Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java

@@ -75,7 +75,7 @@ public static ASN1TaggedObject getInstance(ASN1TaggedObject taggedObject, int ta
         return ASN1Util.getExplicitBaseTagged(checkInstance(taggedObject, declaredExplicit), tagClass, tagNo);
     }
 
-    public static ASN1TaggedObject getOptional(ASN1Object element)
+    public static ASN1TaggedObject getOptional(ASN1Encodable element)
     {
         if (element == null)
         {
@@ -90,7 +90,7 @@ public static ASN1TaggedObject getOptional(ASN1Object element)
         return null;
     }
 
-    public static ASN1TaggedObject getOptional(ASN1Object element, int tagClass)
+    public static ASN1TaggedObject getOptional(ASN1Encodable element, int tagClass)
     {
         ASN1TaggedObject taggedObject = getOptional(element);
         if (taggedObject != null && taggedObject.hasTagClass(tagClass))
@@ -100,7 +100,7 @@ public static ASN1TaggedObject getOptional(ASN1Object element, int tagClass)
         return null;
     }
 
-    public static ASN1TaggedObject getOptional(ASN1Object element, int tagClass, int tagNo)
+    public static ASN1TaggedObject getOptional(ASN1Encodable element, int tagClass, int tagNo)
     {
         ASN1TaggedObject taggedObject = getOptional(element);
         if (taggedObject != null && taggedObject.hasTag(tagClass, tagNo))

core/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java

@@ -35,15 +35,13 @@
 public class AuthorityKeyIdentifier
     extends ASN1Object
 {
-    ASN1OctetString keyidentifier = null;
+    ASN1OctetString keyIdentifier = null;
     GeneralNames certissuer = null;
     ASN1Integer certserno = null;
 
-    public static AuthorityKeyIdentifier getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
+    public static AuthorityKeyIdentifier getInstance(ASN1TaggedObject obj, boolean explicit)
     {
-        return getInstance(ASN1Sequence.getInstance(obj, explicit));
+        return new AuthorityKeyIdentifier(ASN1Sequence.getInstance(obj, explicit));
     }
 
     public static AuthorityKeyIdentifier getInstance(
@@ -78,7 +76,7 @@ protected AuthorityKeyIdentifier(
             switch (o.getTagNo())
             {
             case 0:
-                this.keyidentifier = ASN1OctetString.getInstance(o, false);
+                this.keyIdentifier = ASN1OctetString.getInstance(o, false);
                 break;
             case 1:
                 this.certissuer = GeneralNames.getInstance(o, false);
@@ -128,7 +126,7 @@ public AuthorityKeyIdentifier(
         digest.update(bytes, 0, bytes.length);
         digest.doFinal(resBuf, 0);
 
-        this.keyidentifier = new DEROctetString(resBuf);
+        this.keyIdentifier = new DEROctetString(resBuf);
         this.certissuer = name;
         this.certserno = (serialNumber != null) ? new ASN1Integer(serialNumber) : null;
     }
@@ -162,21 +160,34 @@ public AuthorityKeyIdentifier(
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        this.keyidentifier = (keyIdentifier != null) ? new DEROctetString(Arrays.clone(keyIdentifier)) : null;
+        this.keyIdentifier = (keyIdentifier != null) ? new DEROctetString(Arrays.clone(keyIdentifier)) : null;
         this.certissuer = name;
         this.certserno = (serialNumber != null) ? new ASN1Integer(serialNumber) : null;
     }
-    
+
+    /**
+     * @deprecated Use {@link #getKeyIdentifierOctets()} instead. 
+     */
     public byte[] getKeyIdentifier()
     {
-        if (keyidentifier != null)
+        return getKeyIdentifierOctets();
+    }
+
+    public byte[] getKeyIdentifierOctets()
+    {
+        if (keyIdentifier != null)
         {
-            return keyidentifier.getOctets();
+            return keyIdentifier.getOctets();
         }
 
         return null;
     }
 
+    public ASN1OctetString getKeyIdentifierObject()
+    {
+        return keyIdentifier;
+    }
+
     public GeneralNames getAuthorityCertIssuer()
     {
         return certissuer;
@@ -199,9 +210,9 @@ public ASN1Primitive toASN1Primitive()
     {
         ASN1EncodableVector v = new ASN1EncodableVector(3);
 
