init commit

2025-10-09 09:57:24 +09:00
commit 4d551bd74f
6636 changed files with 1218703 additions and 0 deletions
--- a/output/Libraries/BouncyCastle.Crypto/Org/BouncyCastle/Crypto/Signers/PssSigner.cs
+++ b/output/Libraries/BouncyCastle.Crypto/Org/BouncyCastle/Crypto/Signers/PssSigner.cs
@@ -0,0 +1,276 @@
+using System;
+using Org.BouncyCastle.Crypto.Digests;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Security;
+
+namespace Org.BouncyCastle.Crypto.Signers;
+
+public class PssSigner : ISigner
+{
+	public const byte TrailerImplicit = 188;
+
+	private readonly IDigest contentDigest1;
+
+	private readonly IDigest contentDigest2;
+
+	private readonly IDigest mgfDigest;
+
+	private readonly IAsymmetricBlockCipher cipher;
+
+	private SecureRandom random;
+
+	private int hLen;
+
+	private int mgfhLen;
+
+	private int sLen;
+
+	private bool sSet;
+
+	private int emBits;
+
+	private byte[] salt;
+
+	private byte[] mDash;
+
+	private byte[] block;
+
+	private byte trailer;
+
+	public virtual string AlgorithmName => mgfDigest.AlgorithmName + "withRSAandMGF1";
+
+	public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest digest)
+	{
+		return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), null, 188);
+	}
+
+	public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, int saltLen, byte trailer)
+	{
+		return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, null, trailer);
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest digest)
+		: this(cipher, digest, digest.GetDigestSize())
+	{
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest digest, int saltLen)
+		: this(cipher, digest, saltLen, 188)
+	{
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest digest, byte[] salt)
+		: this(cipher, digest, digest, digest, salt.Length, salt, 188)
+	{
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, int saltLen)
+		: this(cipher, contentDigest, mgfDigest, saltLen, 188)
+	{
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, byte[] salt)
+		: this(cipher, contentDigest, contentDigest, mgfDigest, salt.Length, salt, 188)
+	{
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest digest, int saltLen, byte trailer)
+		: this(cipher, digest, digest, saltLen, 188)
+	{
+	}
+
+	public PssSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, int saltLen, byte trailer)
+		: this(cipher, contentDigest, contentDigest, mgfDigest, saltLen, null, trailer)
+	{
+	}
+
+	private PssSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest1, IDigest contentDigest2, IDigest mgfDigest, int saltLen, byte[] salt, byte trailer)
+	{
+		this.cipher = cipher;
+		this.contentDigest1 = contentDigest1;
+		this.contentDigest2 = contentDigest2;
+		this.mgfDigest = mgfDigest;
+		hLen = contentDigest2.GetDigestSize();
+		mgfhLen = mgfDigest.GetDigestSize();
+		sLen = saltLen;
+		sSet = salt != null;
+		if (sSet)
+		{
+			this.salt = salt;
+		}
+		else
+		{
+			this.salt = new byte[saltLen];
+		}
+		mDash = new byte[8 + saltLen + hLen];
+		this.trailer = trailer;
+	}
+
+	public virtual void Init(bool forSigning, ICipherParameters parameters)
+	{
+		if (parameters is ParametersWithRandom)
+		{
+			ParametersWithRandom parametersWithRandom = (ParametersWithRandom)parameters;
+			parameters = parametersWithRandom.Parameters;
+			random = parametersWithRandom.Random;
+		}
+		else if (forSigning)
+		{
+			random = new SecureRandom();
+		}
+		cipher.Init(forSigning, parameters);
+		RsaKeyParameters rsaKeyParameters = ((!(parameters is RsaBlindingParameters)) ? ((RsaKeyParameters)parameters) : ((RsaBlindingParameters)parameters).PublicKey);
+		emBits = rsaKeyParameters.Modulus.BitLength - 1;
+		if (emBits < 8 * hLen + 8 * sLen + 9)
+		{
+			throw new ArgumentException("key too small for specified hash and salt lengths");
+		}
+		block = new byte[(emBits + 7) / 8];
+	}
+
+	private void ClearBlock(byte[] block)
+	{
