fix(handshake): Use RSA-PSS when signing nonces

Counterpart on the server: relaycorp/relaynet-gateway-android#65

src/main/kotlin/tech/relaycorp/poweb/handshake/NonceSigner.kt

@@ -4,6 +4,7 @@ import org.bouncycastle.cms.CMSProcessableByteArray
 import org.bouncycastle.cms.CMSSignedDataGenerator
 import org.bouncycastle.cms.CMSTypedData
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder
+import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.bouncycastle.operator.ContentSigner
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
 import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder
@@ -14,7 +15,8 @@ class NonceSigner(internal val certificate: Certificate, private val privateKey:
     fun sign(nonce: ByteArray): ByteArray {
         val signedDataGenerator = CMSSignedDataGenerator()
 
-        val signerBuilder = JcaContentSignerBuilder("SHA256withRSA")
+        val signerBuilder = JcaContentSignerBuilder("SHA256WITHRSAANDMGF1")
+            .setProvider(BC_PROVIDER)
         val contentSigner: ContentSigner = signerBuilder.build(privateKey)
         val signerInfoGenerator = JcaSignerInfoGeneratorBuilder(
                 JcaDigestCalculatorProviderBuilder()
@@ -30,4 +32,8 @@ class NonceSigner(internal val certificate: Certificate, private val privateKey:
         val cmsSignedData = signedDataGenerator.generate(plaintextCms, false)
         return cmsSignedData.encoded
     }
+
+    companion object {
+        val BC_PROVIDER = BouncyCastleProvider()
+    }
 }

src/test/kotlin/tech/relaycorp/poweb/handshake/NonceSignerTest.kt

@@ -6,6 +6,8 @@ import org.bouncycastle.asn1.ASN1Primitive
 import org.bouncycastle.asn1.DEROctetString
 import org.bouncycastle.asn1.cms.Attribute
 import org.bouncycastle.asn1.cms.ContentInfo
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
 import org.bouncycastle.cms.CMSSignedData
 import org.bouncycastle.util.CollectionStore
 import org.junit.jupiter.api.Nested
@@ -159,19 +161,31 @@ class NonceSignerTest {
         assertEquals(certificate.certificateHolder, attachedCerts[0])
     }
 
+    @Test
+    fun `Signature algorithm should be RSA-PSS`() {
+        val serialization = signer.sign(nonce)
+
+        val cmsSignedData = parseCmsSignedData(serialization)
+
+        val signerInfo = cmsSignedData.signerInfos.first()
+        assertEquals(PKCSObjectIdentifiers.id_RSASSA_PSS.id, signerInfo.encryptionAlgOID)
+    }
+
     @Test
     fun `SHA-256 should be used`() {
         val serialization = signer.sign(nonce)
 
         val cmsSignedData = parseCmsSignedData(serialization)
 
         assertEquals(1, cmsSignedData.digestAlgorithmIDs.size)
-        val sha256Oid = ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1")
-        assertEquals(sha256Oid, cmsSignedData.digestAlgorithmIDs.first().algorithm)
+        assertEquals(
+            NISTObjectIdentifiers.id_sha256,
+            cmsSignedData.digestAlgorithmIDs.first().algorithm
+        )
 
         val signerInfo = cmsSignedData.signerInfos.first()
 
-        assertEquals(sha256Oid, signerInfo.digestAlgorithmID.algorithm)
+        assertEquals(NISTObjectIdentifiers.id_sha256, signerInfo.digestAlgorithmID.algorithm)
     }
 
     @Test