baCert); //pub key to verify sig.
byte [] exponent;
byte [] modulus;
DecodeCertKey.GetPublicRsaParams(cert, out exponent, out modulus);
System.Security.Cryptography.RSAParameters rsaParam = new System.Security.Cryptography.RSAParameters();
rsaParam.Exponent = exponent;
rsaParam.Modulus = modulus;
System.Security.Cryptography.RSACryptoServiceProvider rsaCsp = new System.Security.Cryptography.RSACryptoServiceProvider();
rsaCsp.ImportParameters(rsaParam);
byte [] baUnsigHash = shaCsp.ComputeHash(baMs);
bool valid = rsaCsp.VerifyHash(baUnsigHash, "SHA", baSigVal);
if (valid == false)
{
throw new Exception("signature is not valid");
}
}
else if (secTokElem.LocalName == Elem.SecurityContextToken)
{
//TODO how to validate signature?
}
else
{
throw new Exception("only support Username, BinarySecurity, and SecurityContext Token signature");
}
//verify reference hashes
string refdName = String.Empty;
ArrayList refNodes = LameXpath.SelectChildNodes(sigDoc, Elem.SignedInfo, Elem.Reference);
foreach (object oXn in refNodes)
{
XmlNode xn = (XmlNode)oXn;
string uriId = xn.Attributes[Attrib.URI].Value;
uriId = uriId.TrimStart(new char[] { '#' });
XmlElement digValElem = LameXpath.SelectSingleNode(xn, Elem.DigestValue);
byte[] baDigest = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(digValElem.InnerText);
XmlElement refdElem = LameXpath.SelectSingleNode(uriId, sigDoc);
XmlDocument xdRefdElem = new XmlDocument();
refdName = refdElem.LocalName; //for debug visibility
xdRefdElem.LoadXml(refdElem.OuterXml);
//not reusable
xc = new XmlCanonicalizer(comments, exclusive);
//MemoryStream ms = (MemoryStream) xc.Canonicalize(refdElem);
ms = (MemoryStream)xc.Canonicalize(xdRefdElem);
baMs = new byte[ms.Length];
ms.Read(baMs, 0, baMs.Length);
byte [] baHash = shaCsp.ComputeHash(baMs);
try
{
OpenNETCF.Security.Cryptography.Internal.Format.SameBytes(baDigest, baHash);
}
catch (Exception ex)
{
throw new Exception(refdName + ":" + ex.Message, ex);
}
}
}
finally
{
//ClearPassword = null;
SigObj = null;
}
}
public static bool VerifyRSA(byte[] rsaModulus, byte[] exponent, byte[] data, byte[] sign)
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
RSAParameters rsaPar = rsa.ExportParameters(false);
rsaPar.Modulus = rsaModulus;
rsaPar.Exponent = exponent;
rsa.ImportParameters(rsaPar);
bool resp;
resp = rsa.VerifyHash(data, "SHA256", sign);
//resp = rsa.VerifyData(data, "SHA256", sign);
return resp;
}
/// <summary>
/// Verifies that a digital signature is valid by determining the hash value
/// in the signature using the provided public key and comparing it to the provided hash value.
/// </summary>
/// <param name="hash">hash to test</param>
/// <param name="signedHash">already signed hash (in base64 form)</param>
/// <param name="publicKey">signature (in base64 form)</param>
/// <returns>true if the signature is valid; otherwise, false.</returns>
public bool VerifyHash(string hash, string signedHash, string publicKey)
{
using (var RSA = new RSACryptoServiceProvider())
{
var encoder = new UTF8Encoding();
var toVerify = encoder.GetBytes(hash);
var signed = Convert.FromBase64String(signedHash);
try
{
RSA.ImportCspBlob(Convert.FromBase64String(publicKey));
return RSA.VerifyHash(toVerify, CryptoConfig.MapNameToOID("SHA256"), signed);
}
catch (CryptographicException e)
{
Debug.Fail(e.Message);
return false;
}
finally
{
RSA.PersistKeyInCsp = false;
}
}
}
public void SignHashNullOID ()
{
byte [] hash = new byte [20];
rsa = new RSACryptoServiceProvider (minKeySize);
byte[] signature = rsa.SignHash (hash, null);
Assert ("Null OID == SHA1", rsa.VerifyHash (hash, "1.3.14.3.2.26", signature));
Assert ("Null OID", rsa.VerifyHash (hash, null, signature));
}
/// <summary>
/// Verifies that a digital signature is valid by determining the hash value
/// in the signature using the provided public key and comparing it to the provided hash value.
