diff --git a/crypto/test/src/crypto/test/OAEPTest.cs b/crypto/test/src/crypto/test/OAEPTest.cs
index bc1dd9292..204784cee 100644
--- a/crypto/test/src/crypto/test/OAEPTest.cs
+++ b/crypto/test/src/crypto/test/OAEPTest.cs
@@ -8,6 +8,7 @@ using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
+using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
@@ -780,8 +781,10 @@ namespace Org.BouncyCastle.Crypto.Tests
OaepVecTest(1027, 5, pubParam, privParam, seed_1027_5, input_1027_5, output_1027_5);
OaepVecTest(1027, 6, pubParam, privParam, seed_1027_6, input_1027_6, output_1027_6);
+ TestForHighByteError("invalidCiphertextOaepTest 1024", 1024);
+
//
- // OAEP - public encrypt, private decrypt differring hashes
+ // OAEP - public encrypt, private decrypt, differing hashes
//
IAsymmetricBlockCipher cipher = new OaepEncoding(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), new byte[10]);
@@ -822,8 +825,78 @@ namespace Org.BouncyCastle.Crypto.Tests
}
}
- public static void Main(
- string[] args)
+ private void TestForHighByteError(string label, int keySizeBits)
+ {
+ // draw a key of the size asked
+ BigInteger e = BigInteger.One.ShiftLeft(16).Add(BigInteger.One);
+
+ IAsymmetricCipherKeyPairGenerator kpGen = new RsaKeyPairGenerator();
+
+ kpGen.Init(new RsaKeyGenerationParameters(e, new SecureRandom(), keySizeBits, 100));
+
+ AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
+
+ IAsymmetricBlockCipher cipher = new OaepEncoding(new RsaEngine());
+
+ // obtain a known good ciphertext
+ cipher.Init(true, new ParametersWithRandom(kp.Public, new VecRand(seed)));
+ byte[] m = { 42 };
+ byte[] c = cipher.ProcessBlock(m, 0, m.Length);
+ int keySizeBytes = (keySizeBits + 7) / 8;
+ if (c.Length != keySizeBytes)
+ {
+ Fail(label + " failed ciphertext size");
+ }
+
+ BigInteger n = ((RsaPrivateCrtKeyParameters)kp.Private).Modulus;
+
+ // decipher
+ cipher.Init(false, kp.Private);
+ byte[] r = cipher.ProcessBlock(c, 0, keySizeBytes);
+ if (r.Length != 1 || r[0] != 42)
+ {
+ Fail(label + " failed first decryption of test message");
+ }
+
+ // decipher again
+ r = cipher.ProcessBlock(c, 0, keySizeBytes);
+ if (r.Length != 1 || r[0] != 42)
+ {
+ Fail(label + " failed second decryption of test message");
+ }
+
+ // check hapazard incorrect ciphertexts
+ for (int i = keySizeBytes * 8; --i >= 0; )
+ {
+ c[i / 8] ^= (byte)(1 << (i & 7));
+ bool ko = true;
+ try
+ {
+ BigInteger cV = new BigInteger(1, c);
+
+ // don't pass in c if it will be rejected trivially
+ if (cV.CompareTo(n) < 0)
+ {
+ r = cipher.ProcessBlock(c, 0, keySizeBytes);
+ }
+ else
+ {
+ ko = false; // size errors are picked up at start
+ }
+ }
+ catch (InvalidCipherTextException)
+ {
+ ko = false;
+ }
+ if (ko)
+ {
+ Fail(label + " invalid ciphertext caused no exception");
+ }
+ c[i / 8] ^= (byte)(1 << (i & 7));
+ }
+ }
+
+ public static void Main(string[] args)
{
RunTest(new OaepTest());
}
|
