public override VerifyResult Verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, CancellationToken cancellationToken)
{
Argument.AssertNotNull(digest, nameof(digest));
Argument.AssertNotNull(signature, nameof(signature));
HashAlgorithmName hashAlgorithm = algorithm.GetHashAlgorithmName();
if (hashAlgorithm == default)
{
KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Verify), algorithm);
return(null);
}
RSASignaturePadding padding = algorithm.GetRsaSignaturePadding();
if (padding is null)
{
KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Verify), algorithm);
return(null);
}
using RSA rsa = KeyMaterial.ToRSA();
bool isValid = rsa.VerifyHash(digest, signature, hashAlgorithm, padding);
return(new VerifyResult
{
Algorithm = algorithm,
IsValid = isValid,
KeyId = KeyMaterial.Id,
});
}
public override VerifyResult Verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, CancellationToken cancellationToken)
{
Argument.AssertNotNull(digest, nameof(digest));
Argument.AssertNotNull(signature, nameof(signature));
HashAlgorithmName hashAlgorithm = algorithm.GetHashAlgorithmName();
if (hashAlgorithm == default)
{
// TODO: Log that we don't support the given algorithm.
return(null);
}
RSASignaturePadding padding = algorithm.GetRsaSignaturePadding();
if (padding is null)
{
// TODO: Log that we don't support the given algorithm.
return(null);
}
using RSA rsa = KeyMaterial.ToRSA();
bool isValid = rsa.VerifyHash(digest, signature, hashAlgorithm, padding);
return(new VerifyResult
{
Algorithm = algorithm,
IsValid = isValid,
KeyId = KeyMaterial.Id,
});
}
private byte[] Encrypt(byte[] data, RSAEncryptionPadding padding)
{
if (padding is null)
{
// TODO: Log that we don't support the given algorithm.
return(null);
}
using RSA rsa = KeyMaterial.ToRSA(true);
return(rsa.Encrypt(data, padding));
}
private byte[] Decrypt(byte[] data, RSAEncryptionPadding padding)
{
// A private key is required to decrypt. Send to the server.
if (MustRemote)
{
// TODO: Log that we need a private key.
return(null);
}
if (padding is null)
{
// TODO: Log that we don't support the given algorithm.
return(null);
}
using RSA rsa = KeyMaterial.ToRSA();
return(rsa.Decrypt(data, padding));
}
public override SignResult Sign(SignatureAlgorithm algorithm, byte[] digest, CancellationToken cancellationToken)
{
Argument.AssertNotNull(digest, nameof(digest));
ThrowIfTimeInvalid();
// A private key is required to sign. Send to the server.
if (MustRemote)
{
KeysEventSource.Singleton.PrivateKeyRequired(nameof(Sign));
return(null);
}
HashAlgorithmName hashAlgorithm = algorithm.GetHashAlgorithmName();
if (hashAlgorithm == default)
{
KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Sign), algorithm);
return(null);
}
RSASignaturePadding padding = algorithm.GetRsaSignaturePadding();
if (padding is null)
{
KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Sign), algorithm);
return(null);
}
using RSA rsa = KeyMaterial.ToRSA(true);
byte[] signature = rsa.SignHash(digest, hashAlgorithm, padding);
return(new SignResult
{
Algorithm = algorithm,
KeyId = KeyMaterial.Id,
Signature = signature,
});
}
public override SignResult Sign(SignatureAlgorithm algorithm, byte[] digest, CancellationToken cancellationToken)
{
Argument.AssertNotNull(digest, nameof(digest));
ThrowIfTimeInvalid();
// A private key is required to sign. Send to the server.
if (MustRemote)
{
// TODO: Log that we need a private key.
return(null);
}
HashAlgorithmName hashAlgorithm = algorithm.GetHashAlgorithmName();
if (hashAlgorithm == default)
{
// TODO: Log that we don't support the given algorithm.
return(null);
}
RSASignaturePadding padding = algorithm.GetRsaSignaturePadding();
if (padding is null)
{
// TODO: Log that we don't support the given algorithm.
return(null);
}
using RSA rsa = KeyMaterial.ToRSA(true);
byte[] signature = rsa.SignHash(digest, hashAlgorithm, padding);
return(new SignResult
{
Algorithm = algorithm,
KeyId = KeyMaterial.Id,
Signature = signature,
});
}
private byte[] Decrypt(byte[] data, RSAEncryptionPadding padding)
{
using RSA rsa = KeyMaterial.ToRSA(true);
return(rsa.Decrypt(data, padding));
}