From 91d0463fd5bcfd29d8573daac2912c340fba715c Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 23 Oct 2022 13:24:28 +0700 Subject: SecureRandom refactoring in Cms --- crypto/src/cms/CMSAuthenticatedDataGenerator.cs | 18 ++++++------------ .../src/cms/CMSAuthenticatedDataStreamGenerator.cs | 20 +++++++------------- crypto/src/cms/CMSAuthenticatedGenerator.cs | 15 ++++----------- crypto/src/cms/CMSEnvelopedDataGenerator.cs | 17 ++++++++--------- crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs | 15 +++++++-------- crypto/src/cms/CMSEnvelopedGenerator.cs | 22 ++++++++++++---------- crypto/src/cms/CMSSignedDataGenerator.cs | 19 ++++++++----------- crypto/src/cms/CMSSignedDataStreamGenerator.cs | 9 ++++----- crypto/src/cms/CMSSignedGenerator.cs | 17 ++++++++++------- crypto/test/src/cms/test/CMSTestUtil.cs | 2 +- 10 files changed, 67 insertions(+), 87 deletions(-) diff --git a/crypto/src/cms/CMSAuthenticatedDataGenerator.cs b/crypto/src/cms/CMSAuthenticatedDataGenerator.cs index 9bfabe8b1..6c68bccd1 100644 --- a/crypto/src/cms/CMSAuthenticatedDataGenerator.cs +++ b/crypto/src/cms/CMSAuthenticatedDataGenerator.cs @@ -29,20 +29,14 @@ namespace Org.BouncyCastle.Cms public class CmsAuthenticatedDataGenerator : CmsAuthenticatedGenerator { - /** - * base constructor - */ public CmsAuthenticatedDataGenerator() { } - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - public CmsAuthenticatedDataGenerator( - SecureRandom rand) - : base(rand) + /// Constructor allowing specific source of randomness + /// Instance of SecureRandom to use. + public CmsAuthenticatedDataGenerator(SecureRandom random) + : base(random) { } @@ -109,7 +103,7 @@ namespace Org.BouncyCastle.Cms { try { - recipientInfos.Add(rig.Generate(encKey, rand)); + recipientInfos.Add(rig.Generate(encKey, m_random)); } catch (InvalidKeyException e) { @@ -142,7 +136,7 @@ namespace Org.BouncyCastle.Cms // FIXME Will this work for macs? CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keyGen.DefaultStrength)); + keyGen.Init(new KeyGenerationParameters(m_random, keyGen.DefaultStrength)); return Generate(content, encryptionOid, keyGen); } diff --git a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs index d66b0aea9..b2c5cac28 100644 --- a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs @@ -42,20 +42,14 @@ namespace Org.BouncyCastle.Cms private int _bufferSize; private bool _berEncodeRecipientSet; - /** - * base constructor - */ public CmsAuthenticatedDataStreamGenerator() { } - /** - * constructor allowing specific source of randomness - * @param rand instance of SecureRandom to use - */ - public CmsAuthenticatedDataStreamGenerator( - SecureRandom rand) - : base(rand) + /// Constructor allowing specific source of randomness + /// Instance of SecureRandom to use. + public CmsAuthenticatedDataStreamGenerator(SecureRandom random) + : base(random) { } @@ -105,7 +99,7 @@ namespace Org.BouncyCastle.Cms { try { - recipientInfos.Add(rig.Generate(encKey, rand)); + recipientInfos.Add(rig.Generate(encKey, m_random)); } catch (InvalidKeyException e) { @@ -195,7 +189,7 @@ namespace Org.BouncyCastle.Cms { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keyGen.DefaultStrength)); + keyGen.Init(new KeyGenerationParameters(m_random, keyGen.DefaultStrength)); return Open(outStr, encryptionOid, keyGen); } @@ -210,7 +204,7 @@ namespace Org.BouncyCastle.Cms { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keySize)); + keyGen.Init(new KeyGenerationParameters(m_random, keySize)); return Open(outStr, encryptionOid, keyGen); } diff --git a/crypto/src/cms/CMSAuthenticatedGenerator.cs b/crypto/src/cms/CMSAuthenticatedGenerator.cs index 8824d1913..1f73c9b19 100644 --- a/crypto/src/cms/CMSAuthenticatedGenerator.cs +++ b/crypto/src/cms/CMSAuthenticatedGenerator.cs @@ -14,21 +14,14 @@ namespace Org.BouncyCastle.Cms public class CmsAuthenticatedGenerator : CmsEnvelopedGenerator { - /** - * base constructor - */ public CmsAuthenticatedGenerator() { } - /** - * constructor allowing specific source of randomness - * - * @param rand instance of SecureRandom to use - */ - public CmsAuthenticatedGenerator( - SecureRandom rand) - : base(rand) + /// Constructor allowing specific source of randomness + /// Instance of SecureRandom to use. + public CmsAuthenticatedGenerator(SecureRandom random) + : base(random) { } } diff --git a/crypto/src/cms/CMSEnvelopedDataGenerator.cs b/crypto/src/cms/CMSEnvelopedDataGenerator.cs index d646480e0..1b618b331 100644 --- a/crypto/src/cms/CMSEnvelopedDataGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedDataGenerator.cs @@ -33,10 +33,9 @@ namespace Org.BouncyCastle.Cms } /// Constructor allowing specific source of randomness - /// Instance of SecureRandom to use. - public CmsEnvelopedDataGenerator( - SecureRandom rand) - : base(rand) + /// Instance of SecureRandom to use. + public CmsEnvelopedDataGenerator(SecureRandom random) + : base(random) { } @@ -65,7 +64,7 @@ namespace Org.BouncyCastle.Cms encryptionOid, encKey, asn1Params, out cipherParameters); IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid); - cipher.Init(true, new ParametersWithRandom(cipherParameters, rand)); + cipher.Init(true, new ParametersWithRandom(cipherParameters, m_random)); MemoryStream bOut = new MemoryStream(); CipherStream cOut = new CipherStream(bOut, null, cipher); @@ -96,7 +95,7 @@ namespace Org.BouncyCastle.Cms { try { - recipientInfos.Add(rig.Generate(encKey, rand)); + recipientInfos.Add(rig.Generate(encKey, m_random)); } catch (InvalidKeyException e) { @@ -138,7 +137,7 @@ namespace Org.BouncyCastle.Cms { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keyGen.DefaultStrength)); + keyGen.Init(new KeyGenerationParameters(m_random, keyGen.DefaultStrength)); return Generate(content, encryptionOid, keyGen); } @@ -185,7 +184,7 @@ namespace Org.BouncyCastle.Cms { try { - recipientInfos.Add(rig.Generate(encKey, rand)); + recipientInfos.Add(rig.Generate(encKey, m_random)); } catch (InvalidKeyException e) { @@ -228,7 +227,7 @@ namespace Org.BouncyCastle.Cms { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keySize)); + keyGen.Init(new KeyGenerationParameters(m_random, keySize)); return Generate(content, encryptionOid, keyGen); } diff --git a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs index 4a8b57aad..6a362e13f 100644 --- a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs @@ -46,10 +46,9 @@ namespace Org.BouncyCastle.Cms } /// Constructor allowing specific source of randomness - /// Instance of SecureRandom to use. - public CmsEnvelopedDataStreamGenerator( - SecureRandom rand) - : base(rand) + /// Instance of SecureRandom to use. + public CmsEnvelopedDataStreamGenerator(SecureRandom random) + : base(random) { } @@ -104,7 +103,7 @@ namespace Org.BouncyCastle.Cms { try { - recipientInfos.Add(rig.Generate(encKey, rand)); + recipientInfos.Add(rig.Generate(encKey, m_random)); } catch (InvalidKeyException e) { @@ -162,7 +161,7 @@ namespace Org.BouncyCastle.Cms eiGen.GetRawOutputStream(), 0, false, _bufferSize); IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.Algorithm); - cipher.Init(true, new ParametersWithRandom(cipherParameters, rand)); + cipher.Init(true, new ParametersWithRandom(cipherParameters, m_random)); CipherStream cOut = new CipherStream(octetOutputStream, null, cipher); return new CmsEnvelopedDataOutputStream(this, cOut, cGen, envGen, eiGen); @@ -191,7 +190,7 @@ namespace Org.BouncyCastle.Cms { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keyGen.DefaultStrength)); + keyGen.Init(new KeyGenerationParameters(m_random, keyGen.DefaultStrength)); return Open(outStream, encryptionOid, keyGen); } @@ -207,7 +206,7 @@ namespace Org.BouncyCastle.Cms { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); - keyGen.Init(new KeyGenerationParameters(rand, keySize)); + keyGen.Init(new KeyGenerationParameters(m_random, keySize)); return Open(outStream, encryptionOid, keyGen); } diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index e0a94c4d3..eef572878 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -30,7 +30,7 @@ namespace Org.BouncyCastle.Cms * CMSEnvelopedData data = fact.generate(content, algorithm, "BC"); * */ - public class CmsEnvelopedGenerator + public abstract class CmsEnvelopedGenerator { // Note: These tables are complementary: If rc2Table[i]==j, then rc2Ekb[j]==i internal static readonly short[] rc2Table = @@ -100,21 +100,23 @@ namespace Org.BouncyCastle.Cms public static readonly string ECMqvSha1Kdf = X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id; internal readonly IList recipientInfoGenerators = new List(); - internal readonly SecureRandom rand; + internal readonly SecureRandom m_random; internal CmsAttributeTableGenerator unprotectedAttributeGenerator = null; - public CmsEnvelopedGenerator() - : this(new SecureRandom()) + protected CmsEnvelopedGenerator() + : this(CryptoServicesRegistrar.GetSecureRandom()) { } /// Constructor allowing specific source of randomness - /// Instance of SecureRandom to use. - public CmsEnvelopedGenerator( - SecureRandom rand) + /// Instance of SecureRandom to use. + protected CmsEnvelopedGenerator(SecureRandom random) { - this.rand = rand; + if (random == null) + throw new ArgumentNullException(nameof(random)); + + m_random = random; } public CmsAttributeTableGenerator UnprotectedAttributeGenerator @@ -304,7 +306,7 @@ namespace Org.BouncyCastle.Cms if (encryptionOid.Equals(RC2Cbc)) { byte[] iv = new byte[8]; - rand.NextBytes(iv); + m_random.NextBytes(iv); // TODO Is this detailed repeat of Java version really necessary? int effKeyBits = encKeyBytes.Length * 8; @@ -323,7 +325,7 @@ namespace Org.BouncyCastle.Cms } else { - asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand); + asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, m_random); } } catch (SecurityUtilityException) diff --git a/crypto/src/cms/CMSSignedDataGenerator.cs b/crypto/src/cms/CMSSignedDataGenerator.cs index c2304a09b..fff22e057 100644 --- a/crypto/src/cms/CMSSignedDataGenerator.cs +++ b/crypto/src/cms/CMSSignedDataGenerator.cs @@ -55,6 +55,7 @@ namespace Org.BouncyCastle.Cms internal SignerInf( CmsSignedGenerator outer, AsymmetricKeyParameter key, + SecureRandom random, SignerIdentifier signerIdentifier, string digestOID, string encOID, @@ -67,7 +68,7 @@ namespace Org.BouncyCastle.Cms string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOID); this.outer = outer; - this.sigCalc = new Asn1SignatureFactory(signatureName, key); + this.sigCalc = new Asn1SignatureFactory(signatureName, key, random); this.signerIdentifier = signerIdentifier; this.digestOID = digestOID; this.encOID = encOID; @@ -110,10 +111,7 @@ namespace Org.BouncyCastle.Cms get { return unsAttr; } } - internal SignerInfo ToSignerInfo( - DerObjectIdentifier contentType, - CmsProcessable content, - SecureRandom random) + internal SignerInfo ToSignerInfo(DerObjectIdentifier contentType, CmsProcessable