/// </summary>
/// <param name="hash">hash to test</param>
/// <param name="signedHash">already signed hash</param>
/// <param name="publicKey">signature</param>
/// <returns>true if the signature is valid; otherwise, false.</returns>
public bool VerifyHash(byte[] hash, byte[] signedHash, byte[] publicKey)
{
using (var RSA = new RSACryptoServiceProvider())
{
try
{
RSA.ImportCspBlob(publicKey);
return RSA.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA256"), signedHash);
}
catch (CryptographicException e)
{
Debug.Fail(e.Message);
return false;
}
finally
{
RSA.PersistKeyInCsp = false;
}
}
}
private static bool VerifyHash(string signedHash, byte[] signature)
{
try
{
var provider = new RSACryptoServiceProvider();
var hash = new SHA1Managed();
provider.ImportParameters(PublicParams);
var encryptedbuffer = Convert.FromBase64String(signedHash);
var hashedData = hash.ComputeHash(encryptedbuffer);
return provider.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signature);
}
catch
{
return false;
}
}
//Manually performs hash and then verifies hashed value.
public bool VerifyHash(RSAParameters rsaParams, byte[] signedData, byte[] signature)
{
RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
SHA1Managed hash = new SHA1Managed();
byte[] hashedData;
rsaCSP.ImportParameters(rsaParams);
hashedData = hash.ComputeHash(signedData);
return rsaCSP.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signature);
}
public static Boolean Test(Session session)
{
Boolean bRes = true;
//String xml1, xml2, xml3;
//String sign1, sign2, sign3;
byte[] sig1;
byte[] hashval = new byte[20];
for (int i = 0; i < hashval.Length; i++) hashval[i] = (Byte)i;
RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider(session);
RSACryptoServiceProvider RSA2 = new RSACryptoServiceProvider(session);
//RSACryptoServiceProvider RSA3 = new RSACryptoServiceProvider();
sig1 = RSA1.SignHash(hashval, MechanismType.SHA_1); //, CryptoConfig.MapNameToOID("SHA1"));
RSAParameters RSAParams = RSA1.ExportParameters(true);
//sign1 = (Convert.ToBase64String(sig1));
//xml1 = RSA1.ToXmlString(true);
RSA2.ImportParameters(RSAParams);
//RSA2.FromXmlString(xml1);
//xml2 = (RSA2.ToXmlString(true));
//xml3 = (RSA3.ToXmlString(true));
byte[] sig2 = RSA2.SignHash(hashval, MechanismType.SHA_1);
//sign2 = (Convert.ToBase64String(sig2));
//byte[] sig3 = RSA3.SignHash(hashval, CryptoConfig.MapNameToOID("SHA1"));
//sign3 = (Convert.ToBase64String(sig3));
//if ((xml1 != xml2) || (xml2 != xml3))
//{
// Log.Comment("WRONG : ToXmlString results are different");
// bRes = false;
//}
//Log.Comment(xml1);
//if ((sign1 != sign2) || (sign2 != sign3))
//{
// Log.Comment("WRONG : signatures are different");
// Log.Comment("First: " + sign1);
