public static void FromOid_ThrowsForInvalidInput()
{
CryptographicException exception = Assert.Throws <CryptographicException>(() => HashAlgorithmName.FromOid("1.2.3.4"));
Assert.Contains("1.2.3.4", exception.Message);
}
public static void FromOid_ValidInput(string oid, HashAlgorithmName expected)
{
Assert.Equal(expected, HashAlgorithmName.FromOid(oid));
}
public static void FromOid_ThrowsForNullInput()
{
Assert.Throws <ArgumentNullException>(() => HashAlgorithmName.FromOid(null));
}
private static bool VerifyX509Signature(
ReadOnlySpan <byte> toBeSigned,
ReadOnlySpan <byte> signature,
PublicKey publicKey,
AlgorithmIdentifierAsn algorithmIdentifier)
{
RSA? rsa = publicKey.GetRSAPublicKey();
ECDsa?ecdsa = publicKey.GetECDsaPublicKey();
try
{
HashAlgorithmName hashAlg;
if (algorithmIdentifier.Algorithm == Oids.RsaPss)
{
if (rsa is null || !algorithmIdentifier.Parameters.HasValue)
{
return(false);
}
PssParamsAsn pssParams = PssParamsAsn.Decode(
algorithmIdentifier.Parameters.GetValueOrDefault(),
AsnEncodingRules.DER);
RSASignaturePadding padding = pssParams.GetSignaturePadding();
hashAlg = HashAlgorithmName.FromOid(pssParams.HashAlgorithm.Algorithm);
return(rsa.VerifyData(
toBeSigned,
signature,
hashAlg,
padding));
}
switch (algorithmIdentifier.Algorithm)
{
case Oids.RsaPkcs1Sha256:
case Oids.ECDsaWithSha256:
hashAlg = HashAlgorithmName.SHA256;
break;
case Oids.RsaPkcs1Sha384:
case Oids.ECDsaWithSha384:
hashAlg = HashAlgorithmName.SHA384;
break;
case Oids.RsaPkcs1Sha512:
case Oids.ECDsaWithSha512:
hashAlg = HashAlgorithmName.SHA512;
break;
case Oids.RsaPkcs1Sha1:
case Oids.ECDsaWithSha1:
hashAlg = HashAlgorithmName.SHA1;
break;
default:
throw new NotSupportedException(
SR.Format(SR.Cryptography_UnknownKeyAlgorithm, algorithmIdentifier.Algorithm));
}
// All remaining supported algorithms have no defined parameters
if (!algorithmIdentifier.HasNullEquivalentParameters())
{
return(false);
}
switch (algorithmIdentifier.Algorithm)
{
case Oids.RsaPkcs1Sha256:
case Oids.RsaPkcs1Sha384:
case Oids.RsaPkcs1Sha512:
case Oids.RsaPkcs1Sha1:
if (rsa is null)
{
return(false);
}
return(rsa.VerifyData(toBeSigned, signature, hashAlg, RSASignaturePadding.Pkcs1));
case Oids.ECDsaWithSha256:
case Oids.ECDsaWithSha384:
case Oids.ECDsaWithSha512:
case Oids.ECDsaWithSha1:
if (ecdsa is null)
{
return(false);
}
return(ecdsa.VerifyData(toBeSigned, signature, hashAlg, DSASignatureFormat.Rfc3279DerSequence));
default:
Debug.Fail(
$"Algorithm ID {algorithmIdentifier.Algorithm} was in the first switch, but not the second");
return(false);
}
}
catch (AsnContentException)
{
return(false);
}
catch (CryptographicException)
{
return(false);
}
finally
{
rsa?.Dispose();
ecdsa?.Dispose();
}
}