diff options
| author | Oren Novotny <oren@novotny.org> | 2018-10-06 09:02:41 -0400 |
|---|---|---|
| committer | Oren Novotny <oren@novotny.org> | 2018-10-06 09:02:41 -0400 |
| commit | 3350bb30259861952a800527756f39df2c140b5b (patch) | |
| tree | 31944d5ec252481a88371c4ff9a4bcca9389b1a9 /crypto | |
| parent | rename entrypoint (diff) | |
| parent | Fix initialization checks (diff) | |
| download | BouncyCastle.NET-ed25519-3350bb30259861952a800527756f39df2c140b5b.tar.xz | |
merge from master
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/src/cms/SignerInformation.cs | 24 | ||||
| -rw-r--r-- | crypto/src/crypto/digests/NullDigest.cs | 24 | ||||
| -rw-r--r-- | crypto/src/crypto/signers/Ed25519Signer.cs | 8 | ||||
| -rw-r--r-- | crypto/src/crypto/signers/Ed25519ctxSigner.cs | 8 | ||||
| -rw-r--r-- | crypto/src/crypto/signers/Ed25519phSigner.cs | 4 | ||||
| -rw-r--r-- | crypto/src/crypto/signers/Ed448Signer.cs | 8 | ||||
| -rw-r--r-- | crypto/src/crypto/signers/Ed448phSigner.cs | 4 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsProtocol.cs | 29 | ||||
| -rw-r--r-- | crypto/src/util/io/Streams.cs | 25 |
9 files changed, 94 insertions, 40 deletions
diff --git a/crypto/src/cms/SignerInformation.cs b/crypto/src/cms/SignerInformation.cs index dad128263..39ecfa6d3 100644 --- a/crypto/src/cms/SignerInformation.cs +++ b/crypto/src/cms/SignerInformation.cs @@ -84,6 +84,30 @@ namespace Org.BouncyCastle.Cms this.digestCalculator = digestCalculator; } + /** + * Protected constructor. In some cases clients have their own idea about how to encode + * the signed attributes and calculate the signature. This constructor is to allow developers + * to deal with that by extending off the class and overridng methods like getSignedAttributes(). + * + * @param baseInfo the SignerInformation to base this one on. + */ + protected SignerInformation(SignerInformation baseInfo) + { + this.info = baseInfo.info; + this.contentType = baseInfo.contentType; + this.isCounterSignature = baseInfo.IsCounterSignature; + this.sid = baseInfo.SignerID; + this.digestAlgorithm = info.DigestAlgorithm; + this.signedAttributeSet = info.AuthenticatedAttributes; + this.unsignedAttributeSet = info.UnauthenticatedAttributes; + this.encryptionAlgorithm = info.DigestEncryptionAlgorithm; + this.signature = info.EncryptedDigest.GetOctets(); + this.content = baseInfo.content; + this.resultDigest = baseInfo.resultDigest; + this.signedAttributeTable = baseInfo.signedAttributeTable; + this.unsignedAttributeTable = baseInfo.unsignedAttributeTable; + } + public bool IsCounterSignature { get { return isCounterSignature; } diff --git a/crypto/src/crypto/digests/NullDigest.cs b/crypto/src/crypto/digests/NullDigest.cs index e598cb145..76b69afbf 100644 --- a/crypto/src/crypto/digests/NullDigest.cs +++ b/crypto/src/crypto/digests/NullDigest.cs @@ -1,6 +1,8 @@ using System; using System.IO; +using Org.BouncyCastle.Utilities.IO; + namespace Org.BouncyCastle.Crypto.Digests { public class NullDigest : IDigest @@ -20,7 +22,7 @@ namespace Org.BouncyCastle.Crypto.Digests public int GetDigestSize() { - return (int) bOut.Length; + return (int)bOut.Length; } public void Update(byte b) @@ -33,15 +35,19 @@ namespace Org.BouncyCastle.Crypto.Digests bOut.Write(inBytes, inOff, len); } - public int DoFinal(byte[] outBytes, int outOff) + public int DoFinal(byte[] outBytes, int outOff) { - byte[] res = bOut.ToArray(); - res.CopyTo(outBytes, outOff); - Reset(); - return res.Length; - } - - public void Reset() + try + { + return Streams.WriteBufTo(bOut, outBytes, outOff); + } + finally + { + Reset(); + } + } + + public void Reset() { bOut.SetLength(0); } diff --git a/crypto/src/crypto/signers/Ed25519Signer.cs b/crypto/src/crypto/signers/Ed25519Signer.cs index cfdf801de..437247c26 100644 --- a/crypto/src/crypto/signers/Ed25519Signer.cs +++ b/crypto/src/crypto/signers/Ed25519Signer.cs @@ -5,6 +5,7 @@ using System.Runtime.CompilerServices; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.Crypto.Signers { @@ -58,7 +59,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual byte[] GenerateSignature() { - if (!forSigning) + if (!forSigning || null == privateKey) throw new InvalidOperationException("Ed25519Signer not initialised for signature generation."); return buffer.GenerateSignature(privateKey, publicKey); @@ -66,7 +67,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature(byte[] signature) { - if (forSigning) + if (forSigning || null == publicKey) throw new InvalidOperationException("Ed25519Signer not initialised for verification"); return buffer.VerifySignature(publicKey, signature); @@ -128,8 +129,7 @@ namespace Org.BouncyCastle.Crypto.Signers { #if PORTABLE this.Position = 0L; - - // TODO Clear using Write method + Streams.WriteZeroes(this, count); #else Array.Clear(GetBuffer(), 0, (int)Position); #endif diff --git a/crypto/src/crypto/signers/Ed25519ctxSigner.cs b/crypto/src/crypto/signers/Ed25519ctxSigner.cs index 556d05885..495898349 100644 --- a/crypto/src/crypto/signers/Ed25519ctxSigner.cs +++ b/crypto/src/crypto/signers/Ed25519ctxSigner.cs @@ -5,6 +5,7 @@ using System.Runtime.CompilerServices; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.Crypto.Signers { @@ -60,7 +61,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual byte[] GenerateSignature() { - if (!forSigning) + if (!forSigning || null == privateKey) throw new InvalidOperationException("Ed25519ctxSigner not initialised for signature generation."); return buffer.GenerateSignature(privateKey, publicKey, context); @@ -68,7 +69,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature(byte[] signature) { - if (forSigning) + if (forSigning || null == publicKey) throw new InvalidOperationException("Ed25519ctxSigner not initialised for verification"); return buffer.VerifySignature(publicKey, context, signature); @@ -130,8 +131,7 @@ namespace Org.BouncyCastle.Crypto.Signers { #if PORTABLE this.Position = 0L; - - // TODO Clear using Write method + Streams.WriteZeroes(this, count); #else Array.Clear(GetBuffer(), 0, (int)Position); #endif diff --git a/crypto/src/crypto/signers/Ed25519phSigner.cs b/crypto/src/crypto/signers/Ed25519phSigner.cs index 0d3de96f3..3318f6438 100644 --- a/crypto/src/crypto/signers/Ed25519phSigner.cs +++ b/crypto/src/crypto/signers/Ed25519phSigner.cs @@ -60,7 +60,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual byte[] GenerateSignature() { - if (!forSigning) + if (!forSigning || null == privateKey) throw new InvalidOperationException("Ed25519phSigner not initialised for signature generation."); byte[] msg = new byte[Ed25519.PrehashSize]; @@ -74,7 +74,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature(byte[] signature) { - if (forSigning) + if (forSigning || null == publicKey) throw new InvalidOperationException("Ed25519phSigner not initialised for verification"); byte[] pk = publicKey.GetEncoded(); diff --git a/crypto/src/crypto/signers/Ed448Signer.cs b/crypto/src/crypto/signers/Ed448Signer.cs index c9f971e47..455400d22 100644 --- a/crypto/src/crypto/signers/Ed448Signer.cs +++ b/crypto/src/crypto/signers/Ed448Signer.cs @@ -5,6 +5,7 @@ using System.Runtime.CompilerServices; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.Crypto.Signers { @@ -60,7 +61,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual byte[] GenerateSignature() { - if (!forSigning) + if (!forSigning || null == privateKey) throw new InvalidOperationException("Ed448Signer not initialised for signature generation."); return buffer.GenerateSignature(privateKey, publicKey, context); @@ -68,7 +69,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature(byte[] signature) { - if (forSigning) + if (forSigning || null == publicKey) throw new InvalidOperationException("Ed448Signer not initialised for verification"); return buffer.VerifySignature(publicKey, context, signature); @@ -134,8 +135,7 @@ namespace Org.BouncyCastle.Crypto.Signers { #if PORTABLE this.Position = 0L; - - // TODO Clear using Write method + Streams.WriteZeroes(this, count); #else Array.Clear(GetBuffer(), 0, (int)Position); #endif diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs index 50d0a0154..b86d0855c 100644 --- a/crypto/src/crypto/signers/Ed448phSigner.cs +++ b/crypto/src/crypto/signers/Ed448phSigner.cs @@ -60,7 +60,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual byte[] GenerateSignature() { - if (!forSigning) + if (!forSigning || null == privateKey) throw new InvalidOperationException("Ed448phSigner not initialised for signature generation."); byte[] msg = new byte[Ed448.PrehashSize]; @@ -74,7 +74,7 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature(byte[] signature) { - if (forSigning) + if (forSigning || null == publicKey) throw new InvalidOperationException("Ed448phSigner not initialised for verification"); byte[] pk = publicKey.GetEncoded(); diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 72151d414..bbb76d53c 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -391,31 +391,30 @@ namespace Org.BouncyCastle.Crypto.Tls if (queue.Available < totalLength) break; - CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished); - /* * RFC 2246 7.4.9. The value handshake_messages includes all handshake messages * starting at client hello up to, but not including, this finished message. * [..] Note: [Also,] Hello Request messages are omitted from handshake hashes. */ - switch (type) - { - case HandshakeType.hello_request: - break; - case HandshakeType.finished: - default: + if (HandshakeType.hello_request != type) { - TlsContext ctx = Context; - if (type == HandshakeType.finished - && this.mExpectedVerifyData == null - && ctx.SecurityParameters.MasterSecret != null) + if (HandshakeType.finished == type) { - this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer); + CheckReceivedChangeCipherSpec(true); + + TlsContext ctx = Context; + if (this.mExpectedVerifyData == null + && ctx.SecurityParameters.MasterSecret != null) + { + this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer); + } + } + else + { + CheckReceivedChangeCipherSpec(mConnectionState == CS_END); } queue.CopyTo(mRecordStream.HandshakeHashUpdater, totalLength); - break; - } } queue.RemoveData(4); diff --git a/crypto/src/util/io/Streams.cs b/crypto/src/util/io/Streams.cs index cc7fa924c..503a1b4f1 100644 --- a/crypto/src/util/io/Streams.cs +++ b/crypto/src/util/io/Streams.cs @@ -96,5 +96,30 @@ namespace Org.BouncyCastle.Utilities.IO { buf.WriteTo(output); } + + /// <exception cref="IOException"></exception> + public static int WriteBufTo(MemoryStream buf, byte[] output, int offset) + { +#if PORTABLE + byte[] bytes = buf.ToArray(); + bytes.CopyTo(output, offset); + return bytes.Length; +#else + int size = (int)buf.Length; + buf.WriteTo(new MemoryStream(output, offset, size, true)); + return size; +#endif + } + + public static void WriteZeroes(Stream outStr, long count) + { + byte[] zeroes = new byte[BufferSize]; + while (count > BufferSize) + { + outStr.Write(zeroes, 0, BufferSize); + count -= BufferSize; + } + outStr.Write(zeroes, 0, (int)count); + } } } |