// Log.Comment("Second: " + sign2);
// Log.Comment("Third: " + sign3);
// bRes = false;
//}
//Log.Comment("\n" + sign1);
if (!RSA1.VerifyHash(hashval, MechanismType.SHA_1, sig2))
{
Log.Comment("WRONG : Signature check (1) failed");
bRes = false;
}
if (!RSA2.VerifyHash(hashval, MechanismType.SHA_1, sig1))
{
Log.Comment("WRONG : Signature check (1) failed");
bRes = false;
}
//if (!RSA3.VerifyHash(hashval, CryptoConfig.MapNameToOID("SHA1"), sig1))
//{
// Log.Comment("WRONG : Signature check (1) failed");
// bRes = false;
//}
return bRes;
}
public void VerifyHashNullOID ()
{
byte[] sign = new byte [(minKeySize << 3)];
byte[] hash = new byte [20];
rsa = new RSACryptoServiceProvider (minKeySize);
rsa.VerifyHash (hash, null, sign);
}
/// <summary>
/// IsPublic on bad key
/// </summary>
//private static bool IsPublicBadKey()
//{
// // format a fake key so that a full check must be made on it
// byte[] key = new byte[12];
// key[0] = 0x06;
// key[11] = 0x31;
// key[10] = 0x41;
// key[9] = 0x53;
// key[8] = 0x51; // should be 0x52 to get a result of true
// // this is a private method, who's only access point is to attempt to import a key
// // since we don't have a real key to use, reflection is the best bet at making sure
// // the correct result is achieved
// MethodInfo[] methods = typeof(RSACryptoServiceProvider).GetMethods(BindingFlags.Static | BindingFlags.NonPublic);
// for (int i = 0; i < methods.Length; i++)
// {
// if (methods[i].Name == "IsPublic" &&
// methods[i].GetParameters().Length == 1 &&
// methods[i].GetParameters()[0].ParameterType == key.GetType())
// return !(bool)methods[i].Invoke(null, new object[] { key });
// }
// // this method no longer exists
// return true;
//}
/// <summary>
/// Sign with MD5
/// </summary>
private static bool SignMD5()
{
byte[] data = new byte[] { 0, 1, 2, 3, 4, 5 };
using(RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
using (HashAlgorithm hasher = new HashAlgorithm(HashAlgorithmType.MD5))
{
byte[] hash = hasher.ComputeHash(data);
byte[] sig = rsa.SignHash(hash, Cryptoki.MechanismType.MD5);
return rsa.VerifyHash(hash, Cryptoki.MechanismType.MD5, sig);
}
}
public void VerifyHashNullHash ()
{
byte[] sign = new byte [(minKeySize << 3)];
rsa = new RSACryptoServiceProvider (minKeySize);
rsa.VerifyHash (null, "1.3.14.3.2.26", sign);
}
/// <summary>
/// Verify null signature
/// </summary>
private static void CspVerifyNullSig()
{
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.VerifyHash(new byte[] { 0, 1, 2, 3, 4, 5 }, Cryptoki.MechanismType.SHA_1, (byte[])null);
}
}
public void MonoVerify ()
{
byte[] hash = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 };
rsa = new RSACryptoServiceProvider ();
