Commit ed870271 authored by zeroleak's avatar zeroleak
Browse files

fix CryptoService.signBlindedOutput() to always generate a 256 bytes signature

parent 7f103a51
......@@ -60,7 +60,8 @@ public class CryptoService {
public byte[] signBlindedOutput(byte[] blindedOutput, AsymmetricCipherKeyPair keyPair) {
// sign blinded output
RSAEngine engine = new RSAEngine();
engine.init(false, keyPair.getPrivate());
// using 'true' always generates 256 bytes signature (otherwise it's sometimes 255 bytes)
engine.init(true, keyPair.getPrivate());
return engine.processBlock(blindedOutput, 0, blindedOutput.length);
}
......
......@@ -186,4 +186,35 @@ public class CryptoServiceTest extends AbstractIntegrationTest {
cryptoService.verifyUnblindedSignedBordereau(
bordereau, unblindedSignedBordereau, serverKeyPair)); // reject
}
@Test
public void testBlinding() throws Exception {
AsymmetricCipherKeyPair serverKeyPair = cryptoService.generateKeyPair();
RSAKeyParameters serverPublicKey = (RSAKeyParameters) serverKeyPair.getPublic();
RSABlindingParameters clientBlindingParams =
clientCryptoService.computeBlindingParams(serverPublicKey);
// blind bordereau
byte[] bordereau = ClientUtils.generateBordereau();
// make sure signedBlindedBordereau is always 256 bytes
for (int i = 0; i < 600; i++) {
byte[] blindedBordereau = clientCryptoService.blind(bordereau, clientBlindingParams);
byte[] signedBlindedBordereau =
cryptoService.signBlindedOutput(blindedBordereau, serverKeyPair);
byte[] unblindedSignedBordereau =
clientCryptoService.unblind(signedBlindedBordereau, clientBlindingParams);
if (!cryptoService.verifyUnblindedSignedBordereau(
bordereau, unblindedSignedBordereau, serverKeyPair)) {
Assertions.assertTrue(false);
}
Assertions.assertEquals(256, signedBlindedBordereau.length);
if (i % 100 == 0) {
log.debug("testBlinding #" + i);
}
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment