diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-04 20:25:34 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-04 20:25:34 +0700 |
commit | d2e7b80ec7d7955cebb9ad6bc62ca339bff6d018 (patch) | |
tree | 4ef8ea5769f16a0343cc3a3b7009ecf9b46f8652 | |
parent | Provide getter for native certificate instance (diff) | |
download | BouncyCastle.NET-ed25519-d2e7b80ec7d7955cebb9ad6bc62ca339bff6d018.tar.xz |
TLS PSS raw signatures
-rw-r--r-- | crypto/src/crypto/signers/PssSigner.cs | 28 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs | 16 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs | 9 | ||||
-rw-r--r-- | crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs | 46 |
4 files changed, 52 insertions, 47 deletions
diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs index 66efa51b8..2a941df47 100644 --- a/crypto/src/crypto/signers/PssSigner.cs +++ b/crypto/src/crypto/signers/PssSigner.cs @@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Crypto.Signers public class PssSigner : ISigner { - public const byte TrailerImplicit = (byte)0xBC; + public const byte TrailerImplicit = 0xBC; private readonly IDigest contentDigest1, contentDigest2; private readonly IDigest mgfDigest; @@ -33,23 +33,23 @@ namespace Org.BouncyCastle.Crypto.Signers private byte[] block; private byte trailer; - public static PssSigner CreateRawSigner( - IAsymmetricBlockCipher cipher, - IDigest digest) + public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest digest) { return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), null, TrailerImplicit); } - public static PssSigner CreateRawSigner( - IAsymmetricBlockCipher cipher, - IDigest contentDigest, - IDigest mgfDigest, - int saltLen, - byte trailer) + public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, + int saltLen, byte trailer) { return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, null, trailer); } + public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest, + byte[] salt, byte trailer) + { + return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, salt.Length, salt, trailer); + } + public PssSigner( IAsymmetricBlockCipher cipher, IDigest digest) @@ -225,6 +225,9 @@ namespace Org.BouncyCastle.Crypto.Signers /// </summary> public virtual byte[] GenerateSignature() { + if (contentDigest1.GetDigestSize() != hLen) + throw new InvalidOperationException(); + contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); if (sLen != 0) @@ -271,7 +274,10 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature( byte[] signature) { - contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); + if (contentDigest1.GetDigestSize() != hLen) + throw new InvalidOperationException(); + + contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); byte[] b = cipher.ProcessBlock(signature, 0, signature.Length); Arrays.Fill(block, 0, block.Length - b.Length, 0); diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs index 3e7d1ceef..1b33573f6 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC this.m_signatureScheme = signatureScheme; } - public override TlsStreamSigner GetStreamSigner(SignatureAndHashAlgorithm algorithm) + public override byte[] GenerateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) { if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme) throw new InvalidOperationException("Invalid algorithm: " + algorithm); @@ -30,10 +30,18 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(m_signatureScheme); IDigest digest = m_crypto.CreateDigest(cryptoHashAlgorithm); - PssSigner signer = new PssSigner(new RsaBlindedEngine(), digest, digest.GetDigestSize()); + PssSigner signer = PssSigner.CreateRawSigner(new RsaBlindedEngine(), digest, digest, digest.GetDigestSize(), + PssSigner.TrailerImplicit); signer.Init(true, new ParametersWithRandom(m_privateKey, m_crypto.SecureRandom)); - - return new BcTlsStreamSigner(signer); + signer.BlockUpdate(hash, 0, hash.Length); + try + { + return signer.GenerateSignature(); + } + catch (CryptoException e) + { + throw new TlsFatalAlert(AlertDescription.internal_error, e); + } } } } diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs index dc8cebdd9..18c2082aa 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC this.m_signatureScheme = signatureScheme; } - public override