Merge remote-tracking branch 'refs/remotes/origin/master'

Author: dghgit

core/src/main/java/org/bouncycastle/crypto/digests/Blake2sDigest.java

@@ -27,6 +27,7 @@
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.ExtendedDigest;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
 
 /**
@@ -158,7 +159,7 @@ public Blake2sDigest(Blake2sDigest digest)
         this.keyLength = digest.keyLength;
         this.key = Arrays.clone(digest.key);
         this.digestLength = digest.digestLength;
-        this.internalState = Arrays.clone(internalState);
+        this.internalState = Arrays.clone(digest.internalState);
         this.chainValue = Arrays.clone(digest.chainValue);
         this.t0 = digest.t0;
         this.t1 = digest.t1;
@@ -285,41 +286,36 @@ private void init(byte[] salt, byte[] personalization, byte[] key)
 
         if (key != null && key.length > 0)
         {
-            if (key.length > 32)
+            keyLength = key.length;
+            if (keyLength > 32)
             {
-                throw new IllegalArgumentException(
-                    "Keys > 32 bytes are not supported");
+                throw new IllegalArgumentException("Keys > 32 bytes are not supported");
             }
-            this.key = new byte[key.length];
-            System.arraycopy(key, 0, this.key, 0, key.length);
-
-            keyLength = key.length;
-            System.arraycopy(key, 0, buffer, 0, key.length);
+            this.key = new byte[keyLength];
+            System.arraycopy(key, 0, this.key, 0, keyLength);
+            System.arraycopy(key, 0, buffer, 0, keyLength);
             bufferPos = BLOCK_LENGTH_BYTES; // zero padding
         }
 
         if (chainValue == null)
         {
             chainValue = new int[8];
 
-            chainValue[0] = blake2s_IV[0]
-                ^ (digestLength | (keyLength << 8) | ((fanout << 16) | (depth << 24)));
+            chainValue[0] = blake2s_IV[0] ^ (digestLength | (keyLength << 8) | ((fanout << 16) | (depth << 24)));
             chainValue[1] = blake2s_IV[1] ^ leafLength;
 
             int nofHi = (int)(nodeOffset >> 32);
             int nofLo = (int)nodeOffset;
             chainValue[2] = blake2s_IV[2] ^ nofLo;
-            chainValue[3] = blake2s_IV[3] ^ (nofHi |
-                (nodeDepth << 16) | (innerHashLength << 24));
+            chainValue[3] = blake2s_IV[3] ^ (nofHi | (nodeDepth << 16) | (innerHashLength << 24));
 
             chainValue[4] = blake2s_IV[4];
             chainValue[5] = blake2s_IV[5];
             if (salt != null)
             {
                 if (salt.length != 8)
                 {
-                    throw new IllegalArgumentException(
-                        "Salt length must be exactly 8 bytes");
+                    throw new IllegalArgumentException("Salt length must be exactly 8 bytes");
                 }
                 this.salt = new byte[8];
                 System.arraycopy(salt, 0, this.salt, 0, salt.length);
@@ -334,12 +330,10 @@ private void init(byte[] salt, byte[] personalization, byte[] key)
             {
                 if (personalization.length != 8)
                 {
-                    throw new IllegalArgumentException(
-                        "Personalization length must be exactly 8 bytes");
+                    throw new IllegalArgumentException("Personalization length must be exactly 8 bytes");
                 }
                 this.personalization = new byte[8];
-                System.arraycopy(personalization, 0, this.personalization, 0,
-                    personalization.length);
+                System.arraycopy(personalization, 0, this.personalization, 0, personalization.length);
 
