summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-01-30 16:20:40 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-01-30 16:20:40 +0700
commitc1e0d224b9e34b40679ec105cd3a007a9ce37054 (patch)
treefb473048d96e4f40310b622b85157ae2b8a6bf2a
parentAdd missing failure reports (no bug) (diff)
downloadBouncyCastle.NET-ed25519-c1e0d224b9e34b40679ec105cd3a007a9ce37054.tar.xz
Ensure configured SecureRandom is passed on
-rw-r--r--crypto/src/crypto/signers/PssSigner.cs15
-rw-r--r--crypto/src/crypto/signers/X931Signer.cs11
-rw-r--r--crypto/test/src/test/PSSTest.cs12
3 files changed, 24 insertions, 14 deletions
diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs
index c1613c8d1..2e4c37772 100644
--- a/crypto/src/crypto/signers/PssSigner.cs
+++ b/crypto/src/crypto/signers/PssSigner.cs
@@ -158,15 +158,15 @@ namespace Org.BouncyCastle.Crypto.Signers
 			{
 				parameters = withRandom.Parameters;
 				random = withRandom.Random;
-			}
-			else
+                cipher.Init(forSigning, withRandom);
+            }
+            else
 			{
 				random = forSigning ? CryptoServicesRegistrar.GetSecureRandom() : null;
-			}
-
-			cipher.Init(forSigning, parameters);
+                cipher.Init(forSigning, parameters);
+            }
 
-			RsaKeyParameters kParam;
+            RsaKeyParameters kParam;
 			if (parameters is RsaBlindingParameters blinding)
 			{
 				kParam = blinding.PublicKey;
@@ -185,8 +185,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 		}
 
 		/// <summary> clear possible sensitive data</summary>
-		private void ClearBlock(
-			byte[] block)
+		private void ClearBlock(byte[] block)
 		{
 			Array.Clear(block, 0, block.Length);
 		}
diff --git a/crypto/src/crypto/signers/X931Signer.cs b/crypto/src/crypto/signers/X931Signer.cs
index 9db4e1642..c185eacfd 100644
--- a/crypto/src/crypto/signers/X931Signer.cs
+++ b/crypto/src/crypto/signers/X931Signer.cs
@@ -71,9 +71,16 @@ namespace Org.BouncyCastle.Crypto.Signers
 
         public virtual void Init(bool forSigning, ICipherParameters parameters)
         {
-            kParam = (RsaKeyParameters)parameters;
+            if (parameters is ParametersWithRandom withRandom)
+            {
+                kParam = (RsaKeyParameters)withRandom.Parameters;
+            }
+            else
+            {
+                kParam = (RsaKeyParameters)parameters;
+            }
 
-            cipher.Init(forSigning, kParam);
+            cipher.Init(forSigning, parameters);
 
             keyBits = kParam.Modulus.BitLength;
 
diff --git a/crypto/test/src/test/PSSTest.cs b/crypto/test/src/test/PSSTest.cs
index de56886dd..3b5894c69 100644
--- a/crypto/test/src/test/PSSTest.cs
+++ b/crypto/test/src/test/PSSTest.cs
@@ -179,8 +179,8 @@ namespace Org.BouncyCastle.Tests
 			// Note: PSS minimum key size determined by hash/salt lengths
 //			PrivateKey priv2048Key = fact.generatePrivate(RSATest.priv2048KeySpec);
 //			PublicKey pub2048Key = fact.generatePublic(RSATest.pub2048KeySpec);
-			AsymmetricKeyParameter priv2048Key = RsaTest.priv2048KeySpec;
-			AsymmetricKeyParameter pub2048Key = RsaTest.pub2048KeySpec;
+			var priv2048Key = RsaTest.priv2048KeySpec;
+			var pub2048Key = RsaTest.pub2048KeySpec;
 
 			rawModeTest("SHA1withRSA/PSS", X509ObjectIdentifiers.IdSha1, priv2048Key, pub2048Key, random);
 			// FIXME
@@ -191,7 +191,7 @@ namespace Org.BouncyCastle.Tests
 		}
 
 		private void rawModeTest(string sigName, DerObjectIdentifier digestOID,
-			AsymmetricKeyParameter privKey, AsymmetricKeyParameter pubKey, SecureRandom random)
+			RsaPrivateCrtKeyParameters privKey, RsaKeyParameters pubKey, SecureRandom random)
 		{
 			byte[] sampleMessage = new byte[1000 + random.Next() % 100];
 			random.NextBytes(sampleMessage);
@@ -205,7 +205,11 @@ namespace Org.BouncyCastle.Tests
 			// FIXME
 //			int saltLen = spec.getSaltLength();
 //			byte[] fixedRandomBytes = new byte[saltLen];
-			byte[] fixedRandomBytes = new byte[128];
+
+			// TODO Consider a wrapping FixedSecureRandom to avoid exhaustion
+			// At least 20 for salt and enough to generate an RSA blind, but random blinding can theoretically draw more
+			int blindBytes = (pubKey.Modulus.BitLength + 7) / 8;
+			byte[] fixedRandomBytes = new byte[20 + blindBytes * 10];
 			random.NextBytes(fixedRandomBytes);
 
 			normalSig.Init(true, new ParametersWithRandom(privKey, FixedSecureRandom.From(fixedRandomBytes)));