EME_OAEP 修正

okomeki · okomeki · commit 035637c2142f · 2024-07-14T09:05:35.000+09:00
diff --git a/README.md b/README.md
@@ -132,7 +132,7 @@ JDK11以降用 module対応っぽい版
 <dependency>
     <groupId>net.siisise</groupId>
     <artifactId>softlib-crypto.module</artifactId>
-    <version>1.0.3</version>
+    <version>1.0.6</version>
     <type>jar</type>
 </dependency>
 ~~~
@@ -141,11 +141,11 @@ JDK8用
 <dependency>
     <groupId>net.siisise</groupId>
     <artifactId>softlib-crypto</artifactId>
-    <version>1.0.3</version>
+    <version>1.0.6</version>
     <type>jar</type>
 </dependency>
 ~~~
-バージョンは 1.0.3 です。
-開発版は1.0.4-SNAPSHOTかも。
+バージョンは 1.0.5 です。
+開発版は1.0.7-SNAPSHOTかも。
 
 
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>net.siisise</groupId>
     <artifactId>softlib-crypto.module</artifactId>
-    <version>1.0.4</version>
+    <version>1.0.6</version>
     <packaging>jar</packaging>
     <name>SoftLibCrypto</name>
     <description>Block Stream Digest Crypt for Java</description>
diff --git a/src/main/java/net/siisise/security/mode/GCM.java b/src/main/java/net/siisise/security/mode/GCM.java
@@ -252,6 +252,8 @@ public byte[] doFinalEncrypt(byte[] src, int offset, int length) {
     public byte[] doFinalDecrypt(byte[] src, int offset, int length) {
         byte[] dec = decrypt(src, offset, length - 16);
         byte[] t = tag();
+//        byte[] st = Arrays.copyOfRange(src, offset + length - 16, 16);
+//        if (!Arrays.equals(t, st)) {
         if (!Arrays.equals(t, 0, 16, src, offset + length - 16, 16)) {
             throw new IllegalStateException();
         }
diff --git a/src/main/java/net/siisise/security/padding/EME_OAEP.java b/src/main/java/net/siisise/security/padding/EME_OAEP.java
@@ -19,6 +19,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
+import net.siisise.block.ReadableBlock;
 import net.siisise.io.Packet;
 import net.siisise.io.PacketA;
 import net.siisise.lang.Bin;
@@ -150,32 +151,32 @@ public void decodeCheck(int k, byte[] C) {
     }
     
     /**
-     * EME-OAEPデコード
+     * EME-OAEP 復号化操作.
+     * 7.1.2. Decryption Operation
+     *  3. EME-OAEP decoding.
      * @param EM パディングデータ
      * @return 元データ
      */
     @Override
     public byte[] decode(byte[] EM) {
-        // a. 計算済み
+        // a.
+        if ( lHash == null ) {
+            lHash = md.digest();
+        }
         // b. 分離
         byte Y = EM[0];
-        //byte[] maskedSeed = new byte[hLen];
-        byte[] maskedSeed = Arrays.copyOfRange(EM, 1, 1 + hLen);
-        //System.arraycopy(EM, 1, maskedSeed, 0, hLen);
-//        byte[] maskedDB = new byte[EM.length - hLen - 1];
-        byte[] maskedDB = Arrays.copyOfRange(EM, 1 + hLen, EM.length);
-//        System.arraycopy(EM, hLen + 1, maskedDB, 0, maskedDB.length);
-        // c.
-        // d.
-        byte[] seed = Bin.xorl(maskedSeed, mgf.generate(maskedDB, hLen));
-        // e.
-        // int k = EM.length;
-        // f.
-        byte[] DB = Bin.xorl(maskedDB, mgf.generate(seed, EM.length-hLen -1));
+        byte[] seed = Arrays.copyOfRange(EM, 1, 1 + hLen);
+        byte[] DB = Arrays.copyOfRange(EM, 1 + hLen, EM.length);
+        // c. seedMask = MGF(maskedDB, hLen)
+        // d. seed = maskedSeed \\xor seedMask
+        Bin.xorl(seed, mgf.generate(DB, hLen));
+        // e. dbMask = MGF( seed, k - hLen - 1 )
+        // f. DB = maskedDB \\xor dbMask
+        Bin.xorl(DB, mgf.generate(seed, EM.length-hLen -1));
         // g.
         byte[] lHash2 = new byte[hLen];
 //        System.arraycopy(DB, 0, lHash2, 0, hLen);
-        PacketA pac = new PacketA(DB);
+        ReadableBlock pac = ReadableBlock.wrap(DB);
         pac.read(lHash2);
         // PS
         int i;
diff --git a/src/test/java/net/siisise/security/block/RSAES_OAEPTest.java b/src/test/java/net/siisise/security/block/RSAES_OAEPTest.java
@@ -63,6 +63,7 @@ public void testSomeMethod() throws NoSuchAlgorithmException {
         
         RSAES es = new RSAES_OAEP(new SHA1());
         byte[] encd = es.encrypt(pub, msg);
+        es = new RSAES_OAEP(new SHA1());
         byte[] dec = es.decrypt(key, encd);
         assertArrayEquals(msg, dec);
     }
diff --git a/src/test/java/net/siisise/security/block/RSAES_PKCS1_v1_5Test.java b/src/test/java/net/siisise/security/block/RSAES_PKCS1_v1_5Test.java
@@ -61,6 +61,7 @@ public void testCode() throws NoSuchAlgorithmException {
         
         RSAES es = new RSAES_PKCS1_v1_5();
         byte[] encd = es.encrypt(pub, msg);
+        es = new RSAES_PKCS1_v1_5();
         byte[] dec = es.decrypt(key, encd);
         assertArrayEquals(msg, dec);
         

Original file line number	Diff line number	Diff line change
`@@ -252,6 +252,8 @@ public byte[] doFinalEncrypt(byte[] src, int offset, int length) {`
`252`	`252`	`public byte[] doFinalDecrypt(byte[] src, int offset, int length) {`
`253`	`253`	`byte[] dec = decrypt(src, offset, length - 16);`
`254`	`254`	`byte[] t = tag();`
	`255`	`+// byte[] st = Arrays.copyOfRange(src, offset + length - 16, 16);`
	`256`	`+// if (!Arrays.equals(t, st)) {`
`255`	`257`	`if (!Arrays.equals(t, 0, 16, src, offset + length - 16, 16)) {`
`256`	`258`	`throw new IllegalStateException();`
`257`	`259`	`}`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ public void testSomeMethod() throws NoSuchAlgorithmException {`
`63`	`63`
`64`	`64`	`RSAES es = new RSAES_OAEP(new SHA1());`
`65`	`65`	`byte[] encd = es.encrypt(pub, msg);`
	`66`	`+ es = new RSAES_OAEP(new SHA1());`
`66`	`67`	`byte[] dec = es.decrypt(key, encd);`
`67`	`68`	`assertArrayEquals(msg, dec);`
`68`	`69`	`}`