From 6523b613d4a657b02da0777083116a2f5df55e98 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 23 Oct 2022 17:36:05 +0700 Subject: Complete SecureRandom refactoring --- crypto/src/math/BigInteger.cs | 8 +++----- crypto/src/math/ec/ECCurve.cs | 4 ++-- crypto/src/math/ec/ECPoint.cs | 7 +------ crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs | 3 ++- crypto/src/math/raw/Mod.cs | 12 +++++------- 5 files changed, 13 insertions(+), 21 deletions(-) (limited to 'crypto/src/math') diff --git a/crypto/src/math/BigInteger.cs b/crypto/src/math/BigInteger.cs index 5986f9fd8..caf78843e 100644 --- a/crypto/src/math/BigInteger.cs +++ b/crypto/src/math/BigInteger.cs @@ -163,8 +163,6 @@ namespace Org.BouncyCastle.Math private const int chunk2 = 1, chunk8 = 1, chunk10 = 19, chunk16 = 16; private static readonly BigInteger radix2, radix2E, radix8, radix8E, radix10, radix10E, radix16, radix16E; - private static readonly SecureRandom RandomSource = new SecureRandom(new VmpcRandomGenerator(), 16); - /* * These are the threshold bit-lengths (of an exponent) where we increase the window size. * They are calculated according to the expected savings in multiplications. @@ -244,7 +242,7 @@ namespace Org.BouncyCastle.Math public static BigInteger Arbitrary(int sizeInBits) { - return new BigInteger(sizeInBits, RandomSource); + return new BigInteger(sizeInBits, SecureRandom.ArbitraryRandom); } private BigInteger( @@ -1460,7 +1458,7 @@ namespace Org.BouncyCastle.Math if (n.Equals(One)) return false; - return n.CheckProbablePrime(certainty, RandomSource, randomlySelected); + return n.CheckProbablePrime(certainty, SecureRandom.ArbitraryRandom, randomlySelected); } private bool CheckProbablePrime(int certainty, Random random, bool randomlySelected) @@ -2633,7 +2631,7 @@ namespace Org.BouncyCastle.Math BigInteger n = Inc().SetBit(0); - while (!n.CheckProbablePrime(100, RandomSource, false)) + while (!n.CheckProbablePrime(100, SecureRandom.ArbitraryRandom, false)) { n = n.Add(Two); } diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs index d17c6b1c1..b37d62721 100644 --- a/crypto/src/math/ec/ECCurve.cs +++ b/crypto/src/math/ec/ECCurve.cs @@ -737,7 +737,6 @@ namespace Org.BouncyCastle.Math.EC private const int FP_DEFAULT_COORDS = COORD_JACOBIAN_MODIFIED; private static readonly HashSet KnownQs = new HashSet(); - private static readonly SecureRandom random = new SecureRandom(); protected readonly BigInteger m_q, m_r; protected readonly FpPoint m_infinity; @@ -771,7 +770,8 @@ namespace Org.BouncyCastle.Math.EC throw new ArgumentException("Fp q value out of range"); if (Primes.HasAnySmallFactors(q) || - !Primes.IsMRProbablePrime(q, random, GetNumberOfIterations(qBitLength, certainty))) + !Primes.IsMRProbablePrime(q, SecureRandom.ArbitraryRandom, + GetNumberOfIterations(qBitLength, certainty))) { throw new ArgumentException("Fp q value not prime"); } diff --git a/crypto/src/math/ec/ECPoint.cs b/crypto/src/math/ec/ECPoint.cs index fc0ddf035..ee7cf9a92 100644 --- a/crypto/src/math/ec/ECPoint.cs +++ b/crypto/src/math/ec/ECPoint.cs @@ -12,8 +12,6 @@ namespace Org.BouncyCastle.Math.EC */ public abstract class ECPoint { - private static readonly SecureRandom Random = new SecureRandom(); - protected static ECFieldElement[] EMPTY_ZS = new ECFieldElement[0]; protected static ECFieldElement[] GetInitialZCoords(ECCurve curve) @@ -246,10 +244,7 @@ namespace Org.BouncyCastle.Math.EC * Any side-channel in the implementation of 'inverse' now only leaks information about * the value (z * b), and no longer reveals information about 'z' itself. */ - // TODO Add CryptoServicesRegistrar class and use here - //SecureRandom r = CryptoServicesRegistrar.GetSecureRandom(); - SecureRandom r = Random; - ECFieldElement b = m_curve.RandomFieldElementMult(r); + ECFieldElement b = m_curve.RandomFieldElementMult(SecureRandom.ArbitraryRandom); ECFieldElement zInv = z.Multiply(b).Invert().Multiply(b); return Normalize(zInv); } diff --git a/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs index bb60edaf6..013100dc3 100644 --- a/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs @@ -1,6 +1,7 @@ using System; using Org.BouncyCastle.Math.Raw; +using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Encoders; @@ -134,7 +135,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec uint[] nc = Nat224.Create(); SecP224R1Field.Negate(c, nc); - uint[] r = Mod.Random(SecP224R1Field.P); + uint[] r = Mod.Random(SecureRandom.ArbitraryRandom, SecP224R1Field.P); uint[] t = Nat224.Create(); if (!IsSquare(c)) diff --git a/crypto/src/math/raw/Mod.cs b/crypto/src/math/raw/Mod.cs index acbb1d91f..721134b0c 100644 --- a/crypto/src/math/raw/Mod.cs +++ b/crypto/src/math/raw/Mod.cs @@ -12,10 +12,8 @@ namespace Org.BouncyCastle.Math.Raw * computation and modular inversion" by Daniel J. Bernstein and Bo-Yin Yang. */ - internal abstract class Mod + internal static class Mod { - private static readonly SecureRandom RandomSource = new SecureRandom(); - private const int M30 = 0x3FFFFFFF; private const ulong M32UL = 0xFFFFFFFFUL; @@ -364,7 +362,7 @@ namespace Org.BouncyCastle.Math.Raw } #endif - public static uint[] Random(uint[] p) + public static uint[] Random(SecureRandom random, uint[] p) { int len = p.Length; uint[] s = Nat.Create(len); @@ -379,7 +377,7 @@ namespace Org.BouncyCastle.Math.Raw byte[] bytes = new byte[len << 2]; do { - RandomSource.NextBytes(bytes); + random.NextBytes(bytes); Pack.BE_To_UInt32(bytes, 0, s); s[len - 1] &= m; } @@ -389,7 +387,7 @@ namespace Org.BouncyCastle.Math.Raw } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public static void Random(ReadOnlySpan p, Span z) + public static void Random(SecureRandom random, ReadOnlySpan p, Span z) { int len = p.Length; if (z.Length < len) @@ -410,7 +408,7 @@ namespace Org.BouncyCastle.Math.Raw do { - RandomSource.NextBytes(bytes); + random.NextBytes(bytes); Pack.BE_To_UInt32(bytes, s); s[len - 1] &= m; } -- cgit 1.4.1