summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2020-04-05 18:54:21 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2020-04-05 18:54:21 +0700
commit4f8cc0568c9368c0d2dbe04ef286458221e6db59 (patch)
tree262b69f1619fbeaac83e3a30cda2e70241b9df26
parentadded argument check for bit block size (diff)
downloadBouncyCastle.NET-ed25519-4f8cc0568c9368c0d2dbe04ef286458221e6db59.tar.xz
Reset after wrong-length failure
-rw-r--r--crypto/src/crypto/signers/Ed25519Signer.cs3
-rw-r--r--crypto/src/crypto/signers/Ed25519ctxSigner.cs3
-rw-r--r--crypto/src/crypto/signers/Ed25519phSigner.cs3
-rw-r--r--crypto/src/crypto/signers/Ed448Signer.cs3
-rw-r--r--crypto/src/crypto/signers/Ed448phSigner.cs3
-rw-r--r--crypto/test/src/crypto/test/Ed25519Test.cs32
-rw-r--r--crypto/test/src/crypto/test/Ed448Test.cs46
7 files changed, 93 insertions, 0 deletions
diff --git a/crypto/src/crypto/signers/Ed25519Signer.cs b/crypto/src/crypto/signers/Ed25519Signer.cs
index e58d14ea4..eb3d25398 100644
--- a/crypto/src/crypto/signers/Ed25519Signer.cs
+++ b/crypto/src/crypto/signers/Ed25519Signer.cs
@@ -98,7 +98,10 @@ namespace Org.BouncyCastle.Crypto.Signers
             internal bool VerifySignature(Ed25519PublicKeyParameters publicKey, byte[] signature)
             {
                 if (Ed25519.SignatureSize != signature.Length)
+                {
+                    Reset();
                     return false;
+                }
 
                 lock (this)
                 {
diff --git a/crypto/src/crypto/signers/Ed25519ctxSigner.cs b/crypto/src/crypto/signers/Ed25519ctxSigner.cs
index 2b5296e96..3610e25de 100644
--- a/crypto/src/crypto/signers/Ed25519ctxSigner.cs
+++ b/crypto/src/crypto/signers/Ed25519ctxSigner.cs
@@ -100,7 +100,10 @@ namespace Org.BouncyCastle.Crypto.Signers
             internal bool VerifySignature(Ed25519PublicKeyParameters publicKey, byte[] ctx, byte[] signature)
             {
                 if (Ed25519.SignatureSize != signature.Length)
+                {
+                    Reset();
                     return false;
+                }
 
                 lock (this)
                 {
diff --git a/crypto/src/crypto/signers/Ed25519phSigner.cs b/crypto/src/crypto/signers/Ed25519phSigner.cs
index cb3c3080a..8f4afab19 100644
--- a/crypto/src/crypto/signers/Ed25519phSigner.cs
+++ b/crypto/src/crypto/signers/Ed25519phSigner.cs
@@ -74,7 +74,10 @@ namespace Org.BouncyCastle.Crypto.Signers
             if (forSigning || null == publicKey)
                 throw new InvalidOperationException("Ed25519phSigner not initialised for verification");
             if (Ed25519.SignatureSize != signature.Length)
+            {
+                prehash.Reset();
                 return false;
+            }
 
             byte[] pk = publicKey.GetEncoded();
             return Ed25519.VerifyPrehash(signature, 0, pk, 0, context, prehash);
diff --git a/crypto/src/crypto/signers/Ed448Signer.cs b/crypto/src/crypto/signers/Ed448Signer.cs
index 9d1495f2e..746029834 100644
--- a/crypto/src/crypto/signers/Ed448Signer.cs
+++ b/crypto/src/crypto/signers/Ed448Signer.cs
@@ -100,7 +100,10 @@ namespace Org.BouncyCastle.Crypto.Signers
             internal bool VerifySignature(Ed448PublicKeyParameters publicKey, byte[] ctx, byte[] signature)
             {
                 if (Ed448.SignatureSize != signature.Length)
+                {
+                    Reset();
                     return false;
+                }
 
                 lock (this)
                 {
diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs
index f01b6bfd4..197c2f706 100644
--- a/crypto/src/crypto/signers/Ed448phSigner.cs
+++ b/crypto/src/crypto/signers/Ed448phSigner.cs
@@ -74,7 +74,10 @@ namespace Org.BouncyCastle.Crypto.Signers
             if (forSigning || null == publicKey)
                 throw new InvalidOperationException("Ed448phSigner not initialised for verification");
             if (Ed448.SignatureSize != signature.Length)
+            {
+                prehash.Reset();
                 return false;
+            }
 
             byte[] pk = publicKey.GetEncoded();
             return Ed448.VerifyPrehash(signature, 0, pk, 0, context, prehash);
diff --git a/crypto/test/src/crypto/test/Ed25519Test.cs b/crypto/test/src/crypto/test/Ed25519Test.cs
index c520eac2b..516574bc3 100644
--- a/crypto/test/src/crypto/test/Ed25519Test.cs
+++ b/crypto/test/src/crypto/test/Ed25519Test.cs
@@ -8,6 +8,7 @@ using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Math.EC.Rfc8032;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
 
 namespace Org.BouncyCastle.Crypto.Tests
@@ -38,6 +39,8 @@ namespace Org.BouncyCastle.Crypto.Tests
 
         public override void PerformTest()
         {
+            BasicSigTest();
+
             for (int i = 0; i < 10; ++i)
             {
                 DoTestConsistency(Ed25519.Algorithm.Ed25519, null);
@@ -48,6 +51,25 @@ namespace Org.BouncyCastle.Crypto.Tests
             }
         }
 
