Merge branch 'main' into pqc-mayo

Author: gefeili

ant/jdk14.xml

@@ -196,8 +196,6 @@
                 <exclude name="**/TlsClientRawKeysTest.java"/>
             </fileset>
 
-            <fileset dir="tls/src/test/resources" includes="**/*.*"/>
-
             <fileset dir="core/src/test/" includes="**/*.properties"/>
             <fileset dir="prov/src/main/resources" includes="**/*.properties"/>
             <fileset dir="pkix/src/test/resources" includes="**/*.*"/>

ant/jdk15+.xml

@@ -43,7 +43,6 @@
             <fileset dir="tls/src/main/java" includes="**/*.java" />
             <fileset dir="tls/src/main/javadoc" includes="**/*.html" />
             <fileset dir="tls/src/test/java" includes="**/*.java" />
-            <fileset dir="tls/src/test/resources" includes="**/*.*" />
 
             <fileset dir="pkix/src/main/java" includes="**/*.java" />
             <fileset dir="pkix/src/main/javadoc" includes="**/*.html" />

ant/jdk18+.xml

@@ -43,7 +43,6 @@
             <fileset dir="tls/src/main/jdk1.5" includes="**/*.java" />
             <fileset dir="tls/src/main/javadoc" includes="**/*.html" />
             <fileset dir="tls/src/test/java" includes="**/*.java" />
-            <fileset dir="tls/src/test/resources" includes="**/*.*" />
 
             <fileset dir="pkix/src/main/java" includes="**/*.java" />
             <fileset dir="pkix/src/main/javadoc" includes="**/*.html" />

ci/check_java.sh

@@ -15,10 +15,12 @@ export JAVA_HOME=`openjdk_21`
 export PATH=$JAVA_HOME/bin:$PATH
 
 # Checkstyle
-./gradlew check -x test;
+./gradlew clean build check -x test;
 
 
 # OSGI scanner only, no testing
-./gradlew clean build -x test
 ./osgi_scan.sh
 
+
+# module tester
+./run_mtt.sh

core/src/main/java/org/bouncycastle/crypto/digests/ParallelHash.java

@@ -38,8 +38,8 @@ public class ParallelHash
      * Base constructor.
      *
      * @param bitLength security strength (bits) of the underlying SHAKE function, 128 or 256.
-     * @param S the customization string - available for local use.
-     * @param B the blocksize (in bytes) for hashing.
+     * @param S         the customization string - available for local use.
+     * @param B         the blocksize (in bytes) for hashing.
      */
     public ParallelHash(int bitLength, byte[] S, int B)
     {
@@ -50,12 +50,18 @@ public ParallelHash(int bitLength, byte[] S, int B, int outputSize)
     {
         this(bitLength, S, B, outputSize, CryptoServicePurpose.ANY);
     }
+
     public ParallelHash(int bitLength, byte[] S, int B, int outputSize, CryptoServicePurpose purpose)
     {
+        if (B <= 0)
+        {
+            throw new IllegalArgumentException("block size should be greater than 0");
+        }
         this.cshake = new CSHAKEDigest(bitLength, N_PARALLEL_HASH, S);
         this.compressor = new CSHAKEDigest(bitLength, new byte[0], new byte[0]);
         this.bitLength = bitLength;
         this.B = B;
+
         this.outputLength = (outputSize + 7) / 8;
         this.buffer = new byte[B];
         this.compressorBuffer = new byte[bitLength * 2 / 8];
@@ -112,7 +118,7 @@ public void update(byte in)
     public void update(byte[] in, int inOff, int len)
         throws DataLengthException, IllegalStateException
     {
-        len = Math.max(0,  len);
+        len = Math.max(0, len);
 
         //
         // fill the current word
@@ -198,7 +204,7 @@ public int doFinal(byte[] out, int outOff, int outLen)
         {
             wrapUp(outputLength);
         }
-        
+
         int rv = cshake.doFinal(out, outOff, outLen);
 
         reset();

core/src/test/java/org/bouncycastle/crypto/test/PKCS12Test.java

@@ -6,6 +6,7 @@
 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTestResult;
 import org.bouncycastle.util.test.Test;
@@ -22,26 +23,6 @@ public class PKCS12Test
     char[]  password1 = { 's', 'm', 'e', 'g' };
     char[]  password2 = { 'q', 'u', 'e', 'e', 'g' };
 
-    private boolean isEqual(
-        byte[]  a,
-        byte[]  b)
-    {
-        if (a.length != b.length)
-        {
-            return false;
-        }
-
-        for (int i = 0; i != a.length; i++)
-        {
-            if (a[i] != b[i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
     private TestResult run1(
         int     id,
         char[]  password,
@@ -59,7 +40,7 @@ private TestResult run1(
 
         CipherParameters  key = generator.generateDerivedParameters(24 * 8);
 
-        if (isEqual(result, ((KeyParameter)key).getKey()))
+        if (Arrays.areEqual(result, ((KeyParameter)key).getKey()))
         {
             return new SimpleTestResult(true, "PKCS12Test: Okay");
         }
@@ -87,7 +68,7 @@ private TestResult run2(
 
