(D)TLS: Remove redundant verification of self-generated RSA signatures

- see #1722

Author: peterdettman

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.tls.crypto.impl.bc;
 
-import java.io.IOException;
-
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
@@ -21,16 +19,6 @@
 public class BcDefaultTlsCredentialedSigner
     extends DefaultTlsCredentialedSigner
 {
-    private static BcTlsCertificate getEndEntity(BcTlsCrypto crypto, Certificate certificate) throws IOException
-    {
-        if (certificate == null || certificate.isEmpty())
-        {
-            throw new IllegalArgumentException("No certificate");
-        }
-
-        return BcTlsCertificate.convert(crypto, certificate.getCertificateAt(0));
-    }
-
     private static TlsSigner makeSigner(BcTlsCrypto crypto, AsymmetricKeyParameter privateKey, Certificate certificate,
         SignatureAndHashAlgorithm signatureAndHashAlgorithm)
     {
@@ -48,17 +36,7 @@ private static TlsSigner makeSigner(BcTlsCrypto crypto, AsymmetricKeyParameter p
                 }
             }
 
-            RSAKeyParameters pubKeyRSA;
-            try
-            {
-                pubKeyRSA = getEndEntity(crypto, certificate).getPubKeyRSA();
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e);
-            }
-
-            signer = new BcTlsRSASigner(crypto, privKeyRSA, pubKeyRSA);
+            signer = new BcTlsRSASigner(crypto, privKeyRSA);
         }
         else if (privateKey instanceof DSAPrivateKeyParameters)
         {

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRSASigner.java

@@ -24,13 +24,17 @@
 public class BcTlsRSASigner
     extends BcTlsSigner
 {
-    private final RSAKeyParameters publicKey;
-
+    /**
+     * @deprecated Use constructor without 'publicKey' parameter.
+     */
     public BcTlsRSASigner(BcTlsCrypto crypto, RSAKeyParameters privateKey, RSAKeyParameters publicKey)
     {
-        super(crypto, privateKey);
+        this(crypto, privateKey);
+    }
 
-        this.publicKey = publicKey;
+    public BcTlsRSASigner(BcTlsCrypto crypto, RSAKeyParameters privateKey)
+    {
+        super(crypto, privateKey);
     }
 
     public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
@@ -63,21 +67,11 @@ public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] h
         signer.update(hash, 0, hash.length);
         try
         {
-            byte[] signature = signer.generateSignature();
-
-            signer.init(false, publicKey);
-            signer.update(hash, 0, hash.length);
-
-            if (signer.verifySignature(signature))
-            {
-                return signature;
-            }
+            return signer.generateSignature();
         }
         catch (CryptoException e)
         {
             throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
-
-        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcVerifyingStreamSigner.java

@@ -1,8 +1,6 @@
 package org.bouncycastle.tls.crypto.impl.jcajce;
 
-import java.io.IOException;
 import java.security.PrivateKey;
-import java.security.PublicKey;
 import java.security.interfaces.DSAPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 
@@ -19,16 +17,6 @@
 public class JcaDefaultTlsCredentialedSigner
     extends DefaultTlsCredentialedSigner
 {
-    private static JcaTlsCertificate getEndEntity(JcaTlsCrypto crypto, Certificate certificate) throws IOException
-    {
-        if (certificate == null || certificate.isEmpty())
-        {
-            throw new IllegalArgumentException("No certificate");
-        }
-
-        return JcaTlsCertificate.convert(crypto, certificate.getCertificateAt(0));
-    }
-
     private static TlsSigner makeSigner(JcaTlsCrypto crypto, PrivateKey privateKey, Certificate certificate,
         SignatureAndHashAlgorithm signatureAndHashAlgorithm)
     {
@@ -50,17 +38,7 @@ private static TlsSigner makeSigner(JcaTlsCrypto crypto, PrivateKey privateKey,
                 }
             }
 
-            PublicKey publicKey;
-            try
-            {
-                publicKey = getEndEntity(crypto, certificate).getPubKeyRSA();
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e);
-            }
-
-            signer = new JcaTlsRSASigner(crypto, privateKey, publicKey);
+            signer = new JcaTlsRSASigner(crypto, privateKey);
         }
         else if (privateKey instanceof DSAPrivateKey
             || "DSA".equalsIgnoreCase(algorithm))

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaDefaultTlsCredentialedSigner.java

@@ -1057,39 +1057,6 @@ protected Tls13Verifier createTls13Verifier(String algorithmName, AlgorithmParam
         }
     }
 
-    protected TlsStreamSigner createVerifyingStreamSigner(SignatureAndHashAlgorithm algorithm, PrivateKey privateKey,
-        boolean needsRandom, PublicKey publicKey) throws IOException
-    {
-        String algorithmName = JcaUtils.getJcaAlgorithmName(algorithm);
-
-        return createVerifyingStreamSigner(algorithmName, null, privateKey, needsRandom, publicKey);
-    }
-
-    protected TlsStreamSigner createVerifyingStreamSigner(String algorithmName, AlgorithmParameterSpec parameter,
-        PrivateKey privateKey, boolean needsRandom, PublicKey publicKey) throws IOException
-    {
-        try
-        {
-            Signature signer = getHelper().createSignature(algorithmName);
-            Signature verifier = getHelper().createSignature(algorithmName);
-
-            if (null != parameter)
-            {
-                signer.setParameter(parameter);
-                verifier.setParameter(parameter);
-            }
-
-            signer.initSign(privateKey, needsRandom ? getSecureRandom() : null);
-            verifier.initVerify(publicKey);
-
-            return new JcaVerifyingStreamSigner(signer, verifier);
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error, e);
-        }
-    }
-
     protected Boolean isSupportedEncryptionAlgorithm(int encryptionAlgorithm)
     {
         switch (encryptionAlgorithm)

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java

@@ -25,11 +25,18 @@ public class JcaTlsRSASigner
 {
     private final JcaTlsCrypto crypto;
     private final PrivateKey privateKey;
-    private final PublicKey publicKey;
 
     private Signature rawSigner = null;
 
+    /**
+     * @deprecated Use constructor without 'publicKey' parameter.
+     */
     public JcaTlsRSASigner(JcaTlsCrypto crypto, PrivateKey privateKey, PublicKey publicKey)
+    {
+        this(crypto, privateKey);
+    }
+
+    public JcaTlsRSASigner(JcaTlsCrypto crypto, PrivateKey privateKey)
     {
         if (null == crypto)
         {
@@ -42,7 +49,6 @@ public JcaTlsRSASigner(JcaTlsCrypto crypto, PrivateKey privateKey, PublicKey pub
 
         this.crypto = crypto;
         this.privateKey = privateKey;
-        this.publicKey = publicKey;
     }
 
     public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
@@ -78,15 +84,7 @@ public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] h
 
             signer.update(input, 0, input.length);
 
-            byte[] signature = signer.sign();
-
-            signer.initVerify(publicKey);
-            signer.update(input, 0, input.length);
-
-            if (signer.verify(signature))
-            {
-                return signature;
-            }
+            return signer.sign();
         }
         catch (GeneralSecurityException e)
         {
@@ -96,8 +94,6 @@ public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] h
         {
             this.rawSigner = null;
         }
-
-        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
     public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm) throws IOException
@@ -110,7 +106,7 @@ public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm) thro
             && JcaUtils.isSunMSCAPIProviderActive()
             && isSunMSCAPIRawSigner())
         {
-            return crypto.createVerifyingStreamSigner(algorithm, privateKey, true, publicKey);
+            return crypto.createStreamSigner(algorithm, privateKey, true);
         }
 
         return null;