content) { AlgorithmIdentifier digAlgId = DigestAlgorithmID; string digestName = Helper.GetDigestAlgName(digestOID); @@ -196,10 +194,9 @@ namespace Org.BouncyCastle.Cms } /// Constructor allowing specific source of randomness - /// Instance of SecureRandom to use. - public CmsSignedDataGenerator( - SecureRandom rand) - : base(rand) + /// Instance of SecureRandom to use. + public CmsSignedDataGenerator(SecureRandom random) + : base(random) { } @@ -425,7 +422,7 @@ namespace Org.BouncyCastle.Cms CmsAttributeTableGenerator unsignedAttrGen, Asn1.Cms.AttributeTable baseSignedTable) { - signerInfs.Add(new SignerInf(this, privateKey, signerIdentifier, digestOID, encryptionOID, + signerInfs.Add(new SignerInf(this, privateKey, m_random, signerIdentifier, digestOID, encryptionOID, signedAttrGen, unsignedAttrGen, baseSignedTable)); } @@ -480,7 +477,7 @@ namespace Org.BouncyCastle.Cms try { digestAlgs.Add(signer.DigestAlgorithmID); - signerInfos.Add(signer.ToSignerInfo(contentTypeOid, content, rand)); + signerInfos.Add(signer.ToSignerInfo(contentTypeOid, content)); } catch (IOException e) { diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs index 96200fc8c..f934b9259 100644 --- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs @@ -137,7 +137,7 @@ namespace Org.BouncyCastle.Cms } } - _sig.Init(true, new ParametersWithRandom(key, outer.rand)); + _sig.Init(true, new ParametersWithRandom(key, outer.m_random)); } public SignerInfo Generate(DerObjectIdentifier contentType, AlgorithmIdentifier digestAlgorithm, @@ -234,10 +234,9 @@ namespace Org.BouncyCastle.Cms } /// Constructor allowing specific source of randomness - /// Instance of SecureRandom to use. - public CmsSignedDataStreamGenerator( - SecureRandom rand) - : base(rand) + /// Instance of SecureRandom to use. + public CmsSignedDataStreamGenerator(SecureRandom random) + : base(random) { } diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs index 58f66f214..c16f6e83c 100644 --- a/crypto/src/cms/CMSSignedGenerator.cs +++ b/crypto/src/cms/CMSSignedGenerator.cs @@ -15,6 +15,7 @@ using Org.BouncyCastle.Asn1.Rosstandart; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; +using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; @@ -481,7 +482,7 @@ namespace Org.BouncyCastle.Cms } } - public class CmsSignedGenerator + public abstract class CmsSignedGenerator { /** * Default type for the signed data. @@ -516,19 +517,21 @@ namespace Org.BouncyCastle.Cms internal bool _useDerForCerts = false; internal bool _useDerForCrls = false; - protected readonly SecureRandom rand; + protected readonly SecureRandom m_random; protected CmsSignedGenerator() - : this(new SecureRandom()) + : this(CryptoServicesRegistrar.GetSecureRandom()) { } /// Constructor allowing specific source of randomness - /// Instance of SecureRandom to use. - protected CmsSignedGenerator( - SecureRandom rand) + /// Instance of SecureRandom to use. + protected CmsSignedGenerator(SecureRandom random) { - this.rand = rand; + if (random == null) + throw new ArgumentNullException(nameof(random)); + + m_random = random; } internal protected virtual IDictionary GetBaseParameters( diff --git a/crypto/test/src/cms/test/CMSTestUtil.cs b/crypto/test/src/cms/test/CMSTestUtil.cs index 016260625..e98810c84 100644 --- a/crypto/test/src/cms/test/CMSTestUtil.cs +++ b/crypto/test/src/cms/test/CMSTestUtil.cs @@ -396,7 +396,7 @@ namespace Org.BouncyCastle.Cms.Tests crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public)); - return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null)); + return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, Random)); } /* -- cgit 1.4.1