Merge branch 'main' into ascon-update

Author: gefeili

core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java

@@ -365,6 +365,43 @@ public interface BCObjectIdentifiers
     /** 2.16.840.1.114027.80.8.1.13 OQS_OID_MLDSA87_ed448 */
     ASN1ObjectIdentifier mldsa87_ed448 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.8.1.13");
 
+    /** 2.16.840.1.114027.80.9.1.0 id-MLDSA44-RSA2048-PSS-SHA256 */
+    ASN1ObjectIdentifier id_MLDSA44_RSA2048_PSS_SHA256 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.0");
+    /** 2.16.840.1.114027.80.9.1.1 id-MLDSA44-RSA2048-PKCS15-SHA256 */
+    ASN1ObjectIdentifier id_MLDSA44_RSA2048_PKCS15_SHA256 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.1");
+    /** 2.16.840.1.114027.80.9.1.2 id-MLDSA44-Ed25519-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA44_Ed25519_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.2");
+    /** 2.16.840.1.114027.80.9.1.3 id-MLDSA44-ECDSA-P256-SHA256 */
+    ASN1ObjectIdentifier id_MLDSA44_ECDSA_P256_SHA256 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.3");
+    /** 2.16.840.1.114027.80.9.1.4 id-MLDSA65-RSA3072-PSS-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_RSA3072_PSS_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.4");
+    /** 2.16.840.1.114027.80.9.1.5 id-MLDSA65-RSA3072-PKCS15-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_RSA3072_PKCS15_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.5");
+    /** 2.16.840.1.114027.80.9.1.6 id-MLDSA65-RSA4096-PSS-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_RSA4096_PSS_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.6");
+    /** 2.16.840.1.114027.80.9.1.7 id-MLDSA65-RSA4096-PKCS15-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_RSA4096_PKCS15_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.7");
+    /** 2.16.840.1.114027.80.9.1.8 id-MLDSA65-ECDSA-P256-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_ECDSA_P256_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.8");
+    /** 2.16.840.1.114027.80.9.1.9 id-MLDSA65-ECDSA-P384-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_ECDSA_P384_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.9");
+    /** 2.16.840.1.114027.80.9.1.10 id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_ECDSA_brainpoolP256r1_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.10");
+    /** 2.16.840.1.114027.80.9.1.11 id-MLDSA65-Ed25519-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA65_Ed25519_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.11");
+    /** 2.16.840.1.114027.80.9.1.12 id-MLDSA87-ECDSA-P384-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA87_ECDSA_P384_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.12");
+    /** 2.16.840.1.114027.80.9.1.13 id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA87_ECDSA_brainpoolP384r1_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.13");
+    /** 2.16.840.1.114027.80.9.1.14 id-MLDSA87-Ed448-SHAKE256 */
+    ASN1ObjectIdentifier id_MLDSA87_Ed448_SHAKE256 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.14");
+    /** 2.16.840.1.114027.80.9.1.15 id-MLDSA87-RSA3072-PSS-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA87_RSA3072_PSS_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.15");
+    /** 2.16.840.1.114027.80.9.1.16 id-MLDSA87-RSA4096-PSS-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA87_RSA4096_PSS_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.16");
+    /** 2.16.840.1.114027.80.9.1.17 id-MLDSA87-ECDSA-P521-SHA512 */
+    ASN1ObjectIdentifier id_MLDSA87_ECDSA_P521_SHA512 = new ASN1ObjectIdentifier("2.16.840.1.114027.80.9.1.17");
+
     /*
      * Rainbow
      */