-        if (keyidentifier != null)
+        if (keyIdentifier != null)
         {
-            v.add(new DERTaggedObject(false, 0, keyidentifier));
+            v.add(new DERTaggedObject(false, 0, keyIdentifier));
         }
 
         if (certissuer != null)
@@ -220,7 +231,7 @@ public ASN1Primitive toASN1Primitive()
     public String toString()
     {
         // -DM Hex.toHexString
-        String keyID = (keyidentifier != null) ? Hex.toHexString(keyidentifier.getOctets()) : "null";
+        String keyID = (keyIdentifier != null) ? Hex.toHexString(keyIdentifier.getOctets()) : "null";
 
         return "AuthorityKeyIdentifier: KeyID(" + keyID + ")";
     }

core/src/main/java/org/bouncycastle/crypto/agreement/ecjpake/ECJPAKEUtil.java

@@ -219,10 +219,10 @@ public static void validateZeroKnowledgeProof(
 
         ECPoint x_normalized = X.normalize();
         // 2. Check x and y coordinates are in Fq, i.e., x, y in [0, q-1]
-        if (x_normalized.getAffineXCoord().toBigInteger().compareTo(BigInteger.ZERO) == -1 ||
-            x_normalized.getAffineXCoord().toBigInteger().compareTo(q.subtract(BigInteger.ONE)) == 1 ||
-            x_normalized.getAffineYCoord().toBigInteger().compareTo(BigInteger.ZERO) == -1 ||
-            x_normalized.getAffineYCoord().toBigInteger().compareTo(q.subtract(BigInteger.ONE)) == 1)
+        if (x_normalized.getAffineXCoord().toBigInteger().signum() < 0 ||
+            x_normalized.getAffineXCoord().toBigInteger().compareTo(q) >= 0 ||
+            x_normalized.getAffineYCoord().toBigInteger().signum() < 0 ||
+            x_normalized.getAffineYCoord().toBigInteger().compareTo(q) >= 0)
         {
             throw new CryptoException("Zero-knowledge proof validation failed: x and y are not in the field");
         }

core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java

@@ -70,7 +70,7 @@ public JPAKEPrimeOrderGroup(BigInteger p, BigInteger q, BigInteger g)
             {
                 throw new IllegalArgumentException("p-1 must be evenly divisible by q");
             }
-            if (g.compareTo(BigInteger.valueOf(2)) == -1 || g.compareTo(p.subtract(JPAKEUtil.ONE)) == 1)
+            if (g.compareTo(BigInteger.valueOf(2)) < 0 || g.compareTo(p) >= 0)
             {
                 throw new IllegalArgumentException("g must be in [2, p-1]");
             }

core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java

@@ -252,15 +252,15 @@ public static void validateZeroKnowledgeProof(
         BigInteger r = zeroKnowledgeProof[1];
 
         BigInteger h = calculateHashForZeroKnowledgeProof(g, gv, gx, participantId, digest);
-        if (!(gx.compareTo(ZERO) == 1 && // g^x > 0
-            gx.compareTo(p) == -1 && // g^x < p
-            gx.modPow(q, p).compareTo(ONE) == 0 && // g^x^q mod q = 1
+        if (!(gx.signum() > 0 && // g^x > 0
+            gx.compareTo(p) < 0 && // g^x < p
+            gx.modPow(q, p).equals(ONE) && // g^x^q mod q = 1
                 /*
                  * Below, I took an straightforward way to compute g^r * g^x^h,
                  * which needs 2 exp. Using a simultaneous computation technique
                  * would only need 1 exp.
                  */
-            g.modPow(r, p).multiply(gx.modPow(h, p)).mod(p).compareTo(gv) == 0)) // g^v=g^r * g^x^h
+            g.modPow(r, p).multiply(gx.modPow(h, p)).mod(p).equals(gv))) // g^v=g^r * g^x^h
         {
             throw new CryptoException("Zero-knowledge proof validation failed");
         }

core/src/main/java/org/bouncycastle/crypto/generators/KDFCounterBytesGenerator.java

