From 3c508655db514af6702bb51be63dc0b3d176e11b Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 21 Dec 2022 12:34:49 +0700
Subject: Span-based alternatives to char[]

---
 crypto/src/cms/CMSPBEKey.cs              | 24 +++++++++++++++++++++++-
 crypto/src/cms/PKCS5Scheme2PBEKey.cs     | 14 +++++++++++++-
 crypto/src/cms/PKCS5Scheme2UTF8PBEKey.cs | 14 +++++++++++++-
 3 files changed, 49 insertions(+), 3 deletions(-)

(limited to 'crypto/src/cms')

diff --git a/crypto/src/cms/CMSPBEKey.cs b/crypto/src/cms/CMSPBEKey.cs
index 78360c2cd..4b3e542ee 100644
--- a/crypto/src/cms/CMSPBEKey.cs
+++ b/crypto/src/cms/CMSPBEKey.cs
@@ -45,7 +45,29 @@ namespace Org.BouncyCastle.Cms
 			this.iterationCount = kdfParams.IterationCount.IntValue;
 		}
 
-		~CmsPbeKey()
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        public CmsPbeKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> salt, int iterationCount)
+        {
+			this.password = password.ToArray();
+			this.salt = salt.ToArray();
+            this.iterationCount = iterationCount;
+        }
+
+        public CmsPbeKey(ReadOnlySpan<char> password, AlgorithmIdentifier keyDerivationAlgorithm)
+        {
+            if (!keyDerivationAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdPbkdf2))
+                throw new ArgumentException("Unsupported key derivation algorithm: "
+                    + keyDerivationAlgorithm.Algorithm);
+
+            Pbkdf2Params kdfParams = Pbkdf2Params.GetInstance(keyDerivationAlgorithm.Parameters.ToAsn1Object());
+
+			this.password = password.ToArray();
+            this.salt = kdfParams.GetSalt();
+            this.iterationCount = kdfParams.IterationCount.IntValue;
+        }
+#endif
+
+        ~CmsPbeKey()
 		{
 			Array.Clear(this.password, 0, this.password.Length);
 		}
diff --git a/crypto/src/cms/PKCS5Scheme2PBEKey.cs b/crypto/src/cms/PKCS5Scheme2PBEKey.cs
index 6606d5c45..78238292d 100644
--- a/crypto/src/cms/PKCS5Scheme2PBEKey.cs
+++ b/crypto/src/cms/PKCS5Scheme2PBEKey.cs
@@ -29,7 +29,19 @@ namespace Org.BouncyCastle.Cms
 		{
 		}
 
-		internal override KeyParameter GetEncoded(
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        public Pkcs5Scheme2PbeKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> salt, int iterationCount)
+            : base(password, salt, iterationCount)
+        {
+        }
+
+        public Pkcs5Scheme2PbeKey(ReadOnlySpan<char> password, AlgorithmIdentifier keyDerivationAlgorithm)
+            : base(password, keyDerivationAlgorithm)
+        {
+        }
+#endif
+
+        internal override KeyParameter GetEncoded(
 			string algorithmOid)
 		{
 			Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator();
diff --git a/crypto/src/cms/PKCS5Scheme2UTF8PBEKey.cs b/crypto/src/cms/PKCS5Scheme2UTF8PBEKey.cs
index e2a09b760..68eff7b44 100644
--- a/crypto/src/cms/PKCS5Scheme2UTF8PBEKey.cs
+++ b/crypto/src/cms/PKCS5Scheme2UTF8PBEKey.cs
@@ -29,7 +29,19 @@ namespace Org.BouncyCastle.Cms
 		{
 		}
 
-		internal override KeyParameter GetEncoded(
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        public Pkcs5Scheme2Utf8PbeKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> salt, int iterationCount)
+            : base(password, salt, iterationCount)
+        {
+        }
+
+        public Pkcs5Scheme2Utf8PbeKey(ReadOnlySpan<char> password, AlgorithmIdentifier keyDerivationAlgorithm)
+            : base(password, keyDerivationAlgorithm)
+        {
+        }
+#endif
+
+        internal override KeyParameter GetEncoded(
 			string algorithmOid)
 		{
 			Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator();
-- 
cgit 1.5.1