diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-01-12 18:04:43 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-01-12 18:04:43 +0700 |
| commit | d5203458eca8e5ff5463b5d92f0d4e85b884731a (patch) | |
| tree | 243ea20a274fa0c617d4fce56665d0d344247890 | |
| parent | Make classes static (diff) | |
| download | BouncyCastle.NET-ed25519-d5203458eca8e5ff5463b5d92f0d4e85b884731a.tar.xz | |
Refactoring around ParametersWithRandom
29 files changed, 138 insertions, 187 deletions
diff --git a/crypto/src/crypto/BufferedAeadBlockCipher.cs b/crypto/src/crypto/BufferedAeadBlockCipher.cs index bf453feea..f822e393e 100644 --- a/crypto/src/crypto/BufferedAeadBlockCipher.cs +++ b/crypto/src/crypto/BufferedAeadBlockCipher.cs @@ -37,13 +37,11 @@ namespace Org.BouncyCastle.Crypto * @exception ArgumentException if the parameters argument is * inappropriate. */ - public override void Init( - bool forEncryption, - ICipherParameters parameters) + public override void Init(bool forEncryption, ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom) parameters).Parameters; + parameters = withRandom.Parameters; } cipher.Init(forEncryption, parameters); diff --git a/crypto/src/crypto/BufferedAeadCipher.cs b/crypto/src/crypto/BufferedAeadCipher.cs index fb3408e12..05bf6e25b 100644 --- a/crypto/src/crypto/BufferedAeadCipher.cs +++ b/crypto/src/crypto/BufferedAeadCipher.cs @@ -36,13 +36,11 @@ namespace Org.BouncyCastle.Crypto * @exception ArgumentException if the parameters argument is * inappropriate. */ - public override void Init( - bool forEncryption, - ICipherParameters parameters) + public override void Init(bool forEncryption, ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom)parameters).Parameters; + parameters = withRandom.Parameters; } cipher.Init(forEncryption, parameters); diff --git a/crypto/src/crypto/agreement/DHBasicAgreement.cs b/crypto/src/crypto/agreement/DHBasicAgreement.cs index 6c3fe6595..ca298dd27 100644 --- a/crypto/src/crypto/agreement/DHBasicAgreement.cs +++ b/crypto/src/crypto/agreement/DHBasicAgreement.cs @@ -19,20 +19,17 @@ namespace Org.BouncyCastle.Crypto.Agreement private DHPrivateKeyParameters key; private DHParameters dhParams; - public virtual void Init( - ICipherParameters parameters) + public virtual void Init(ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom) parameters).Parameters; + parameters = withRandom.Parameters; } if (!(parameters is DHPrivateKeyParameters)) - { throw new ArgumentException("DHEngine expects DHPrivateKeyParameters"); - } - this.key = (DHPrivateKeyParameters) parameters; + this.key = (DHPrivateKeyParameters)parameters; this.dhParams = key.Parameters; } diff --git a/crypto/src/crypto/agreement/ECDHBasicAgreement.cs b/crypto/src/crypto/agreement/ECDHBasicAgreement.cs index 1358db0cf..b3b1ab5c7 100644 --- a/crypto/src/crypto/agreement/ECDHBasicAgreement.cs +++ b/crypto/src/crypto/agreement/ECDHBasicAgreement.cs @@ -26,12 +26,11 @@ namespace Org.BouncyCastle.Crypto.Agreement { protected internal ECPrivateKeyParameters privKey; - public virtual void Init( - ICipherParameters parameters) + public virtual void Init(ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom)parameters).Parameters; + parameters = withRandom.Parameters; } this.privKey = (ECPrivateKeyParameters)parameters; diff --git a/crypto/src/crypto/agreement/ECDHCBasicAgreement.cs