Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.java

@@ -15,7 +15,7 @@ public class GOST3410NamedParameters
     static final Hashtable params = new Hashtable();
     static final Hashtable names = new Hashtable();
 
-    static private GOST3410ParamSetParameters cryptoProA = new GOST3410ParamSetParameters(
+    private static final GOST3410ParamSetParameters cryptoProA = new GOST3410ParamSetParameters(
             1024,
             new BigInteger("127021248288932417465907042777176443525787653508916535812817507265705031260985098497423188333483401180925999995120988934130659205614996724254121049274349357074920312769561451689224110579311248812610229678534638401693520013288995000362260684222750813532307004517341633685004541062586971416883686778842537820383"),
             new BigInteger("68363196144955700784444165611827252895102170888761442055095051287550314083023"),
@@ -32,7 +32,7 @@ public class GOST3410NamedParameters
 
            );
 
-    static private GOST3410ParamSetParameters cryptoProB = new GOST3410ParamSetParameters(
+    private static final GOST3410ParamSetParameters cryptoProB = new GOST3410ParamSetParameters(
             1024,
             new BigInteger("139454871199115825601409655107690713107041707059928031797758001454375765357722984094124368522288239833039114681648076688236921220737322672160740747771700911134550432053804647694904686120113087816240740184800477047157336662926249423571248823968542221753660143391485680840520336859458494803187341288580489525163"),
             new BigInteger("79885141663410976897627118935756323747307951916507639758300472692338873533959"),
@@ -53,7 +53,7 @@ public class GOST3410NamedParameters
 //}
          );
 
-    static private GOST3410ParamSetParameters cryptoProXchA = new GOST3410ParamSetParameters(
+    private static final GOST3410ParamSetParameters cryptoProXchA = new GOST3410ParamSetParameters(
     1024,
     new BigInteger("142011741597563481196368286022318089743276138395243738762872573441927459393512718973631166078467600360848946623567625795282774719212241929071046134208380636394084512691828894000571524625445295769349356752728956831541775441763139384457191755096847107846595662547942312293338483924514339614727760681880609734239"),
     new BigInteger("91771529896554605945588149018382750217296858393520724172743325725474374979801"),

core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java

@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.params;
 
+import org.bouncycastle.util.Arrays;
+
 public class DESParameters
     extends KeyParameter
 {
@@ -17,14 +19,14 @@ public DESParameters(
     /*
      * DES Key length in bytes.
      */
-    static public final int DES_KEY_LENGTH = 8;
+    public static final int DES_KEY_LENGTH = 8;
 
     /*
      * Table of weak and semi-weak keys taken from Schneier pp281
      */
-    static private final int N_DES_WEAK_KEYS = 16;
+    private static final int N_DES_WEAK_KEYS = 16;
 
-    static private byte[] DES_weak_keys =
+    private static byte[] DES_weak_keys =
     {
         /* weak keys */
         (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01, (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01,
@@ -58,27 +60,21 @@ public DESParameters(
      * @return true if the given DES key material is weak or semi-weak,
      *     false otherwise.
      */
-    public static boolean isWeakKey(
-        byte[] key,
-        int offset)
+    public static boolean isWeakKey(byte[] key, int offset)
     {
-        if (key.length - offset < DES_KEY_LENGTH)
+        if (offset > (key.length - DES_KEY_LENGTH))
         {
             throw new IllegalArgumentException("key material too short.");
         }
 
-        nextkey: for (int i = 0; i < N_DES_WEAK_KEYS; i++)
+        for (int i = 0; i < N_DES_WEAK_KEYS; i++)
         {
-            for (int j = 0; j < DES_KEY_LENGTH; j++)
+            if (Arrays.constantTimeAreEqual(DES_KEY_LENGTH, key, offset, DES_weak_keys, i * DES_KEY_LENGTH))
             {
-                if (key[j + offset] != DES_weak_keys[i * DES_KEY_LENGTH + j])
-                {
-                    continue nextkey;
-                }
+                return true;
             }
-
-            return true;
         }
+
         return false;
     }
 

core/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java

@@ -6,7 +6,7 @@ public class DESedeParameters
     /*
      * DES-EDE Key length in bytes.
      */
-    static public final int DES_EDE_KEY_LENGTH = 24;
+    public static final int DES_EDE_KEY_LENGTH = 24;
 
     public DESedeParameters(
         byte[]  key)

