public bool VerifyData(byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (data == null)
throw new ArgumentNullException(nameof(data));
return VerifyData(data, 0, data.Length, signature, hashAlgorithm, padding);
}
/// <summary>
/// Computes the signature of a hash that was produced by the hash algorithm specified by "hashAlgorithm."
/// </summary>
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException("hash");
unsafe
{
byte[] signature = null;
SignOrVerify(padding, hashAlgorithm, hash,
delegate (AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
SafeNCryptKeyHandle keyHandle = Key.Handle;
int numBytesNeeded;
ErrorCode errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, null, 0, out numBytesNeeded, paddingMode);
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
signature = new byte[numBytesNeeded];
errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
}
);
return signature;
}
}
private static HashAlgorithm GetHashAlgorithm(HashAlgorithmName hashAlgorithmName)
{
HashAlgorithm hasher;
if (hashAlgorithmName == HashAlgorithmName.MD5)
{
hasher = MD5.Create();
}
else if (hashAlgorithmName == HashAlgorithmName.SHA1)
{
hasher = SHA1.Create();
}
else if (hashAlgorithmName == HashAlgorithmName.SHA256)
{
hasher = SHA256.Create();
}
else if (hashAlgorithmName == HashAlgorithmName.SHA384)
{
hasher = SHA384.Create();
}
else if (hashAlgorithmName == HashAlgorithmName.SHA512)
{
hasher = SHA512.Create();
}
else
{
throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmName.Name);
}
return hasher;
}
/// <summary>
/// Computes the signature of a hash that was produced by the hash algorithm specified by "hashAlgorithm."
/// </summary>
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException("hash");
unsafe
{
byte[] signature = null;
SignOrVerify(padding, hashAlgorithm, hash,
delegate (AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
int estimatedSize = KeySize / 8;
#if DEBUG
estimatedSize = 2; // Make sure the NTE_BUFFER_TOO_SMALL scenario gets exercised.
#endif
SafeNCryptKeyHandle keyHandle = Key.Handle;
signature = new byte[estimatedSize];
int numBytesNeeded;
ErrorCode errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
if (errorCode == ErrorCode.NTE_BUFFER_TOO_SMALL)
{
signature = new byte[numBytesNeeded];
errorCode = Interop.NCrypt.NCryptSignHash(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, out numBytesNeeded, paddingMode);
}
if (errorCode != ErrorCode.ERROR_SUCCESS)
throw errorCode.ToCryptographicException();
Array.Resize(ref signature, numBytesNeeded);
}
);
return signature;
}
}
/// <summary>
/// Verifies that alleged signature of a hash is, in fact, a valid signature of that hash.
/// </summary>
public override bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException("hash");
if (signature == null)
throw new ArgumentNullException("signature");
unsafe
{
bool verified = false;
SignOrVerify(padding, hashAlgorithm, hash,
delegate (AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
SafeNCryptKeyHandle keyHandle = Key.Handle;
ErrorCode errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
if (errorCode == ErrorCode.ERROR_SUCCESS)
verified = true;
else if (errorCode == ErrorCode.NTE_BAD_SIGNATURE)
verified = false;
else
throw errorCode.ToCryptographicException();
}
);
return verified;
}
}
private IncrementalHash(HashAlgorithmName name, HMACCommon hmac)
{
Debug.Assert(name != null);
Debug.Assert(!string.IsNullOrEmpty(name.Name));
Debug.Assert(hmac != null);
_algorithmName = new HashAlgorithmName("HMAC" + name.Name);
_hmac = hmac;
}
public byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
return SignData(data, 0, data.Length, hashAlgorithm, padding);
}
private IncrementalHash(HashAlgorithmName name, HashProvider hash)
{
Debug.Assert(name != null);
Debug.Assert(!string.IsNullOrEmpty(name.Name));
Debug.Assert(hash != null);
_algorithmName = name;
_hash = hash;
}
public static byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm)
{
// The classes that call us are sealed and their base class has checked this already.
Debug.Assert(data != null);
Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name));
using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithm))
{
return hasher.ComputeHash(data);
}
}
public virtual byte[] SignData(Stream data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (data == null)
throw new ArgumentNullException(nameof(data));
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw HashAlgorithmNameNullOrEmpty();
if (padding == null)
throw new ArgumentNullException(nameof(padding));
byte[] hash = HashData(data, hashAlgorithm);
return SignHash(hash, hashAlgorithm, padding);
}
public static byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm)
{
// The classes that call us are sealed and their base class has checked this already.