+        private void BasicSigTest()
+        {
+            Ed25519PrivateKeyParameters privateKey = new Ed25519PrivateKeyParameters(
+                Hex.DecodeStrict("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"), 0);
+            Ed25519PublicKeyParameters publicKey = new Ed25519PublicKeyParameters(
+                Hex.DecodeStrict("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"), 0);
+
+            byte[] sig = Hex.Decode("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
+
+            ISigner signer = new Ed25519Signer();
+            signer.Init(true, privateKey);
+
+            IsTrue(AreEqual(sig, signer.GenerateSignature()));
+
+            signer.Init(false, publicKey);
+
+            IsTrue(signer.VerifySignature(sig));
+        }
+
         private ISigner CreateSigner(Ed25519.Algorithm algorithm, byte[] context)
         {
             switch (algorithm)
@@ -113,6 +135,16 @@ namespace Org.BouncyCastle.Crypto.Tests
                 }
             }
 
+            if (msg.Length > 0)
+            {
+                bool shouldNotVerify = verifier.VerifySignature(signature);
+
+                if (shouldNotVerify)
+                {
+                    Fail("Ed25519(" + algorithm + ") wrong length failure did not reset verifier");
+                }
+            }
+
             {
                 byte[] badSignature = Arrays.Clone(signature);
                 badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7));
diff --git a/crypto/test/src/crypto/test/Ed448Test.cs b/crypto/test/src/crypto/test/Ed448Test.cs
index a73292430..114a31714 100644
--- a/crypto/test/src/crypto/test/Ed448Test.cs
+++ b/crypto/test/src/crypto/test/Ed448Test.cs
@@ -8,6 +8,7 @@ using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Math.EC.Rfc8032;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
 
 namespace Org.BouncyCastle.Crypto.Tests
@@ -38,6 +39,8 @@ namespace Org.BouncyCastle.Crypto.Tests
 
         public override void PerformTest()
         {
+            BasicSigTest();
+
             for (int i = 0; i < 10; ++i)
             {
                 byte[] context = RandomContext(Random.NextInt() & 255);
@@ -46,6 +49,39 @@ namespace Org.BouncyCastle.Crypto.Tests
             }
         }
 
+        private void BasicSigTest()
+        {
+            Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters(
+                Hex.DecodeStrict(
+                    "6c82a562cb808d10d632be89c8513ebf" +
+                    "6c929f34ddfa8c9f63c9960ef6e348a3" +
+                    "528c8a3fcc2f044e39a3fc5b94492f8f" +
+                    "032e7549a20098f95b"), 0);
+            Ed448PublicKeyParameters publicKey = new Ed448PublicKeyParameters(
+                Hex.DecodeStrict("5fd7449b59b461fd2ce787ec616ad46a" +
+                    "1da1342485a70e1f8a0ea75d80e96778" +
+                    "edf124769b46c7061bd6783df1e50f6c" +
+                    "d1fa1abeafe8256180"), 0);
+
+            byte[] sig = Hex.DecodeStrict("533a37f6bbe457251f023c0d88f976ae" +
+                "2dfb504a843e34d2074fd823d41a591f" +
+                "2b233f034f628281f2fd7a22ddd47d78" +
+                "28c59bd0a21bfd3980ff0d2028d4b18a" +
+                "9df63e006c5d1c2d345b925d8dc00b41" +
+                "04852db99ac5c7cdda8530a113a0f4db" +
+                "b61149f05a7363268c71d95808ff2e65" +
+                "2600");
+
+            ISigner signer = new Ed448Signer(new byte[0]);
+            signer.Init(true, privateKey);
+
+            IsTrue(AreEqual(sig, signer.GenerateSignature()));
+
+            signer.Init(false, publicKey);
+
+            IsTrue(signer.VerifySignature(sig));
+        }
+
         private ISigner CreateSigner(Ed448.Algorithm algorithm, byte[] context)
         {
             switch (algorithm)
@@ -109,6 +145,16 @@ namespace Org.BouncyCastle.Crypto.Tests
                 }
             }
 
+            if (msg.Length > 0)
+            {
+                bool shouldNotVerify = verifier.VerifySignature(signature);
+
+                if (shouldNotVerify)
+                {
+                    Fail("Ed448(" + algorithm + ") wrong length failure did not reset verifier");
+                }
+            }
+
             {
                 byte[] badSignature = Arrays.Clone(signature);
                 badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7));