core/src/main/java/org/bouncycastle/asn1/gm/GMObjectIdentifiers.java

@@ -52,16 +52,16 @@ public interface GMObjectIdentifiers
      * <Information security technology — Cryptographic application identifier criterion specification>
      * <url>http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=252CF0F72A7BE339A56DEA7D774E8994</url>,
      * Page 21 only cover from 301.1 to 301.3
-     * */
-    ASN1ObjectIdentifier wapip192v1 =  sm_scheme.branch("301.101");
+     */
+    ASN1ObjectIdentifier wapip192v1 = sm_scheme.branch("301.101");
     /**
      * <WAPI certificate management—Part 5: Example of certificate format (draft)>
      * <url>http://www.chinabwips.org.cn/zqyjgs1.htm</url> and
      * <url>http://www.chinabwips.org.cn/doc/101.pdf</url>,
      * Page 9 and page 10 states the OID of ECDSA-192 algorithm based on SHA-256 is 1.2.156.11235.1.1.1
-     * */
-    ASN1ObjectIdentifier wapi192v1 =  new ASN1ObjectIdentifier("1.2.156.11235.1.1.1");
-    ASN1ObjectIdentifier wapi192v1_parameters =  new ASN1ObjectIdentifier("1.2.156.11235.1.1.2.1");
+     */
+    ASN1ObjectIdentifier wapi192v1 = new ASN1ObjectIdentifier("1.2.156.11235.1.1.1");
+    ASN1ObjectIdentifier wapi192v1_parameters = new ASN1ObjectIdentifier("1.2.156.11235.1.1.2.1");
 
     ASN1ObjectIdentifier sm2encrypt_recommendedParameters = sm2encrypt.branch("1");
     ASN1ObjectIdentifier sm2encrypt_specifiedParameters = sm2encrypt.branch("2");
@@ -71,8 +71,8 @@ public interface GMObjectIdentifiers
     ASN1ObjectIdentifier sm2encrypt_with_sha256 = sm2encrypt.branch("2.4");
     ASN1ObjectIdentifier sm2encrypt_with_sha384 = sm2encrypt.branch("2.5");
     ASN1ObjectIdentifier sm2encrypt_with_sha512 = sm2encrypt.branch("2.6");
-    ASN1ObjectIdentifier sm2encrypt_with_rmd160 =  sm2encrypt.branch("2.7");
-    ASN1ObjectIdentifier sm2encrypt_with_whirlpool =sm2encrypt.branch("2.8");
+    ASN1ObjectIdentifier sm2encrypt_with_rmd160 = sm2encrypt.branch("2.7");
+    ASN1ObjectIdentifier sm2encrypt_with_whirlpool = sm2encrypt.branch("2.8");
     ASN1ObjectIdentifier sm2encrypt_with_blake2b512 = sm2encrypt.branch("2.9");
     ASN1ObjectIdentifier sm2encrypt_with_blake2s256 = sm2encrypt.branch("2.10");
     ASN1ObjectIdentifier sm2encrypt_with_md5 = sm2encrypt.branch("2.11");

core/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.crypto;
 
-import org.bouncycastle.util.Arrays;
-
 /**
  * A wrapper class that allows block ciphers to be used to process data in
  * a piecemeal fashion. The BufferedBlockCipher outputs a block only when the
@@ -168,27 +166,26 @@ public int getOutputSize(
     /**
      * process a single byte, producing an output block if necessary.
      *
-     * @param in     the input byte.
-     * @param out    the space for any output that might be produced.
+     * @param in the input byte.
+     * @param out the space for any output that might be produced.
      * @param outOff the offset from which the output will be copied.
      * @return the number of output bytes copied to out.
-     * @throws DataLengthException   if there isn't enough space in out.
-     * @throws IllegalStateException if the cipher isn't initialised.
+     * @exception DataLengthException if there isn't enough space in out.
+     * @exception IllegalStateException if the cipher isn't initialised.
      */
     public int processByte(
-        byte in,
-        byte[] out,
-        int outOff)
+        byte        in,
+        byte[]      out,
+        int         outOff)
         throws DataLengthException, IllegalStateException
     {
-        int resultLen = 0;
+        int         resultLen = 0;
 
         buf[bufOff++] = in;
 
         if (bufOff == buf.length)
         {
-            resultLen = cipher.processBlock(buf, 0, out, outOff);
-            bufOff = 0;
+            resultLen = processBuffer(out, outOff);
         }
 