rsa.FromXmlString (MonoXml384);
byte[] sign384 = { 0x6B, 0xEF, 0x8A, 0x2E, 0x2E, 0xD5, 0xB6, 0x19, 0x2D, 0x9C, 0x48, 0x75, 0xA8, 0x54, 0xAD, 0x61, 0xD1, 0xCC, 0xF3, 0x9A, 0x3E, 0x4E, 0xE2, 0xF1, 0x44, 0x1D, 0xC4, 0x3A, 0x30, 0xF4, 0x9B, 0x2D, 0x88, 0xA7, 0xB8, 0xEC, 0x2D, 0x17, 0x4E, 0x66, 0x6C, 0x4C, 0x5A, 0xB5, 0x44, 0x4B, 0xAF, 0x06 };
Assert ("Mono-384-Verify", rsa.VerifyHash (hash, sha1OID, sign384));
sign384[0] = 0x00;
Assert ("Mono-384-VerBad", !rsa.VerifyHash (hash, sha1OID, sign384));
rsa.FromXmlString (MonoXml448);
byte[] sign448 = { 0x9F, 0x62, 0xDF, 0xD4, 0x8B, 0x3E, 0x85, 0xEC, 0xF9, 0xF2, 0x17, 0x1C, 0x2B, 0x18, 0x37, 0xDA, 0xCA, 0x74, 0x5F, 0x85, 0x70, 0x41, 0x44, 0xB3, 0xE5, 0xA3, 0xC8, 0xC7, 0x37, 0x9E, 0x52, 0x16, 0x18, 0x2C, 0xE3, 0x87, 0x1A, 0x34, 0x13, 0x4A, 0x5D, 0xBB, 0x79, 0x27, 0x1C, 0x2A, 0xD2, 0x96, 0x79, 0xC4, 0x26, 0x51, 0x1B, 0x24, 0x12, 0xBC };
Assert ("Mono-448-Verify", rsa.VerifyHash (hash, sha1OID, sign448));
sign448[0] = 0x00;
Assert ("Mono-448-VerBad", !rsa.VerifyHash (hash, sha1OID, sign448));
rsa.FromXmlString (MonoXml512);
byte[] sign512 = { 0x33, 0xBB, 0x7E, 0x0B, 0xC0, 0xB2, 0x9A, 0xC2, 0x2F, 0xF4, 0xBE, 0x1B, 0xDF, 0xD6, 0x79, 0xC1, 0x38, 0x47, 0xEA, 0x05, 0xB2, 0xC0, 0xFA, 0xF8, 0xC9, 0xDC, 0x6D, 0x56, 0xBF, 0xD3, 0xBF, 0xAA, 0xB8, 0x1E, 0x74, 0xE4, 0xF3, 0x38, 0x45, 0xA9, 0x34, 0xD1, 0x5C, 0x0D, 0x0F, 0x56, 0x70, 0x0C, 0x93, 0x6B, 0xD6, 0x80, 0x17, 0xAD, 0x80, 0xF9, 0xD8, 0xFD, 0x1E, 0x6F, 0xF3, 0x5C, 0xB2, 0x78 };
Assert ("Mono-512-Verify", rsa.VerifyHash (hash, sha1OID, sign512));
sign512[0] = 0x00;
Assert ("Mono-512-VerBad", !rsa.VerifyHash (hash, sha1OID, sign512));
rsa.FromXmlString (MonoXml576);
byte[] sign576 = { 0x61, 0x8C, 0xD0, 0xE3, 0x63, 0x95, 0x7C, 0xB6, 0xD8, 0x84, 0x4D, 0xD1, 0x04, 0xDF, 0x1F, 0x4A, 0xCF, 0x69, 0x95, 0x7B, 0x69, 0x8E, 0x09, 0x2A, 0x0F, 0x1B, 0x23, 0xA7, 0x20, 0x31, 0x95, 0x93, 0xD1, 0x67, 0xBC, 0x27, 0x80, 0x41, 0x60, 0xD1, 0xFE, 0x62, 0xB2, 0x17, 0xC9, 0x57, 0x4F, 0x03, 0x40, 0xDB, 0xB3, 0x7E, 0xD2, 0x0C, 0xEA, 0x7D, 0x72, 0x76, 0x64, 0x4F, 0x51, 0x79, 0x43, 0xCC, 0x8F, 0x36, 0x1E, 0x81, 0x43, 0x20, 0xB9, 0xAD };
Assert ("Mono-576-Verify", rsa.VerifyHash (hash, sha1OID, sign576));
sign576[0] = 0x00;
Assert ("Mono-576-VerBad", !rsa.VerifyHash (hash, sha1OID, sign576));
rsa.FromXmlString (MonoXml640);
byte[] sign640 = { 0x4A, 0x6A, 0xED, 0xEC, 0x96, 0x9C, 0x89, 0xD1, 0x41, 0x2E, 0x16, 0x0D, 0xBA, 0xB0, 0x48, 0x92, 0xF9, 0xA6, 0x33, 0x26, 0x0D, 0x6C, 0x99, 0xA9, 0x4E, 0x3B, 0x68, 0x82, 0xAB, 0x94, 0x33, 0x89, 0xEC, 0x8A, 0xCC, 0x32, 0xDD, 0x45, 0x9C, 0x16, 0x5E, 0xCE, 0x5F, 0xF3, 0xDC, 0x5F, 0x09, 0xC7, 0x69, 0xC7, 0xEA, 0x74, 0xAB, 0x79, 0xA7, 0x55, 0xD9, 0xF8, 0xDF, 0x8F, 0x8C, 0x9A, 0xBA, 0xA9, 0x56, 0x86, 0x96, 0x64, 0xE9, 0xC0, 0x21, 0x8C, 0x34, 0x91, 0x31, 0xC2, 0x80, 0xC7, 0x47, 0x6F };
