From 4f8cc0568c9368c0d2dbe04ef286458221e6db59 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 5 Apr 2020 18:54:21 +0700 Subject: Reset after wrong-length failure --- crypto/src/crypto/signers/Ed25519Signer.cs | 3 ++ crypto/src/crypto/signers/Ed25519ctxSigner.cs | 3 ++ crypto/src/crypto/signers/Ed25519phSigner.cs | 3 ++ crypto/src/crypto/signers/Ed448Signer.cs | 3 ++ crypto/src/crypto/signers/Ed448phSigner.cs | 3 ++ crypto/test/src/crypto/test/Ed25519Test.cs | 32 +++++++++++++++++++ crypto/test/src/crypto/test/Ed448Test.cs | 46 +++++++++++++++++++++++++++ 7 files changed, 93 insertions(+) (limited to 'crypto') diff --git a/crypto/src/crypto/signers/Ed25519Signer.cs b/crypto/src/crypto/signers/Ed25519Signer.cs index e58d14ea4..eb3d25398 100644 --- a/crypto/src/crypto/signers/Ed25519Signer.cs +++ b/crypto/src/crypto/signers/Ed25519Signer.cs @@ -98,7 +98,10 @@ namespace Org.BouncyCastle.Crypto.Signers internal bool VerifySignature(Ed25519PublicKeyParameters publicKey, byte[] signature) { if (Ed25519.SignatureSize != signature.Length) + { + Reset(); return false; + } lock (this) { diff --git a/crypto/src/crypto/signers/Ed25519ctxSigner.cs b/crypto/src/crypto/signers/Ed25519ctxSigner.cs index 2b5296e96..3610e25de 100644 --- a/crypto/src/crypto/signers/Ed25519ctxSigner.cs +++ b/crypto/src/crypto/signers/Ed25519ctxSigner.cs @@ -100,7 +100,10 @@ namespace Org.BouncyCastle.Crypto.Signers internal bool VerifySignature(Ed25519PublicKeyParameters publicKey, byte[] ctx, byte[] signature) { if (Ed25519.SignatureSize != signature.Length) + { + Reset(); return false; + } lock (this) { diff --git a/crypto/src/crypto/signers/Ed25519phSigner.cs b/crypto/src/crypto/signers/Ed25519phSigner.cs index cb3c3080a..8f4afab19 100644 --- a/crypto/src/crypto/signers/Ed25519phSigner.cs +++ b/crypto/src/crypto/signers/Ed25519phSigner.cs @@ -74,7 +74,10 @@ namespace Org.BouncyCastle.Crypto.Signers if (forSigning || null == publicKey) throw new InvalidOperationException("Ed25519phSigner not initialised for verification"); if (Ed25519.SignatureSize != signature.Length) + { + prehash.Reset(); return false; + } byte[] pk = publicKey.GetEncoded(); return Ed25519.VerifyPrehash(signature, 0, pk, 0, context, prehash); diff --git a/crypto/src/crypto/signers/Ed448Signer.cs b/crypto/src/crypto/signers/Ed448Signer.cs index 9d1495f2e..746029834 100644 --- a/crypto/src/crypto/signers/Ed448Signer.cs +++ b/crypto/src/crypto/signers/Ed448Signer.cs @@ -100,7 +100,10 @@ namespace Org.BouncyCastle.Crypto.Signers internal bool VerifySignature(Ed448PublicKeyParameters publicKey, byte[] ctx, byte[] signature) { if (Ed448.SignatureSize != signature.Length) + { + Reset(); return false; + } lock (this) { diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs index f01b6bfd4..197c2f706 100644 --- a/crypto/src/crypto/signers/Ed448phSigner.cs +++ b/crypto/src/crypto/signers/Ed448phSigner.cs @@ -74,7 +74,10 @@ namespace Org.BouncyCastle.Crypto.Signers if (forSigning || null == publicKey) throw new InvalidOperationException("Ed448phSigner not initialised for verification"); if (Ed448.SignatureSize != signature.Length) + { + prehash.Reset(); return false; + } byte[] pk = publicKey.GetEncoded(); return Ed448.VerifyPrehash(signature, 0, pk, 0, context, prehash); diff --git a/crypto/test/src/crypto/test/Ed25519Test.cs b/crypto/test/src/crypto/test/Ed25519Test.cs index c520eac2b..516574bc3 100644 --- a/crypto/test/src/crypto/test/Ed25519Test.cs +++ b/crypto/test/src/crypto/test/Ed25519Test.cs @@ -8,6 +8,7 @@ using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Crypto.Tests @@ -38,6 +39,8 @@ namespace Org.BouncyCastle.Crypto.Tests public override void PerformTest() { + BasicSigTest(); + for (int i = 0; i < 10; ++i) { DoTestConsistency(Ed25519.Algorithm.Ed25519, null); @@ -48,6 +51,25 @@ namespace Org.BouncyCastle.Crypto.Tests } } + private void BasicSigTest() + { + Ed25519PrivateKeyParameters privateKey = new Ed25519PrivateKeyParameters( + Hex.DecodeStrict("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"), 0); + Ed25519PublicKeyParameters publicKey = new Ed25519PublicKeyParameters( + Hex.DecodeStrict("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"), 0); + + byte[] sig = Hex.Decode("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); + + ISigner signer = new Ed25519Signer(); + signer.Init(true, privateKey); + + IsTrue(AreEqual(sig, signer.GenerateSignature())); + + signer.Init(false, publicKey); + + IsTrue(signer.VerifySignature(sig)); + } + private ISigner CreateSigner(Ed25519.Algorithm algorithm, byte[] context) { switch (algorithm) @@ -113,6 +135,16 @@ namespace Org.BouncyCastle.Crypto.Tests } } + if (msg.Length > 0) + { + bool shouldNotVerify = verifier.VerifySignature(signature); + + if (shouldNotVerify) + { + Fail("Ed25519(" + algorithm + ") wrong length failure did not reset verifier"); + } + } + { byte[] badSignature = Arrays.Clone(signature); badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); diff --git a/crypto/test/src/crypto/test/Ed448Test.cs b/crypto/test/src/crypto/test/Ed448Test.cs index a73292430..114a31714 100644 --- a/crypto/test/src/crypto/test/Ed448Test.cs +++ b/crypto/test/src/crypto/test/Ed448Test.cs @@ -8,6 +8,7 @@ using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Math.EC.Rfc8032; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Crypto.Tests @@ -38,6 +39,8 @@ namespace Org.BouncyCastle.Crypto.Tests public override void PerformTest() { + BasicSigTest(); + for (int i = 0; i < 10; ++i) { byte[] context = RandomContext(Random.NextInt() & 255); @@ -46,6 +49,39 @@ namespace Org.BouncyCastle.Crypto.Tests } } + private void BasicSigTest() + { + Ed448PrivateKeyParameters privateKey = new Ed448PrivateKeyParameters( + Hex.DecodeStrict( + "6c82a562cb808d10d632be89c8513ebf" + + "6c929f34ddfa8c9f63c9960ef6e348a3" + + "528c8a3fcc2f044e39a3fc5b94492f8f" + + "032e7549a20098f95b"), 0); + Ed448PublicKeyParameters publicKey = new Ed448PublicKeyParameters( + Hex.DecodeStrict("5fd7449b59b461fd2ce787ec616ad46a" + + "1da1342485a70e1f8a0ea75d80e96778" + + "edf124769b46c7061bd6783df1e50f6c" + + "d1fa1abeafe8256180"), 0); + + byte[] sig = Hex.DecodeStrict("533a37f6bbe457251f023c0d88f976ae" + + "2dfb504a843e34d2074fd823d41a591f" + + "2b233f034f628281f2fd7a22ddd47d78" + + "28c59bd0a21bfd3980ff0d2028d4b18a" + + "9df63e006c5d1c2d345b925d8dc00b41" + + "04852db99ac5c7cdda8530a113a0f4db" + + "b61149f05a7363268c71d95808ff2e65" + + "2600"); + + ISigner signer = new Ed448Signer(new byte[0]); + signer.Init(true, privateKey); + + IsTrue(AreEqual(sig, signer.GenerateSignature())); + + signer.Init(false, publicKey); + + IsTrue(signer.VerifySignature(sig)); + } + private ISigner CreateSigner(Ed448.Algorithm algorithm, byte[] context) { switch (algorithm) @@ -109,6 +145,16 @@ namespace Org.BouncyCastle.Crypto.Tests } } + if (msg.Length > 0) + { + bool shouldNotVerify = verifier.VerifySignature(signature); + + if (shouldNotVerify) + { + Fail("Ed448(" + algorithm + ") wrong length failure did not reset verifier"); + } + } + { byte[] badSignature = Arrays.Clone(signature); badSignature[Random.Next() % badSignature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); -- cgit 1.4.1