private static SafeCFDataHandle NativeCreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm)
{
int result = AppleCryptoNative_SecKeyCreateSignature(
privateKey,
dataHash,
hashAlgorithm,
signatureAlgorithm,
out SafeCFDataHandle signature,
out SafeCFErrorHandle errorHandle);
using (errorHandle)
{
switch (result)
{
case kSuccess:
return(signature);
case kErrorSeeError:
throw CreateExceptionForCFError(errorHandle);
case kPlatformNotSupported:
throw new PlatformNotSupportedException();
default:
Debug.Fail($"create signature returned {result}");
throw new CryptographicException();
}
}
}
private static unsafe extern int AppleCryptoNative_SecKeyCreateSignature(
SafeSecKeyRefHandle privateKey,
byte *pbDataHash,
int cbDataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut);
private static unsafe extern int AppleCryptoNative_SecKeyVerifySignature(
SafeSecKeyRefHandle publicKey,
byte *pbDataHash,
int cbDataHash,
byte *pbSignature,
int cbSignature,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFErrorHandle pErrorOut);
internal static byte[] CreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm)
{
using (SafeCFDataHandle signature = NativeCreateSignature(privateKey, dataHash, hashAlgorithm, signatureAlgorithm))
{
return(CoreFoundation.CFGetData(signature));
}
}
internal static bool TryCreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
Span <byte> destination,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out int bytesWritten)
{
using (SafeCFDataHandle signature = NativeCreateSignature(privateKey, dataHash, hashAlgorithm, signatureAlgorithm))
{
return(CoreFoundation.TryCFWriteData(signature, destination, out bytesWritten));
}
}
private static unsafe int AppleCryptoNative_SecKeyCreateSignature(
SafeSecKeyRefHandle privateKey,
ReadOnlySpan <byte> dataHash,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFDataHandle pSignatureOut,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pDataHash = dataHash)
{
return(AppleCryptoNative_SecKeyCreateSignature(
privateKey,
pDataHash,
dataHash.Length,
hashAlgorithm,
signatureAlgorithm,
out pSignatureOut,
out pErrorOut));
}
}
internal static bool VerifySignature(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> dataHash,
ReadOnlySpan <byte> signature,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm)
{
const int Valid = 1;
const int Invalid = 0;
int result = AppleCryptoNative_SecKeyVerifySignature(
publicKey,
dataHash,
signature,
hashAlgorithm,
signatureAlgorithm,
out SafeCFErrorHandle errorHandle);
using (errorHandle)
{
switch (result)
{
case Valid:
return(true);
case Invalid:
return(false);
case kErrorSeeError:
throw CreateExceptionForCFError(errorHandle);
case kPlatformNotSupported:
throw new PlatformNotSupportedException();
default:
Debug.Fail($"verify signature returned {result}");
throw new CryptographicException();
}
}
}
private static unsafe int AppleCryptoNative_SecKeyVerifySignature(
SafeSecKeyRefHandle publicKey,
ReadOnlySpan <byte> dataHash,
ReadOnlySpan <byte> signature,
PAL_HashAlgorithm hashAlgorithm,
PAL_SignatureAlgorithm signatureAlgorithm,
out SafeCFErrorHandle pErrorOut)
{
fixed(byte *pDataHash = dataHash)
fixed(byte *pSignature = signature)
{
return(AppleCryptoNative_SecKeyVerifySignature(
publicKey,
pDataHash,
dataHash.Length,
pSignature,
signature.Length,
hashAlgorithm,
signatureAlgorithm,
out pErrorOut));
}
}