         return resultLen;
@@ -197,30 +194,30 @@ public int processByte(
     /**
      * process an array of bytes, producing output if necessary.
      *
-     * @param in     the input byte array.
-     * @param inOff  the offset at which the input data starts.
-     * @param len    the number of bytes to be copied out of the input array.
-     * @param out    the space for any output that might be produced.
+     * @param in the input byte array.
+     * @param inOff the offset at which the input data starts.
+     * @param len the number of bytes to be copied out of the input array.
+     * @param out the space for any output that might be produced.
      * @param outOff the offset from which the output will be copied.
      * @return the number of output bytes copied to out.
-     * @throws DataLengthException   if there isn't enough space in out.
-     * @throws IllegalStateException if the cipher isn't initialised.
+     * @exception DataLengthException if there isn't enough space in out.
+     * @exception IllegalStateException if the cipher isn't initialised.
      */
     public int processBytes(
-        byte[] in,
-        int inOff,
-        int len,
-        byte[] out,
-        int outOff)
+        byte[]      in,
+        int         inOff,
+        int         len,
+        byte[]      out,
+        int         outOff)
         throws DataLengthException, IllegalStateException
     {
         if (len < 0)
         {
             throw new IllegalArgumentException("Can't have a negative input length!");
         }
 
-        int blockSize = getBlockSize();
-        int length = getUpdateOutputSize(len);
+        int blockSize   = getBlockSize();
+        int length      = getUpdateOutputSize(len);
 
         if (length > 0)
         {
@@ -235,29 +232,35 @@ public int processBytes(
 
         if (len > gapLen)
         {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-            inOff += gapLen;
-            len -= gapLen;
-            if (in == out && Arrays.segmentsOverlap(inOff, len, outOff, length))
+            if (bufOff != 0)
+            {
+                System.arraycopy(in, inOff, buf, bufOff, gapLen);
+                inOff += gapLen;
+                len -= gapLen;
+            }
+
+            if (in == out)
             {
                 in = new byte[len];
                 System.arraycopy(out, inOff, in, 0, len);
                 inOff = 0;
             }
 
-            resultLen += cipher.processBlock(buf, 0, out, outOff);
-
-            bufOff = 0;
+            // if bufOff non-zero buffer must now be full
+            if (bufOff != 0)
+            {
+                resultLen += processBuffer(out, outOff);
+            }
 
             if (mbCipher != null)
             {
-                int blockCount = len / mbCipher.getMultiBlockSize();
+                int blockCount = (len / mbCipher.getMultiBlockSize()) * (mbCipher.getMultiBlockSize() / blockSize);
 
                 if (blockCount > 0)
                 {
                     resultLen += mbCipher.processBlocks(in, inOff, blockCount, out, outOff + resultLen);
 
-                    int processed = blockCount * mbCipher.getMultiBlockSize();
+                    int processed = blockCount * blockSize;
 
                     len -= processed;
                     inOff += processed;
@@ -281,13 +284,25 @@ public int processBytes(
 
         if (bufOff == buf.length)
         {
-            resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
-            bufOff = 0;
+            resultLen += processBuffer(out, outOff + resultLen);
         }
 
         return resultLen;
     }
 
+    private int processBuffer(byte[] out, int outOff)
+    {
+        bufOff = 0;
+        if (mbCipher != null)
+        {
+            return mbCipher.processBlocks(buf, 0, buf.length / mbCipher.getBlockSize(), out, outOff);
+        }
+        else
+        {
+            return cipher.processBlock(buf, 0, out, outOff);
+        }
+    }
+
     /**
      * Process the last block in the buffer.
      *
@@ -318,15 +333,26 @@ public int doFinal(
 
             if (bufOff != 0)
             {
-                if (!partialBlockOkay)
+                int index = 0;
+                if (mbCipher != null)
                 {
-                    throw new DataLengthException("data not block size aligned");
+                    int nBlocks = bufOff / mbCipher.getBlockSize();
+                    resultLen += mbCipher.processBlocks(buf, 0, nBlocks, out, outOff);
+                    index = nBlocks * mbCipher.getBlockSize();
                 }
 
-                cipher.processBlock(buf, 0, buf, 0);
-                resultLen = bufOff;
-                bufOff = 0;
-                System.arraycopy(buf, 0, out, outOff, resultLen);
+                if (bufOff != index)
+                {
+                    if (!partialBlockOkay)
+                    {
+                        throw new DataLengthException("data not block size aligned");
+                    }
+
+                    cipher.processBlock(buf, index, buf, index);
+                    System.arraycopy(buf, index, out, outOff + resultLen, bufOff - index);
+                    resultLen += bufOff - index;
+                    bufOff = 0;
+                }
             }
 
             return resultLen;