コード例 #1
0
ファイル: TpmKey.cs プロジェクト: jimsdog/TSS.MSR
 /// <summary>
 /// Verify a TPM signature structure of the hash of some data (caller hashes
 /// the data that will be verified).
 /// </summary>
 /// <param name="digest"></param>
 /// <param name="sig"></param>
 /// <returns></returns>
 public bool VerifySignatureOverHash(byte[] digest, ISignatureUnion sig)
 {
     if (Public.type == TpmAlgId.Keyedhash)
     {
         byte[] hmacKey = (Sensitive.sensitive as Tpm2bSensitiveData).buffer;
         return(CryptoLib.VerifyHmac(CryptoLib.SchemeHash(sig),
                                     hmacKey, digest, (TpmHash)sig));
     }
     else
     {
         return(Public.VerifySignatureOverHash(digest, sig));
     }
 }
コード例 #2
0
ファイル: TpmKey.cs プロジェクト: jimsdog/TSS.MSR
 /// <summary>
 /// The TPM always signs hash-sized data. This version of the VerifySignature
 /// performs the necessary hashing operation over arbitrarily-length data and
 /// verifies that the hash is properly signed.
 /// </summary>
 /// <param name="data"></param>
 /// <param name="sig"></param>
 /// <returns></returns>
 public bool VerifySignatureOverData(byte[] data, ISignatureUnion sig)
 {
     byte[] digest = CryptoLib.HashData(CryptoLib.SchemeHash(sig), data);
     return(VerifySignatureOverHash(digest, sig));
 }
コード例 #3
0
        /// <summary>
        /// Verifies the signature over data or a digest.
        /// The data will be hashed internall by the method using hash algorithm from
        /// the signing scheme digest computed from the specified data buffer.
        /// The signing scheme is retrieved from the signature. The verification key
        /// shall have either compatible or null scheme.
        /// </summary>
        /// <param name="data">Byte buffer containing either digest or data to check against the signature</param>
        /// <param name="dataIsDigest">Specifies the type of 'data' parameter contents</param>
        /// <param name="signature">The signature</param>
        /// <returns>True if the verification succeeds.</returns>
        private bool VerifySignature(byte[] data, bool dataIsDigest, ISignatureUnion sig)
        {
#if TSS_USE_BCRYPT
            Debug.Assert(Key != UIntPtr.Zero);
#endif
            TpmAlgId sigScheme = sig.GetUnionSelector();
            TpmAlgId sigHash   = CryptoLib.SchemeHash(sig);

            var rsaParams = PublicParms.parameters as RsaParms;
            if (rsaParams != null)
            {
#if !TSS_USE_BCRYPT
                Debug.Assert(RsaProvider != null);
#endif
                var      s         = sig as SignatureRsa;
                TpmAlgId keyScheme = rsaParams.scheme.GetUnionSelector();

                if (keyScheme != TpmAlgId.Null && keyScheme != sigScheme)
                {
                    Globs.Throw <ArgumentException>("Key scheme and signature scheme do not match");
                    return(false);
                }

                byte[] digest = dataIsDigest ? data : CryptoLib.HashData(sigHash, data);

                if (sigScheme == TpmAlgId.Rsassa)
                {
#if TSS_USE_BCRYPT
                    return(Key.VerifySignature(digest, s.sig, sigHash, true));
#else
                    return(RsaProvider.VerifyHash(digest, CryptoLib.GetHashName(sigHash), s.sig));
#endif
                }
                if (sigScheme == TpmAlgId.Rsapss)
                {
#if true
                    Globs.Throw <ArgumentException>("VerifySignature(): PSS scheme is not supported");
                    return(false);
#else
#if TSS_USE_BCRYPT
                    return(BCryptInterface.VerifySignature(KeyHandle, digest, sig.sig, sigHash, false));
#else
                    var rr = new RawRsa(RsaProvider.ExportParameters(false), RsaProvider.KeySize);
                    return(rr.PssVerify(digest, sig.sig, sigHash));
#endif
#endif // false
                }
                Globs.Throw <ArgumentException>("VerifySignature(): Unrecognized scheme");
                return(false);
            }

            var eccParams = PublicParms.parameters as EccParms;
            if (eccParams != null)
            {
                if (eccParams.scheme.GetUnionSelector() != TpmAlgId.Ecdsa)
                {
                    Globs.Throw <ArgumentException>("Unsupported ECC sig scheme");
                    return(false);
                }
                TpmAlgId keyScheme = eccParams.scheme.GetUnionSelector();

                if (keyScheme != TpmAlgId.Null && keyScheme != sigScheme)
                {
                    Globs.Throw <ArgumentException>("Key scheme and signature scheme do not match");
                    return(false);
                }

                var    s       = sig as SignatureEcdsa;
                byte[] digest  = dataIsDigest ? data : CryptoLib.HashData(sigHash, data);
                byte[] sigBlob = Globs.Concatenate(s.signatureR, s.signatureS);
#if TSS_USE_BCRYPT
                return(Key.VerifySignature(digest, sigBlob));
#elif !__MonoCS__
                Debug.Assert(EcdsaProvider != null);
                EcdsaProvider.HashAlgorithm = GetCngAlgorithm(sigHash);
                return(EcdsaProvider.VerifyHash(digest, sigBlob));
#endif // !TSS_USE_BCRYPT && !__MonoCS__
            }

            // Should never be here
            Globs.Throw("VerifySignature: Unrecognized asymmetric algorithm");
            return(false);
        } // VerifySignature()