private bool IsSignatureValid(byte[] hash, byte[] signature, CngKey key)
{
using (var signingAlg = new RSACng(key))
{
return signingAlg.VerifyHash(hash, signature, HashAlgorithmName.SHA384, RSASignaturePadding.Pss);
}
}
private static void TestSignVerifyHashRoundTrip(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding paddingMode, int expectedSignatureLength)
{
using (RSA rsa = new RSACng())
{
byte[] signature = rsa.SignHash(hash, hashAlgorithm, paddingMode);
// RSACng.SignHash() is intentionally non-deterministic so we can verify that we got back a signature of the right length
// but nothing about the contents.
Assert.Equal(expectedSignatureLength, signature.Length);
bool verified = rsa.VerifyHash(hash, signature, hashAlgorithm, paddingMode);
Assert.True(verified);
}
}
private static void TestSignAndVerifyDataFromStream(int messageSize)
{
RSASignaturePadding padding = RSASignaturePadding.Pkcs1;
byte[] message = new byte[messageSize];
byte b = 5;
for (int i = 0; i < message.Length; i++)
{
message[i] = b;
b = (byte)((b << 4) | (i & 0xf));
}
byte[] hash = SHA1.Create().ComputeHash(message);
Stream stream = new MemoryStream(message);
using (RSA rsa = new RSACng())
{
byte[] signature = rsa.SignData(stream, HashAlgorithmName.SHA1, padding);
// Since the unique codepath being tested here is HashData(Stream...), the interesting test is to see if HashData(Stream...)
// computed the right hash. The easiest way to test that is to compute the hash ourselves and call VerifyHash.
bool verified = rsa.VerifyHash(hash, signature, HashAlgorithmName.SHA1, padding);
Assert.True(verified);
stream = new MemoryStream(message);
verified = rsa.VerifyData(stream, signature, HashAlgorithmName.SHA1, padding);
Assert.True(verified);
}
}
