public static unsafe bool VerifyHash(this CngKey key, byte[] hash, byte[] signature, AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
SafeNCryptKeyHandle keyHandle = key.Handle;
ErrorCode errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
bool verified = (errorCode == ErrorCode.ERROR_SUCCESS); // For consistency with other AsymmetricAlgorithm-derived classes, return "false" for any error code rather than making the caller catch an exception.
return verified;
}
private static unsafe ErrorCode EncryptOrDecrypt(
SafeNCryptKeyHandle key,
ReadOnlySpan <byte> input,
Span <byte> output,
AsymmetricPaddingMode paddingMode,
void *paddingInfo,
bool encrypt,
out int bytesNeeded)
{
return(encrypt ?
Interop.NCrypt.NCryptEncrypt(key, input, input.Length, paddingInfo, output, output.Length, out bytesNeeded, paddingMode) :
Interop.NCrypt.NCryptDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out bytesNeeded, paddingMode));
}
public static unsafe byte[] SignHash(this SafeNCryptKeyHandle keyHandle, byte[] hash, AsymmetricPaddingMode paddingMode, void* pPaddingInfo, int estimatedSize)
{
#if DEBUG
estimatedSize = 2; // Make sure the NTE_BUFFER_TOO_SMALL scenario gets exercised.
#endif
byte[] signature = new byte[estimatedSize];
int numBytesNeeded;
ErrorCode errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
if (errorCode == ErrorCode.NTE_BUFFER_TOO_SMALL)
{
signature = new byte[numBytesNeeded];
errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
Array.Resize(ref signature, numBytesNeeded);
return signature;
}
private static unsafe ErrorCode EncryptOrDecrypt(
SafeNCryptKeyHandle key,
ReadOnlySpan <byte> input,
Span <byte> output,
AsymmetricPaddingMode paddingMode,
void *paddingInfo,
bool encrypt,
out int bytesNeeded)
{
ErrorCode errorCode = encrypt ?
Interop.NCrypt.NCryptEncrypt(key, input, input.Length, paddingInfo, output, output.Length, out bytesNeeded, paddingMode) :
Interop.NCrypt.NCryptDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out bytesNeeded, paddingMode);
// Windows 10.1903 can return success when it meant NTE_BUFFER_TOO_SMALL.
if (errorCode == ErrorCode.ERROR_SUCCESS && bytesNeeded > output.Length)
{
errorCode = ErrorCode.NTE_BUFFER_TOO_SMALL;
}
return(errorCode);
}
public static unsafe byte[] SignHash(this CngKey key, byte[] hash, AsymmetricPaddingMode paddingMode, void *pPaddingInfo, int estimatedSize)
{
#if DEBUG
estimatedSize = 2; // Make sure the NTE_BUFFER_TOO_SMALL scenario gets exercised.
#endif
SafeNCryptKeyHandle keyHandle = key.Handle;
byte[] signature = new byte[estimatedSize];
int numBytesNeeded;
ErrorCode errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
if (errorCode == ErrorCode.NTE_BUFFER_TOO_SMALL)
{
signature = new byte[numBytesNeeded];
errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
{
throw errorCode.ToCryptographicException();
}
Array.Resize(ref signature, numBytesNeeded);
return(signature);
}
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
private unsafe bool TryEncryptOrDecrypt(SafeNCryptKeyHandle key, ReadOnlySpan <byte> input, Span <byte> output, AsymmetricPaddingMode paddingMode, void *paddingInfo, bool encrypt, out int bytesWritten)
{
for (int i = 0; i <= StatusUnsuccessfulRetryCount; i++)
{
int numBytesNeeded;
ErrorCode errorCode =
EncryptOrDecrypt(key, input, output, paddingMode, paddingInfo, encrypt, out numBytesNeeded);
switch (errorCode)
{
case ErrorCode.ERROR_SUCCESS:
bytesWritten = numBytesNeeded;
return(true);
case ErrorCode.NTE_BUFFER_TOO_SMALL:
bytesWritten = 0;
return(false);
case ErrorCode.STATUS_UNSUCCESSFUL:
break;
default:
throw errorCode.ToCryptographicException();
}
}
throw ErrorCode.STATUS_UNSUCCESSFUL.ToCryptographicException();
}
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
private unsafe byte[] EncryptOrDecrypt(SafeNCryptKeyHandle key, ReadOnlySpan <byte> input, AsymmetricPaddingMode paddingMode, void *paddingInfo, bool encrypt)
{
int estimatedSize = KeySize / 8;
#if DEBUG
estimatedSize = 2; // Make sure the NTE_BUFFER_TOO_SMALL scenario gets exercised.