@@ -1,13 +1,12 @@
 package org.bouncycastle.crypto.generators;
 
-import java.math.BigInteger;
-
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.DerivationParameters;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.MacDerivationFunction;
 import org.bouncycastle.crypto.params.KDFCounterParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Integers;
 
 /**
  * This KDF has been defined by the publicly available NIST SP 800-108 specification.
@@ -39,10 +38,6 @@
 public class KDFCounterBytesGenerator
     implements MacDerivationFunction
 {
-
-    private static final BigInteger INTEGER_MAX = BigInteger.valueOf(Integer.MAX_VALUE);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
     // please refer to the standard for the meaning of the variable names
     // all field lengths are in bytes, not in bits as specified by the standard
 
@@ -92,9 +87,7 @@ public void init(DerivationParameters param)
         int r = kdfParams.getR();
         this.ios = new byte[r / 8];
 
-        BigInteger maxSize = TWO.pow(r).multiply(BigInteger.valueOf(h));
-        this.maxSizeExcl = maxSize.compareTo(INTEGER_MAX) == 1 ?
-            Integer.MAX_VALUE : maxSize.intValue();
+        this.maxSizeExcl = r >= Integers.numberOfLeadingZeros(h) ? Integer.MAX_VALUE : h << r;
 
         // --- set operational state ---
 

core/src/main/java/org/bouncycastle/crypto/generators/KDFDoublePipelineIterationBytesGenerator.java

@@ -1,24 +1,19 @@
 package org.bouncycastle.crypto.generators;
 
-import java.math.BigInteger;
-
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.DerivationParameters;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.MacDerivationFunction;
 import org.bouncycastle.crypto.params.KDFDoublePipelineIterationParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Integers;
 
 /**
  * This KDF has been defined by the publicly available NIST SP 800-108 specification.
  */
 public class KDFDoublePipelineIterationBytesGenerator
     implements MacDerivationFunction
 {
-
-    private static final BigInteger INTEGER_MAX = BigInteger.valueOf(Integer.MAX_VALUE);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
     // please refer to the standard for the meaning of the variable names
     // all field lengths are in bytes, not in bits as specified by the standard
 
@@ -71,9 +66,7 @@ public void init(DerivationParameters params)
         if (dpiParams.useCounter())
         {
             // this is more conservative than the spec
-            BigInteger maxSize = TWO.pow(r).multiply(BigInteger.valueOf(h));
-            this.maxSizeExcl = maxSize.compareTo(INTEGER_MAX) == 1 ?
-                Integer.MAX_VALUE : maxSize.intValue();
+            this.maxSizeExcl = r >= Integers.numberOfLeadingZeros(h) ? Integer.MAX_VALUE : h << r;
         }
         else
         {

core/src/main/java/org/bouncycastle/crypto/generators/KDFFeedbackBytesGenerator.java

@@ -1,24 +1,19 @@
 package org.bouncycastle.crypto.generators;
 
-import java.math.BigInteger;
-
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.DerivationParameters;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.MacDerivationFunction;
 import org.bouncycastle.crypto.params.KDFFeedbackParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Integers;
 
 /**
  * This KDF has been defined by the publicly available NIST SP 800-108 specification.
  */
 public class KDFFeedbackBytesGenerator
     implements MacDerivationFunction
 {
-
-    private static final BigInteger INTEGER_MAX = BigInteger.valueOf(Integer.MAX_VALUE);
-    private static final BigInteger TWO = BigInteger.valueOf(2);
-
     // please refer to the standard for the meaning of the variable names
     // all field lengths are in bytes, not in bits as specified by the standard
 
