private void doTestSig(
int id,
RsaKeyParameters pub,
RsaKeyParameters prv,
byte[] slt,
byte[] msg,
byte[] sig)
{
PssSigner eng = new PssSigner(new RsaEngine(), new Sha1Digest(), 20);
eng.Init(true, new ParametersWithRandom(prv, new FixedRandom(slt)));
eng.BlockUpdate(msg, 0, msg.Length);
byte[] s = eng.GenerateSignature();
if (!AreEqual(s, sig))
{
Fail("test " + id + " failed generation");
}
eng.Init(false, pub);
eng.BlockUpdate(msg, 0, msg.Length);
if (!eng.VerifySignature(s))
{
Fail("test " + id + " failed verification");
}
}
public override void PerformTest()
{
doTestSig(1, pub1, prv1, slt1a, msg1a, sig1a);
doTestSig(2, pub1, prv1, slt1b, msg1b, sig1b);
doTestSig(3, pub2, prv2, slt2a, msg2a, sig2a);
doTestSig(4, pub2, prv2, slt2b, msg2b, sig2b);
doTestSig(5, pub4, prv4, slt4a, msg4a, sig4a);
doTestSig(6, pub4, prv4, slt4b, msg4b, sig4b);
doTestSig(7, pub8, prv8, slt8a, msg8a, sig8a);
doTestSig(8, pub8, prv8, slt8b, msg8b, sig8b);
doTestSig(9, pub9, prv9, slt9a, msg9a, sig9a);
doTestSig(10, pub9, prv9, slt9b, msg9b, sig9b);
//
// loop test - sha-1 only
//
PssSigner eng = new PssSigner(new RsaEngine(), new Sha1Digest(), 20);
int failed = 0;
byte[] data = new byte[DataLength];
SecureRandom random = new SecureRandom();
random.NextBytes(data);
for (int j = 0; j < NumTests; j++)
{
eng.Init(true, new ParametersWithRandom(prv8, random));
eng.BlockUpdate(data, 0, data.Length);
byte[] s = eng.GenerateSignature();
eng.Init(false, pub8);
eng.BlockUpdate(data, 0, data.Length);
if (!eng.VerifySignature(s))
{
failed++;
}
}
if (failed != 0)
{
Fail("loop test failed - failures: " + failed);
}
//
// loop test - sha-256 and sha-1
//
eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), 20);
failed = 0;
data = new byte[DataLength];
random.NextBytes(data);
for (int j = 0; j < NumTests; j++)
{
eng.Init(true, new ParametersWithRandom(prv8, random));
eng.BlockUpdate(data, 0, data.Length);
byte[] s = eng.GenerateSignature();
eng.Init(false, pub8);
eng.BlockUpdate(data, 0, data.Length);
if (!eng.VerifySignature(s))
{
failed++;
}
}
if (failed != 0)
{
Fail("loop test failed - failures: " + failed);
}
}
private bool isProcessingOkay(
RsaKeyParameters pub,
RsaKeyParameters prv,
byte[] data,
SecureRandom random)
{
RsaBlindingFactorGenerator blindFactorGen = new RsaBlindingFactorGenerator();
RsaBlindingEngine blindingEngine = new RsaBlindingEngine();
PssSigner blindSigner = new PssSigner(blindingEngine, new Sha1Digest(), 20);
PssSigner pssEng = new PssSigner(new RsaEngine(), new Sha1Digest(), 20);
random.NextBytes(data);
blindFactorGen.Init(pub);
BigInteger blindFactor = blindFactorGen.GenerateBlindingFactor();
RsaBlindingParameters parameters = new RsaBlindingParameters(pub, blindFactor);
// generate a blind signature
blindSigner.Init(true, new ParametersWithRandom(parameters, random));
blindSigner.BlockUpdate(data, 0, data.Length);
byte[] blindedData = blindSigner.GenerateSignature();
RsaEngine signerEngine = new RsaEngine();
signerEngine.Init(true, prv);
byte[] blindedSig = signerEngine.ProcessBlock(blindedData, 0, blindedData.Length);
// unblind the signature
blindingEngine.Init(false, parameters);
byte[] s = blindingEngine.ProcessBlock(blindedSig, 0, blindedSig.Length);
//verify signature with PssSigner
pssEng.Init(false, pub);
pssEng.BlockUpdate(data, 0, data.Length);
return pssEng.VerifySignature(s);
}
private void testSig(
int id,
RsaKeyParameters pub,
RsaKeyParameters prv,
byte[] slt,
byte[] msg,
byte[] sig)
{
RsaBlindingFactorGenerator blindFactorGen = new RsaBlindingFactorGenerator();
RsaBlindingEngine blindingEngine = new RsaBlindingEngine();
PssSigner blindSigner = new PssSigner(blindingEngine, new Sha1Digest(), 20);
PssSigner signer = new PssSigner(new RsaEngine(), new Sha1Digest(), 20);
blindFactorGen.Init(pub);
BigInteger blindFactor = blindFactorGen.GenerateBlindingFactor();
RsaBlindingParameters parameters = new RsaBlindingParameters(pub, blindFactor);
// generate a blind signature
blindSigner.Init(true, new ParametersWithRandom(parameters, new FixedRandom(slt)));
blindSigner.BlockUpdate(msg, 0, msg.Length);
byte[] blindedData = blindSigner.GenerateSignature();
RsaEngine signerEngine = new RsaEngine();
signerEngine.Init(true, prv);
byte[] blindedSig = signerEngine.ProcessBlock(blindedData, 0, blindedData.Length);
// unblind the signature
blindingEngine.Init(false, parameters);