Assert ("Mono-640-Verify", rsa.VerifyHash (hash, sha1OID, sign640));
sign640[0] = 0x00;
Assert ("Mono-640-VerBad", !rsa.VerifyHash (hash, sha1OID, sign640));
rsa.FromXmlString (MonoXml704);
byte[] sign704 = { 0x94, 0xC5, 0x45, 0xCD, 0x9C, 0xA9, 0xBC, 0xDF, 0x9D, 0x04, 0xCE, 0xFD, 0x21, 0xEB, 0x3F, 0xBE, 0x32, 0x56, 0xC3, 0x6B, 0xEF, 0x4E, 0x8F, 0xA9, 0x02, 0x14, 0xC4, 0xF1, 0xFA, 0x9B, 0x35, 0xFE, 0x36, 0x34, 0x03, 0x31, 0xC1, 0xC8, 0xBF, 0xA1, 0x41, 0x03, 0xCB, 0xE1, 0xB9, 0x81, 0x76, 0x60, 0xC9, 0xD1, 0xB4, 0x04, 0x98, 0xA5, 0xDF, 0x4F, 0x37, 0x60, 0xB8, 0x15, 0xF8, 0x22, 0xB7, 0x54, 0x32, 0x87, 0x19, 0x9B, 0xB9, 0xDF, 0xB9, 0x2D, 0x25, 0xA2, 0xAF, 0x04, 0xC1, 0xE0, 0xF0, 0x0B, 0xF2, 0xCC, 0x0E, 0x1F, 0x40, 0xF6, 0x5C, 0xCD };
Assert ("Mono-704-Verify", rsa.VerifyHash (hash, sha1OID, sign704));
sign704[0] = 0x00;
Assert ("Mono-704-VerBad", !rsa.VerifyHash (hash, sha1OID, sign704));
rsa.FromXmlString (MonoXml768);
byte[] sign768 = { 0x28, 0x99, 0xE0, 0xD2, 0xCF, 0xD3, 0x2B, 0x1B, 0xA2, 0x06, 0xC5, 0x17, 0x86, 0x07, 0xC8, 0x49, 0x77, 0x33, 0xEC, 0xFE, 0xC9, 0x15, 0x99, 0x90, 0x4C, 0x6C, 0xED, 0x2C, 0x32, 0xF8, 0xAB, 0x0A, 0xB6, 0xEB, 0x15, 0x08, 0x4A, 0xC1, 0xDD, 0xAD, 0x88, 0x47, 0xAD, 0x3D, 0xA2, 0x4B, 0x94, 0x7E, 0x37, 0x1F, 0x33, 0xFC, 0xC3, 0xFE, 0xC2, 0x27, 0x45, 0x74, 0x8E, 0x3C, 0xC8, 0x68, 0x8C, 0xF4, 0x77, 0xCC, 0xD0, 0x79, 0x37, 0x7E, 0x26, 0x1B, 0xDE, 0xBF, 0x16, 0x3E, 0xAE, 0xB9, 0xEB, 0xA0, 0x00, 0xCE, 0x51, 0x8A, 0x69, 0x12, 0xF5, 0xBE, 0x39, 0x1C, 0x0F, 0x0F, 0xD8, 0x13, 0xDD, 0x6B };
Assert ("Mono-768-Verify", rsa.VerifyHash (hash, sha1OID, sign768));
sign768[0] = 0x00;
Assert ("Mono-768-VerBad", !rsa.VerifyHash (hash, sha1OID, sign768));
rsa.FromXmlString (MonoXml832);
byte[] sign832 = { 0x8D, 0x56, 0xB2, 0x3C, 0x45, 0x47, 0xB8, 0x6F, 0x56, 0x7D, 0x85, 0x4F, 0x3C, 0x14, 0xAC, 0x61, 0x08, 0x8C, 0x6A, 0xF3, 0xAF, 0xCA, 0x65, 0xCC, 0xC3, 0x6F, 0x53, 0x6F, 0x84, 0xC1, 0x9F, 0xFD, 0x66, 0x83, 0xA1, 0x3B, 0xFF, 0x61, 0x41, 0xDB, 0x2C, 0xE5, 0xD5, 0x13, 0x3E, 0x15, 0x7A, 0xBD, 0x1F, 0x44, 0x4C, 0x4F, 0x10, 0xB7, 0x4A, 0x4B, 0x9D, 0xD1, 0xF5, 0xC2, 0x4E, 0x4D, 0xC8, 0xF9, 0x51, 0xC9, 0xF3, 0x04, 0x69, 0x02, 0xAE, 0x7E, 0xC3, 0x76, 0x56, 0x08, 0x8E, 0xF7, 0xA1, 0x25, 0x1B, 0x97, 0x65, 0x8E, 0x3A, 0x98, 0x52, 0xDB, 0x3E, 0xF4, 0x59, 0x5F, 0xEE, 0x6D, 0x78, 0x22, 0x37, 0x2E, 0x79, 0x69, 0x6D, 0x8F, 0xF9, 0xDF };
Assert ("Mono-832-Verify", rsa.VerifyHash (hash, sha1OID, sign832));
sign832[0] = 0x00;
Assert ("Mono-832-VerBad", !rsa.VerifyHash (hash, sha1OID, sign832));
rsa.FromXmlString (MonoXml896);
