diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-04 20:25:34 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-05-04 20:25:34 +0700 |
| commit | d2e7b80ec7d7955cebb9ad6bc62ca339bff6d018 (patch) | |
| tree | 4ef8ea5769f16a0343cc3a3b7009ecf9b46f8652 /crypto/src/tls | |
| parent | Provide getter for native certificate instance (diff) | |
| download | BouncyCastle.NET-ed25519-d2e7b80ec7d7955cebb9ad6bc62ca339bff6d018.tar.xz | |
TLS PSS raw signatures
Diffstat (limited to 'crypto/src/tls')
| -rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs | 16 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs | 9 |
2 files changed, 17 insertions, 8 deletions
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs index 3e7d1ceef..1b33573f6 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC this.m_signatureScheme = signatureScheme; } - public override TlsStreamSigner GetStreamSigner(SignatureAndHashAlgorithm algorithm) + public override byte[] GenerateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) { if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme) throw new InvalidOperationException("Invalid algorithm: " + algorithm); @@ -30,10 +30,18 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(m_signatureScheme); IDigest digest = m_crypto.CreateDigest(cryptoHashAlgorithm); - PssSigner signer = new PssSigner(new RsaBlindedEngine(), digest, digest.GetDigestSize()); + PssSigner signer = PssSigner.CreateRawSigner(new RsaBlindedEngine(), digest, digest, digest.GetDigestSize(), + PssSigner.TrailerImplicit); signer.Init(true, new ParametersWithRandom(m_privateKey, m_crypto.SecureRandom)); - - return new BcTlsStreamSigner(signer); + signer.BlockUpdate(hash, 0, hash.Length); + try + { + return signer.GenerateSignature(); + } + catch (CryptoException e) + { + throw new TlsFatalAlert(AlertDescription.internal_error, e); + } } } } diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs index dc8cebdd9..18c2082aa 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC this.m_signatureScheme = signatureScheme; } - public override TlsStreamVerifier GetStreamVerifier(DigitallySigned digitallySigned) + public override bool VerifyRawSignature(DigitallySigned digitallySigned, byte[] hash) { SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm; if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme) @@ -31,10 +31,11 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(m_signatureScheme); IDigest digest = m_crypto.CreateDigest(cryptoHashAlgorithm); - PssSigner verifier = new PssSigner(new RsaEngine(), digest, digest.GetDigestSize()); + PssSigner verifier = PssSigner.CreateRawSigner(new RsaEngine(), digest, digest, digest.GetDigestSize(), + PssSigner.TrailerImplicit); verifier.Init(false, m_publicKey); - - return new BcTlsStreamVerifier(verifier, digitallySigned.Signature); + verifier.BlockUpdate(hash, 0, hash.Length); + return verifier.VerifySignature(digitallySigned.Signature); } } } |