Issue validating ASHWID (HardwareToken) in the cloud

Question

I'm trying to validate HardwareToken issued by HardwareIdentification.GetPackageSpecificToken with an azure (.net 4.5) service. I followed the official guidance. But i'm stuck in the very last checking. I can't figure why the signature checking is always failing (every other checks such as cheking certificate chain, weighted hardware token comparison or root certiticate publicKey matching are working fine).

Here is the code i'm using to perform the signature validation : var publicKeyProvider = leaf.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider;

var signedData = nonce.Concat(token).ToArray();
SHA1Managed hash = new SHA1Managed();
byte[] hashedData;
hashedData = hash.ComputeHash(signedData);

if (!publicKeyProvider.VerifyHash(hashedData, CryptoConfig.MapNameToOID("SHA1"), signature))
   throw new Exception("Invalid or Corrupted HardwareToken");

I also tried using VerifyData with the same result, it is always returning False (no matter I use a nonce or not).

I uploaded a very basic sample project right here : https://github.com/sandorfr/sandor/tree/master/W8/HardwareTokenSample

Did someone faced/solved this issue?

Best regards,

Answer 1

Signature kind used by ASHWID is not supported by .net because it uses PSS, so I had to make a native call to NCryptVerifySignature.