byte[] sign896 = { 0xAB, 0xD9, 0xE4, 0x5C, 0xAB, 0xF7, 0xE1, 0x06, 0x7F, 0x0C, 0xD6, 0x03, 0xB5, 0xA1, 0xDB, 0x22, 0x3E, 0x85, 0xBE, 0xCD, 0x54, 0x12, 0xD5, 0x11, 0x71, 0xCC, 0xEE, 0x71, 0x4B, 0xA8, 0xB5, 0xAE, 0x04, 0x82, 0x78, 0x72, 0xE8, 0x7B, 0x77, 0x42, 0x58, 0x14, 0xA3, 0xF0, 0xFC, 0xE9, 0x15, 0x98, 0x2E, 0x34, 0x57, 0xAA, 0x95, 0x6F, 0x2E, 0x9B, 0x5B, 0x88, 0xF0, 0x51, 0x26, 0x35, 0x1F, 0x0C, 0x59, 0x51, 0x73, 0x0E, 0xD3, 0x5D, 0x02, 0xAD, 0xB7, 0x1C, 0x94, 0x57, 0x1E, 0xA6, 0x01, 0x19, 0x73, 0x29, 0xBE, 0xDF, 0x77, 0xF2, 0x13, 0x28, 0xBD, 0x50, 0x89, 0x39, 0x6A, 0x1B, 0xEF, 0x66, 0x29, 0x71, 0x55, 0x44, 0x3A, 0x36, 0x89, 0xC1, 0xFE, 0x25, 0x32, 0x9F, 0x65, 0x76, 0xEA, 0x71 };
Assert ("Mono-896-Verify", rsa.VerifyHash (hash, sha1OID, sign896));
sign896[0] = 0x00;
Assert ("Mono-896-VerBad", !rsa.VerifyHash (hash, sha1OID, sign896));
rsa.FromXmlString (MonoXml960);
byte[] sign960 = { 0x7A, 0x13, 0x06, 0xF1, 0xB5, 0x14, 0x78, 0x33, 0xA6, 0x14, 0x40, 0xDC, 0x22, 0xB6, 0xF3, 0xBB, 0xDC, 0xCD, 0x53, 0xAF, 0x05, 0xC5, 0x84, 0x0C, 0xD2, 0x15, 0x5A, 0x04, 0xFC, 0x30, 0x57, 0x64, 0xF4, 0x8B, 0xD6, 0x5D, 0x5B, 0x3D, 0xFC, 0x82, 0x6B, 0xB9, 0xE4, 0xB9, 0x56, 0xB3, 0xCF, 0x2A, 0x6D, 0x14, 0x83, 0x31, 0x9E, 0xFD, 0x55, 0x4B, 0x2C, 0xBD, 0x5A, 0xA8, 0xAC, 0xD6, 0x5D, 0xFA, 0x58, 0xF8, 0x3E, 0x60, 0x32, 0x11, 0xA4, 0x09, 0xC2, 0x01, 0xE7, 0x14, 0xEF, 0xBA, 0x51, 0x57, 0x86, 0xA5, 0x86, 0x28, 0x63, 0x68, 0x33, 0xBF, 0x34, 0xF9, 0x1D, 0x36, 0xC3, 0x6E, 0xCF, 0x97, 0xA5, 0x19, 0xB4, 0x5F, 0x7B, 0x70, 0xB0, 0x72, 0xF2, 0xF2, 0xFF, 0x05, 0xB7, 0x31, 0x5A, 0x5D, 0xC6, 0x88, 0x88, 0x21, 0x97, 0x40, 0x0E, 0x0E };
Assert ("Mono-960-Verify", rsa.VerifyHash (hash, sha1OID, sign960));
sign960[0] = 0x00;
Assert ("Mono-960-VerBad", !rsa.VerifyHash (hash, sha1OID, sign960));
rsa.FromXmlString (MonoXml1024);
byte[] sign1024 = { 0x26, 0x98, 0x40, 0x5F, 0x30, 0x4E, 0x90, 0x20, 0x32, 0x10, 0x64, 0xCF, 0x03, 0xA8, 0x1E, 0x53, 0x20, 0x19, 0x59, 0xCB, 0x08, 0x5F, 0x8D, 0x45, 0x51, 0xEE, 0xDD, 0x71, 0x2E, 0x21, 0x86, 0xB0, 0xC6, 0xE2, 0x6F, 0x2A, 0xF2, 0x8E, 0xBD, 0xDE, 0xAD, 0xA0, 0x56, 0x7E, 0xED, 0x38, 0x4F, 0x8D, 0x3A, 0xC6, 0x8A, 0x15, 0x34, 0x71, 0xDE, 0xC5, 0x60, 0x32, 0x95, 0x38, 0xD7, 0x69, 0x0F, 0x3B, 0xDF, 0xF8, 0x4C, 0x2D, 0x83, 0x58, 0x7E, 0x36, 0x4B, 0x10, 0x4A, 0x8B, 0x23, 0x70, 0x09, 0xBE, 0xCF, 0x02, 0x2E, 0x97, 0xC4, 0x0F, 0x94, 0x42, 0x0B, 0xFA, 0x1F, 0x16, 0x97, 0x25, 0x1C, 0x14, 0x2B, 0x82, 0xD0, 0x7A, 0xC1, 0x2C, 0x2F, 0x72, 0x9C, 0xD9, 0xEE, 0x90, 0x2F, 0x5B, 0xC5, 0xB1, 0x34, 0x73, 0x10, 0xEC, 0x79, 0x97, 0x9A, 0xDA, 0xE2, 0xB4, 0xAE, 0x99, 0xE9, 0xA2, 0xFF, 0xC6 };
Assert ("Mono-1024-Verify", rsa.VerifyHash (hash, sha1OID, sign1024));
sign1024[0] = 0x00;
Assert ("Mono-1024-VerBad", !rsa.VerifyHash (hash, sha1OID, sign1024));