Debug.Assert(data != null);
Debug.Assert(count >= 0 && count <= data.Length);
Debug.Assert(offset >= 0 && offset <= data.Length - count);
Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name));
using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithm))
{
return hasher.ComputeHash(data, offset, count);
}
}
public static byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm)
{
// The classes that call us are sealed and their base class has checked this already.
Debug.Assert(data != null);
Debug.Assert(offset >= 0 && offset <= data.Length);
Debug.Assert(count >= 0 && count <= data.Length);
Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name));
using (HashProviderCng hashProvider = new HashProviderCng(hashAlgorithm.Name, null))
{
hashProvider.AppendHashData(data, offset, count);
byte[] hash = hashProvider.FinalizeHashAndReset();
return hash;
}
}
/// <summary>
/// Computes the signature of a hash that was produced by the hash algorithm specified by "hashAlgorithm."
/// </summary>
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException(nameof(hash));
unsafe
{
byte[] signature = null;
SignOrVerify(padding, hashAlgorithm, hash,
delegate (AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
int estimatedSize = KeySize / 8;
signature = GetKeyHandle().SignHash(hash, paddingMode, pPaddingInfo, estimatedSize);
}
);
return signature;
}
}
public static byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm)
{
// The classes that call us are sealed and their base class has checked this already.
Debug.Assert(data != null);
Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name));
using (HashProviderCng hashProvider = new HashProviderCng(hashAlgorithm.Name, null))
{
// Default the buffer size to 4K.
byte[] buffer = new byte[4096];
int bytesRead;
while ((bytesRead = data.Read(buffer, 0, buffer.Length)) > 0)
{
hashProvider.AppendHashData(buffer, 0, bytesRead);
}
byte[] hash = hashProvider.FinalizeHashAndReset();
return hash;
}
}
/// <summary>
/// Verifies that alleged signature of a hash is, in fact, a valid signature of that hash.
/// </summary>
public override bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException(nameof(hash));
if (signature == null)
throw new ArgumentNullException(nameof(signature));
unsafe
{
bool verified = false;
SignOrVerify(padding, hashAlgorithm, hash,
delegate (AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
verified = GetKeyHandle().VerifyHash(hash, signature, paddingMode, pPaddingInfo);
}
);
return verified;
}
}
//
// Common helper for SignHash() and VerifyHash(). Creates the necessary PADDING_INFO structure based on the chosen padding mode and then passes it
// to "signOrVerify" which performs the actual signing or verification.
//
private static unsafe void SignOrVerify(RSASignaturePadding padding, HashAlgorithmName hashAlgorithm, byte[] hash, SignOrVerifyAction signOrVerify)
{
string hashAlgorithmName = hashAlgorithm.Name;
if (string.IsNullOrEmpty(hashAlgorithmName))
throw new ArgumentException(SR.Cryptography_HashAlgorithmNameNullOrEmpty, "hashAlgorithm");
if (padding == null)
throw new ArgumentNullException("padding");
switch (padding.Mode)
{
case RSASignaturePaddingMode.Pkcs1:
{
using (SafeUnicodeStringHandle safeHashAlgorithmName = new SafeUnicodeStringHandle(hashAlgorithmName))
{
BCRYPT_PKCS1_PADDING_INFO paddingInfo = new BCRYPT_PKCS1_PADDING_INFO()
{
pszAlgId = safeHashAlgorithmName.DangerousGetHandle(),
};
signOrVerify(AsymmetricPaddingMode.NCRYPT_PAD_PKCS1_FLAG, &paddingInfo);
}
break;
}
case RSASignaturePaddingMode.Pss:
{
using (SafeUnicodeStringHandle safeHashAlgorithmName = new SafeUnicodeStringHandle(hashAlgorithmName))
{
BCRYPT_PSS_PADDING_INFO paddingInfo = new BCRYPT_PSS_PADDING_INFO()
{
pszAlgId = safeHashAlgorithmName.DangerousGetHandle(),
cbSalt = hash.Length,
};
signOrVerify(AsymmetricPaddingMode.NCRYPT_PAD_PSS_FLAG, &paddingInfo);
}
break;
}
default:
throw new CryptographicException(SR.Cryptography_UnsupportedPaddingMode);
}
}
public virtual byte[] SignData(
byte[] data,
int offset,
int count,
HashAlgorithmName hashAlgorithm,
RSASignaturePadding padding)
{
if (data == null)
throw new ArgumentNullException(nameof(data));
if (offset < 0 || offset > data.Length)
throw new ArgumentOutOfRangeException(nameof(offset));
if (count < 0 || count > data.Length - offset)
throw new ArgumentOutOfRangeException(nameof(count));
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw HashAlgorithmNameNullOrEmpty();
if (padding == null)
throw new ArgumentNullException(nameof(padding));
byte[] hash = HashData(data, offset, count, hashAlgorithm);
return SignHash(hash, hashAlgorithm, padding);
}
/// <summary>
/// Verifies that alleged signature of a hash is, in fact, a valid signature of that hash.
/// </summary>
public override bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException("hash");
if (signature == null)
throw new ArgumentNullException("signature");
unsafe
{
bool verified = false;
SignOrVerify(padding, hashAlgorithm, hash,
delegate (AsymmetricPaddingMode paddingMode, void* pPaddingInfo)
{
SafeNCryptKeyHandle keyHandle = Key.Handle;
ErrorCode errorCode = Interop.NCrypt.NCryptVerifySignature(keyHandle, pPaddingInfo, hash, hash.Length, signature, signature.Length, paddingMode);
verified = (errorCode == ErrorCode.ERROR_SUCCESS); // For consistency with other RSA classes, return "false" for any error code rather than making the caller catch an exception.
}
);
return verified;
}
}
public virtual bool VerifyData(
byte[] data,
int offset,
int count,
byte[] signature,
HashAlgorithmName hashAlgorithm,
RSASignaturePadding padding)
{
if (data == null)
throw new ArgumentNullException("data");
if (offset < 0 || offset > data.Length)
throw new ArgumentOutOfRangeException("offset");
if (count < 0 || count > data.Length - offset)
throw new ArgumentOutOfRangeException("count");
if (signature == null)
throw new ArgumentNullException("signature");
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw HashAlgorithmNameNullOrEmpty();
if (padding == null)
throw new ArgumentNullException("padding");
byte[] hash = HashData(data, offset, count, hashAlgorithm);
return VerifyHash(hash, signature, hashAlgorithm, padding);
}
/// <summary>
/// Create an <see cref="IncrementalHash"/> for the Hash-based Message Authentication Code (HMAC)
/// algorithm utilizing the hash algorithm specified by <paramref name="hashAlgorithm"/>, and a
/// key specified by <paramref name="key"/>.
/// </summary>
/// <param name="hashAlgorithm">The name of the hash algorithm to perform within the HMAC.</param>
/// <param name="key">
/// The secret key for the HMAC. The key can be any length, but a key longer than the output size
/// of the hash algorithm specified by <paramref name="hashAlgorithm"/> will be hashed (using the
/// algorithm specified by <paramref name="hashAlgorithm"/>) to derive a correctly-sized key. Therefore,
/// the recommended size of the secret key is the output size of the hash specified by
/// <paramref name="hashAlgorithm"/>.
/// </param>
/// <returns>
/// An <see cref="IncrementalHash"/> instance ready to compute the hash algorithm specified
/// by <paramref name="hashAlgorithm"/>.
/// </returns>
/// <exception cref="ArgumentException">
/// <paramref name="hashAlgorithm"/>.<see cref="HashAlgorithmName.Name"/> is <c>null</c>, or
/// the empty string.
/// </exception>
/// <exception cref="CryptographicException"><paramref name="hashAlgorithm"/> is not a known hash algorithm.</exception>
public static IncrementalHash CreateHMAC(HashAlgorithmName hashAlgorithm, byte[] key)
{
if (key == null)
throw new ArgumentNullException(nameof(key));
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw new ArgumentException(SR.Cryptography_HashAlgorithmNameNullOrEmpty, nameof(hashAlgorithm));
return new IncrementalHash(hashAlgorithm, new HMACCommon(hashAlgorithm.Name, key, -1));
}
/// <summary>
/// Create an <see cref="IncrementalHash"/> for the algorithm specified by <paramref name="hashAlgorithm"/>.
/// </summary>
/// <param name="hashAlgorithm">The name of the hash algorithm to perform.</param>
/// <returns>
/// An <see cref="IncrementalHash"/> instance ready to compute the hash algorithm specified
/// by <paramref name="hashAlgorithm"/>.