core/src/main/java/org/bouncycastle/crypto/signers/SM2Signer.java

@@ -2,6 +2,8 @@
 
 import java.math.BigInteger;
 import java.security.SecureRandom;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.CryptoException;
@@ -30,6 +32,8 @@
 public class SM2Signer
     implements Signer, ECConstants
 {
+    private static final Logger LOG = Logger.getLogger(SM2Signer.class.getName());
+
     private static final class State
     {
         static final int UNINITIALIZED  = 0;
@@ -160,6 +164,10 @@ public boolean verifySignature(byte[] signature)
         }
         catch (Exception e)
         {
+            if (LOG.isLoggable(Level.FINE))
+            {
+                LOG.log(Level.FINE, "SM2 signature verification failed due to exception", e);
+            }
         }
         finally
         {
@@ -248,12 +256,20 @@ private boolean verifySignature(BigInteger r, BigInteger s)
         // B1
         if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0)
         {
+            if (LOG.isLoggable(Level.FINE))
+            {
+                LOG.fine("SM2 signature verification failed: r out of range");
+            }
             return false;
         }
 
         // B2
         if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0)
         {
+            if (LOG.isLoggable(Level.FINE))
+            {
+                LOG.fine("SM2 signature verification failed: s out of range");
+            }
             return false;
         }
 
@@ -267,6 +283,10 @@ private boolean verifySignature(BigInteger r, BigInteger s)
         BigInteger t = r.add(s).mod(n);
         if (t.equals(ZERO))
         {
+            if (LOG.isLoggable(Level.FINE))
+            {
+                LOG.fine("SM2 signature verification failed: t equals zero");
+            }
             return false;
         }
 
@@ -275,6 +295,10 @@ private boolean verifySignature(BigInteger r, BigInteger s)
         ECPoint x1y1 = ECAlgorithms.sumOfTwoMultiplies(ecParams.getG(), s, q, t).normalize();
         if (x1y1.isInfinity())
         {
+            if (LOG.isLoggable(Level.FINE))
+            {
+                LOG.fine("SM2 signature verification failed: calculated point at infinity");
+            }
             return false;
         }
 

core/src/main/java/org/bouncycastle/crypto/signers/StandardDSAEncoding.java

@@ -16,17 +16,9 @@ public class StandardDSAEncoding
 {
     public static final StandardDSAEncoding INSTANCE = new StandardDSAEncoding();
 
-    public byte[] encode(BigInteger n, BigInteger r, BigInteger s) throws IOException
-    {
-        ASN1EncodableVector v = new ASN1EncodableVector();
-        encodeValue(n, v, r);
-        encodeValue(n, v, s);
-        return new DERSequence(v).getEncoded(ASN1Encoding.DER);
-    }
-
     public BigInteger[] decode(BigInteger n, byte[] encoding) throws IOException
     {
-        ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding);
+        ASN1Sequence seq = ASN1Sequence.getInstance(encoding);
         if (seq.size() == 2)
         {
             BigInteger r = decodeValue(n, seq, 0);
@@ -42,6 +34,14 @@ public BigInteger[] decode(BigInteger n, byte[] encoding) throws IOException
         throw new IllegalArgumentException("Malformed signature");
     }
 
+    public byte[] encode(BigInteger n, BigInteger r, BigInteger s) throws IOException
+    {
+        return new DERSequence(
+            encodeValue(n, r),
+            encodeValue(n, s)
+        ).getEncoded(ASN1Encoding.DER);
+    }
+
     protected BigInteger checkValue(BigInteger n, BigInteger x)
     {
         if (x.signum() < 0 || (null != n && x.compareTo(n) >= 0))
@@ -57,8 +57,8 @@ protected BigInteger decodeValue(BigInteger n, ASN1Sequence s, int pos)
         return checkValue(n, ((ASN1Integer)s.getObjectAt(pos)).getValue());
     }
 
-    protected void encodeValue(BigInteger n, ASN1EncodableVector v, BigInteger x)
+    protected ASN1Integer encodeValue(BigInteger n, BigInteger x)
     {
-        v.add(new ASN1Integer(checkValue(n, x)));
+        return new ASN1Integer(checkValue(n, x));
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/cmce/CMCEEngine.java

@@ -1049,7 +1049,7 @@ private static int ctz(long in)
     }
 
     /* Used in mov columns*/
-    static private long same_mask64(short x, short y)
+    private static long same_mask64(short x, short y)
     {
         long mask;
 

core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCEngine.java

@@ -30,9 +30,10 @@ class HQCEngine
     private final int pkSize;
     private final GF2PolynomialCalculator gf;
     private final long rejectionThreshold;
+    private final int cipherTextBytes;
 