         ParametersWithIV params = (ParametersWithIV)generator.generateDerivedParameters(64, 64);
 
-        if (isEqual(result, params.getIV()))
+        if (Arrays.areEqual(result, params.getIV()))
         {
             return new SimpleTestResult(true, "PKCS12Test: Okay");
         }
@@ -115,7 +96,7 @@ private TestResult run3(
 
         CipherParameters  key = generator.generateDerivedMacParameters(160);
 
-        if (isEqual(result, ((KeyParameter)key).getKey()))
+        if (Arrays.areEqual(result, ((KeyParameter)key).getKey()))
         {
             return new SimpleTestResult(true, "PKCS12Test: Okay");
         }

core/src/test/java/org/bouncycastle/crypto/test/ParallelHashTest.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.crypto.test;
 
+
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.ParallelHash;
 import org.bouncycastle.util.Arrays;
@@ -23,6 +24,7 @@ public String getName()
     public void performTest()
         throws Exception
     {
+        testException();
         ParallelHash pHash = new ParallelHash(128, new byte[0], 8);
 
         byte[] data = Hex.decode("00 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27");
@@ -164,6 +166,19 @@ private void testClone()
         }
     }
 
+    private void testException()
+    {
+        testException("block size should be greater than 0", "IllegalArgumentException", new TestExceptionOperation()
+        {
+            @Override
+            public void operation()
+                throws Exception
+            {
+                Digest digest = new ParallelHash(128, null, 0);
+            }
+        });
+    }
+
     public static void main(
         String[] args)
     {

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java

@@ -69,10 +69,7 @@ public PGPSignatureSubpacketGenerator(PGPSignatureSubpacketVector sigSubV)
      */
     public void setRevocable(boolean isCritical, boolean isRevocable)
     {
-        if (contains(SignatureSubpacketTags.REVOCABLE))
-        {
-            throw new IllegalStateException("Revocable exists in the Signature Subpacket Generator");
-        }
+        removePacketsOfType(SignatureSubpacketTags.REVOCABLE);
         packets.add(new Revocable(isCritical, isRevocable));
     }
 
@@ -97,21 +94,19 @@ public void setExportable(boolean isExportable)
      */
     public void setExportable(boolean isCritical, boolean isExportable)
     {
-        if (contains(SignatureSubpacketTags.EXPORTABLE))
-        {
-            throw new IllegalStateException("Exportable Certification exists in the Signature Subpacket Generator");
-        }
+        removePacketsOfType(SignatureSubpacketTags.EXPORTABLE);
         packets.add(new Exportable(isCritical, isExportable));
     }
 
     /**
      * Specify the set of features of the key.
      *
      * @param isCritical true if should be treated as critical, false otherwise.
-     * @param feature    features
+     * @param feature    features bitmap
      */
     public void setFeature(boolean isCritical, byte feature)
     {
+        removePacketsOfType(SignatureSubpacketTags.FEATURES);
         packets.add(new Features(isCritical, feature));
     }
 
@@ -126,6 +121,7 @@ public void setFeature(boolean isCritical, byte feature)
      */
     public void setTrust(boolean isCritical, int depth, int trustAmount)
     {
+        removePacketsOfType(SignatureSubpacketTags.TRUST_SIG);
         packets.add(new TrustSignature(isCritical, depth, trustAmount));
     }
 
@@ -150,6 +146,7 @@ public void setKeyExpirationTime(long seconds)
      */
     public void setKeyExpirationTime(boolean isCritical, long seconds)
     {
+        removePacketsOfType(SignatureSubpacketTags.KEY_EXPIRE_TIME);
         packets.add(new KeyExpirationTime(isCritical, seconds));
     }
 
@@ -175,6 +172,7 @@ public void setSignatureExpirationTime(long seconds)
      */
     public void setSignatureExpirationTime(boolean isCritical, long seconds)
     {
+        removePacketsOfType(SignatureSubpacketTags.EXPIRE_TIME);
         packets.add(new SignatureExpirationTime(isCritical, seconds));
     }
 
@@ -200,6 +198,7 @@ public void setSignatureCreationTime(Date date)
      */
     public void setSignatureCreationTime(boolean isCritical, Date date)
     {
+        removePacketsOfType(SignatureSubpacketTags.CREATION_TIME);
         packets.add(new SignatureCreationTime(isCritical, date));
     }
 
