Fix RSA OAEP decryption in Android with non-power-of-two key lengths (#71696)

author Kevin Jones <kevin@vcsjones.com>

Wed, 13 Jul 2022 00:52:56 +0000 (20:52 -0400)

committer GitHub <noreply@github.com>

Wed, 13 Jul 2022 00:52:56 +0000 (17:52 -0700)
author Kevin Jones <kevin@vcsjones.com>
Wed, 13 Jul 2022 00:52:56 +0000 (20:52 -0400)
committer GitHub <noreply@github.com>
Wed, 13 Jul 2022 00:52:56 +0000 (17:52 -0700)
diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs b/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs

index afe27f535cd2606305235d69e13c76adc1b9d353..e7885d8456b4cf0390ea254f006128e27240ce12 100644 (file)
--- a/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs
@@ -217,7 +217,7 @@ namespace System.Security.Cryptography
  
                      if (rsaPaddingProcessor != null)
                      {
-                        return rsaPaddingProcessor.DepadOaep(paddingBuf, destination, out bytesWritten);
+                        return rsaPaddingProcessor.DepadOaep(paddingBuf.AsSpan(0, returnValue), destination, out bytesWritten);
                      }
                      else
                      {
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs

index 85fb5c7691a9e49267581de272b97c998310282f..e72d42e87d217485e73d57201e677aa4a10dfa8f 100644 (file)
--- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
@@ -1,6 +1,7 @@
  // Licensed to the .NET Foundation under one or more agreements.
  // The .NET Foundation licenses this file to you under the MIT license.
  
+using System.Collections.Generic;
  using Test.Cryptography;
  using Microsoft.DotNet.XUnitExtensions;
  using Xunit;
@@ -673,6 +674,23 @@ namespace System.Security.Cryptography.Rsa.Tests
              Assert.Equal(TestData.HelloBytes, output);
          }
  
+        [Theory]
+        [MemberData(nameof(OaepPaddingModes))]
+        public void NonPowerOfTwoKeySizeOaepRoundtrip(RSAEncryptionPadding oaepPaddingMode)
+        {
+            byte[] crypt;
+            byte[] output;
+
+            using (RSA rsa = RSAFactory.Create(3072))
+            {
+                crypt = Encrypt(rsa, TestData.HelloBytes, oaepPaddingMode);
+                output = Decrypt(rsa, crypt, oaepPaddingMode);
+            }
+
+            Assert.NotEqual(crypt, output);
+            Assert.Equal(TestData.HelloBytes, output);
+        }
+
          [Fact]
          public void NotSupportedValueMethods()
          {
@@ -682,5 +700,20 @@ namespace System.Security.Cryptography.Rsa.Tests
                  Assert.Throws<NotSupportedException>(() => rsa.EncryptValue(null));
              }
          }
+
+        public static IEnumerable<object[]> OaepPaddingModes
+        {
+            get
+            {
+                yield return new object[] { RSAEncryptionPadding.OaepSHA1 };
+
+                if (RSAFactory.SupportsSha2Oaep)
+                {
+                    yield return new object[] { RSAEncryptionPadding.OaepSHA256 };
+                    yield return new object[] { RSAEncryptionPadding.OaepSHA384 };
+                    yield return new object[] { RSAEncryptionPadding.OaepSHA512 };
+                }
+            }
+        }
      }
  }
author	Kevin Jones <kevin@vcsjones.com>
	Wed, 13 Jul 2022 00:52:56 +0000 (20:52 -0400)
committer	GitHub <noreply@github.com>
	Wed, 13 Jul 2022 00:52:56 +0000 (17:52 -0700)
src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs		patch \| blob \| history
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs		patch \| blob \| history