From 9d2816f7c430dc4fcf26b2940e3c5aa1a5aefcd7 Mon Sep 17 00:00:00 2001
From: David Hook <dgh@bouncycastle.org>
Date: Sat, 19 Dec 2015 10:11:53 +1100
Subject: Added support for fixed salt.

---
 crypto/src/crypto/signers/PssSigner.cs | 46 ++++++++++++++++++++++++++++------
 1 file changed, 39 insertions(+), 7 deletions(-)

(limited to 'crypto')

diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs
index 03890902b..61e7dae01 100644
--- a/crypto/src/crypto/signers/PssSigner.cs
+++ b/crypto/src/crypto/signers/PssSigner.cs
@@ -25,6 +25,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 		private int hLen;
 		private int mgfhLen;
 		private int sLen;
+        private bool sSet;
 		private int emBits;
 		private byte[] salt;
 		private byte[] mDash;
@@ -35,7 +36,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			IAsymmetricBlockCipher	cipher,
 			IDigest					digest)
 		{
-			return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), TrailerImplicit);
+			return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), null, TrailerImplicit);
 		}
 
 		public static PssSigner CreateRawSigner(
@@ -45,7 +46,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			int						saltLen,
 			byte					trailer)
 		{
-			return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, trailer);
+			return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, null, trailer);
 		}
 
 		public PssSigner(
@@ -67,7 +68,19 @@ namespace Org.BouncyCastle.Crypto.Signers
 		{
 		}
 
-		public PssSigner(
+        /// <summary>Basic constructor</summary>
+        /// <param name="cipher">the asymmetric cipher to use.</param>
+        /// <param name="digest">the digest to use.</param>
+        /// <param name="salt">the fixed salt to be used.</param>
+        public PssSigner(
+            IAsymmetricBlockCipher cipher,
+            IDigest digest,
+            byte[] salt)
+            : this(cipher, digest, digest, digest, salt.Length, salt, TrailerImplicit)
+        {
+        }
+
+        public PssSigner(
 			IAsymmetricBlockCipher	cipher,
 			IDigest					contentDigest,
 			IDigest					mgfDigest,
@@ -91,7 +104,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			IDigest					mgfDigest,
 			int						saltLen,
 			byte					trailer)
-			: this(cipher, contentDigest, contentDigest, mgfDigest, saltLen, trailer)
+			: this(cipher, contentDigest, contentDigest, mgfDigest, saltLen, null, trailer)
 		{
 		}
 
@@ -101,6 +114,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 			IDigest					contentDigest2,
 			IDigest					mgfDigest,
 			int						saltLen,
+            byte[]                  salt,
 			byte					trailer)
 		{
 			this.cipher = cipher;
@@ -110,7 +124,15 @@ namespace Org.BouncyCastle.Crypto.Signers
 			this.hLen = contentDigest2.GetDigestSize();
 			this.mgfhLen = mgfDigest.GetDigestSize();
 			this.sLen = saltLen;
-			this.salt = new byte[saltLen];
+            this.sSet = salt != null;
+            if (sSet)
+            {
+                this.salt = salt;
+            }
+            else
+            {
+                this.salt = new byte[saltLen];
+            }
 			this.mDash = new byte[8 + saltLen + hLen];
 			this.trailer = trailer;
 		}
@@ -197,7 +219,10 @@ namespace Org.BouncyCastle.Crypto.Signers
 
 			if (sLen != 0)
 			{
-				random.NextBytes(salt);
+                if (!sSet)
+                {
+                    random.NextBytes(salt);
+                }
 				salt.CopyTo(mDash, mDash.Length - sLen);
 			}
 
@@ -270,7 +295,14 @@ namespace Org.BouncyCastle.Crypto.Signers
 				return false;
 			}
 
-			Array.Copy(block, block.Length - sLen - hLen - 1, mDash, mDash.Length - sLen, sLen);
+            if (sSet)
+            {
+                Array.Copy(salt, 0, mDash, mDash.Length - sLen, sLen);
+            }
+            else
+            {
+                Array.Copy(block, block.Length - sLen - hLen - 1, mDash, mDash.Length - sLen, sLen);
+            }
 
 			contentDigest2.BlockUpdate(mDash, 0, mDash.Length);
 			contentDigest2.DoFinal(mDash, mDash.Length - hLen);
-- 
cgit 1.5.1


From 0b4afcc3e4f3804562294b71265edd2ac2f00f9c Mon Sep 17 00:00:00 2001
From: David Hook <dgh@bouncycastle.org>
Date: Sat, 19 Dec 2015 10:36:47 +1100
Subject: Added test against fixed salt.

