Reset after wrong-length failure

2 files changed, 78 insertions, 0 deletions

diff --git a/crypto/test/src/crypto/test/Ed25519Test.cs b/crypto/test/src/crypto/test/Ed25519Test.cs

index c520eac2b..516574bc3 100644
--- a/crypto/test/src/crypto/test/Ed25519Test.cs
+++ b/crypto/test/src/crypto/test/Ed25519Test.cs
@@ -8,6 +8,7 @@ using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Math.EC.Rfc8032;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
 
 namespace Org.BouncyCastle.Crypto.Tests
@@ -38,6 +39,8 @@ namespace Org.BouncyCastle.Crypto.Tests
 
         public override void PerformTest()
         {
+            BasicSigTest();
+
             for (int i = 0; i < 10; ++i)
             {
                 DoTestConsistency(Ed25519.Algorithm.Ed25519, null);
@@ -48,6 +51,25 @@ namespace Org.BouncyCastle.Crypto.Tests
             }
         }
 
+        private void BasicSigTest()
+        {
+            Ed25519PrivateKeyParameters privateKey = new Ed25519PrivateKeyParameters(
+                Hex.DecodeStrict("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"), 0);
+            Ed25519PublicKeyParameters publicKey = new Ed25519PublicKeyParameters(
+                Hex.DecodeStrict("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"), 0);
+
+            byte[] sig = Hex.Decode("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
+
+            ISigner signer = new Ed25519Signer();
+            signer.Init(true, privateKey);
+
+            IsTrue(AreEqual(sig, signer.GenerateSignature()));
+
+            signer.Init(false, publicKey);
+
+            IsTrue(signer.VerifySignature(sig));
+        }
+
         private ISigner CreateSigner(Ed25519.Algorithm algorithm, byte[] context)
         {
             switch (algorithm)
@@ -113,6 +135,16 @@ namespace Org.BouncyCastle.Crypto.Tests
                 }
             }
 
+            if (msg.Length > 0)
+            {
+                bool shouldNotVerify = verifier.VerifySignature(signature);
+
+                if (shouldNotVerify)
+                {
+                    Fail("Ed25519(" + algorithm + ") wrong length failure did not reset verifier");
+                }
+            }
+
             {
                 byte[] badSignature = Arrays.Clone(signature);
                 badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7));
diff --git a/crypto/test/src/crypto/test/Ed448Test.cs b/crypto/test/src/crypto/test/Ed448Test.cs

index a73292430..114a31714 100644
--- a/crypto/test/src/crypto/test/Ed448Test.cs
+++ b/crypto/test/src/crypto/test/Ed448Test.cs
@@ -8,6 +8,7 @@ using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Math.EC.Rfc8032;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
 
 namespace Org.BouncyCastle.Crypto.Tests
@@ -38,6 +39,8 @@ namespace Org.BouncyCastle.Crypto.Tests
 
         public override void PerformTest()
         {
+            BasicSigTest();
+
             for (int i = 0; i < 10; ++i)
             {
                 byte[] context = RandomContext(Random.NextInt() & 255);
@@ -46,6 +49,39 @@ namespace Org.BouncyCastle.Crypto.Tests
             }
         }
 
+        private void BasicSigTest()
+        {
+            Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters(
+                Hex.DecodeStrict(
+                    "6c82a562cb808d10d632be89c8513ebf" +
+                    "6c929f34ddfa8c9f63c9960ef6e348a3" +
+                    "528c8a3fcc2f044e39a3fc5b94492f8f" +
+                    "032e7549a20098f95b"), 0);
+            Ed448PublicKeyParameters publicKey = new Ed448PublicKeyParameters(
+                Hex.DecodeStrict("5fd7449b59b461fd2ce787ec616ad46a" +
+                    "1da1342485a70e1f8a0ea75d80e96778" +
+                    "edf124769b46c7061bd6783df1e50f6c" +
+                    "d1fa1abeafe8256180"), 0);
+
+            byte[] sig = Hex.DecodeStrict("533a37f6bbe457251f023c0d88f976ae" +
+                "2dfb504a843e34d2074fd823d41a591f" +
+                "2b233f034f628281f2fd7a22ddd47d78" +
+                "28c59bd0a21bfd3980ff0d2028d4b18a" +
+                "9df63e006c5d1c2d345b925d8dc00b41" +
+                "04852db99ac5c7cdda8530a113a0f4db" +
+                "b61149f05a7363268c71d95808ff2e65" +
+                "2600");
+
+            ISigner signer = new Ed448Signer(new byte[0]);
+            signer.Init(true, privateKey);
+
+            IsTrue(AreEqual(sig, signer.GenerateSignature()));
+
+            signer.Init(false, publicKey);
+
+            IsTrue(signer.VerifySignature(sig));
+        }
+
         private ISigner CreateSigner(Ed448.Algorithm algorithm, byte[] context)
         {
             switch (algorithm)
@@ -109,6 +145,16 @@ namespace Org.BouncyCastle.Crypto.Tests
                 }
             }
 
+            if (msg.Length > 0)
+            {
+                bool shouldNotVerify = verifier.VerifySignature(signature);
+
+                if (shouldNotVerify)
+                {
+                    Fail("Ed448(" + algorithm + ") wrong length failure did not reset verifier");
+                }
+            }
+
             {
                 byte[] badSignature = Arrays.Clone(signature);
                 badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7));