diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-12-21 12:34:49 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-12-21 12:34:49 +0700 |
| commit | 3c508655db514af6702bb51be63dc0b3d176e11b (patch) | |
| tree | 2ae0176a5616ecc1b0b30a85a29f2805dc4b5241 /crypto/src/crmf | |
| parent | AesWrap: update from bc-java (diff) | |
| download | BouncyCastle.NET-ed25519-3c508655db514af6702bb51be63dc0b3d176e11b.tar.xz | |
Span-based alternatives to char[]
Diffstat (limited to 'crypto/src/crmf')
| -rw-r--r-- | crypto/src/crmf/CertificateRequestMessageBuilder.cs | 6 | ||||
| -rw-r--r-- | crypto/src/crmf/PKMacBuilder.cs | 48 | ||||
| -rw-r--r-- | crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs | 38 |
3 files changed, 71 insertions, 21 deletions
diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs index 38e95dfe7..363bfd136 100644 --- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs +++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs @@ -163,8 +163,14 @@ namespace Org.BouncyCastle.Crmf return this; } + [Obsolete("Use 'SetAuthInfoPKMacBuilder' instead")] public CertificateRequestMessageBuilder SetAuthInfoPKMAC(PKMacBuilder pkmacFactory, char[] password) { + return SetAuthInfoPKMacBuilder(pkmacFactory, password); + } + + public CertificateRequestMessageBuilder SetAuthInfoPKMacBuilder(PKMacBuilder pkmacFactory, char[] password) + { this._pkMacBuilder = pkmacFactory; this._password = password; diff --git a/crypto/src/crmf/PKMacBuilder.cs b/crypto/src/crmf/PKMacBuilder.cs index 7261a9daf..6db80325d 100644 --- a/crypto/src/crmf/PKMacBuilder.cs +++ b/crypto/src/crmf/PKMacBuilder.cs @@ -217,17 +217,31 @@ namespace Org.BouncyCastle.Crmf /// <returns>IMacFactory</returns> public IMacFactory Build(char[] password) { - if (parameters != null) - return GenCalculator(parameters, password); - - byte[] salt = new byte[saltLength]; +#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER + return Build(password.AsSpan()); +#else + PbmParameter pbmParameter = parameters; + if (pbmParameter == null) + { + pbmParameter = GenParameters(); + } - this.random = CryptoServicesRegistrar.GetSecureRandom(random); + return GenCalculator(pbmParameter, password); +#endif + } - random.NextBytes(salt); +#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER + public IMacFactory Build(ReadOnlySpan<char> password) + { + PbmParameter pbmParameter = parameters; + if (pbmParameter == null) + { + pbmParameter = GenParameters(); + } - return GenCalculator(new PbmParameter(salt, owf, iterationCount, mac), password); + return GenCalculator(pbmParameter, password); } +#endif private void CheckIterationCountCeiling(int iterationCount) { @@ -235,8 +249,20 @@ namespace Org.BouncyCastle.Crmf throw new ArgumentException("iteration count exceeds limit (" + iterationCount + " > " + maxIterations + ")"); } +#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER + private IMacFactory GenCalculator(PbmParameter parameters, ReadOnlySpan<char> password) + { + return GenCalculator(parameters, Strings.ToUtf8ByteArray(password)); + } +#else private IMacFactory GenCalculator(PbmParameter parameters, char[] password) { + return GenCalculator(parameters, Strings.ToUtf8ByteArray(password)); + } +#endif + + private IMacFactory GenCalculator(PbmParameter parameters, byte[] pw) + { // From RFC 4211 // // 1. Generate a random salt value S @@ -252,7 +278,6 @@ namespace Org.BouncyCastle.Crmf // MAC = HASH( K XOR opad, HASH( K XOR ipad, data) ) // // Where opad and ipad are defined in [HMAC]. - byte[] pw = Strings.ToUtf8ByteArray(password); byte[] salt = parameters.Salt.GetOctets(); byte[] K = new byte[pw.Length + salt.Length]; @@ -280,5 +305,12 @@ namespace Org.BouncyCastle.Crmf return new PKMacFactory(key, parameters); } + + private PbmParameter GenParameters() + { + byte[] salt = SecureRandom.GetNextBytes(CryptoServicesRegistrar.GetSecureRandom(random), saltLength); + + return new PbmParameter(salt, owf, iterationCount, mac); + } } } diff --git a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs index 4cd568e81..4530b18b8 100644 --- a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs +++ b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs @@ -38,27 +38,22 @@ namespace Org.BouncyCastle.Crmf { IMacFactory fact = generator.Build(password); - byte[] d = _pubKeyInfo.GetDerEncoded(); - - IStreamCalculator<IBlockResult> calc = fact.CreateCalculator(); - using (var stream = calc.Stream) - { - stream.Write(d, 0, d.Length); - } + return ImplSetPublicKeyMac(fact); + } - this._publicKeyMAC = new PKMacValue( - (AlgorithmIdentifier)fact.AlgorithmDetails, - new DerBitString(calc.GetResult().Collect())); +#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER + public ProofOfPossessionSigningKeyBuilder SetPublicKeyMac(PKMacBuilder generator, ReadOnlySpan<char> password) + { + IMacFactory fact = generator.Build(password); - return this; + return ImplSetPublicKeyMac(fact); } +#endif public PopoSigningKey Build(ISignatureFactory signer) { if (_name != null && _publicKeyMAC != null) - { throw new InvalidOperationException("name and publicKeyMAC cannot both be set."); - } PopoSigningKeyInput popo; @@ -86,5 +81,22 @@ namespace Org.BouncyCastle.Crmf return new PopoSigningKey(popo, (AlgorithmIdentifier)signer.AlgorithmDetails, new DerBitString(signature)); } + + private ProofOfPossessionSigningKeyBuilder ImplSetPublicKeyMac(IMacFactory fact) + { + byte[] d = _pubKeyInfo.GetDerEncoded(); + + IStreamCalculator<IBlockResult> calc = fact.CreateCalculator(); + using (var stream = calc.Stream) + { + stream.Write(d, 0, d.Length); + } + + this._publicKeyMAC = new PKMacValue( + (AlgorithmIdentifier)fact.AlgorithmDetails, + new DerBitString(calc.GetResult().Collect())); + + return this; + } } } |