private static byte[] SignHash(byte[] hash, CngKey key, string algorithm, int saltSize) { var paddingIndo = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize); uint size; uint status; status = NCrypt.NCryptSignHash(key.Handle, ref paddingIndo, hash, hash.Length, null, 0, out size, BCrypt.BCRYPT_PAD_PSS); if (status != BCrypt.ERROR_SUCCESS) { throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", status)); } byte[] signature = new byte[size]; status = NCrypt.NCryptSignHash(key.Handle, ref paddingIndo, hash, hash.Length, signature, signature.Length, out size, BCrypt.BCRYPT_PAD_PSS); if (status != BCrypt.ERROR_SUCCESS) { throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() failed with status code:{0}", status)); } return(signature); }
private static bool VerifyHash(byte[] hash, byte[] signature, CngKey key, string algorithm, int saltSize) { BCrypt.BCRYPT_PSS_PADDING_INFO bCRYPTPSSPADDINGINFO = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize); uint num = NCrypt.NCryptVerifySignature(key.Handle, ref bCRYPTPSSPADDINGINFO, hash, (int)hash.Length, signature, (int)signature.Length, 8); if (num == -2146893818) { return(false); } if (num != 0) { throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", num)); } return(true); }
private static bool VerifyHash(byte[] hash, byte[] signature, CngKey key, string algorithm, int saltSize) { var paddingIndo = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize); uint status = NCrypt.NCryptVerifySignature(key.Handle, ref paddingIndo, hash, hash.Length, signature, signature.Length, BCrypt.BCRYPT_PAD_PSS); if (status == NCrypt.NTE_BAD_SIGNATURE) //honestly it always failing with NTE_INVALID_PARAMETER, but let's stick to public API { return(false); } if (status != BCrypt.ERROR_SUCCESS) { throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", status)); } return(true); }
private static byte[] SignHash(byte[] hash, CngKey key, string algorithm, int saltSize) { BCrypt.BCRYPT_PSS_PADDING_INFO bcrypt_PSS_PADDING_INFO = new BCrypt.BCRYPT_PSS_PADDING_INFO(algorithm, saltSize); uint num2; uint num = NCrypt.NCryptSignHash(key.Handle, ref bcrypt_PSS_PADDING_INFO, hash, hash.Length, null, 0, out num2, 8u); if (num != 0u) { throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() (signature size) failed with status code:{0}", num)); } byte[] array = new byte[num2]; num = NCrypt.NCryptSignHash(key.Handle, ref bcrypt_PSS_PADDING_INFO, hash, hash.Length, array, array.Length, out num2, 8u); if (num != 0u) { throw new CryptographicException(string.Format("NCrypt.NCryptSignHash() failed with status code:{0}", num)); } return(array); }
/// <summary> /// Performs a signing or verification operation. /// </summary> /// <param name="action">The delegate that will actually perform the cryptographic operation.</param> /// <remarks> /// This method should not throw an error when verifying a signature and /// the signature is invalid. Rather, the delegate should retain the result of /// verification and the caller of this method should share that closure and /// return the result. /// </remarks> protected unsafe void SignOrVerify(SignOrVerifyAction action) { Requires.NotNull(action, nameof(action)); if (this.SignaturePadding.Value == AsymmetricSignaturePadding.None) { action(null, NCryptSignHashFlags.None); } else { char[] hashAlgorithmName = HashAlgorithmProviderFactory.GetHashAlgorithmName(this.SignatureHash.Value).ToCharArrayWithNullTerminator(); fixed(char *hashAlgorithmNamePointer = &hashAlgorithmName[0]) { switch (this.SignaturePadding.Value) { case AsymmetricSignaturePadding.Pkcs1: var pkcs1PaddingInfo = new BCrypt.BCRYPT_PKCS1_PADDING_INFO { pszAlgId = hashAlgorithmNamePointer, }; action(&pkcs1PaddingInfo, NCryptSignHashFlags.BCRYPT_PAD_PKCS1); break; case AsymmetricSignaturePadding.Pss: var pssPaddingInfo = new BCrypt.BCRYPT_PSS_PADDING_INFO { pszAlgId = hashAlgorithmNamePointer, cbSalt = hashAlgorithmName.Length, }; action(&pssPaddingInfo, NCryptSignHashFlags.BCRYPT_PAD_PSS); break; default: throw new NotImplementedException(); } } } }