moved spec classes to org.bouncycastle.jcajce.spec

removed HKDFParameterSpec in favor of Java 25 one
added support for extract only to HKDFSpi.

Author: dghgit

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/hkdf/HKDFParameterSpec.java

@@ -11,22 +11,26 @@
 import javax.crypto.KDFSpi;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.HKDFParameterSpec;
+
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.List;
 
 class HKDFSpi
-        extends KDFSpi
+    extends KDFSpi
 {
     protected HKDFBytesGenerator hkdf;
+
     public HKDFSpi(KDFParameters kdfParameters)
-            throws InvalidAlgorithmParameterException
+        throws InvalidAlgorithmParameterException
     {
         super(kdfParameters);
     }
 
     public HKDFSpi(KDFParameters kdfParameters, Digest digest)
-            throws InvalidAlgorithmParameterException
+        throws InvalidAlgorithmParameterException
     {
         super(kdfParameters);
         this.hkdf = new HKDFBytesGenerator(digest);
@@ -53,62 +57,101 @@ protected KDFParameters engineGetParameters()
 
     @Override
     protected SecretKey engineDeriveKey(String alg, AlgorithmParameterSpec derivationSpec)
-            throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
+        throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
     {
         byte[] derivedKey = engineDeriveData(derivationSpec);
 
         return new SecretKeySpec(derivedKey, alg);
     }
+
     @Override
     protected byte[] engineDeriveData(AlgorithmParameterSpec derivationSpec)
-            throws InvalidAlgorithmParameterException
+        throws InvalidAlgorithmParameterException
     {
-        if (derivationSpec == null || !(derivationSpec instanceof HKDFParameters))
+        if (derivationSpec == null || !(derivationSpec instanceof HKDFParameterSpec))
         {
-            throw new InvalidAlgorithmParameterException("Invalid AlgorithmParameterSpec provided");
+            throw new InvalidAlgorithmParameterException("invalid AlgorithmParameterSpec provided");
         }
 
-        HKDFParameters hkdfParameters = (HKDFParameters) derivationSpec;
-        int derivedDataLength = hkdfParameters.getIKM().length;
+        // TODO: deal with the multi ikm/salt thing
+        HKDFParameters hkdfParameters = null;
+        int derivedDataLength = 0;
+        if (derivationSpec instanceof HKDFParameterSpec.ExtractThenExpand)
+        {
+            HKDFParameterSpec.ExtractThenExpand spec = (HKDFParameterSpec.ExtractThenExpand)derivationSpec;
+
+            List<SecretKey> ikms = spec.ikms();
+            List<SecretKey> salts = spec.salts();
+
+            hkdfParameters = new HKDFParameters(ikms.get(0).getEncoded(), salts.get(0).getEncoded(), spec.info());
+            derivedDataLength = spec.length();
 
-        hkdf.init(hkdfParameters);
+            hkdf.init(hkdfParameters);
 
-        byte[] derivedData = new byte[derivedDataLength];
-        hkdf.generateBytes(derivedData, 0, derivedDataLength);
+            byte[] derivedData = new byte[derivedDataLength];
+            hkdf.generateBytes(derivedData, 0, derivedDataLength);
 
-        return derivedData;
+            return derivedData;
+        }
+        else if (derivationSpec instanceof HKDFParameterSpec.Extract)
+        {
+            HKDFParameterSpec.Extract spec = (HKDFParameterSpec.Extract)derivationSpec;
+
+            List<SecretKey> ikms = spec.ikms();
+            List<SecretKey> salts = spec.salts();
+
+            return hkdf.extractPRK(salts.get(0).getEncoded(), ikms.get(0).getEncoded());
+        }
+        else
+        {
+            throw new InvalidAlgorithmParameterException("invalid HKDFParameterSpec provided");
+        }
     }
 
-    public static class HKDFwithSHA256 extends HKDFSpi
+    public static class HKDFwithSHA256
+        extends HKDFSpi
     {
-        public HKDFwithSHA256() throws InvalidAlgorithmParameterException
+        public HKDFwithSHA256()
+            throws InvalidAlgorithmParameterException
         {
             super(null, new SHA256Digest());
         }
-        public HKDFwithSHA256(KDFParameters kdfParameters) throws InvalidAlgorithmParameterException
+
+        public HKDFwithSHA256(KDFParameters kdfParameters)
+            throws InvalidAlgorithmParameterException
         {
             super(kdfParameters, new SHA256Digest());
         }
     }
-    public static class HKDFwithSHA384 extends HKDFSpi
+
+    public static class HKDFwithSHA384
+        extends HKDFSpi
     {
-        public HKDFwithSHA384() throws InvalidAlgorithmParameterException
+        public HKDFwithSHA384()
+            throws InvalidAlgorithmParameterException
         {
             super(null, new SHA384Digest());
         }
-        public HKDFwithSHA384(KDFParameters kdfParameters) throws InvalidAlgorithmParameterException
+
+        public HKDFwithSHA384(KDFParameters kdfParameters)
+            throws InvalidAlgorithmParameterException
         {
             super(kdfParameters, new SHA384Digest());
         }
     }
-    public static class HKDFwithSHA512 extends HKDFSpi
+
+    public static class HKDFwithSHA512
+        extends HKDFSpi
     {
 
