| public abstract SetHashAlgorithm ( string strName ) : void | ||
| strName | string | |
| return | void | |
public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter item = base.CreateDeformatter(key);
item.SetHashAlgorithm(_hashAlgorithm);
return(item);
}
// Token: 0x060023A2 RID: 9122 RVA: 0x00081F7C File Offset: 0x0008017C
public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = base.CreateDeformatter(key);
asymmetricSignatureDeformatter.SetHashAlgorithm(this._hashAlgorithm);
return(asymmetricSignatureDeformatter);
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter item = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(DeformatterAlgorithm);
item.SetKey(key);
item.SetHashAlgorithm("SHA1");
return(item);
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter deformatter = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(base.DeformatterAlgorithm);
deformatter.SetKey(key);
deformatter.SetHashAlgorithm("SHA1");
return(deformatter);
}
/// <summary>
/// Wrapper that verifies the signature for SHA256 taking into consideration the special logic for FIPS compliance
/// </summary>
/// <param name="deformatter">the signature deformatter</param>
/// <param name="hash">the hash algorithm</param>
/// <param name="signatureValue">the byte array for the signature value</param>
/// <returns>true/false indicating if signature was verified or not</returns>
internal static bool VerifySignatureForSha256( AsymmetricSignatureDeformatter deformatter, HashAlgorithm hash, byte[] signatureValue )
{
if ( SecurityUtils.RequiresFipsCompliance )
{
//
// When FIPS is turned ON. We need to set the hash algorithm specifically
// else for SHA256 and FIPS turned ON, the underlying deformatter does not understand the
// OID for the hashing algorithm.
//
deformatter.SetHashAlgorithm( "SHA256" );
return deformatter.VerifySignature( hash.Hash, signatureValue );
}
else
{
return deformatter.VerifySignature( hash, signatureValue );
}
}
void VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, string signatureMethod)
{
this.Signature.SignedInfo.ComputeHash(hash);
bool result;
if (SecurityUtils.RequiresFipsCompliance && signatureMethod == SecurityAlgorithms.RsaSha256Signature)
{
// This is to avoid the RSAPKCS1SignatureFormatter.VerifySignature from using SHA256Managed (non-FIPS-Compliant).
// Hence we precompute the hash using SHA256CSP (FIPS compliant) and pass it to method.
// NOTE: RSAPKCS1SignatureFormatter does not understand SHA256CSP inherently and hence this workaround.
deformatter.SetHashAlgorithm("SHA256");
result = deformatter.VerifySignature(hash.Hash, GetSignatureValue());
}
else
{
result = deformatter.VerifySignature(hash, GetSignatureValue());
}
if (!result)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.SignatureVerificationFailed)));
}
}
private void VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, string signatureMethod)
{
bool flag;
this.Signature.SignedInfo.ComputeHash(hash);
if (System.IdentityModel.SecurityUtils.RequiresFipsCompliance && (signatureMethod == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"))
{
deformatter.SetHashAlgorithm("SHA256");
flag = deformatter.VerifySignature(hash.Hash, this.GetSignatureValue());
}
else
{
flag = deformatter.VerifySignature(hash, this.GetSignatureValue());
}
if (!flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("SignatureVerificationFailed")));
}
}