@@ -70,9 +65,7 @@ public void init(DerivationParameters params)
         if (feedbackParams.useCounter())
         {
             // this is more conservative than the spec
-            BigInteger maxSize = TWO.pow(r).multiply(BigInteger.valueOf(h));
-            this.maxSizeExcl = maxSize.compareTo(INTEGER_MAX) == 1 ?
-                Integer.MAX_VALUE : maxSize.intValue();
+            this.maxSizeExcl = r >= Integers.numberOfLeadingZeros(h) ? Integer.MAX_VALUE : h << r;
         }
         else
         {

core/src/main/java/org/bouncycastle/crypto/modes/CCMModeCipher.java

@@ -3,4 +3,10 @@
 public interface CCMModeCipher
     extends AEADBlockCipher
 {
+    // TODO Add these so that all usages of CCMBlockCipher can be replaced by CCMModeCipher
+//    byte[] processPacket(byte[] in, int inOff, int inLen)
+//        throws IllegalStateException, InvalidCipherTextException;
+//
+//    int processPacket(byte[] in, int inOff, int inLen, byte[] output, int outOff)
+//        throws IllegalStateException, InvalidCipherTextException, DataLengthException;
 }

core/src/main/java/org/bouncycastle/crypto/signers/SM2Signer.java

@@ -1,6 +1,7 @@
 package org.bouncycastle.crypto.signers;
 
 import java.math.BigInteger;
+import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.CryptoException;
@@ -92,35 +93,37 @@ public void init(boolean forSigning, CipherParameters param)
 
         if (forSigning)
         {
+            SecureRandom random = null;
             if (baseParam instanceof ParametersWithRandom)
             {
-                ParametersWithRandom rParam = (ParametersWithRandom)baseParam;
-
-                ecKey = (ECKeyParameters)rParam.getParameters();
-                ecParams = ecKey.getParameters();
-                kCalculator.init(ecParams.getN(), rParam.getRandom());
-            }
-            else
-            {
-                ecKey = (ECKeyParameters)baseParam;
-                ecParams = ecKey.getParameters();
-                kCalculator.init(ecParams.getN(), CryptoServicesRegistrar.getSecureRandom());
+                ParametersWithRandom withRandom = (ParametersWithRandom)baseParam;
+                baseParam = withRandom.getParameters();
+                random = withRandom.getRandom();
             }
 
-            BigInteger d = ((ECPrivateKeyParameters)ecKey).getD();
-            BigInteger nSub1 = ecParams.getN().subtract(BigIntegers.ONE);
+            ECPrivateKeyParameters ecPrivateKey = (ECPrivateKeyParameters)baseParam;
+
+            ecKey = ecPrivateKey;
+            ecParams = ecPrivateKey.getParameters();
 
-            if (d.compareTo(ONE) < 0  || d.compareTo(nSub1) >= 0)
+            BigInteger d = ecPrivateKey.getD();
+            BigInteger n = ecParams.getN();
+
+            if (d.compareTo(ONE) < 0  || d.compareTo(n.subtract(ONE)) >= 0)
             {
                 throw new IllegalArgumentException("SM2 private key out of range");
             }
+
+            kCalculator.init(n, CryptoServicesRegistrar.getSecureRandom(random));
             pubPoint = createBasePointMultiplier().multiply(ecParams.getG(), d).normalize();
         }
         else
         {
-            ecKey = (ECKeyParameters)baseParam;
-            ecParams = ecKey.getParameters();
-            pubPoint = ((ECPublicKeyParameters)ecKey).getQ();
+            ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters)baseParam;
+
+            ecKey = ecPublicKey;
+            ecParams = ecPublicKey.getParameters();
+            pubPoint = ecPublicKey.getQ();
         }
 
         CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("ECNR", ecKey, forSigning));