-        public HKDFwithSHA512() throws InvalidAlgorithmParameterException
+        public HKDFwithSHA512()
+            throws InvalidAlgorithmParameterException
         {
             super(null, new SHA512Digest());
         }
-        public HKDFwithSHA512(KDFParameters kdfParameters) throws InvalidAlgorithmParameterException
+
+        public HKDFwithSHA512(KDFParameters kdfParameters)
+            throws InvalidAlgorithmParameterException
         {
             super(kdfParameters, new SHA512Digest());
         }

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/hkdf/HKDFSpi.java

@@ -11,6 +11,7 @@
 import org.bouncycastle.crypto.digests.SM3Digest;
 import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.jcajce.spec.PBEPBKDF2ParameterSpec;
 import org.bouncycastle.util.Arrays;
 
 import javax.crypto.KDFParameters;

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/pbepbkdf2/PBEPBKDF2Spi.java

@@ -3,6 +3,7 @@
 import org.bouncycastle.crypto.PasswordConverter;
 import org.bouncycastle.crypto.generators.SCrypt;
 import org.bouncycastle.jcajce.spec.ScryptKeySpec;
+import org.bouncycastle.jcajce.spec.ScryptParameterSpec;
 import org.bouncycastle.util.Arrays;
 
 import javax.crypto.KDFParameters;
@@ -44,7 +45,7 @@ protected SecretKey engineDeriveKey(String alg, AlgorithmParameterSpec derivatio
     protected byte[] engineDeriveData(AlgorithmParameterSpec derivationSpec)
             throws InvalidAlgorithmParameterException
     {
-        if (!(derivationSpec instanceof SCryptParameterSpec))
+        if (!(derivationSpec instanceof ScryptParameterSpec))
         {
             throw new InvalidAlgorithmParameterException(
                     "SCrypt requires an SCryptParameterSpec as derivation parameters");

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/scrypt/SCryptSpi.java

@@ -1,4 +1,4 @@
-package org.bouncycastle.jcajce.provider.kdf.pbepbkdf2;
+package org.bouncycastle.jcajce.spec;
 
 import javax.crypto.spec.PBEKeySpec;
 import java.security.spec.AlgorithmParameterSpec;

…df/pbepbkdf2/PBEPBKDF2ParameterSpec.java …/jcajce/spec/PBEPBKDF2ParameterSpec.javaprov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/pbepbkdf2/PBEPBKDF2ParameterSpec.java renamed to prov/src/main/jdk25/org/bouncycastle/jcajce/spec/PBEPBKDF2ParameterSpec.java prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/pbepbkdf2/PBEPBKDF2ParameterSpec.java renamed to prov/src/main/jdk25/org/bouncycastle/jcajce/spec/PBEPBKDF2ParameterSpec.java

@@ -1,14 +1,14 @@
-package org.bouncycastle.jcajce.provider.kdf.scrypt;
+package org.bouncycastle.jcajce.spec;
 
 import org.bouncycastle.jcajce.spec.ScryptKeySpec;
 
 import java.security.spec.AlgorithmParameterSpec;
 
-public class SCryptParameterSpec
+public class ScryptParameterSpec
     extends ScryptKeySpec
     implements AlgorithmParameterSpec
 {
-    public SCryptParameterSpec(char[] password, byte[] salt, int costParameter, int blockSize, int parallelizationParameter, int keySize)
+    public ScryptParameterSpec(char[] password, byte[] salt, int costParameter, int blockSize, int parallelizationParameter, int keySize)
     {
         super(password, salt, costParameter, blockSize, parallelizationParameter, keySize);
     }

…ider/kdf/scrypt/SCryptParameterSpec.java …tle/jcajce/spec/ScryptParameterSpec.javaprov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/scrypt/SCryptParameterSpec.java renamed to prov/src/main/jdk25/org/bouncycastle/jcajce/spec/ScryptParameterSpec.java prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/scrypt/SCryptParameterSpec.java renamed to prov/src/main/jdk25/org/bouncycastle/jcajce/spec/ScryptParameterSpec.java

