230 lines
5.1 KiB
C#
230 lines
5.1 KiB
C#
using System;
|
|
|
|
using Org.BouncyCastle.Crypto.Parameters;
|
|
using Org.BouncyCastle.Crypto.Digests;
|
|
using Org.BouncyCastle.Security;
|
|
using Org.BouncyCastle.Utilities;
|
|
|
|
namespace Org.BouncyCastle.Crypto.Encodings
|
|
{
|
|
/**
|
|
* this does your basic Pkcs 1 v1.5 padding - whether or not you should be using this
|
|
* depends on your application - see Pkcs1 Version 2 for details.
|
|
*/
|
|
public class Pkcs1Encoding
|
|
: IAsymmetricBlockCipher
|
|
{
|
|
/**
|
|
* some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to
|
|
* work with one of these set the system property Org.BouncyCastle.Pkcs1.Strict to false.
|
|
*/
|
|
public const string StrictLengthEnabledProperty = "Org.BouncyCastle.Pkcs1.Strict";
|
|
|
|
private const int HeaderLength = 10;
|
|
|
|
/**
|
|
* The same effect can be achieved by setting the static property directly
|
|
* <p>
|
|
* The static property is checked during construction of the encoding object, it is set to
|
|
* true by default.
|
|
* </p>
|
|
*/
|
|
public static bool StrictLengthEnabled
|
|
{
|
|
get { return strictLengthEnabled[0]; }
|
|
set { strictLengthEnabled[0] = value; }
|
|
}
|
|
|
|
private static readonly bool[] strictLengthEnabled;
|
|
|
|
static Pkcs1Encoding()
|
|
{
|
|
string strictProperty = Platform.GetEnvironmentVariable(StrictLengthEnabledProperty);
|
|
|
|
strictLengthEnabled = new bool[]{ strictProperty == null || strictProperty.Equals("true")};
|
|
}
|
|
|
|
|
|
private SecureRandom random;
|
|
private IAsymmetricBlockCipher engine;
|
|
private bool forEncryption;
|
|
private bool forPrivateKey;
|
|
private bool useStrictLength;
|
|
|
|
/**
|
|
* Basic constructor.
|
|
* @param cipher
|
|
*/
|
|
public Pkcs1Encoding(
|
|
IAsymmetricBlockCipher cipher)
|
|
{
|
|
this.engine = cipher;
|
|
this.useStrictLength = StrictLengthEnabled;
|
|
}
|
|
|
|
public IAsymmetricBlockCipher GetUnderlyingCipher()
|
|
{
|
|
return engine;
|
|
}
|
|
|
|
public string AlgorithmName
|
|
{
|
|
get { return engine.AlgorithmName + "/PKCS1Padding"; }
|
|
}
|
|
|
|
public void Init(
|
|
bool forEncryption,
|
|
ICipherParameters parameters)
|
|
{
|
|
AsymmetricKeyParameter kParam;
|
|
if (parameters is ParametersWithRandom)
|
|
{
|
|
ParametersWithRandom rParam = (ParametersWithRandom)parameters;
|
|
|
|
this.random = rParam.Random;
|
|
kParam = (AsymmetricKeyParameter)rParam.Parameters;
|
|
}
|
|
else
|
|
{
|
|
this.random = new SecureRandom();
|
|
kParam = (AsymmetricKeyParameter)parameters;
|
|
}
|
|
|
|
engine.Init(forEncryption, parameters);
|
|
|
|
this.forPrivateKey = kParam.IsPrivate;
|
|
this.forEncryption = forEncryption;
|
|
}
|
|
|
|
public int GetInputBlockSize()
|
|
{
|
|
int baseBlockSize = engine.GetInputBlockSize();
|
|
|
|
return forEncryption
|
|
? baseBlockSize - HeaderLength
|
|
: baseBlockSize;
|
|
}
|
|
|
|
public int GetOutputBlockSize()
|
|
{
|
|
int baseBlockSize = engine.GetOutputBlockSize();
|
|
|
|
return forEncryption
|
|
? baseBlockSize
|
|
: baseBlockSize - HeaderLength;
|
|
}
|
|
|
|
public byte[] ProcessBlock(
|
|
byte[] input,
|
|
int inOff,
|
|
int length)
|
|
{
|
|
return forEncryption
|
|
? EncodeBlock(input, inOff, length)
|
|
: DecodeBlock(input, inOff, length);
|
|
}
|
|
|
|
private byte[] EncodeBlock(
|
|
byte[] input,
|
|
int inOff,
|
|
int inLen)
|
|
{
|
|
byte[] block = new byte[engine.GetInputBlockSize()];
|
|
|
|
if (forPrivateKey)
|
|
{
|
|
block[0] = 0x01; // type code 1
|
|
|
|
for (int i = 1; i != block.Length - inLen - 1; i++)
|
|
{
|
|
block[i] = (byte)0xFF;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
random.NextBytes(block); // random fill
|
|
|
|
block[0] = 0x02; // type code 2
|
|
|
|
//
|
|
// a zero byte marks the end of the padding, so all
|
|
// the pad bytes must be non-zero.
|
|
//
|
|
for (int i = 1; i != block.Length - inLen - 1; i++)
|
|
{
|
|
while (block[i] == 0)
|
|
{
|
|
block[i] = (byte)random.NextInt();
|
|
}
|
|
}
|
|
}
|
|
|
|
block[block.Length - inLen - 1] = 0x00; // mark the end of the padding
|
|
Array.Copy(input, inOff, block, block.Length - inLen, inLen);
|
|
|
|
return engine.ProcessBlock(block, 0, block.Length);
|
|
}
|
|
|
|
/**
|
|
* @exception InvalidCipherTextException if the decrypted block is not in Pkcs1 format.
|
|
*/
|
|
private byte[] DecodeBlock(
|
|
byte[] input,
|
|
int inOff,
|
|
int inLen)
|
|
{
|
|
byte[] block = engine.ProcessBlock(input, inOff, inLen);
|
|
|
|
if (block.Length < GetOutputBlockSize())
|
|
{
|
|
throw new InvalidCipherTextException("block truncated");
|
|
}
|
|
|
|
byte type = block[0];
|
|
|
|
if (type != 1 && type != 2)
|
|
{
|
|
throw new InvalidCipherTextException("unknown block type");
|
|
}
|
|
|
|
if (useStrictLength && block.Length != engine.GetOutputBlockSize())
|
|
{
|
|
throw new InvalidCipherTextException("block incorrect size");
|
|
}
|
|
|
|
//
|
|
// find and extract the message block.
|
|
//
|
|
int start;
|
|
for (start = 1; start != block.Length; start++)
|
|
{
|
|
byte pad = block[start];
|
|
|
|
if (pad == 0)
|
|
{
|
|
break;
|
|
}
|
|
|
|
if (type == 1 && pad != (byte)0xff)
|
|
{
|
|
throw new InvalidCipherTextException("block padding incorrect");
|
|
}
|
|
}
|
|
|
|
start++; // data should start at the next byte
|
|
|
|
if (start >= block.Length || start < HeaderLength)
|
|
{
|
|
throw new InvalidCipherTextException("no data in block");
|
|
}
|
|
|
|
byte[] result = new byte[block.Length - start];
|
|
|
|
Array.Copy(block, start, result, 0, result.Length);
|
|
|
|
return result;
|
|
}
|
|
}
|
|
|
|
}
|