Estimated signature size calculation for ECDsa and RSA may be incorrect

Based on recent discussions with @bartonjs where I needed to also obtain an estimated size. As per Jeremy, ECDsa should use `2 * ((KeySize + 7) / 8)` and for RSA `(KeySize + 7) / 8`.

What is currently being used is this:
https://github.com/dotnet/runtime/blob/ea4ebaa3c5162bcabc63284ba3b59aa683912af4/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.SignVerify.cs#L21-L29

and this:
https://github.com/dotnet/runtime/blob/ea4ebaa3c5162bcabc63284ba3b59aa683912af4/src/libraries/Common/src/System/Security/Cryptography/RSACng.SignVerify.cs#L62

For ECDsa and RSA respectively. 

**It is not a bug** as the code handles the case where the signature buffer wasn't big enough but I think we should be consistent on how to calculate it, maybe even consider adding a `GetSignatureSize()` API.

	int estimatedSize = KeySize switch
	{
	256 => 64,
	384 => 96,
	521 => 132,
	// If we got here, the range of legal key sizes for ECDsaCng was expanded and someone didn't update this switch.
	// Since it isn't a fatal error to miscalculate the estimatedSize, don't throw an exception. Just truck along.
	_ => KeySize / 4,
	};

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Estimated signature size calculation for ECDsa and RSA may be incorrect #67059

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Estimated signature size calculation for ECDsa and RSA may be incorrect #67059

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions