Merge branch 'master' of git.bouncycastle.org:bc-csharp

author: Peter Dettman <peter.dettman@bouncycastle.org> 2015-12-21 19:48:20 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2015-12-21 19:48:20 +0700
commit: 156e77dfbfb4fbce63962cf033cb4e6b8047007d (patch)
tree: 5954faedae0975c1fe6d17b640038c8165b4642c /crypto
parent: BJA-584 Fix DTLS record-layer version handling (diff)
parent: Added use of standard salt if provided. (diff)
download: BouncyCastle.NET-ed25519-156e77dfbfb4fbce63962cf033cb4e6b8047007d.tar.xz
3 files changed, 94 insertions, 10 deletions
diff --git a/crypto/src/crypto/signers/Iso9796d2PssSigner.cs b/crypto/src/crypto/signers/Iso9796d2PssSigner.cs
index fb117c19d..3aa2e3719 100644
--- a/crypto/src/crypto/signers/Iso9796d2PssSigner.cs
+++ b/crypto/src/crypto/signers/Iso9796d2PssSigner.cs
@@ -486,7 +486,14 @@ namespace Org.BouncyCastle.Crypto.Signers
             digest.BlockUpdate(m2Hash, 0, m2Hash.Length);
 
             // Update for the salt
-            digest.BlockUpdate(block, mStart + recoveredMessage.Length, saltLength);
+            if (standardSalt != null)
+            {
+                digest.BlockUpdate(standardSalt, 0, standardSalt.Length);
+            }
+            else
+            {
+                digest.BlockUpdate(block, mStart + recoveredMessage.Length, saltLength);
+            }
 
             byte[] hash = new byte[digest.GetDigestSize()];
             digest.DoFinal(hash, 0);
diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs
index 03890902b..23b7c0f49 100644
--- a/crypto/src/crypto/signers/PssSigner.cs
+++ b/crypto/src/crypto/signers/PssSigner.cs
@@ -25,6 +25,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 		private int hLen;
 		private int mgfhLen;
 		private int sLen;
+        private bool sSet;
 		private int emBits;
 		private byte[] salt;
 		private byte[] mDash;
@@ -35,7 +36,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			IAsymmetricBlockCipher	cipher,
 			IDigest					digest)
 		{
-			return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), TrailerImplicit);
+			return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), null, TrailerImplicit);
 		}
 
 		public static PssSigner CreateRawSigner(
@@ -45,7 +46,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			int						saltLen,
 			byte					trailer)
 		{
-			return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, trailer);
+			return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, null, trailer);
 		}
 
 		public PssSigner(
@@ -67,7 +68,19 @@ namespace Org.BouncyCastle.Crypto.Signers
 		{
 		}
 
-		public PssSigner(
+        /// <summary>Basic constructor</summary>
+        /// <param name="cipher">the asymmetric cipher to use.</param>
+        /// <param name="digest">the digest to use.</param>
+        /// <param name="salt">the fixed salt to be used.</param>
+        public PssSigner(
+            IAsymmetricBlockCipher cipher,
+            IDigest digest,
+            byte[] salt)
+            : this(cipher, digest, digest, digest, salt.Length, salt, TrailerImplicit)
+        {
+        }
+
+        public PssSigner(
 			IAsymmetricBlockCipher	cipher,
 			IDigest					contentDigest,
 			IDigest					mgfDigest,
@@ -76,7 +89,16 @@ namespace Org.BouncyCastle.Crypto.Signers
 		{
 		}
 
-		public PssSigner(
+        public PssSigner(
+            IAsymmetricBlockCipher cipher,
+            IDigest contentDigest,
+            IDigest mgfDigest,
+            byte[] salt)
+            : this(cipher, contentDigest, contentDigest, mgfDigest, salt.Length, salt, TrailerImplicit)
+        {
+        }
+
+        public PssSigner(
 			IAsymmetricBlockCipher	cipher,
 			IDigest					digest,
 			int						saltLen,
@@ -91,7 +113,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			IDigest					mgfDigest,
 			int						saltLen,
 			byte					trailer)
-			: this(cipher, contentDigest, contentDigest, mgfDigest, saltLen, trailer)
+			: this(cipher, contentDigest, contentDigest, mgfDigest, saltLen, null, trailer)
 		{
 		}
 
