| | | 1 | | // |
| | | 2 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | | 3 | | // Licensed under the MIT License. See License.txt in the project root for |
| | | 4 | | // license information. |
| | | 5 | | // |
| | | 6 | | |
| | | 7 | | using System; |
| | | 8 | | using System.Security.Cryptography; |
| | | 9 | | |
| | | 10 | | namespace Microsoft.Azure.KeyVault.Cryptography.Algorithms |
| | | 11 | | { |
| | | 12 | | /// <summary> |
| | | 13 | | /// RSA SHA-256 Signature algorithim. |
| | | 14 | | /// </summary> |
| | | 15 | | public class Rs256 : RsaSignature |
| | | 16 | | { |
| | | 17 | | public const string AlgorithmName = "RS256"; |
| | | 18 | | |
| | | 19 | | internal const string OID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.2.1"; |
| | | 20 | | internal const string OID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2.2"; |
| | | 21 | | internal const string OID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.2.3"; |
| | | 22 | | |
| | | 23 | | public Rs256() |
| | 2 | 24 | | : base( AlgorithmName ) |
| | | 25 | | { |
| | 2 | 26 | | } |
| | | 27 | | |
| | | 28 | | public override ISignatureTransform CreateSignatureTransform( AsymmetricAlgorithm key ) |
| | | 29 | | { |
| | 6 | 30 | | return new Rs256SignatureTransform( key ); |
| | | 31 | | } |
| | | 32 | | |
| | | 33 | | class Rs256SignatureTransform : ISignatureTransform |
| | | 34 | | { |
| | | 35 | | private RSA _key; |
| | | 36 | | |
| | 6 | 37 | | public Rs256SignatureTransform( AsymmetricAlgorithm key ) |
| | | 38 | | { |
| | 6 | 39 | | if ( key == null ) |
| | 0 | 40 | | throw new ArgumentNullException( "key" ); |
| | | 41 | | |
| | 6 | 42 | | if ( !( key is RSA ) ) |
| | 0 | 43 | | throw new ArgumentException( string.Format( "key must be of type {0}", typeof( RSA ).AssemblyQualifi |
| | | 44 | | |
| | 6 | 45 | | _key = key as RSA; |
| | 6 | 46 | | } |
| | | 47 | | |
| | | 48 | | public byte[] Sign( byte[] digest ) |
| | | 49 | | { |
| | 2 | 50 | | if ( digest == null || digest.Length == 0 ) |
| | 0 | 51 | | throw new ArgumentNullException( "digest" ); |
| | | 52 | | |
| | 2 | 53 | | if ( digest.Length != 32 ) |
| | 0 | 54 | | throw new ArgumentOutOfRangeException( "digest", "The digest must be 32 bytes for SHA-256" ); |
| | | 55 | | |
| | | 56 | | #if FullNetFx |
| | | 57 | | if ( _key is RSACryptoServiceProvider ) |
| | | 58 | | { |
| | | 59 | | return ((RSACryptoServiceProvider)_key).SignHash( digest, OID_OIWSEC_SHA256 ); |
| | | 60 | | } |
| | | 61 | | |
| | | 62 | | throw new CryptographicException( string.Format( "{0} is not supported", _key.GetType().FullName ) ); |
| | | 63 | | #elif NETSTANDARD |
| | 2 | 64 | | return _key.SignHash( digest, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1 ); |
| | | 65 | | #else |
| | | 66 | | #error Unknown Framework |
| | | 67 | | #endif |
| | | 68 | | } |
| | | 69 | | |
| | | 70 | | public bool Verify( byte[] digest, byte[] signature ) |
| | | 71 | | { |
| | 4 | 72 | | if ( digest == null || digest.Length == 0 ) |
| | 0 | 73 | | throw new ArgumentNullException( "digest" ); |
| | | 74 | | |
| | 4 | 75 | | if ( digest.Length != 32 ) |
| | 0 | 76 | | throw new ArgumentOutOfRangeException( "digest", "The digest must be 32 bytes for SHA-256" ); |
| | | 77 | | |
| | 4 | 78 | | if ( signature == null || signature.Length == 0 ) |
| | 0 | 79 | | throw new ArgumentNullException( "signature" ); |
| | | 80 | | |
| | | 81 | | |
| | | 82 | | #if FullNetFx |
| | | 83 | | if ( _key is RSACryptoServiceProvider ) |
| | | 84 | | { |
| | | 85 | | return ((RSACryptoServiceProvider)_key).VerifyHash( digest, OID_OIWSEC_SHA256, signature ); |
| | | 86 | | } |
| | | 87 | | |
| | | 88 | | throw new CryptographicException( string.Format( "{0} is not supported", _key.GetType().FullName ) ); |
| | | 89 | | #elif NETSTANDARD |
| | 4 | 90 | | return _key.VerifyHash( digest, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1 ); |
| | | 91 | | #else |
| | | 92 | | #error Unknown Framework |
| | | 93 | | #endif |
| | | 94 | | } |
| | | 95 | | } |
| | | 96 | | } |
| | | 97 | | } |