diff --git a/core/java/src/net/i2p/crypto/DSAEngine.java b/core/java/src/net/i2p/crypto/DSAEngine.java index 77f3d58177..156c8b2f67 100644 --- a/core/java/src/net/i2p/crypto/DSAEngine.java +++ b/core/java/src/net/i2p/crypto/DSAEngine.java @@ -633,6 +633,17 @@ private Signature altSign(byte[] data, int offset, int len, jsig.initSign(privKey, _context.random()); jsig.update(data, offset, len); sigbytes = jsig.sign(); + if (type.getBaseAlgorithm() == SigAlgo.RSA) { + // verify to prevent corrupted sig key factoring + // (RSA fault attack) https://eprint.iacr.org/2023/1711.pdf + SigningPrivateKey priv = SigUtil.fromJavaKey(privKey, type); + SigningPublicKey pub = priv.toPublic(); + PublicKey pubKey = SigUtil.toJavaKey(pub); + jsig.initVerify(pubKey); + jsig.update(data, offset, len); + if (!jsig.verify(sigbytes)) + throw new GeneralSecurityException("Verify of RSA Signature failed"); + } } return SigUtil.fromJavaSig(sigbytes, type); } @@ -681,6 +692,17 @@ private Signature altSignRaw(String algo, SimpleDataStructure hash, PrivateKey p jsig.initSign(privKey, _context.random()); jsig.update(hash.getData()); sigbytes = jsig.sign(); + if (type.getBaseAlgorithm() == SigAlgo.RSA) { + // verify to prevent corrupted sig key factoring + // (RSA fault attack) https://eprint.iacr.org/2023/1711.pdf + SigningPrivateKey priv = SigUtil.fromJavaKey(privKey, type); + SigningPublicKey pub = priv.toPublic(); + PublicKey pubKey = SigUtil.toJavaKey(pub); + jsig.initVerify(pubKey); + jsig.update(hash.getData()); + if (!jsig.verify(sigbytes)) + throw new GeneralSecurityException("Verify of RSA Signature failed"); + } } return SigUtil.fromJavaSig(sigbytes, type); }