rsa.FromXmlString (MonoXml1536);
byte[] sign1536 = { 0x33, 0xE2, 0xA4, 0xCE, 0x18, 0xE6, 0xF3, 0x46, 0x0E, 0x32, 0xD1, 0xA6, 0x8A, 0xC3, 0xCA, 0x4B, 0x36, 0x4E, 0x4C, 0xAE, 0x39, 0x95, 0x5A, 0x05, 0x37, 0xBA, 0x0F, 0x19, 0xDC, 0x94, 0x6A, 0x78, 0xDA, 0xEA, 0xF0, 0xA2, 0x80, 0x47, 0xD5, 0xB9, 0xC3, 0x53, 0xC9, 0xDA, 0x0B, 0x29, 0xCA, 0x61, 0x37, 0x7C, 0xD5, 0x5D, 0x99, 0x58, 0xAD, 0x0F, 0xA8, 0xEF, 0x17, 0xFD, 0xA8, 0x55, 0x79, 0xEF, 0x07, 0xD1, 0x63, 0xE0, 0x2C, 0xEF, 0x14, 0x42, 0x72, 0x2D, 0x71, 0xA3, 0xBB, 0x29, 0x87, 0xF8, 0xCC, 0xFB, 0x70, 0xCC, 0x13, 0x70, 0x24, 0xC3, 0x2A, 0x2B, 0xD2, 0x1C, 0x34, 0xD7, 0x85, 0xBC, 0xA4, 0x4E, 0x7B, 0x7E, 0x1C, 0x5B, 0x03, 0x06, 0xB2, 0x01, 0xBF, 0x73, 0x30, 0x77, 0xEB, 0x03, 0x17, 0x24, 0xFE, 0x46, 0xC7, 0x9B, 0xEB, 0x75, 0xF6, 0x56, 0x43, 0x1E, 0x0D, 0x56, 0x05, 0x37, 0x78, 0xB3, 0x76, 0x93, 0x76, 0xFA, 0x73, 0xCD, 0xE5, 0xB1, 0x3C, 0x60, 0xB7, 0xCC, 0x1E, 0x98, 0x89, 0xD8, 0xB4, 0x0A, 0xD3, 0x52, 0xCD, 0xEF, 0xC1, 0xBE, 0xFC, 0xA8, 0x2C, 0xE6, 0x01, 0xD3, 0xB3, 0x05, 0x5C, 0x12, 0x48, 0xD8, 0x20, 0xF9, 0x3B, 0xAD, 0x97, 0xD4, 0xD1, 0x13, 0xD6, 0xA5, 0x31, 0x4E, 0x52, 0x13, 0xBD, 0x5C, 0x00, 0x5C, 0x2A, 0x86, 0xFC, 0x98, 0x8B, 0x93, 0xAE, 0x5A };
Assert ("Mono-1536-Verify", rsa.VerifyHash (hash, sha1OID, sign1536));
sign1536[0] = 0x00;
Assert ("Mono-1536-VerBad", !rsa.VerifyHash (hash, sha1OID, sign1536));
rsa.FromXmlString (MonoXml2048);
byte[] sign2048 = { 0xA5, 0x70, 0x6B, 0x3C, 0x5E, 0x5D, 0x49, 0x7C, 0xCB, 0xEE, 0xE3, 0x23, 0xF5, 0xD7, 0xEE, 0xF3, 0xA8, 0x8A, 0xED, 0x47, 0x5F, 0x2A, 0x03, 0x72, 0x41, 0x02, 0x1E, 0x5D, 0x93, 0x3B, 0x27, 0x4B, 0x2D, 0x7A, 0x21, 0x50, 0x7B, 0xDC, 0xFB, 0x0F, 0xCB, 0xEB, 0x8E, 0xB5, 0x4C, 0x44, 0x90, 0x39, 0xF0, 0xCB, 0x4A, 0x5E, 0xD7, 0x67, 0x5C, 0x46, 0xC3, 0x3C, 0x94, 0xDC, 0x33, 0x36, 0x36, 0xA5, 0xF3, 0xCE, 0x1F, 0xA7, 0x8F, 0x79, 0xB8, 0x60, 0x94, 0x0F, 0x7A, 0x87, 0x18, 0x12, 0xCD, 0x21, 0x54, 0x05, 0x53, 0xA0, 0x88, 0x1F, 0x61, 0x1F, 0xAB, 0xEC, 0x6D, 0xCF, 0x10, 0xE0, 0x8D, 0x14, 0x5C, 0x6A, 0x46, 0x8C, 0xB9, 0xB6, 0x52, 0x38, 0x1F, 0xAE, 0xF1, 0xB8, 0xB5, 0x9B, 0x3C, 0xE1, 0x6E, 0xBE, 0x21, 0x1B, 0x01, 0x1E, 0xD9, 0x1E, 0x97, 0x78, 0x47, 0xC9, 0x86, 0xC4, 0xE7, 0x58, 0xF8, 0xEB, 0xAC, 0x22, 0x38, 0xD4, 0x2A, 0xE8, 0x1B, 0x40, 0x5F, 0xAF, 0x35, 0xFA, 0x13, 0x30, 0x0E, 0x5C, 0x4C, 0xF5, 0xF1, 0xB3, 0x31, 0x6C, 0x1D, 0x96, 0xFD, 0xAB, 0xC4, 0x0E, 0x16, 0x0A, 0xF9, 0x28, 0x49, 0x59, 0xF1, 0xB6, 0x35, 0x2D, 0x21, 0x69, 0x4F, 0xD0, 0x5B, 0xB7, 0x7E, 0xC3, 0x00, 0xC7, 0xDA, 0x56, 0x48, 0xA0, 0x93, 0x05, 0xB4, 0x6D, 0xEE, 0x2D, 0x6A, 0x60, 0xF6, 0x91, 0x7C, 0xDB, 0xD8, 0xC3, 0xFD, 0x33, 0xBC, 0xC9, 0x68, 0x73, 0xC6, 0x64, 0x49, 0x80, 0x3C, 0xD5, 0x4A, 0xE1, 0x28, 0x5F, 0xE9, 0x2A, 0xA7, 0x1B, 0xA6, 0x38, 0x2A, 0xAE, 0x0A, 0xA8, 0xCC, 0x96, 0x9A, 0xEA, 0xE5, 0xAD, 0xB4, 0xD8, 0x70, 0x2F, 0xFA, 0xAD, 0x17, 0x03, 0x4D, 0xDA, 0x2E, 0x1B, 0x4D, 0x88, 0x82, 0x3E, 0x04, 0x6A, 0xAF, 0x38, 0xC1, 0x4F, 0x1B, 0x9D, 0x07, 0x1A, 0x67, 0x6A };