                 chainValue[6] ^= Pack.littleEndianToInt(personalization, 0);
                 chainValue[7] ^= Pack.littleEndianToInt(personalization, 4);
@@ -542,18 +536,13 @@ private void compress(byte[] message, int messagePos)
     private void G(int m1, int m2, int posA, int posB, int posC, int posD)
     {
         internalState[posA] = internalState[posA] + internalState[posB] + m1;
-        internalState[posD] = rotr32(internalState[posD] ^ internalState[posA], 16);
+        internalState[posD] = Integers.rotateRight(internalState[posD] ^ internalState[posA], 16);
         internalState[posC] = internalState[posC] + internalState[posD];
-        internalState[posB] = rotr32(internalState[posB] ^ internalState[posC], 12);
+        internalState[posB] = Integers.rotateRight(internalState[posB] ^ internalState[posC], 12);
         internalState[posA] = internalState[posA] + internalState[posB] + m2;
-        internalState[posD] = rotr32(internalState[posD] ^ internalState[posA], 8);
+        internalState[posD] = Integers.rotateRight(internalState[posD] ^ internalState[posA], 8);
         internalState[posC] = internalState[posC] + internalState[posD];
-        internalState[posB] = rotr32(internalState[posB] ^ internalState[posC], 7);
-    }
-
-    private int rotr32(int x, int rot)
-    {
-        return x >>> rot | (x << (32 - rot));
+        internalState[posB] = Integers.rotateRight(internalState[posB] ^ internalState[posC], 7);
     }
 
     /**

core/src/main/java/org/bouncycastle/crypto/digests/Blake2xsDigest.java

@@ -9,7 +9,6 @@
  */
 
 import org.bouncycastle.crypto.CryptoServicePurpose;
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.Xof;
 import org.bouncycastle.util.Arrays;
 
@@ -87,7 +86,7 @@ public class Blake2xsDigest
      */
     public Blake2xsDigest()
     {
-        this(Blake2xsDigest.UNKNOWN_DIGEST_LENGTH, CryptoServicePurpose.ANY); //TODO: change this?
+        this(UNKNOWN_DIGEST_LENGTH, CryptoServicePurpose.ANY); //TODO: change this?
     }
 
     /**
@@ -125,7 +124,7 @@ public Blake2xsDigest(int digestBytes, byte[] key)
      */
     public Blake2xsDigest(int digestBytes, byte[] key, byte[] salt, byte[] personalization, CryptoServicePurpose purpose)
     {
-        if (digestBytes < 1 || digestBytes > Blake2xsDigest.UNKNOWN_DIGEST_LENGTH)
+        if (digestBytes < 1 || digestBytes > UNKNOWN_DIGEST_LENGTH)
         {
             throw new IllegalArgumentException(
                 "BLAKE2xs digest length must be between 1 and 2^16-1");
@@ -134,7 +133,7 @@ public Blake2xsDigest(int digestBytes, byte[] key, byte[] salt, byte[] personali
         digestLength = digestBytes;
         nodeOffset = computeNodeOffset();
         this.purpose = purpose;
-        hash = new Blake2sDigest(Blake2xsDigest.DIGEST_LENGTH, key, salt, personalization, nodeOffset, purpose);
+        hash = new Blake2sDigest(DIGEST_LENGTH, key, salt, personalization, nodeOffset, purpose);
     }
 
     public Blake2xsDigest(Blake2xsDigest digest)
@@ -189,7 +188,7 @@ public int getByteLength()
      */
     public long getUnknownMaxLength()
     {
-        return Blake2xsDigest.MAX_NUMBER_BLOCKS * Blake2xsDigest.DIGEST_LENGTH;
+        return MAX_NUMBER_BLOCKS * DIGEST_LENGTH;
     }
 
     /**
@@ -223,7 +222,7 @@ public void reset()
         hash.reset();
 
         h0 = null;
-        bufPos = Blake2xsDigest.DIGEST_LENGTH;
+        bufPos = DIGEST_LENGTH;
         digestPos = 0;
         blockPos = 0;
         nodeOffset = computeNodeOffset();
@@ -238,7 +237,7 @@ public void reset()
      */
     public int doFinal(byte[] out, int outOffset)
     {
-        return doFinal(out, outOffset, out.length);
+        return doFinal(out, outOffset, digestLength);
     }
 
     /**
@@ -275,7 +274,7 @@ public int doOutput(byte[] out, int outOff, int outLen)
             hash.doFinal(h0, 0);
         }
 
