public override unsafe bool TrySignHash(ReadOnlySpan <byte> source, Span <byte> destination, out int bytesWritten) { ReadOnlySpan <byte> hash = source; #endif using (SafeNCryptKeyHandle keyHandle = GetDuplicatedKeyHandle()) { if (!keyHandle.TrySignHash(hash, destination, AsymmetricPaddingMode.None, null, out bytesWritten)) { bytesWritten = 0; return(false); } } #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS if (signatureFormat == DSASignatureFormat.IeeeP1363FixedFieldConcatenation) { return(true); } if (signatureFormat != DSASignatureFormat.Rfc3279DerSequence) { Debug.Fail($"Missing internal implementation handler for signature format {signatureFormat}"); throw new CryptographicException( SR.Cryptography_UnknownSignatureFormat, signatureFormat.ToString()); } return(AsymmetricAlgorithmHelpers.TryConvertIeee1363ToDer( destination.Slice(0, bytesWritten), destination, out bytesWritten)); #else return(true); #endif }
public override bool VerifyHash(ReadOnlySpan <byte> hash, ReadOnlySpan <byte> signature) #endif { ThrowIfDisposed(); Span <byte> derSignature = stackalloc byte[SignatureStackBufSize]; ReadOnlySpan <byte> toVerify = derSignature; #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS if (signatureFormat == DSASignatureFormat.IeeeP1363FixedFieldConcatenation) { #endif // The signature format for .NET is r.Concat(s). Each of r and s are of length BitsToBytes(KeySize), even // when they would have leading zeroes. If it's the correct size, then we need to encode it from // r.Concat(s) to SEQUENCE(INTEGER(r), INTEGER(s)), because that's the format that OpenSSL expects. int expectedBytes = 2 * AsymmetricAlgorithmHelpers.BitsToBytes(KeySize); if (signature.Length != expectedBytes) { // The input isn't of the right length, so we can't sensibly re-encode it. return(false); } if (AsymmetricAlgorithmHelpers.TryConvertIeee1363ToDer(signature, derSignature, out int derSize)) { toVerify = derSignature.Slice(0, derSize); } else { toVerify = AsymmetricAlgorithmHelpers.ConvertIeee1363ToDer(signature); } #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS } else if (signatureFormat == DSASignatureFormat.Rfc3279DerSequence) { toVerify = signature; } else { Debug.Fail($"Missing internal implementation handler for signature format {signatureFormat}"); throw new CryptographicException( SR.Cryptography_UnknownSignatureFormat, signatureFormat.ToString()); } #endif SafeEcKeyHandle key = _key.Value; int verifyResult = Interop.Crypto.EcDsaVerify(hash, toVerify, key); return(verifyResult == 1); }
protected override unsafe bool TryCreateSignatureCore( ReadOnlySpan <byte> hash, Span <byte> destination, DSASignatureFormat signatureFormat, out int bytesWritten) { Span <byte> stackBuf = stackalloc byte[WindowsMaxQSize]; ReadOnlySpan <byte> source = AdjustHashSizeIfNecessary(hash, stackBuf); using (SafeNCryptKeyHandle keyHandle = GetDuplicatedKeyHandle()) { if (!CngCommon.TrySignHash(keyHandle, source, destination, AsymmetricPaddingMode.None, null, out bytesWritten)) { bytesWritten = 0; return(false); } } if (signatureFormat == DSASignatureFormat.IeeeP1363FixedFieldConcatenation) { return(true); } if (signatureFormat != DSASignatureFormat.Rfc3279DerSequence) { Debug.Fail($"Missing internal implementation handler for signature format {signatureFormat}"); throw new CryptographicException( SR.Cryptography_UnknownSignatureFormat, signatureFormat.ToString()); } return(AsymmetricAlgorithmHelpers.TryConvertIeee1363ToDer( destination.Slice(0, bytesWritten), destination, out bytesWritten)); }