+		Array.Clear(block, 0, block.Length);
+	}
+
+	public virtual void Update(byte input)
+	{
+		contentDigest1.Update(input);
+	}
+
+	public virtual void BlockUpdate(byte[] input, int inOff, int length)
+	{
+		contentDigest1.BlockUpdate(input, inOff, length);
+	}
+
+	public virtual void Reset()
+	{
+		contentDigest1.Reset();
+	}
+
+	public virtual byte[] GenerateSignature()
+	{
+		contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen);
+		if (sLen != 0)
+		{
+			if (!sSet)
+			{
+				random.NextBytes(salt);
+			}
+			salt.CopyTo(mDash, mDash.Length - sLen);
+		}
+		byte[] array = new byte[hLen];
+		contentDigest2.BlockUpdate(mDash, 0, mDash.Length);
+		contentDigest2.DoFinal(array, 0);
+		block[block.Length - sLen - 1 - hLen - 1] = 1;
+		salt.CopyTo(block, block.Length - sLen - hLen - 1);
+		byte[] array2 = MaskGeneratorFunction1(array, 0, array.Length, block.Length - hLen - 1);
+		byte[] array4;
+		for (int i = 0; i != array2.Length; i++)
+		{
+			byte[] array3 = (array4 = block);
+			int num = i;
+			nint num2 = num;
+			array3[num] = (byte)(array4[num2] ^ array2[i]);
+		}
+		(array4 = block)[0] = (byte)(array4[0] & (byte)(255 >> block.Length * 8 - emBits));
+		array.CopyTo(block, block.Length - hLen - 1);
+		block[block.Length - 1] = trailer;
+		byte[] result = cipher.ProcessBlock(block, 0, block.Length);
+		ClearBlock(block);
+		return result;
+	}
+
+	public virtual bool VerifySignature(byte[] signature)
+	{
+		contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen);
+		byte[] array = cipher.ProcessBlock(signature, 0, signature.Length);
+		array.CopyTo(block, block.Length - array.Length);
+		if (block[block.Length - 1] != trailer)
+		{
+			ClearBlock(block);
+			return false;
+		}
+		byte[] array2 = MaskGeneratorFunction1(block, block.Length - hLen - 1, hLen, block.Length - hLen - 1);
+		byte[] array4;
+		for (int i = 0; i != array2.Length; i++)
+		{
+			byte[] array3 = (array4 = block);
+			int num = i;
+			nint num2 = num;
+			array3[num] = (byte)(array4[num2] ^ array2[i]);
+		}
+		(array4 = block)[0] = (byte)(array4[0] & (byte)(255 >> block.Length * 8 - emBits));
+		for (int j = 0; j != block.Length - hLen - sLen - 2; j++)
+		{
+			if (block[j] != 0)
+			{
+				ClearBlock(block);
+				return false;
+			}
+		}
+		if (block[block.Length - hLen - sLen - 2] != 1)
+		{
+			ClearBlock(block);
+			return false;
+		}
+		if (sSet)
+		{
+			Array.Copy(salt, 0, mDash, mDash.Length - sLen, sLen);
+		}
+		else
+		{
+			Array.Copy(block, block.Length - sLen - hLen - 1, mDash, mDash.Length - sLen, sLen);
+		}
+		contentDigest2.BlockUpdate(mDash, 0, mDash.Length);
+		contentDigest2.DoFinal(mDash, mDash.Length - hLen);
+		int num3 = block.Length - hLen - 1;
+		for (int k = mDash.Length - hLen; k != mDash.Length; k++)
+		{
+			if ((block[num3] ^ mDash[k]) != 0)
+			{
+				ClearBlock(mDash);
+				ClearBlock(block);
+				return false;
+			}
+			num3++;
+		}
+		ClearBlock(mDash);
+		ClearBlock(block);
+		return true;
+	}
+
+	private void ItoOSP(int i, byte[] sp)
+	{
+		sp[0] = (byte)((uint)i >> 24);
+		sp[1] = (byte)((uint)i >> 16);
+		sp[2] = (byte)((uint)i >> 8);
+		sp[3] = (byte)i;
+	}
+
+	private byte[] MaskGeneratorFunction1(byte[] Z, int zOff, int zLen, int length)
+	{
+		byte[] array = new byte[length];
+		byte[] array2 = new byte[mgfhLen];
+		byte[] array3 = new byte[4];
+		int i = 0;
+		mgfDigest.Reset();
+		for (; i < length / mgfhLen; i++)
+		{
+			ItoOSP(i, array3);
+			mgfDigest.BlockUpdate(Z, zOff, zLen);
+			mgfDigest.BlockUpdate(array3, 0, array3.Length);
+			mgfDigest.DoFinal(array2, 0);
+			array2.CopyTo(array, i * mgfhLen);
+		}
+		if (i * mgfhLen < length)
+		{
+			ItoOSP(i, array3);
+			mgfDigest.BlockUpdate(Z, zOff, zLen);
+			mgfDigest.BlockUpdate(array3, 0, array3.Length);
+			mgfDigest.DoFinal(array2, 0);
+			Array.Copy(array2, 0, array, i * mgfhLen, array.Length - i * mgfhLen);
+		}
+		return array;
+	}
+}