-    public HQCEngine(int n, int n1, int n2, int k, int g, int delta, int w, int wr,
-                     int fft, int nmu, int pkSize, int[] generatorPoly)
+    HQCEngine(int n, int n1, int n2, int k, int g, int delta, int w, int wr, int fft, int nmu, int pkSize,
+        int[] generatorPoly)
     {
         this.n = n;
         this.k = k;
@@ -54,6 +55,12 @@ public HQCEngine(int n, int n1, int n2, int k, int g, int delta, int w, int wr,
         long RED_MASK = ((1L << (n & 63)) - 1);
         this.gf = new GF2PolynomialCalculator(N_BYTE_64, n, RED_MASK);
         this.rejectionThreshold = ((1L << 24) / n) * n;
+        this.cipherTextBytes = N_BYTE + N1N2_BYTE + 16;
+    }
+
+    int getCipherTextBytes()
+    {
+        return cipherTextBytes;
     }
 
     /**

core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCKEMExtractor.java

@@ -6,34 +6,32 @@
 public class HQCKEMExtractor
     implements EncapsulatedSecretExtractor
 {
-    private HQCEngine engine;
+    private final HQCPrivateKeyParameters privateKey;
+    private final HQCEngine engine;
 
-    private final HQCKeyParameters key;
-
-    public HQCKEMExtractor(HQCPrivateKeyParameters privParams)
+    public HQCKEMExtractor(HQCPrivateKeyParameters privateKey)
     {
-        this.key = privParams;
-        initCipher(key.getParameters());
-    }
+        if (privateKey == null)
+        {
+            throw new NullPointerException("'privateKey' cannot be null");
+        }
 
-    private void initCipher(HQCParameters param)
-    {
-        engine = param.getEngine();
+        this.privateKey = privateKey;
+        this.engine = privateKey.getParameters().getEngine();
     }
 
     public byte[] extractSecret(byte[] encapsulation)
     {
         byte[] session_key = new byte[64];
-        HQCPrivateKeyParameters secretKey = (HQCPrivateKeyParameters)key;
-        byte[] sk = secretKey.getPrivateKey();
+        byte[] sk = privateKey.getPrivateKey();
 
         engine.decaps(session_key, encapsulation, sk);
 
         return Arrays.copyOfRange(session_key, 0, 32);
     }
 
     public int getEncapsulationLength()
-    {         // Hash + salt
-        return key.getParameters().getN_BYTES() + key.getParameters().getN1N2_BYTES() + 16;
+    {
+        return engine.getCipherTextBytes();
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCKEMGenerator.java

@@ -2,6 +2,7 @@
 
 import java.security.SecureRandom;
 
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.EncapsulatedSecretGenerator;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
@@ -11,11 +12,11 @@
 public class HQCKEMGenerator
     implements EncapsulatedSecretGenerator
 {
-    private final SecureRandom sr;
+    private final SecureRandom random;
 
     public HQCKEMGenerator(SecureRandom random)
     {
-        this.sr = random;
+        this.random = CryptoServicesRegistrar.getSecureRandom(random);
     }
 
     public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recipientKey)
@@ -29,7 +30,7 @@ public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recip
         byte[] salt = new byte[key.getParameters().getSALT_SIZE_BYTES()];
         byte[] pk = key.getPublicKey();
 
-        engine.encaps(u, v, K, pk, salt, sr);
+        engine.encaps(u, v, K, pk, salt, random);
 
         byte[] cipherText = Arrays.concatenate(u, v, salt);
 

core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCParameters.java

@@ -31,18 +31,18 @@ public class HQCParameters
     final static int PARAM_M = 8;
     final static int GF_MUL_ORDER = 255;
 
-    private final HQCEngine hqcEngine;
+    private final HQCEngine engine;
 
-    private HQCParameters(String name, int n, int n1, int n2, int k, int g, int delta, int w, int wr,
-                          int fft, int nMu, int pkSize, int skSize, int[] generatorPoly)
+    private HQCParameters(String name, int n, int n1, int n2, int k, int g, int delta, int w, int wr, int fft, int nMu,
+        int pkSize, int skSize, int[] generatorPoly)
     {
         this.name = name;
         this.n = n;
         this.n1 = n1;
         this.n2 = n2;
         this.publicKeyBytes = pkSize;
         this.secretKeyBytes = skSize;
-        hqcEngine = new HQCEngine(n, n1, n2, k, g, delta, w, wr, fft, nMu, pkSize, generatorPoly);
+        this.engine = new HQCEngine(n, n1, n2, k, g, delta, w, wr, fft, nMu, pkSize, generatorPoly);
     }
 
     int getSHA512_BYTES()
@@ -67,7 +67,12 @@ int getN1N2_BYTES()
 
     HQCEngine getEngine()
     {
-        return hqcEngine;
+        return engine;
+    }
+
+    public int getEncapsulationLength()
+    {
+        return engine.getCipherTextBytes();
     }
 
     public int getSessionKeySize()