byte[] s = blindingEngine.ProcessBlock(blindedSig, 0, blindedSig.Length);
//signature verification
if (!AreEqual(s, sig))
{
Fail("test " + id + " failed generation");
}
//verify signature with PssSigner
signer.Init(false, pub);
signer.BlockUpdate(msg, 0, msg.Length);
if (!signer.VerifySignature(s))
{
Fail("test " + id + " failed PssSigner verification");
}
}
private void fixedSaltTest()
{
byte[] data = Hex.Decode("010203040506070809101112131415");
PssSigner eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("deadbeef"));
eng.Init(true, prv8);
eng.BlockUpdate(data, 0, data.Length);
byte[] s = eng.GenerateSignature();
eng.Init(false, pub8);
eng.BlockUpdate(data, 0, data.Length);
if (!eng.VerifySignature(s))
{
Fail("fixed salt failed");
}
// test failure
eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("beefbeef"));
eng.Init(false, pub8);
eng.BlockUpdate(data, 0, data.Length);
if (eng.VerifySignature(s))
{
Fail("fixed salt failure verfied");
}
}
public override void PerformTest()
{
ISigner s = SignerUtilities.GetSigner("SHA1withRSA/PSS");
s.Init(true, new ParametersWithRandom(privKey, new FixedRandom(slt1a)));
s.BlockUpdate(msg1a, 0, msg1a.Length);
byte[] sig = s.GenerateSignature();
if (!Arrays.AreEqual(sig1a, sig))
{
Fail("PSS Sign test expected "
+ Hex.ToHexString(sig1a) + " got "
+ Hex.ToHexString(sig));
}
s = SignerUtilities.GetSigner("SHA1withRSAandMGF1");
s.Init(false, pubKey);
s.BlockUpdate(msg1a, 0, msg1a.Length);
if (!s.VerifySignature(sig1a))
{
Fail("SHA1 signature verification failed");
}
s = SignerUtilities.GetSigner("SHA1withRSAandMGF1");
s.Init(false, pubKey);
s.BlockUpdate(msg1a, 0, msg1a.Length);
if (!s.VerifySignature(sig1a))
{
Fail("SHA1 signature verification with default parameters failed");
}
// AlgorithmParameters pss = s.getParameters();
// TODO Can we do some equivalent check?
// if (!Arrays.AreEqual(pss.getEncoded(), new byte[] { 0x30, 0x00 }))
// {
// Fail("failed default encoding test.");
// }
s = SignerUtilities.GetSigner("SHA256withRSA/PSS");
s.Init(true, new ParametersWithRandom(privKey, new FixedRandom(slt1a)));
s.BlockUpdate(msg1a, 0, msg1a.Length);
sig = s.GenerateSignature();
if (!Arrays.AreEqual(sig1b, sig))
{
Fail("PSS Sign test expected "
+ Hex.ToHexString(sig1b) + " got "
+ Hex.ToHexString(sig));
}
s = SignerUtilities.GetSigner("SHA256withRSAandMGF1");
s.Init(false, pubKey);
s.BlockUpdate(msg1a, 0, msg1a.Length);
if (!s.VerifySignature(sig1b))
{
Fail("SHA256 signature verification failed");
}
//
// 512 test -with zero salt length
//
//s = SignerUtilities.GetSigner("SHA512withRSAandMGF1");
// s.setParameter(
// new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 0, 1));
// TODO How to do this via SignerUtilities/Init
// trailerField=1 above means use default/implicit trailer?)
s = new PssSigner(new RsaEngine(), new Sha512Digest(), 0, PssSigner.TrailerImplicit);
s.Init(true, privKey);
s.BlockUpdate(msg1a, 0, msg1a.Length);
sig = s.GenerateSignature();
// pss = s.getParameters();
if (!Arrays.AreEqual(sig1c, sig))
{
Fail("PSS Sign test expected "
+ Hex.ToHexString(sig1c) + " got "
+ Hex.ToHexString(sig));
}
// s = SignerUtilities.GetSigner("SHA512withRSAandMGF1");
// TODO How to do this via SignerUtilities/Init
// trailerField=1 above means use default/implicit trailer?)
s = new PssSigner(new RsaEngine(), new Sha512Digest(), 0, PssSigner.TrailerImplicit);
s.Init(false, pubKey);
s.BlockUpdate(msg1a, 0, msg1a.Length);
if (!s.VerifySignature(sig1c))
{
Fail("SHA512 signature verification failed");
}
SecureRandom random = new SecureRandom();
// Note: PSS minimum key size determined by hash/salt lengths
// PrivateKey priv2048Key = fact.generatePrivate(RSATest.priv2048KeySpec);
// PublicKey pub2048Key = fact.generatePublic(RSATest.pub2048KeySpec);
AsymmetricKeyParameter priv2048Key = RsaTest.priv2048KeySpec;
AsymmetricKeyParameter pub2048Key = RsaTest.pub2048KeySpec;
rawModeTest("SHA1withRSA/PSS", X509ObjectIdentifiers.IdSha1, priv2048Key, pub2048Key, random);
// FIXME
// rawModeTest("SHA224withRSA/PSS", NistObjectIdentifiers.IdSha224, priv2048Key, pub2048Key, random);
// rawModeTest("SHA256withRSA/PSS", NistObjectIdentifiers.IdSha256, priv2048Key, pub2048Key, random);
// rawModeTest("SHA384withRSA/PSS", NistObjectIdentifiers.IdSha384, priv2048Key, pub2048Key, random);
// rawModeTest("SHA512withRSA/PSS", NistObjectIdentifiers.IdSha512, priv2048Key, pub2048Key, random);
}