#endif
byte[] output = new byte[estimatedSize];
int numBytesNeeded = 0;
ErrorCode errorCode = 0;
for (int i = 0; i <= StatusUnsuccessfulRetryCount; i++)
{
errorCode =
EncryptOrDecrypt(key, input, output, paddingMode, paddingInfo, encrypt, out numBytesNeeded);
if (errorCode != ErrorCode.STATUS_UNSUCCESSFUL)
{
break;
}
}
if (errorCode == ErrorCode.NTE_BUFFER_TOO_SMALL)
{
CryptographicOperations.ZeroMemory(output);
output = new byte[numBytesNeeded];
for (int i = 0; i <= StatusUnsuccessfulRetryCount; i++)
{
errorCode =
EncryptOrDecrypt(key, input, output, paddingMode, paddingInfo, encrypt, out numBytesNeeded);
if (errorCode != ErrorCode.STATUS_UNSUCCESSFUL)
{
break;
}
}
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
{
throw errorCode.ToCryptographicException();
}
if (numBytesNeeded != output.Length)
{
byte[] ret = output.AsSpan(0, numBytesNeeded).ToArray();
CryptographicOperations.ZeroMemory(output);
output = ret;
}
return(output);
}
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
private unsafe bool TryEncryptOrDecrypt(SafeNCryptKeyHandle key, ReadOnlySpan <byte> input, Span <byte> output, AsymmetricPaddingMode paddingMode, void *paddingInfo, bool encrypt, out int bytesWritten)
{
int numBytesNeeded;
ErrorCode errorCode = encrypt ?
Interop.NCrypt.NCryptEncrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode) :
Interop.NCrypt.NCryptDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode);
switch (errorCode)
{
case ErrorCode.ERROR_SUCCESS:
bytesWritten = numBytesNeeded;
return(true);
case ErrorCode.NTE_BUFFER_TOO_SMALL:
bytesWritten = 0;
return(false);
default:
throw errorCode.ToCryptographicException();
}
}
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
private unsafe byte[] EncryptOrDecrypt(SafeNCryptKeyHandle key, byte[] input, AsymmetricPaddingMode paddingMode, void *paddingInfo, bool encrypt)
{
int estimatedSize = KeySize / 8;
#if DEBUG
estimatedSize = 2; // Make sure the NTE_BUFFER_TOO_SMALL scenario gets exercised.
#endif
byte[] output = new byte[estimatedSize];
int numBytesNeeded;
ErrorCode errorCode = encrypt ?
Interop.NCrypt.NCryptEncrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode) :
Interop.NCrypt.NCryptDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode);
if (errorCode == ErrorCode.NTE_BUFFER_TOO_SMALL)
{
output = new byte[numBytesNeeded];
errorCode = encrypt ?
Interop.NCrypt.NCryptEncrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode) :
Interop.NCrypt.NCryptDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode);
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
{
throw errorCode.ToCryptographicException();
}
Array.Resize(ref output, numBytesNeeded);
return(output);
}
//
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
//
private unsafe byte[] EncryptOrDecrypt(SafeNCryptKeyHandle key, byte[] input, AsymmetricPaddingMode paddingMode, void* paddingInfo, EncryptOrDecryptAction encryptOrDecrypt)
{
int estimatedSize = KeySize / 8;
#if DEBUG
estimatedSize = 2; // Make sure the NTE_BUFFER_TOO_SMALL scenario gets exercised.
