66 lines
2.4 KiB
C#
66 lines
2.4 KiB
C#
using System;
|
|
using Org.BouncyCastle.Crypto.Digests;
|
|
using Org.BouncyCastle.Crypto.Encodings;
|
|
using Org.BouncyCastle.Crypto.Engines;
|
|
using Org.BouncyCastle.Crypto.Parameters;
|
|
using Org.BouncyCastle.Crypto.Signers;
|
|
|
|
namespace Org.BouncyCastle.Crypto.Tls;
|
|
|
|
public class TlsRsaSigner : AbstractTlsSigner
|
|
{
|
|
public override byte[] GenerateRawSignature(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter privateKey, byte[] hash)
|
|
{
|
|
ISigner signer = MakeSigner(algorithm, raw: true, forSigning: true, new ParametersWithRandom(privateKey, mContext.SecureRandom));
|
|
signer.BlockUpdate(hash, 0, hash.Length);
|
|
return signer.GenerateSignature();
|
|
}
|
|
|
|
public override bool VerifyRawSignature(SignatureAndHashAlgorithm algorithm, byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] hash)
|
|
{
|
|
ISigner signer = MakeSigner(algorithm, raw: true, forSigning: false, publicKey);
|
|
signer.BlockUpdate(hash, 0, hash.Length);
|
|
return signer.VerifySignature(sigBytes);
|
|
}
|
|
|
|
public override ISigner CreateSigner(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter privateKey)
|
|
{
|
|
return MakeSigner(algorithm, raw: false, forSigning: true, new ParametersWithRandom(privateKey, mContext.SecureRandom));
|
|
}
|
|
|
|
public override ISigner CreateVerifyer(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter publicKey)
|
|
{
|
|
return MakeSigner(algorithm, raw: false, forSigning: false, publicKey);
|
|
}
|
|
|
|
public override bool IsValidPublicKey(AsymmetricKeyParameter publicKey)
|
|
{
|
|
if (publicKey is RsaKeyParameters)
|
|
{
|
|
return !publicKey.IsPrivate;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
protected virtual ISigner MakeSigner(SignatureAndHashAlgorithm algorithm, bool raw, bool forSigning, ICipherParameters cp)
|
|
{
|
|
if (algorithm != null != TlsUtilities.IsTlsV12(mContext))
|
|
{
|
|
throw new InvalidOperationException();
|
|
}
|
|
if (algorithm != null && algorithm.Signature != 1)
|
|
{
|
|
throw new InvalidOperationException();
|
|
}
|
|
IDigest digest = (raw ? new NullDigest() : ((algorithm != null) ? TlsUtilities.CreateHash(algorithm.Hash) : new CombinedHash()));
|
|
ISigner signer = ((algorithm == null) ? ((ISigner)new GenericSigner(CreateRsaImpl(), digest)) : ((ISigner)new RsaDigestSigner(digest, TlsUtilities.GetOidForHashAlgorithm(algorithm.Hash))));
|
|
signer.Init(forSigning, cp);
|
|
return signer;
|
|
}
|
|
|
|
protected virtual IAsymmetricBlockCipher CreateRsaImpl()
|
|
{
|
|
return new Pkcs1Encoding(new RsaBlindedEngine());
|
|
}
|
|
}
|