b/crypto/src/crypto/agreement/ECDHCBasicAgreement.cs index f0b5d1e02..1bcb259c6 100644 --- a/crypto/src/crypto/agreement/ECDHCBasicAgreement.cs +++ b/crypto/src/crypto/agreement/ECDHCBasicAgreement.cs @@ -31,12 +31,11 @@ namespace Org.BouncyCastle.Crypto.Agreement { private ECPrivateKeyParameters privKey; - public virtual void Init( - ICipherParameters parameters) + public virtual void Init(ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom) parameters).Parameters; + parameters = withRandom.Parameters; } this.privKey = (ECPrivateKeyParameters)parameters; diff --git a/crypto/src/crypto/agreement/ECMqvBasicAgreement.cs b/crypto/src/crypto/agreement/ECMqvBasicAgreement.cs index b71f5a7d2..984d66587 100644 --- a/crypto/src/crypto/agreement/ECMqvBasicAgreement.cs +++ b/crypto/src/crypto/agreement/ECMqvBasicAgreement.cs @@ -12,12 +12,11 @@ namespace Org.BouncyCastle.Crypto.Agreement { protected internal MqvPrivateParameters privParams; - public virtual void Init( - ICipherParameters parameters) + public virtual void Init(ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom)parameters).Parameters; + parameters = withRandom.Parameters; } this.privParams = (MqvPrivateParameters)parameters; diff --git a/crypto/src/crypto/encodings/OaepEncoding.cs b/crypto/src/crypto/encodings/OaepEncoding.cs index 6871a039a..a0ae7d1e6 100644 --- a/crypto/src/crypto/encodings/OaepEncoding.cs +++ b/crypto/src/crypto/encodings/OaepEncoding.cs @@ -74,7 +74,7 @@ namespace Org.BouncyCastle.Crypto.Encodings } else { - this.random = CryptoServicesRegistrar.GetSecureRandom(); + this.random = forEncryption ? CryptoServicesRegistrar.GetSecureRandom() : null; } engine.Init(forEncryption, parameters); diff --git a/crypto/src/crypto/encodings/Pkcs1Encoding.cs b/crypto/src/crypto/encodings/Pkcs1Encoding.cs index 06e59d4f3..299d0ddb0 100644 --- a/crypto/src/crypto/encodings/Pkcs1Encoding.cs +++ b/crypto/src/crypto/encodings/Pkcs1Encoding.cs @@ -105,13 +105,13 @@ namespace Org.BouncyCastle.Crypto.Encodings AsymmetricKeyParameter kParam; if (parameters is ParametersWithRandom withRandom) { - this.random = withRandom.Random; kParam = (AsymmetricKeyParameter)withRandom.Parameters; + this.random = withRandom.Random; } else { - this.random = CryptoServicesRegistrar.GetSecureRandom(); kParam = (AsymmetricKeyParameter)parameters; + this.random = forEncryption && !kParam.IsPrivate ? CryptoServicesRegistrar.GetSecureRandom() : null; } engine.Init(forEncryption, parameters); @@ -119,9 +119,6 @@ namespace Org.BouncyCastle.Crypto.Encodings this.forPrivateKey = kParam.IsPrivate; this.forEncryption = forEncryption; this.blockBuffer = new byte[engine.GetOutputBlockSize()]; - - if (pLen > 0 && fallback == null && random == null) - throw new ArgumentException("encoder requires random"); } public int GetInputBlockSize() @@ -259,15 +256,10 @@ namespace Org.BouncyCastle.Crypto.Encodings throw new InvalidCipherTextException("sorry, this method is only for decryption, not for signing"); byte[] block = engine.ProcessBlock(input, inOff, inLen); - byte[] random; - if (this.fallback == null) - { - random = new byte[this.pLen]; - this.random.NextBytes(random); - } - else + byte[] fallbackResult = fallback; + if (fallbackResult == null) { - random = fallback; + fallbackResult = SecureRandom.GetNextBytes(SecureRandom.ArbitraryRandom, pLen); } byte[] data = (useStrictLength & (block.Length != engine.GetOutputBlockSize())) ? blockBuffer : block; @@ -284,7 +276,7 @@ namespace Org.BouncyCastle.Crypto.Encodings byte[] result = new byte[this.pLen]; for (int i = 0; i < this.pLen; i++) { - result[i] = (byte)((data[i + (data.Length - pLen)] & (~correct)) | (random[i] & correct)); + result[i] = (byte)((data[i + (data.Length - pLen)] & (~correct)) | (fallbackResult[i] & correct)); } Arrays.Fill(data, 0); diff --git a/crypto/src/crypto/engines/DesEdeWrapEngine.cs b/crypto/src/crypto/engines/DesEdeWrapEngine.cs index 07f751ab9..3115f65dc 100644 --- a/crypto/src/crypto/engines/DesEdeWrapEngine.cs +++ b/crypto/src/crypto/engines/DesEdeWrapEngine.cs @@ -52,45 +52,40 @@ namespace Org.BouncyCastle.Crypto.Engines * @param forWrapping * @param param */ - public virtual void Init( - bool forWrapping, - ICipherParameters parameters) + public virtual void Init(bool forWrapping, ICipherParameters parameters) { this.forWrapping = forWrapping; this.engine = new CbcBlockCipher(new DesEdeEngine()); - SecureRandom sr; + SecureRandom random = null; if (parameters is ParametersWithRandom pr) { parameters = pr.Parameters; - sr = pr.Random; - } - else - { - sr = CryptoServicesRegistrar.GetSecureRandom(); + random = pr.Random; } - if (parameters is KeyParameter) + if (parameters is KeyParameter keyParameter) { - this.param = (KeyParameter) parameters; + this.param = keyParameter; if (this.forWrapping) { // Hm, we have no IV but we want to wrap ?!? // well, then we have to create our own IV. this.iv = new byte[8]; - sr.NextBytes(iv); + + CryptoServicesRegistrar.GetSecureRandom(random).NextBytes(iv); this.paramPlusIV = new ParametersWithIV(this.param, this.iv); } } - else if (parameters is ParametersWithIV) + else if (parameters is ParametersWithIV withIV) { if (!forWrapping) throw new ArgumentException("You should not supply an IV for unwrapping"); - this.paramPlusIV = (ParametersWithIV) parameters; - this.iv = this.paramPlusIV.GetIV(); - this.param = (KeyParameter) this.paramPlusIV.Parameters; + this.paramPlusIV = withIV; + this.iv = withIV.GetIV(); + this.param = (KeyParameter)withIV.Parameters; if (this.iv.Length != 8) throw new ArgumentException("IV is not 8 octets", "parameters"); diff --git a/crypto/src/crypto/engines/ElGamalEngine.cs b/crypto/src/crypto/engines/ElGamalEngine.cs index ea5e5bc30..2e80302a6 100644 --- a/crypto/src/crypto/engines/ElGamalEngine.cs +++ b/crypto/src/crypto/engines/ElGamalEngine.cs @@ -38,7 +38,7 @@ namespace Org.BouncyCastle.Crypto.Engines else { this.key = (ElGamalKeyParameters)parameters; - this.random = CryptoServicesRegistrar.GetSecureRandom(); + this.random = forEncryption ? CryptoServicesRegistrar.GetSecureRandom() : null; } this.forEncryption = forEncryption; diff --git a/crypto/src/crypto/engines/NaccacheSternEngine.cs b/crypto/src/crypto/engines/NaccacheSternEngine.cs index 39fb7c9ec..16f62a4e5 100644 --- a/crypto/src/crypto/engines/NaccacheSternEngine.cs +++ b/crypto/src/crypto/engines/NaccacheSternEngine.cs @@ -31,15 +31,13 @@ namespace Org.BouncyCastle.Crypto.Engines * @see org.bouncycastle.crypto.AsymmetricBlockCipher#init(bool, * org.bouncycastle.crypto.CipherParameters) */ - public virtual void Init( - bool forEncryption, - ICipherParameters parameters) + public virtual void Init(bool forEncryption, ICipherParameters parameters) { this.forEncryption = forEncryption; - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom) parameters).Parameters; + parameters = withRandom.Parameters; } key = (NaccacheSternKeyParameters)parameters; diff --git a/crypto/src/crypto/engines/RC2WrapEngine.cs b/crypto/src/crypto/engines/RC2WrapEngine.cs index bc50f0db4..20768701f 100644 --- a/crypto/src/crypto/engines/RC2WrapEngine.cs +++ b/crypto/src/crypto/engines/RC2WrapEngine.cs @@ -56,14 +56,14 @@ namespace Org.BouncyCastle.Crypto.Engines this.forWrapping = forWrapping; this.engine = new CbcBlockCipher(new RC2Engine()); - if (parameters is ParametersWithRandom pWithR) + if (parameters is ParametersWithRandom withRandom) { - sr = pWithR.Random; - parameters = pWithR.Parameters; + sr = withRandom.Random; + parameters = withRandom.Parameters; } else { - sr = CryptoServicesRegistrar.GetSecureRandom(); + sr = forWrapping ? CryptoServicesRegistrar.GetSecureRandom() : null; } if (parameters is ParametersWithIV) diff --git a/crypto/src/crypto/engines/RFC3211WrapEngine.cs b/crypto/src/crypto/engines/RFC3211WrapEngine.cs index 42027cf25..86bd08f8f 100644 --- a/crypto/src/crypto/engines/RFC3211WrapEngine.cs +++ b/crypto/src/crypto/engines/RFC3211WrapEngine.cs @@ -30,17 +30,13 @@ namespace Org.BouncyCastle.Crypto.Engines if (param is ParametersWithRandom withRandom) { - this.rand = withRandom.Random; this.param = withRandom.Parameters as ParametersWithIV; - } - else + this.rand = withRandom.Random; + } + else { - if (forWrapping) - { - rand = CryptoServicesRegistrar.GetSecureRandom(); - } - this.param = param as ParametersWithIV; + this.rand = forWrapping ? CryptoServicesRegistrar.GetSecureRandom() : null; } if (null == this.param) diff --git a/crypto/src/crypto/engines/RFC3394WrapEngine.cs b/crypto/src/crypto/engines/RFC3394WrapEngine.cs index 9744130d2..e1368f25b 100644 --- a/crypto/src/crypto/engines/RFC3394WrapEngine.cs +++ b/crypto/src/crypto/engines/RFC3394WrapEngine.cs @@ -34,31 +34,28 @@ namespace Org.BouncyCastle.Crypto.Engines this.wrapCipherMode = !useReverseDirection; } - public virtual void Init( - bool forWrapping, - ICipherParameters parameters) + public virtual void Init(bool forWrapping, ICipherParameters parameters) { this.forWrapping = forWrapping; - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom) parameters).Parameters; + parameters = withRandom.Parameters; } - if (parameters is KeyParameter) + if (parameters is KeyParameter keyParameter) { - this.param = (KeyParameter) parameters; + this.param = keyParameter; } - else if (parameters is ParametersWithIV) + else if (parameters is ParametersWithIV withIV) { - ParametersWithIV pIV = (ParametersWithIV) parameters; - byte[] iv = pIV.GetIV(); + byte[] iv = withIV.GetIV(); if (iv.Length != 8) throw new ArgumentException("IV length not equal to 8", "parameters"); this.iv = iv; - this.param = (KeyParameter) pIV.Parameters; + this.param = (KeyParameter)withIV.Parameters; } else { diff --git a/crypto/src/crypto/engines/RSABlindingEngine.cs b/crypto/src/crypto/engines/RSABlindingEngine.cs index 11bb8d9d9..13b364582 100644 --- a/crypto/src/crypto/engines/RSABlindingEngine.cs +++ b/crypto/src/crypto/engines/RSABlindingEngine.cs @@ -49,10 +49,8 @@ namespace Org.BouncyCastle.Crypto.Engines { RsaBlindingParameters p; - if (param is ParametersWithRandom) + if (param is ParametersWithRandom rParam) { - ParametersWithRandom rParam = (ParametersWithRandom)param; - p = (RsaBlindingParameters)rParam.Parameters; } else diff --git a/crypto/src/crypto/engines/RSACoreEngine.cs b/crypto/src/crypto/engines/RSACoreEngine.cs index bd3d62f7c..2af447841 100644 --- a/crypto/src/crypto/engines/RSACoreEngine.cs +++ b/crypto/src/crypto/engines/RSACoreEngine.cs @@ -33,15 +33,15 @@ namespace Org.BouncyCastle.Crypto.Engines bool forEncryption, ICipherParameters parameters) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - parameters = ((ParametersWithRandom) parameters).Parameters; + parameters = withRandom.Parameters; } - if (!(parameters is RsaKeyParameters)) + if (!(parameters is RsaKeyParameters rsaKeyParameters)) throw new InvalidKeyException("Not an RSA key"); - this.key = (RsaKeyParameters) parameters; + this.key = rsaKeyParameters; this.forEncryption = forEncryption; this.bitSize = key.Modulus.BitLength; } diff --git a/crypto/src/crypto/engines/SM2Engine.cs b/crypto/src/crypto/engines/SM2Engine.cs index e0734d424..96bad4eb2 100644 --- a/crypto/src/crypto/engines/SM2Engine.cs +++ b/crypto/src/crypto/engines/SM2Engine.cs @@ -55,23 +55,27 @@ namespace Org.BouncyCastle.Crypto.Engines { this.mForEncryption = forEncryption; - if (forEncryption) + SecureRandom random = null; + if (param is ParametersWithRandom withRandom) { - ParametersWithRandom rParam = (ParametersWithRandom)param; + param = withRandom.Parameters; + random = withRandom.Random; + } + + mECKey = (ECKeyParameters)param; + mECParams = mECKey.Parameters; - mECKey = (ECKeyParameters)rParam.Parameters; - mECParams = mECKey.Parameters; + if (forEncryption) + { + mRandom = CryptoServicesRegistrar.GetSecureRandom(random); ECPoint s = ((ECPublicKeyParameters)mECKey).Q.Multiply(mECParams.H); if (s.IsInfinity) throw new ArgumentException("invalid key: [h]Q at infinity"); - - mRandom = rParam.Random; } else { - mECKey = (ECKeyParameters)param; - mECParams = mECKey.Parameters; + mRandom = null; } mCurveLength = (mECParams.Curve.FieldSize + 7) / 8; diff --git a/crypto/src/crypto/signers/DsaSigner.cs b/crypto/src/crypto/signers/DsaSigner.cs index 318eeeb48..d0a2c29e4 100644 --- a/crypto/src/crypto/signers/DsaSigner.cs +++ b/crypto/src/crypto/signers/DsaSigner.cs @@ -48,10 +48,8 @@ namespace Org.BouncyCastle.Crypto.Signers if (forSigning) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom rParam) { - ParametersWithRandom rParam = (ParametersWithRandom)parameters; - providedRandom = rParam.Random; parameters = rParam.Parameters; } diff --git a/crypto/src/crypto/signers/ECDsaSigner.cs b/crypto/src/crypto/signers/ECDsaSigner.cs index d78e92516..b27182a9e 100644 --- a/crypto/src/crypto/signers/ECDsaSigner.cs +++ b/crypto/src/crypto/signers/ECDsaSigner.cs @@ -51,10 +51,8 @@ namespace Org.BouncyCastle.Crypto.Signers if (forSigning) { - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom rParam) { - ParametersWithRandom rParam = (ParametersWithRandom)parameters; - providedRandom = rParam.Random; parameters = rParam.Parameters; } diff --git a/crypto/src/crypto/signers/GOST3410DigestSigner.cs b/crypto/src/crypto/signers/GOST3410DigestSigner.cs index 63e65986b..dcbf67723 100644 --- a/crypto/src/crypto/signers/GOST3410DigestSigner.cs +++ b/crypto/src/crypto/signers/GOST3410DigestSigner.cs @@ -35,9 +35,9 @@ namespace Org.BouncyCastle.Crypto.Signers this.forSigning = forSigning; AsymmetricKeyParameter k; - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - k = (AsymmetricKeyParameter)((ParametersWithRandom)parameters).Parameters; + k = (AsymmetricKeyParameter)withRandom.Parameters; } else { @@ -45,15 +45,10 @@ namespace Org.BouncyCastle.Crypto.Signers } if (forSigning && !k.IsPrivate) - { throw new InvalidKeyException("Signing Requires Private Key."); - } if (!forSigning && k.IsPrivate) - { throw new InvalidKeyException("Verification Requires Public Key."); - } - Reset(); diff --git a/crypto/src/crypto/signers/GenericSigner.cs b/crypto/src/crypto/signers/GenericSigner.cs index 36a9cc9a5..5de4c162f 100644 --- a/crypto/src/crypto/signers/GenericSigner.cs +++ b/crypto/src/crypto/signers/GenericSigner.cs @@ -39,9 +39,9 @@ namespace Org.BouncyCastle.Crypto.Signers this.forSigning = forSigning; AsymmetricKeyParameter k; - if (parameters is ParametersWithRandom) + if (parameters is ParametersWithRandom withRandom) { - k = (AsymmetricKeyParameter)((ParametersWithRandom)parameters).Parameters; + k = (AsymmetricKeyParameter)withRandom.Parameters; } else { diff --git a/crypto/src/crypto/signers/Iso9796d2PssSigner.cs b/crypto/src/crypto/signers/Iso9796d2PssSigner.cs index ce7130538..8657f6eaf 100644 --- a/crypto/src/crypto/signers/Iso9796d2PssSigner.cs +++ b/crypto/src/crypto/signers/Iso9796d2PssSigner.cs @@ -115,11 +115,7 @@ namespace Org.BouncyCastle.Crypto.Signers if (parameters is ParametersWithRandom withRandom) { kParam = (RsaKeyParameters)withRandom.Parameters; - - if (forSigning) - { - random = withRandom.Random; - } + random = forSigning ? withRandom.Random : null; } else if (parameters is ParametersWithSalt withSalt) { @@ -135,11 +131,7 @@ namespace Org.BouncyCastle.Crypto.Signers else { kParam = (RsaKeyParameters)parameters; - - if (forSigning) - { - random = CryptoServicesRegistrar.GetSecureRandom(); - } + random = forSigning ? CryptoServicesRegistrar.GetSecureRandom() : null; } cipher.Init(forSigning, kParam); diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs index 69f9e96e4..9bb2a7d37 100644 --- a/crypto/src/crypto/signers/PssSigner.cs +++ b/crypto/src/crypto/signers/PssSigner.cs @@ -161,18 +161,15 @@ namespace Org.BouncyCastle.Crypto.Signers } else { - if (forSigning) - { - random = CryptoServicesRegistrar.GetSecureRandom(); - } + random = forSigning ? CryptoServicesRegistrar.GetSecureRandom() : null; } cipher.Init(forSigning, parameters); RsaKeyParameters kParam; - if (parameters is RsaBlindingParameters) + if (parameters is RsaBlindingParameters blinding) { - kParam = ((RsaBlindingParameters)parameters).PublicKey; + kParam = blinding.PublicKey; } else { diff --git a/crypto/src/crypto/signers/RsaDigestSigner.cs b/crypto/src/crypto/signers/RsaDigestSigner.cs index 77d9b9ac3..80b1a4356 100644 --- a/crypto/src/crypto/signers/RsaDigestSigner.cs +++ b/crypto/src/crypto/signers/RsaDigestSigner.cs @@ -100,11 +100,11 @@ namespace Org.BouncyCastle.Crypto.Signers ICipherParameters parameters) { this.forSigning = forSigning; - AsymmetricKeyParameter k; - if (parameters is ParametersWithRandom) + AsymmetricKeyParameter k; + if (parameters is ParametersWithRandom withRandom) { - k = (AsymmetricKeyParameter)((ParametersWithRandom)parameters).Parameters; + k = (AsymmetricKeyParameter)withRandom.Parameters; } else { diff --git a/crypto/src/crypto/signers/SM2Signer.cs b/crypto/src/crypto/signers/SM2Signer.cs index 60fae3264..cd4b2d554 100644 --- a/crypto/src/crypto/signers/SM2Signer.cs +++ b/crypto/src/crypto/signers/SM2Signer.cs @@ -55,10 +55,10 @@ namespace Org.BouncyCastle.Crypto.Signers ICipherParameters baseParam; byte[] userID; - if (parameters is ParametersWithID) + if (parameters is ParametersWithID withID) { - baseParam = ((ParametersWithID)parameters).Parameters; - userID = ((ParametersWithID)parameters).GetID(); + baseParam = withID.Parameters; + userID = withID.GetID(); if (userID.Length >= 8192) throw new ArgumentException("SM2 user ID must be less than 2^16 bits long"); @@ -72,18 +72,23 @@ namespace Org.BouncyCastle.Crypto.Signers if (forSigning) { + SecureRandom random = null; if (baseParam is ParametersWithRandom rParam) { ecKey = (ECKeyParameters)rParam.Parameters; ecParams = ecKey.Parameters; - kCalculator.Init(ecParams.N, rParam.Random); + random = rParam.Random; } else { ecKey = (ECKeyParameters)baseParam; ecParams = ecKey.Parameters; - kCalculator.Init(ecParams.N, CryptoServicesRegistrar.GetSecureRandom()); } + if (!kCalculator.IsDeterministic) + { + random = CryptoServicesRegistrar.GetSecureRandom(random); + } + kCalculator.Init(ecParams.N, random); pubPoint = CreateBasePointMultiplier().Multiply(ecParams.G, ((ECPrivateKeyParameters)ecKey).D).Normalize(); } else diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs index 89519f134..d60c24222 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs @@ -20,10 +20,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium { if (forSigning) { - if (param is ParametersWithRandom) + if (param is ParametersWithRandom withRandom) { - privKey = (DilithiumPrivateKeyParameters)((ParametersWithRandom)param).Parameters; - random = ((ParametersWithRandom)param).Random; + privKey = (DilithiumPrivateKeyParameters)withRandom.Parameters; + random = withRandom.Random; } else { @@ -33,9 +33,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium } else { - pubKey = (DilithiumPublicKeyParameters) param; + pubKey = (DilithiumPublicKeyParameters)param; + random = null; } - } public byte[] GenerateSignature(byte[] message) diff --git a/crypto/src/pqc/crypto/falcon/FalconNIST.cs b/crypto/src/pqc/crypto/falcon/FalconNIST.cs index 0bc2adcad..8371fc3d3 100644 --- a/crypto/src/pqc/crypto/falcon/FalconNIST.cs +++ b/crypto/src/pqc/crypto/falcon/FalconNIST.cs @@ -17,17 +17,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon private int CRYPTO_PUBLICKEYBYTES; private int CRYPTO_SECRETKEYBYTES; - internal uint GetNonceLength() { - return this.noncelen; - } - internal uint GetLogn() { - return this.logn; - } - internal int GetCryptoBytes() { - return this.CRYPTO_BYTES; - } + internal uint NonceLength => this.noncelen; + internal uint LogN => this.logn; + internal int CryptoBytes => this.CRYPTO_BYTES; - internal FalconNist(SecureRandom random, uint logn, uint noncelen) { + internal FalconNist(SecureRandom random, uint logn, uint noncelen) + { this.logn = logn; this.codec = new FalconCodec(); this.common = new FalconCommon(); diff --git a/crypto/src/pqc/crypto/falcon/FalconSigner.cs b/crypto/src/pqc/crypto/falcon/FalconSigner.cs index abfbe3c17..7ad1385c7 100644 --- a/crypto/src/pqc/crypto/falcon/FalconSigner.cs +++ b/crypto/src/pqc/crypto/falcon/FalconSigner.cs @@ -2,6 +2,7 @@ using System; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Pqc.Crypto.Falcon { @@ -13,57 +14,53 