---
 crypto/src/crypto/signers/PssSigner.cs | 11 +++++++++-
 crypto/test/src/crypto/test/PSSTest.cs | 38 +++++++++++++++++++++++++++++++++-
 2 files changed, 47 insertions(+), 2 deletions(-)

(limited to 'crypto')

diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs
index 61e7dae01..23b7c0f49 100644
--- a/crypto/src/crypto/signers/PssSigner.cs
+++ b/crypto/src/crypto/signers/PssSigner.cs
@@ -89,7 +89,16 @@ namespace Org.BouncyCastle.Crypto.Signers
 		{
 		}
 
-		public PssSigner(
+        public PssSigner(
+            IAsymmetricBlockCipher cipher,
+            IDigest contentDigest,
+            IDigest mgfDigest,
+            byte[] salt)
+            : this(cipher, contentDigest, contentDigest, mgfDigest, salt.Length, salt, TrailerImplicit)
+        {
+        }
+
+        public PssSigner(
 			IAsymmetricBlockCipher	cipher,
 			IDigest					digest,
 			int						saltLen,
diff --git a/crypto/test/src/crypto/test/PSSTest.cs b/crypto/test/src/crypto/test/PSSTest.cs
index 91d8d3a6e..8578d254f 100644
--- a/crypto/test/src/crypto/test/PSSTest.cs
+++ b/crypto/test/src/crypto/test/PSSTest.cs
@@ -319,9 +319,45 @@ namespace Org.BouncyCastle.Crypto.Tests
 			{
 				Fail("loop test failed - failures: " + failed);
 			}
+
+            fixedSaltTest();
 		}
 
-		public static void Main(
+        private void fixedSaltTest()
+        {
+            byte[] data = Hex.Decode("010203040506070809101112131415");
+
+            PssSigner eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("deadbeef"));
+
+            eng.Init(true, prv8);
+
+            eng.BlockUpdate(data, 0, data.Length);
+
+            byte[] s = eng.GenerateSignature();
+
+            eng.Init(false, pub8);
+
+            eng.BlockUpdate(data, 0, data.Length);
+
+            if (!eng.VerifySignature(s))
+            {
+                Fail("fixed salt failed");
+            }
+
+            // test failure
+            eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("beefbeef"));
+
+            eng.Init(false, pub8);
+
+            eng.BlockUpdate(data, 0, data.Length);
+
+            if (eng.VerifySignature(s))
+            {
+                Fail("fixed salt failure verfied");
+            }
+        }
+
+        public static void Main(
 			string[] args)
 		{
 			RunTest(new PssTest());
-- 
cgit 1.5.1


From 9edba71a655a0df5f39e1cef3632bb9561bae6ae Mon Sep 17 00:00:00 2001
From: David Hook <dgh@bouncycastle.org>
Date: Sat, 19 Dec 2015 11:08:12 +1100
Subject: Added use of standard salt if provided.

---
 crypto/src/crypto/signers/Iso9796d2PssSigner.cs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'crypto')

diff --git a/crypto/src/crypto/signers/Iso9796d2PssSigner.cs b/crypto/src/crypto/signers/Iso9796d2PssSigner.cs
index fb117c19d..3aa2e3719 100644
--- a/crypto/src/crypto/signers/Iso9796d2PssSigner.cs
+++ b/crypto/src/crypto/signers/Iso9796d2PssSigner.cs
@@ -486,7 +486,14 @@ namespace Org.BouncyCastle.Crypto.Signers
             digest.BlockUpdate(m2Hash, 0, m2Hash.Length);
 
             // Update for the salt
-            digest.BlockUpdate(block, mStart + recoveredMessage.Length, saltLength);
+            if (standardSalt != null)
+            {
+                digest.BlockUpdate(standardSalt, 0, standardSalt.Length);
+            }
+            else
+            {
+                digest.BlockUpdate(block, mStart + recoveredMessage.Length, saltLength);
+            }
 
             byte[] hash = new byte[digest.GetDigestSize()];
             digest.DoFinal(hash, 0);
-- 
cgit 1.5.1