-        if (digestLength != Blake2xsDigest.UNKNOWN_DIGEST_LENGTH)
+        if (digestLength != UNKNOWN_DIGEST_LENGTH)
         {
             if (digestPos + outLen > digestLength)
             {
@@ -291,9 +290,9 @@ else if (blockPos << 5 >= getUnknownMaxLength())
 
         for (int i = 0; i < outLen; i++)
         {
-            if (bufPos >= Blake2xsDigest.DIGEST_LENGTH)
+            if (bufPos >= DIGEST_LENGTH)
             {
-                Blake2sDigest h = new Blake2sDigest(computeStepLength(), Blake2xsDigest.DIGEST_LENGTH, nodeOffset);
+                Blake2sDigest h = new Blake2sDigest(computeStepLength(), DIGEST_LENGTH, nodeOffset);
                 h.update(h0, 0, h0.length);
 
                 Arrays.fill(buf, (byte)0);
@@ -302,7 +301,7 @@ else if (blockPos << 5 >= getUnknownMaxLength())
                 nodeOffset++;
                 blockPos++;
             }
-            out[i] = buf[bufPos];
+            out[outOff + i] = buf[bufPos];
             bufPos++;
             digestPos++;
         }
@@ -314,12 +313,12 @@ else if (blockPos << 5 >= getUnknownMaxLength())
     // always the maximum.
     private int computeStepLength()
     {
-        if (digestLength == Blake2xsDigest.UNKNOWN_DIGEST_LENGTH)
+        if (digestLength == UNKNOWN_DIGEST_LENGTH)
         {
-            return Blake2xsDigest.DIGEST_LENGTH;
+            return DIGEST_LENGTH;
         }
 
-        return Math.min(Blake2xsDigest.DIGEST_LENGTH, digestLength - digestPos);
+        return Math.min(DIGEST_LENGTH, digestLength - digestPos);
     }
 
     private long computeNodeOffset()

core/src/test/java/org/bouncycastle/crypto/test/Blake2xsDigestTest.java

@@ -1,5 +1,8 @@
 package org.bouncycastle.crypto.test;
 
+import java.util.Arrays;
+import java.util.Random;
+
 import org.bouncycastle.crypto.digests.Blake2xsDigest;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
@@ -2579,38 +2582,44 @@ public String getName()
 
     private void testBlake2xsTestVectors()
     {
+        Random random = new Random();
+
         for (int i = 0; i != Blake2xsDigestTest.xofTestVectors.length; i++)
         {
             String[] vector = Blake2xsDigestTest.xofTestVectors[i];
             byte[] input = Hex.decode(vector[0]);
             byte[] key = Hex.decode(vector[1]);
+            byte[] expected = Hex.decode(vector[2]);
 
-            Blake2xsDigest h = new Blake2xsDigest(vector[2].length() / 2, key);
+            int digestSize = expected.length;
+            Blake2xsDigest h = new Blake2xsDigest(digestSize, key);
             h.update(input, 0, input.length);
 
-            byte[] out = new byte[vector[2].length() / 2];
-            h.doFinal(out, 0);
-            if (!areEqual(out, Hex.decode(vector[2])))
+            byte[] out = new byte[16 + digestSize];
+            int outOff = 1 + random.nextInt(16);
+            h.doFinal(out, outOff);
+            if (!areEqual(out, outOff, outOff + digestSize, expected, 0, digestSize))
             {
-                fail("BLAKE2xs mismatch on test vector ", vector[2], Hex.toHexString(out));
+                fail("BLAKE2xs mismatch on test vector ", vector[2], Hex.toHexString(out, outOff, digestSize));
             }
 
-            out = new byte[vector[2].length() / 2];
+            Arrays.fill(out, (byte)0);
+            outOff = 1 + random.nextInt(16);
+
             h.update(input, 0, input.length);
             Blake2xsDigest clone = new Blake2xsDigest(h);
 
-            h.doOutput(out, 0, out.length);
-            if (!areEqual(out, Hex.decode(vector[2])))
+            h.doOutput(out, outOff, digestSize);
+            if (!areEqual(out, outOff, outOff + digestSize, expected, 0, digestSize))
             {
-                fail("BLAKE2xs mismatch on test vector after a reset", vector[2], Hex.toHexString(out));
+                fail("BLAKE2xs mismatch on test vector after a reset", vector[2], Hex.toHexString(out, outOff, digestSize));
             }
 
