From c1e0d224b9e34b40679ec105cd3a007a9ce37054 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 30 Jan 2023 16:20:40 +0700 Subject: Ensure configured SecureRandom is passed on --- crypto/src/crypto/signers/PssSigner.cs | 15 +++++++-------- crypto/src/crypto/signers/X931Signer.cs | 11 +++++++++-- crypto/test/src/test/PSSTest.cs | 12 ++++++++---- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs index c1613c8d1..2e4c37772 100644 --- a/crypto/src/crypto/signers/PssSigner.cs +++ b/crypto/src/crypto/signers/PssSigner.cs @@ -158,15 +158,15 @@ namespace Org.BouncyCastle.Crypto.Signers { parameters = withRandom.Parameters; random = withRandom.Random; - } - else + cipher.Init(forSigning, withRandom); + } + else { random = forSigning ? CryptoServicesRegistrar.GetSecureRandom() : null; - } - - cipher.Init(forSigning, parameters); + cipher.Init(forSigning, parameters); + } - RsaKeyParameters kParam; + RsaKeyParameters kParam; if (parameters is RsaBlindingParameters blinding) { kParam = blinding.PublicKey; @@ -185,8 +185,7 @@ namespace Org.BouncyCastle.Crypto.Signers } /// clear possible sensitive data - private void ClearBlock( - byte[] block) + private void ClearBlock(byte[] block) { Array.Clear(block, 0, block.Length); } diff --git a/crypto/src/crypto/signers/X931Signer.cs b/crypto/src/crypto/signers/X931Signer.cs index 9db4e1642..c185eacfd 100644 --- a/crypto/src/crypto/signers/X931Signer.cs +++ b/crypto/src/crypto/signers/X931Signer.cs @@ -71,9 +71,16 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual void Init(bool forSigning, ICipherParameters parameters) { - kParam = (RsaKeyParameters)parameters; + if (parameters is ParametersWithRandom withRandom) + { + kParam = (RsaKeyParameters)withRandom.Parameters; + } + else + { + kParam = (RsaKeyParameters)parameters; + } - cipher.Init(forSigning, kParam); + cipher.Init(forSigning, parameters); keyBits = kParam.Modulus.BitLength; diff --git a/crypto/test/src/test/PSSTest.cs b/crypto/test/src/test/PSSTest.cs index de56886dd..3b5894c69 100644 --- a/crypto/test/src/test/PSSTest.cs +++ b/crypto/test/src/test/PSSTest.cs @@ -179,8 +179,8 @@ namespace Org.BouncyCastle.Tests // Note: PSS minimum key size determined by hash/salt lengths // PrivateKey priv2048Key = fact.generatePrivate(RSATest.priv2048KeySpec); // PublicKey pub2048Key = fact.generatePublic(RSATest.pub2048KeySpec); - AsymmetricKeyParameter priv2048Key = RsaTest.priv2048KeySpec; - AsymmetricKeyParameter pub2048Key = RsaTest.pub2048KeySpec; + var priv2048Key = RsaTest.priv2048KeySpec; + var pub2048Key = RsaTest.pub2048KeySpec; rawModeTest("SHA1withRSA/PSS", X509ObjectIdentifiers.IdSha1, priv2048Key, pub2048Key, random); // FIXME @@ -191,7 +191,7 @@ namespace Org.BouncyCastle.Tests } private void rawModeTest(string sigName, DerObjectIdentifier digestOID, - AsymmetricKeyParameter privKey, AsymmetricKeyParameter pubKey, SecureRandom random) + RsaPrivateCrtKeyParameters privKey, RsaKeyParameters pubKey, SecureRandom random) { byte[] sampleMessage = new byte[1000 + random.Next() % 100]; random.NextBytes(sampleMessage); @@ -205,7 +205,11 @@ namespace Org.BouncyCastle.Tests // FIXME // int saltLen = spec.getSaltLength(); // byte[] fixedRandomBytes = new byte[saltLen]; - byte[] fixedRandomBytes = new byte[128]; + + // TODO Consider a wrapping FixedSecureRandom to avoid exhaustion + // At least 20 for salt and enough to generate an RSA blind, but random blinding can theoretically draw more + int blindBytes = (pubKey.Modulus.BitLength + 7) / 8; + byte[] fixedRandomBytes = new byte[20 + blindBytes * 10]; random.NextBytes(fixedRandomBytes); normalSig.Init(true, new ParametersWithRandom(privKey, FixedSecureRandom.From(fixedRandomBytes))); -- cgit 1.4.1