diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-04-30 21:29:35 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-04-30 21:29:35 +0700 |
commit | 0e7c96c131e921612e5521f33f57f319c9a6605f (patch) | |
tree | beca8c87111c7b4ca05399209e89b109653a5177 /crypto/test | |
parent | Merge branch 'kakkerlakgly-patch-3' (diff) | |
download | BouncyCastle.NET-ed25519-0e7c96c131e921612e5521f33f57f319c9a6605f.tar.xz |
EdDSA verifiers now reject overly long signatures
- see https://github.com/bcgit/bc-java/issues/508
Diffstat (limited to 'crypto/test')
-rw-r--r-- | crypto/test/src/crypto/test/Ed25519Test.cs | 42 | ||||
-rw-r--r-- | crypto/test/src/crypto/test/Ed448Test.cs | 42 |
2 files changed, 62 insertions, 22 deletions
diff --git a/crypto/test/src/crypto/test/Ed25519Test.cs b/crypto/test/src/crypto/test/Ed25519Test.cs index 82e36d991..c520eac2b 100644 --- a/crypto/test/src/crypto/test/Ed25519Test.cs +++ b/crypto/test/src/crypto/test/Ed25519Test.cs @@ -7,6 +7,7 @@ using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Crypto.Tests @@ -87,24 +88,43 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] signature = signer.GenerateSignature(); ISigner verifier = CreateSigner(algorithm, context); - verifier.Init(false, publicKey); - verifier.BlockUpdate(msg, 0, msg.Length); - bool shouldVerify = verifier.VerifySignature(signature); - if (!shouldVerify) { - Fail("Ed25519(" + algorithm + ") signature failed to verify"); + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldVerify = verifier.VerifySignature(signature); + + if (!shouldVerify) + { + Fail("Ed25519(" + algorithm + ") signature failed to verify"); + } } - signature[Random.Next() % signature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); + { + byte[] wrongLengthSignature = Arrays.Append(signature, 0x00); + + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature); - verifier.Init(false, publicKey); - verifier.BlockUpdate(msg, 0, msg.Length); - bool shouldNotVerify = verifier.VerifySignature(signature); + if (shouldNotVerify) + { + Fail("Ed25519(" + algorithm + ") wrong length signature incorrectly verified"); + } + } - if (shouldNotVerify) { - Fail("Ed25519(" + algorithm + ") bad signature incorrectly verified"); + byte[] badSignature = Arrays.Clone(signature); + badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); + + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldNotVerify = verifier.VerifySignature(badSignature); + + if (shouldNotVerify) + { + Fail("Ed25519(" + algorithm + ") bad signature incorrectly verified"); + } } } } diff --git a/crypto/test/src/crypto/test/Ed448Test.cs b/crypto/test/src/crypto/test/Ed448Test.cs index b035f554e..a73292430 100644 --- a/crypto/test/src/crypto/test/Ed448Test.cs +++ b/crypto/test/src/crypto/test/Ed448Test.cs @@ -7,6 +7,7 @@ using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Crypto.Tests @@ -83,24 +84,43 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] signature = signer.GenerateSignature(); ISigner verifier = CreateSigner(algorithm, context); - verifier.Init(false, publicKey); - verifier.BlockUpdate(msg, 0, msg.Length); - bool shouldVerify = verifier.VerifySignature(signature); - if (!shouldVerify) { - Fail("Ed448(" + algorithm + ") signature failed to verify"); + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldVerify = verifier.VerifySignature(signature); + + if (!shouldVerify) + { + Fail("Ed448(" + algorithm + ") signature failed to verify"); + } } - signature[Random.Next() % signature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); + { + byte[] wrongLengthSignature = Arrays.Append(signature, 0x00); + + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldNotVerify = verifier.VerifySignature(wrongLengthSignature); - verifier.Init(false, publicKey); - verifier.BlockUpdate(msg, 0, msg.Length); - bool shouldNotVerify = verifier.VerifySignature(signature); + if (shouldNotVerify) + { + Fail("Ed448(" + algorithm + ") wrong length signature incorrectly verified"); + } + } - if (shouldNotVerify) { - Fail("Ed448(" + algorithm + ") bad signature incorrectly verified"); + byte[] badSignature = Arrays.Clone(signature); + badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); + + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldNotVerify = verifier.VerifySignature(badSignature); + + if (shouldNotVerify) + { + Fail("Ed448(" + algorithm + ") bad signature incorrectly verified"); + } } } } |