@@ -18,7 +18,7 @@ public static Test suite()
         TestSuite suite = new TestSuite("JDK25 Provider Tests");
         suite.addTestSuite(HKDFTest.class);
         suite.addTestSuite(PBEPBKDF2Test.class);
-        suite.addTestSuite(SCryptTest.class);
+        suite.addTestSuite(ScryptTest.class);
         return suite;
     }
 }

prov/src/test/jdk25/org/bouncycastle/jcajce/provider/kdf/test/AllTests25.java

@@ -4,7 +4,7 @@
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.jcajce.provider.kdf.hkdf.HKDFParameterSpec;
+import javax.crypto.spec.HKDFParameterSpec;
 
 import javax.crypto.KDF;
 
@@ -35,15 +35,29 @@ public void testKDF()
         byte[] info = Hex.decode("301b0609608648016503040106300e040c5c79058ba2f43447639d29e2");
         byte[] okm = Hex.decode("2124ffb29fac4e0fbbc7d5d87492bff3");
         byte[] genOkm;
-        HKDFParameterSpec hkdfParams = new HKDFParameterSpec(ikm, salt, info);
+        HKDFParameterSpec.ExtractThenExpand hkdfParams1 = HKDFParameterSpec.ofExtract().addIKM(ikm)
+                                                                          .addSalt(salt).thenExpand(info, okm.length);
 
-        genOkm = kdfHkdf.deriveData(hkdfParams);
+        genOkm = kdfHkdf.deriveData(hkdfParams1);
 
         if (!areEqual(genOkm, okm))
         {
             fail("HKDF failed generator test");
         }
 
+        // Extract Only
+        ikm = Hex.decode("c702e7d0a9e064b09ba55245fb733cf3");
+        salt = Strings.toByteArray("The Cryptographic Message Syntax");
+        okm = Hex.decode("4d757351dc7a354f041aacd288c8957e341ac8903ba8b4debde8e856f1b58e31");
+
+        HKDFParameterSpec.Extract hkdfParams2 = HKDFParameterSpec.ofExtract().addIKM(ikm).addSalt(salt).extractOnly();
+
+        genOkm = kdfHkdf.deriveData(hkdfParams2);
+
+        if (!areEqual(genOkm, okm))
+        {
+            fail("HKDF failed generator test");
+        }
         //TODO: make test for derived keys
 //        kdfHkdf.deriveKey("AES", hkdfParams);
 

prov/src/test/jdk25/org/bouncycastle/jcajce/provider/kdf/test/HKDFTest.java

@@ -1,7 +1,7 @@
 package org.bouncycastle.jcajce.provider.kdf.test;
 
 import junit.framework.TestCase;
-import org.bouncycastle.jcajce.provider.kdf.pbepbkdf2.PBEPBKDF2ParameterSpec;
+import org.bouncycastle.jcajce.spec.PBEPBKDF2ParameterSpec;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.encoders.Hex;
 

prov/src/test/jdk25/org/bouncycastle/jcajce/provider/kdf/test/PBEPBKDF2Test.java

@@ -1,7 +1,7 @@
 package org.bouncycastle.jcajce.provider.kdf.test;
 
 import junit.framework.TestCase;
-import org.bouncycastle.jcajce.provider.kdf.scrypt.SCryptParameterSpec;
+import org.bouncycastle.jcajce.spec.ScryptParameterSpec;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
@@ -11,7 +11,7 @@
 
 import static org.bouncycastle.util.Arrays.areEqual;
 
-public class SCryptTest
+public class ScryptTest
         extends TestCase
 {
     public void setUp()
@@ -26,10 +26,10 @@ public void testKDF()
             throws Exception
     {
         setUp();
-        KDF kdf = KDF.getInstance("SCrypt", "BC");
+        KDF kdf = KDF.getInstance("Scrypt", "BC");
 
         byte[] expected = Hex.decode("77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906");
-        SCryptParameterSpec spec = new SCryptParameterSpec(
+        ScryptParameterSpec spec = new ScryptParameterSpec(
                 "".toCharArray(),
                 Strings.toByteArray(""),
                 16,
@@ -43,7 +43,7 @@ public void testKDF()
         }
 
         expected = Hex.decode("fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640");
-        spec = new SCryptParameterSpec(
+        spec = new ScryptParameterSpec(
                 "password".toCharArray(),
                 Strings.toByteArray("NaCl"),
                 1024,
@@ -57,7 +57,7 @@ public void testKDF()
         }
 
         expected = Hex.decode("7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887");
-        spec = new SCryptParameterSpec(
+        spec = new ScryptParameterSpec(
                 "pleaseletmein".toCharArray(),
                 Strings.toByteArray("SodiumChloride"),
                 16384,
@@ -71,7 +71,7 @@ public void testKDF()
         }
 
         expected = Hex.decode("2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4");
-        spec = new SCryptParameterSpec(
+        spec = new ScryptParameterSpec(
                 "pleaseletmein".toCharArray(),
                 Strings.toByteArray("SodiumChloride"),
                 1048576,