TlsStreamVerifier GetStreamVerifier(DigitallySigned digitallySigned) + public override bool VerifyRawSignature(DigitallySigned digitallySigned, byte[] hash) { SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm; if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme) @@ -31,10 +31,11 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(m_signatureScheme); IDigest digest = m_crypto.CreateDigest(cryptoHashAlgorithm); - PssSigner verifier = new PssSigner(new RsaEngine(), digest, digest.GetDigestSize()); + PssSigner verifier = PssSigner.CreateRawSigner(new RsaEngine(), digest, digest, digest.GetDigestSize(), + PssSigner.TrailerImplicit); verifier.Init(false, m_publicKey); - - return new BcTlsStreamVerifier(verifier, digitallySigned.Signature); + verifier.BlockUpdate(hash, 0, hash.Length); + return verifier.VerifySignature(digitallySigned.Signature); } } } diff --git a/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs b/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs index ddbe4c6b8..e0bd39f64 100644 --- a/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs +++ b/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs @@ -585,6 +585,20 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests return Utilities.Encoders.Hex.Decode(s.Replace(" ", "")); } + private byte[] ImplPrehash(int signatureScheme, byte[] message) + { + int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(signatureScheme); + TlsHash tlsHash = m_crypto.CreateHash(cryptoHashAlgorithm); + tlsHash.Update(message, 0, message.Length); + return tlsHash.CalculateHash(); + } + + private byte[] ImplPrehash(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] message) + { + int signatureScheme = SignatureScheme.From(signatureAndHashAlgorithm); + return ImplPrehash(signatureScheme, message); + } + private void ImplTestAgreement(TlsAgreement aA, TlsAgreement aB) { byte[] pA = aA.GenerateEphemeral(); @@ -682,8 +696,6 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests private void ImplTestSignature12(TlsCredentialedSigner credentialedSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm) { - short hashAlgorithm = signatureAndHashAlgorithm.Hash; - byte[] message = m_crypto.CreateNonceGenerator(TlsUtilities.EmptyBytes).GenerateNonce(100); byte[] signature; @@ -696,14 +708,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests } else { - // Currently 1.2 relies on these being handled by stream signers - Assert.IsTrue(HashAlgorithm.Intrinsic != hashAlgorithm); - - int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(hashAlgorithm); - - TlsHash tlsHash = m_crypto.CreateHash(cryptoHashAlgorithm); - tlsHash.Update(message, 0, message.Length); - byte[] hash = tlsHash.CalculateHash(); + byte[] hash = ImplPrehash(signatureAndHashAlgorithm, message); signature = credentialedSigner.GenerateRawSignature(hash); } @@ -722,14 +727,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests } else { - // Currently 1.2 relies on these being handled by stream verifiers - Assert.IsTrue(HashAlgorithm.Intrinsic != hashAlgorithm); - - int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(hashAlgorithm); - - TlsHash tlsHash = m_crypto.CreateHash(cryptoHashAlgorithm); - tlsHash.Update(message, 0, message.Length); - byte[] hash = tlsHash.CalculateHash(); + byte[] hash = ImplPrehash(signatureAndHashAlgorithm, message); verified = tlsVerifier.VerifyRawSignature(digitallySigned, hash); } @@ -750,11 +748,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests } else { - int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(signatureScheme); - - TlsHash tlsHash = m_crypto.CreateHash(cryptoHashAlgorithm); - tlsHash.Update(message, 0, message.Length); - byte[] hash = tlsHash.CalculateHash(); + byte[] hash = ImplPrehash(signatureScheme, message); signature = credentialedSigner.GenerateRawSignature(hash); } @@ -774,11 +768,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests } else { - int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(signatureScheme); - - TlsHash tlsHash = m_crypto.CreateHash(cryptoHashAlgorithm); - tlsHash.Update(message, 0, message.Length); - byte[] hash = tlsHash.CalculateHash(); + byte[] hash = ImplPrehash(signatureScheme, message); verified = tlsVerifier.VerifyRawSignature(digitallySigned, hash); } |