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon public void Init(bool forSigning, ICipherParameters param) { + FalconParameters parameters; + SecureRandom random; + if (forSigning) { + FalconPrivateKeyParameters skparam; if (param is ParametersWithRandom withRandom) { - FalconPrivateKeyParameters skparam = (FalconPrivateKeyParameters)withRandom.Parameters; - encodedkey = skparam.GetEncoded(); - nist = new FalconNist( - withRandom.Random, - (uint)skparam.Parameters.LogN, - (uint)skparam.Parameters.NonceLength); + skparam = (FalconPrivateKeyParameters)withRandom.Parameters; + random = withRandom.Random; } else { - FalconPrivateKeyParameters skparam = (FalconPrivateKeyParameters)param; - encodedkey = ((FalconPrivateKeyParameters)param).GetEncoded(); - nist = new FalconNist( - CryptoServicesRegistrar.GetSecureRandom(), - (uint)skparam.Parameters.LogN, - (uint)skparam.Parameters.NonceLength); + skparam = (FalconPrivateKeyParameters)param; + random = CryptoServicesRegistrar.GetSecureRandom(); } + encodedkey = skparam.GetEncoded(); + parameters = skparam.Parameters; } else { FalconPublicKeyParameters pkparam = (FalconPublicKeyParameters)param; + random = null; encodedkey = pkparam.GetEncoded(); - nist = new FalconNist( - CryptoServicesRegistrar.GetSecureRandom(), - (uint)pkparam.Parameters.LogN, - (uint)pkparam.Parameters.NonceLength); + parameters = pkparam.Parameters; } + + nist = new FalconNist(random, (uint)parameters.LogN, (uint)parameters.NonceLength); } public byte[] GenerateSignature(byte[] message) { - byte[] sm = new byte[nist.GetCryptoBytes()]; + byte[] sm = new byte[nist.CryptoBytes]; return nist.crypto_sign(false, sm, message, 0, (uint)message.Length, encodedkey, 0); } public bool VerifySignature(byte[] message, byte[] signature) { - if (signature[0] != (byte)(0x30 + nist.GetLogn())) - { + if (signature[0] != (byte)(0x30 + nist.LogN)) return false; - } - byte[] nonce = new byte[nist.GetNonceLength()]; - byte[] sig = new byte[signature.Length - nist.GetNonceLength() - 1]; - Array.Copy(signature, 1, nonce, 0, nist.GetNonceLength()); - Array.Copy(signature, nist.GetNonceLength() + 1, sig, 0, signature.Length - nist.GetNonceLength() - 1); - bool res = nist.crypto_sign_open(false, sig,nonce,message,encodedkey,0) == 0; - return res; + + byte[] nonce = new byte[nist.NonceLength]; + byte[] sig = new byte[signature.Length - nist.NonceLength - 1]; + Array.Copy(signature, 1, nonce, 0, nist.NonceLength); + Array.Copy(signature, nist.NonceLength + 1, sig, 0, signature.Length - nist.NonceLength - 1); + return nist.crypto_sign_open(false, sig, nonce, message, encodedkey, 0) == 0; } } } diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs index 5c576eb15..275148209 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs @@ -36,19 +36,23 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { if (forSigning) { - if (param is ParametersWithRandom parametersWithRandom) + m_pubKey = null; + if (param is ParametersWithRandom withRandom) { - m_privKey = (SphincsPlusPrivateKeyParameters)parametersWithRandom.Parameters; - m_random = parametersWithRandom.Random; + m_privKey = (SphincsPlusPrivateKeyParameters)withRandom.Parameters; + m_random = withRandom.Random; } else { m_privKey = (SphincsPlusPrivateKeyParameters)param; + m_random = null; } } else { m_pubKey = (SphincsPlusPublicKeyParameters)param; + m_privKey = null; + m_random = null; } } |