#endif
byte[] output = new byte[estimatedSize];
int numBytesNeeded;
ErrorCode errorCode = encryptOrDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode);
if (errorCode == ErrorCode.NTE_BUFFER_TOO_SMALL)
{
output = new byte[numBytesNeeded];
errorCode = encryptOrDecrypt(key, input, input.Length, paddingInfo, output, output.Length, out numBytesNeeded, paddingMode);
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
Array.Resize(ref output, numBytesNeeded);
return output;
}
public static unsafe bool VerifyHash(this SafeNCryptKeyHandle keyHandle, ReadOnlySpan <byte> hash, ReadOnlySpan <byte> signature, AsymmetricPaddingMode paddingMode, void *pPaddingInfo)
{
ErrorCode errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
if (errorCode == ErrorCode.STATUS_UNSUCCESSFUL)
{
errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
}
return(errorCode == ErrorCode.ERROR_SUCCESS); // For consistency with other AsymmetricAlgorithm-derived classes, return "false" for any error code rather than making the caller catch an exception.
}
public static unsafe bool TrySignHash(this SafeNCryptKeyHandle keyHandle, ReadOnlySpan <byte> hash, Span <byte> signature, AsymmetricPaddingMode paddingMode, void *pPaddingInfo, out int bytesWritten)
{
for (int i = 0; i <= StatusUnsuccessfulRetryCount; i++)
{
ErrorCode error = Interop.NCrypt.NCryptSignHash(
keyHandle,
pPaddingInfo,
hash,
hash.Length,
signature,
signature.Length,
out int numBytesNeeded,
paddingMode);
switch (error)
{
case ErrorCode.ERROR_SUCCESS:
bytesWritten = numBytesNeeded;
return(true);
case ErrorCode.NTE_BUFFER_TOO_SMALL:
bytesWritten = 0;
return(false);
case ErrorCode.STATUS_UNSUCCESSFUL:
// Retry
break;
default:
throw error.ToCryptographicException();
}
}
throw ErrorCode.STATUS_UNSUCCESSFUL.ToCryptographicException();
}
public static unsafe bool VerifyHash(this SafeNCryptKeyHandle keyHandle, byte[] hash, byte[] signature, AsymmetricPaddingMode paddingMode, void *pPaddingInfo)
{
ErrorCode errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
bool verified = (errorCode == ErrorCode.ERROR_SUCCESS); // For consistency with other AsymmetricAlgorithm-derived classes, return "false" for any error code rather than making the caller catch an exception.
return(verified);
}
//
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
//
private static unsafe byte[] EncryptOrDecrypt(SafeNCryptKeyHandle key, byte[] input, AsymmetricPaddingMode paddingMode, void* paddingInfo, EncryptOrDecryptAction encryptOrDecrypt)
{
int numBytesNeeded;
ErrorCode errorCode = encryptOrDecrypt(key, input, input.Length, paddingInfo, null, 0, out numBytesNeeded, paddingMode);
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
byte[] output = new byte[numBytesNeeded];
errorCode = encryptOrDecrypt(key, input, input.Length, paddingInfo, output, numBytesNeeded, out numBytesNeeded, paddingMode);
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
return output;
}
//
// Now that the padding mode and information have been marshaled to their native counterparts, perform the encryption or decryption.
//
private static unsafe byte[] EncryptOrDecrypt(SafeNCryptKeyHandle key, byte[] input, AsymmetricPaddingMode paddingMode, void *paddingInfo, EncryptOrDecryptAction encryptOrDecrypt)
{
int numBytesNeeded;
ErrorCode errorCode = encryptOrDecrypt(key, input, input.Length, paddingInfo, null, 0, out numBytesNeeded, paddingMode);
if (errorCode != ErrorCode.ERROR_SUCCESS)
{
throw errorCode.ToCryptographicException();
}
byte[] output = new byte[numBytesNeeded];
errorCode = encryptOrDecrypt(key, input, input.Length, paddingInfo, output, numBytesNeeded, out numBytesNeeded, paddingMode);
if (errorCode != ErrorCode.ERROR_SUCCESS)
{
throw errorCode.ToCryptographicException();
}
return(output);
}