@@ -212,6 +211,7 @@ public void setSignatureCreationTime(boolean isCritical, Date date)
      */
     public void setPreferredHashAlgorithms(boolean isCritical, int[] algorithms)
     {
+        removePacketsOfType(SignatureSubpacketTags.PREFERRED_HASH_ALGS);
         packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_HASH_ALGS, isCritical,
             algorithms));
     }
@@ -225,6 +225,7 @@ public void setPreferredHashAlgorithms(boolean isCritical, int[] algorithms)
      */
     public void setPreferredSymmetricAlgorithms(boolean isCritical, int[] algorithms)
     {
+        removePacketsOfType(SignatureSubpacketTags.PREFERRED_SYM_ALGS);
         packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_SYM_ALGS, isCritical,
             algorithms));
     }
@@ -238,6 +239,7 @@ public void setPreferredSymmetricAlgorithms(boolean isCritical, int[] algorithms
      */
     public void setPreferredCompressionAlgorithms(boolean isCritical, int[] algorithms)
     {
+        removePacketsOfType(SignatureSubpacketTags.PREFERRED_COMP_ALGS);
         packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_COMP_ALGS, isCritical,
             algorithms));
     }
@@ -254,6 +256,7 @@ public void setPreferredCompressionAlgorithms(boolean isCritical, int[] algorith
     @Deprecated
     public void setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms)
     {
+        removePacketsOfType(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);
         packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS, isCritical,
             algorithms));
     }
@@ -268,6 +271,7 @@ public void setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms)
      */
     public void setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms)
     {
+        removePacketsOfType(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);
         packets.add(new PreferredAEADCiphersuites(isCritical, algorithms));
     }
 
@@ -280,6 +284,7 @@ public void setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCipher
      */
     public void setPreferredAEADCiphersuites(PreferredAEADCiphersuites.Builder builder)
     {
+        removePacketsOfType(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);
         packets.add(builder.build());
     }
 
@@ -300,6 +305,7 @@ public void setPreferredAEADCiphersuites(PreferredAEADCiphersuites.Builder build
     @Deprecated
     public void setPreferredLibrePgpEncryptionModes(boolean isCritical, int[] algorithms)
     {
+        removePacketsOfType(SignatureSubpacketTags.LIBREPGP_PREFERRED_ENCRYPTION_MODES);
         packets.add(new LibrePGPPreferredEncryptionModes(isCritical, algorithms));
     }
 
@@ -309,8 +315,22 @@ public void setPreferredLibrePgpEncryptionModes(boolean isCritical, int[] algori
      *
      * @param isCritical true if the subpacket should be treated as critical
      * @param uri        key server URI
+     * @deprecated use {@link #addPreferredKeyServer(boolean, String)} instead.
      */
+    @Deprecated
     public void setPreferredKeyServer(boolean isCritical, String uri)
+    {
+        addPreferredKeyServer(isCritical, uri);
+    }
+
+    /**
+     * Specify a preferred key server for the signed user-id / key.
+     * Note, that the key server might also be a http/ftp etc. URI pointing to the key itself.
+     *
+     * @param isCritical true if the subpacket should be treated as critical
+     * @param uri        key server URI
+     */
+    public void addPreferredKeyServer(boolean isCritical, String uri)
     {
         packets.add(new PreferredKeyServer(isCritical, uri));
     }
@@ -341,6 +361,7 @@ public void setKeyFlags(int flags)
      */
     public void setKeyFlags(boolean isCritical, int flags)
     {
+        removePacketsOfType(SignatureSubpacketTags.KEY_FLAGS);
         packets.add(new KeyFlags(isCritical, flags));
     }
 
@@ -443,6 +464,7 @@ public void addEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature)
 
     public void setPrimaryUserID(boolean isCritical, boolean isPrimaryUserID)
     {
+        removePacketsOfType(SignatureSubpacketTags.PRIMARY_USER_ID);
         packets.add(new PrimaryUserID(isCritical, isPrimaryUserID));
     }
 
@@ -485,6 +507,7 @@ public void addNotationData(boolean isCritical, boolean isHumanReadable, String
      */
     public void setRevocationReason(boolean isCritical, byte reason, String description)
     {
+        removePacketsOfType(SignatureSubpacketTags.REVOCATION_REASON);
         packets.add(new RevocationReason(isCritical, reason, description));
     }
 
@@ -523,6 +546,7 @@ public void addRevocationKey(boolean isCritical, int keyAlgorithm, byte[] finger
      */
     public void setIssuerKeyID(boolean isCritical, long keyID)
     {
+        removePacketsOfType(SignatureSubpacketTags.ISSUER_KEY_ID);
         packets.add(new IssuerKeyID(isCritical, keyID));
     }
 
@@ -536,6 +560,7 @@ public void setIssuerKeyID(boolean isCritical, long keyID)
      */
     public void setSignatureTarget(boolean isCritical, int publicKeyAlgorithm, int hashAlgorithm, byte[] hashData)
     {
+        removePacketsOfType(SignatureSubpacketTags.SIGNATURE_TARGET);
         packets.add(new SignatureTarget(isCritical, publicKeyAlgorithm, hashAlgorithm, hashData));
     }
 
@@ -558,6 +583,7 @@ public void setIssuerFingerprint(boolean isCritical, PGPSecretKey secretKey)
      */
     public void setIssuerFingerprint(boolean isCritical, PGPPublicKey publicKey)
     {
+        removePacketsOfType(SignatureSubpacketTags.ISSUER_FINGERPRINT);
         packets.add(new IssuerFingerprint(isCritical, publicKey.getVersion(), publicKey.getFingerprint()));
     }