-            byte[] outClone = new byte[out.length];
+            byte[] outClone = new byte[digestSize];
             clone.doFinal(outClone, 0, outClone.length);
-            if (!areEqual(out, outClone))
+            if (!areEqual(outClone, expected))
             {
-                fail("BLAKE2xs mismatch on test vector against a clone",
-                    vector[2], Hex.toHexString(outClone));
+                fail("BLAKE2xs mismatch on test vector against a clone", vector[2], Hex.toHexString(outClone));
             }
         }
     }

tls/src/test/java/org/bouncycastle/tls/test/MockRawKeysTlsClient.java

@@ -4,7 +4,6 @@
 import java.security.SecureRandom;
 import java.util.Vector;
 
-import junit.framework.TestCase;
 import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
 import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
 import org.bouncycastle.tls.Certificate;
@@ -23,16 +22,16 @@
 import org.bouncycastle.tls.TlsServerCertificate;
 import org.bouncycastle.tls.TlsUtils;
 import org.bouncycastle.tls.crypto.TlsCertificate;
-import org.bouncycastle.tls.crypto.TlsCrypto;
 import org.bouncycastle.tls.crypto.TlsCryptoParameters;
 import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsRawKeyCertificate;
 
+import junit.framework.TestCase;
+
 class MockRawKeysTlsClient
     extends DefaultTlsClient
 {
-
     private short serverCertType;
     private short clientCertType;
     private short[] offerServerCertTypes;
@@ -46,6 +45,7 @@ class MockRawKeysTlsClient
         throws Exception
     {
         super(new BcTlsCrypto(new SecureRandom()));
+
         this.serverCertType = serverCertType;
         this.clientCertType = clientCertType;
         this.offerServerCertTypes = offerServerCertTypes;
@@ -61,9 +61,9 @@ protected ProtocolVersion[] getSupportedVersions()
 
     protected int[] getSupportedCipherSuites()
     {
-        return ProtocolVersion.TLSv13.equals(tlsVersion) ?
-                new int[] {CipherSuite.TLS_AES_128_GCM_SHA256} :
-                new int[] {CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
+        return TlsUtils.isTLSv13(tlsVersion)
+            ?   new int[]{ CipherSuite.TLS_AES_128_GCM_SHA256 }
+            :   new int[]{ CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 };
     }
 
     protected short[] getAllowedClientCertificateTypes()
@@ -113,19 +113,13 @@ public TlsCredentials getClientCredentials(CertificateRequest certificateRequest
                                 SignatureAlgorithm.ed25519, "x509-client-ed25519.pem", "x509-client-key-ed25519.pem");
                         break;
                     case CertificateType.RawPublicKey:
-                        TlsCertificate rawKeyCert = new BcTlsRawKeyCertificate(
-                            (BcTlsCrypto)getCrypto(),
-                                SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(privateKey.generatePublicKey()));
-                        Certificate cert = new Certificate(
-                                CertificateType.RawPublicKey,
-                                TlsUtils.isTLSv13(context) ? TlsUtils.EMPTY_BYTES : null,
-                                new CertificateEntry[] {new CertificateEntry(rawKeyCert, null)});
-                        credentials = new BcDefaultTlsCredentialedSigner(
-                                new TlsCryptoParameters(context),
-                            (BcTlsCrypto)getCrypto(),
-                                privateKey,
-                                cert,
-                                SignatureAndHashAlgorithm.ed25519);
+                        TlsCertificate rawKeyCert = new BcTlsRawKeyCertificate((BcTlsCrypto)getCrypto(),
+                            SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(privateKey.generatePublicKey()));
+                        Certificate cert = new Certificate(CertificateType.RawPublicKey,
+                            TlsUtils.isTLSv13(context) ? TlsUtils.EMPTY_BYTES : null,
+                            new CertificateEntry[]{ new CertificateEntry(rawKeyCert, null) });
+                        credentials = new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(context),
+                            (BcTlsCrypto)getCrypto(), privateKey, cert, SignatureAndHashAlgorithm.ed25519);
                         break;
                     default:
                         throw new IllegalArgumentException("Only supports X509 and raw keys");
@@ -136,9 +130,4 @@ public TlsCredentials getClientCredentials(CertificateRequest certificateRequest
             }
         };
     }
-
-    public TlsCrypto getCrypto()
-    {
-        return super.getCrypto();
-    }
 }