Assert ("Mono-2048-Verify", rsa.VerifyHash (hash, sha1OID, sign2048));
sign2048[0] = 0x00;
Assert ("Mono-2048-VerBad", !rsa.VerifyHash (hash, sha1OID, sign2048));
}
// Verify the digest, when used as a signature, of the file content accessible from the given stream.
public void Verify(Stream stream, RSACryptoServiceProvider key)
{
var computedDigest = Algorithm.ComputeHash(stream);
if (!key.VerifyHash(computedDigest, CryptoConfig.MapNameToOID(_AlgorithmName), Digest))
{
throw new Exception(string.Format(Messages.SECURITY_SIGNATURE_FAILED, Name));
}
}
public static Assembly LoadAndVerifyAssembly(byte[] assemblyData, string authorizationKey)
{
RSACryptoServiceProvider rSACryptoServiceProvider = new RSACryptoServiceProvider();
rSACryptoServiceProvider.FromXmlString("<RSAKeyValue><Modulus>uP7lsvrE6fNoQWhUIdJnQrgKoGXBkgWgs5l1xmS9gfyNkFSXgugIpfmN/0YrtL57PezYFXN0CogAnOpOtcUmpcIrh524VL/7bIh+jDUaOCG292PIx92dtzqCTvbUdCYUmaag9VlrdAw05FxYQJi2iZ/X6EiuO1TnqpVNFCDb6pXPAssoO4Uxn9JXBzL0muNRdcmFGRiLp7JQOL7a2aeU9mF9qjMprnww0k8COa6tHdnNWJqaxdFO+Etk3os0ns/gQ2FWrztKemM1Wfu7lk/B1F+V2g0adwlTiuyNHw6to+5VQXWK775RXB9wAGr8KhsVD5IJvmxrdBT8KVEWve+OXQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>");
bool flag = false;
SHA1 sHA = SHA1.Create();
byte[] rgbHash = sHA.ComputeHash(assemblyData);
byte[] rgbSignature = Convert.FromBase64String(authorizationKey);
try
{
flag = rSACryptoServiceProvider.VerifyHash(rgbHash, CryptoConfig.MapNameToOID("SHA1"), rgbSignature);
}
catch (CryptographicException)
{
Debug.LogError("Unable to verify that this assembly has been authorized by Unity. The assembly will not be loaded.");
flag = false;
}
if (!flag)
{
return null;
}
return Security.LoadAndVerifyAssemblyInternal(assemblyData);
}
public MFTestResults RsaTest_Signature()
{
bool testResult = false;
try
{
using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider())
{
string dataToSign = "This is a simple message to be encrypted";
byte[] data = System.Text.UTF8Encoding.UTF8.GetBytes(dataToSign);
byte[] signature = csp.SignData(data, null);
testResult = csp.VerifyData(data, null, signature);
HashAlgorithm sha = new HashAlgorithm(HashAlgorithmType.SHA1, csp.Session);
byte[] hash = sha.ComputeHash(data);
signature = csp.SignHash(hash, MechanismType.SHA_1);
testResult &= csp.VerifyHash(hash, MechanismType.SHA_1, signature);
}
}
catch (Exception ex)
{
Log.Exception("Unexpected Exception", ex);
}
return (testResult ? MFTestResults.Pass : MFTestResults.Fail);
}