/// </returns>
/// <exception cref="ArgumentException">
/// <paramref name="hashAlgorithm"/>.<see cref="HashAlgorithmName.Name"/> is <c>null</c>, or
/// the empty string.
/// </exception>
/// <exception cref="CryptographicException"><paramref name="hashAlgorithm"/> is not a known hash algorithm.</exception>
public static IncrementalHash CreateHash(HashAlgorithmName hashAlgorithm)
{
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw new ArgumentException(SR.Cryptography_HashAlgorithmNameNullOrEmpty, nameof(hashAlgorithm));
return new IncrementalHash(hashAlgorithm, HashProviderDispenser.CreateHashProvider(hashAlgorithm.Name));
}
protected override byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm)
{
return OpenSslAsymmetricAlgorithmCore.HashData(data, offset, count, hashAlgorithm);
}
private bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithmName)
{
int algorithmNid = GetAlgorithmNid(hashAlgorithmName);
SafeRsaHandle rsa = _key.Value;
return Interop.Crypto.RsaVerify(
algorithmNid,
hash,
hash.Length,
signature,
signature.Length,
rsa);
}
private static int GetAlgorithmNid(HashAlgorithmName hashAlgorithmName)
{
// All of the current HashAlgorithmName values correspond to the SN values in OpenSSL 0.9.8.
// If there's ever a new one that doesn't, translate it here.
string sn = hashAlgorithmName.Name;
int nid = Interop.Crypto.ObjSn2Nid(sn);
if (nid == Interop.Crypto.NID_undef)
{
throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmName.Name);
}
return nid;
}
public override bool VerifyHash(
byte[] hash,
byte[] signature,
HashAlgorithmName hashAlgorithm,
RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException("hash");
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw HashAlgorithmNameNullOrEmpty();
if (padding == null)
throw new ArgumentNullException("padding");
if (padding != RSASignaturePadding.Pkcs1)
throw PaddingModeNotSupported();
return VerifyHash(hash, signature, hashAlgorithm);
}
private byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithmName)
{
int algorithmNid = GetAlgorithmNid(hashAlgorithmName);
SafeRsaHandle rsa = _key.Value;
byte[] signature = new byte[Interop.Crypto.RsaSize(rsa)];
int signatureSize;
bool success = Interop.Crypto.RsaSign(
algorithmNid,
hash,
hash.Length,
signature,
out signatureSize,
rsa);
if (!success)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
Debug.Assert(
signatureSize == signature.Length,
"RSA_sign reported an unexpected signature size",
"RSA_sign reported signatureSize was {0}, when {1} was expected",
signatureSize,
signature.Length);
return signature;
}
internal byte[] HashData(Stream stream, HashAlgorithmName hashAlgorithmName)
{
using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithmName))
{
return hasher.ComputeHash(stream);
}
}
internal byte[] HashData(byte[] buffer, int offset, int count, HashAlgorithmName hashAlgorithmName)
{
using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithmName))
{
return hasher.ComputeHash(buffer, offset, count);
}
}
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (hash == null)
throw new ArgumentNullException(nameof(hash));
if (string.IsNullOrEmpty(hashAlgorithm.Name))
throw HashAlgorithmNameNullOrEmpty();
if (padding == null)
throw new ArgumentNullException(nameof(padding));
if (padding != RSASignaturePadding.Pkcs1)
throw PaddingModeNotSupported();
return SignHash(hash, hashAlgorithm);
}
protected override byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm)
{
return OpenSslAsymmetricAlgorithmCore.HashData(data, hashAlgorithm);
}
public static bool TryHashData(ReadOnlySpan <byte> source, Span <byte> destination, HashAlgorithmName hashAlgorithm, out int bytesWritten)
{
// The classes that call us are sealed and their base class has checked this already.
Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name));
return
(hashAlgorithm == HashAlgorithmName.SHA256 ? SHA256.TryHashData(source, destination, out bytesWritten) :
hashAlgorithm == HashAlgorithmName.SHA1 ? SHA1.TryHashData(source, destination, out bytesWritten) :
hashAlgorithm == HashAlgorithmName.SHA512 ? SHA512.TryHashData(source, destination, out bytesWritten) :
hashAlgorithm == HashAlgorithmName.SHA384 ? SHA384.TryHashData(source, destination, out bytesWritten) :
hashAlgorithm == HashAlgorithmName.MD5 ? MD5.TryHashData(source, destination, out bytesWritten) :
throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithm.Name));
}
