using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Crypto.Encodings; using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Crypto.Signers; using System; namespace Org.BouncyCastle.Tls.Crypto.Impl.BC { public class BcTlsRsaVerifier : BcTlsVerifier { public BcTlsRsaVerifier(BcTlsCrypto crypto, RsaKeyParameters publicKey) : base(crypto, publicKey) { } public override bool VerifyRawSignature(DigitallySigned digitallySigned, byte[] hash) { IDigest digest = new NullDigest(); SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm; ISigner signer; if (algorithm != null) { if (algorithm.Signature != 1) throw new InvalidOperationException("Invalid algorithm: " + algorithm?.ToString()); signer = new RsaDigestSigner(digest, TlsUtilities.GetOidForHashAlgorithm(algorithm.Hash)); } else signer = new GenericSigner(new Pkcs1Encoding(new RsaBlindedEngine()), digest); signer.Init(false, m_publicKey); signer.BlockUpdate(hash, 0, hash.Length); return signer.VerifySignature(digitallySigned.Signature); } } }