@@ -101,6 +123,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			IDigest					contentDigest2,
 			IDigest					mgfDigest,
 			int						saltLen,
+            byte[]                  salt,
 			byte					trailer)
 		{
 			this.cipher = cipher;
@@ -110,7 +133,15 @@ namespace Org.BouncyCastle.Crypto.Signers
 			this.hLen = contentDigest2.GetDigestSize();
 			this.mgfhLen = mgfDigest.GetDigestSize();
 			this.sLen = saltLen;
-			this.salt = new byte[saltLen];
+            this.sSet = salt != null;
+            if (sSet)
+            {
+                this.salt = salt;
+            }
+            else
+            {
+                this.salt = new byte[saltLen];
+            }
 			this.mDash = new byte[8 + saltLen + hLen];
 			this.trailer = trailer;
 		}
@@ -197,7 +228,10 @@ namespace Org.BouncyCastle.Crypto.Signers
 
 			if (sLen != 0)
 			{
-				random.NextBytes(salt);
+                if (!sSet)
+                {
+                    random.NextBytes(salt);
+                }
 				salt.CopyTo(mDash, mDash.Length - sLen);
 			}
 
@@ -270,7 +304,14 @@ namespace Org.BouncyCastle.Crypto.Signers
 				return false;
 			}
 
-			Array.Copy(block, block.Length - sLen - hLen - 1, mDash, mDash.Length - sLen, sLen);
+            if (sSet)
+            {
+                Array.Copy(salt, 0, mDash, mDash.Length - sLen, sLen);
+            }
+            else
+            {
+                Array.Copy(block, block.Length - sLen - hLen - 1, mDash, mDash.Length - sLen, sLen);
+            }
 
 			contentDigest2.BlockUpdate(mDash, 0, mDash.Length);
 			contentDigest2.DoFinal(mDash, mDash.Length - hLen);
diff --git a/crypto/test/src/crypto/test/PSSTest.cs b/crypto/test/src/crypto/test/PSSTest.cs
index 91d8d3a6e..8578d254f 100644
--- a/crypto/test/src/crypto/test/PSSTest.cs
+++ b/crypto/test/src/crypto/test/PSSTest.cs
@@ -319,9 +319,45 @@ namespace Org.BouncyCastle.Crypto.Tests
 			{
 				Fail("loop test failed - failures: " + failed);
 			}
+
+            fixedSaltTest();
 		}
 
-		public static void Main(
+        private void fixedSaltTest()
+        {
+            byte[] data = Hex.Decode("010203040506070809101112131415");
+
+            PssSigner eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("deadbeef"));
+
+            eng.Init(true, prv8);
+
+            eng.BlockUpdate(data, 0, data.Length);
+
+            byte[] s = eng.GenerateSignature();
+
+            eng.Init(false, pub8);
+
+            eng.BlockUpdate(data, 0, data.Length);
+
+            if (!eng.VerifySignature(s))
+            {
+                Fail("fixed salt failed");
+            }
+
+            // test failure
+            eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("beefbeef"));
+
+            eng.Init(false, pub8);
+
+            eng.BlockUpdate(data, 0, data.Length);
+
+            if (eng.VerifySignature(s))
+            {
+                Fail("fixed salt failure verfied");
+            }
+        }
+
+        public static void Main(
 			string[] args)
 		{
 			RunTest(new PssTest());
author	Peter Dettman <peter.dettman@bouncycastle.org>	2015-12-21 19:48:20 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2015-12-21 19:48:20 +0700
commit	156e77dfbfb4fbce63962cf033cb4e6b8047007d (patch)
tree	5954faedae0975c1fe6d17b640038c8165b4642c /crypto
parent	BJA-584 Fix DTLS record-layer version handling (diff)
parent	Added use of standard salt if provided. (diff)
download	BouncyCastle.NET-ed25519-156e77dfbfb4fbce63962cf033cb4e6b8047007d.tar.xz