Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

dghgit · dghgit · commit 8954c62d60fe · 2025-03-27T12:30:30.000+11:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java
@@ -81,12 +81,26 @@ public void reset()
 
     private void initState(byte[] z, int zOff, int zLen)
     {
-        p.set(7445901275803737603L, 4886737088792722364L, -1616759365661982283L, 3076320316797452470L, -8124743304765850554L);
-        p.x0 ^= ((long)zLen) << 3;
-        p.p(12);
-        update(z, zOff, zLen);
-        padAndAbsorb();
+//        p.set(0x0000080000cc0004L, 0L, 0L, 0L, 0L);
+//        p.p(12);
+
+        if (zLen == 0)
+        {
+//            p.p(12);
+//            padAndAbsorb();
+
+            p.set(0x500cccc894e3c9e8L, 0x5bed06f28f71248dL, 0x3b03a0f930afd512L, 0x112ef093aa5c698bL, 0x00c8356340a347f0L);
+        }
+        else
+        {
+            p.set(0x675527c2a0e8de03L, 0x43d12d7dc0377bbcL, 0xe9901dec426e81b5L, 0x2ab14907720780b6L, 0x8f3f1d02d432bc46L);
+
+            p.x0 ^= ((long)zLen) << 3;
+            p.p(12);
+            update(z, zOff, zLen);
+            padAndAbsorb();
+        }
+
         super.reset();
     }
 }
-
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconXofBase.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconXofBase.java
@@ -100,7 +100,7 @@ private void ensureNoAbsorbWhileSqueezing(boolean m_squeezing)
     {
         if (m_squeezing)
         {
-            throw new IllegalArgumentException("attempt to absorb while squeezing");
+            throw new IllegalStateException("attempt to absorb while squeezing");
         }
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/Grain128AEADEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/Grain128AEADEngine.java
@@ -239,43 +239,49 @@ protected void processBufferAAD(byte[] input, int inOff)
     @Override
     protected void processFinalAAD()
     {
+        // Encode(ad length) denotes the message length encoded in the DER format.
+        
         int len = aadOperator.getLen();
         byte[] input = ((StreamAADOperator)aadOperator).getBytes();
-        byte[] ader;
 
-        //encodeDer
+        // Need up to 5 bytes for the DER length as an 'int'
+        byte[] ader = new byte[5];
+
+        int pos;
         if (len < 128)
         {
-            ader = new byte[1];
-            ader[0] = (byte)len;
+            pos = ader.length - 1;
+            ader[pos] = (byte)len;
         }
         else
         {
-            // aderlen is the highest bit position divided by 8
-            int aderlen = len_length(len);
-            ader = new byte[1 + aderlen];
-            ader[0] = (byte)(0x80 | aderlen);
-            int tmp = len;
-            for (int i = 1; i < ader.length; ++i)
+            pos = ader.length;
+
+            int dl = len;
+            do
             {
-                ader[i] = (byte)tmp;
-                tmp >>>= 8;
+                ader[--pos] = (byte)dl;
+                dl >>>= 8;
             }
+            while (dl != 0);
+
+            int count = ader.length - pos;
+            ader[--pos] = (byte)(0x80 | count);
         }
 
-        absorbAadData(ader, ader.length);
-        absorbAadData(input, len);
+        absorbAadData(ader, pos, ader.length - pos);
+        absorbAadData(input, 0, len);
     }
 
-    private void absorbAadData(byte[] ader, int len)
+    private void absorbAadData(byte[] buf, int off, int len)
     {
         for (int i = 0; i < len; ++i)
         {
-            byte ader_i = ader[i];
+            byte b = buf[off + i];
             for (int j = 0; j < 8; ++j)
             {
                 shift();
-                updateInternalState((ader_i >> j) & 1);
+                updateInternalState((b >> j) & 1);
             }
         }
     }
@@ -319,21 +325,4 @@ protected void processBufferDecrypt(byte[] input, int inOff, byte[] output, int
             output[outOff + i] = cc;
         }
     }
-
-    private static int len_length(int v)
-    {
-        if ((v & 0xff) == v)
-        {
-            return 1;
-        }
-        if ((v & 0xffff) == v)
-        {
-            return 2;
-        }
-        if ((v & 0xffffff) == v)
-        {
-            return 3;
-        }
-        return 4;
-    }
 }
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java b/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java
@@ -70,10 +70,15 @@ public void performTest()
         testExceptionsEngine_ascon80pq();
 
         testExceptionsXof_AsconXof128();
-        testExceptionsXof_AsconCxof128();
+        testExceptionsXof_AsconCXof128();
         testExceptionsXof_AsconXof();
         testExceptionsXof_AsconXofA();
 
+        testOutputXof_AsconXof128();
+        testOutputXof_AsconCXof128();
+        testOutputXof_AsconXof();
+        testOutputXof_AsconXofA();
+
         testParametersDigest_AsconHash256();
         testParametersDigest_AsconHash();
         testParametersDigest_AsconHashA();
@@ -84,7 +89,7 @@ public void performTest()
         testParametersEngine_ascon80pq();
 
         testParametersXof_AsconXof128();
-        testParametersXof_AsconCxof128();
+        testParametersXof_AsconCXof128();
         testParametersXof_AsconXof();
         testParametersXof_AsconXofA();
 
@@ -331,7 +336,7 @@ public ExtendedDigest createDigest()
         });
     }
 
-    public void testExceptionsXof_AsconCxof128()
+    public void testExceptionsXof_AsconCXof128()
         throws Exception
     {
         implTestExceptionsXof(new CreateDigest()
@@ -344,6 +349,26 @@ public ExtendedDigest createDigest()
         });
     }
 
+    public void testOutputXof_AsconXof()
+    {
+        implTestOutputXof(new AsconXof(AsconXof.AsconParameters.AsconXof));
+    }
+
+    public void testOutputXof_AsconXofA()
+    {
+        implTestOutputXof(new AsconXof(AsconXof.AsconParameters.AsconXofA));
+    }
+
+    public void testOutputXof_AsconXof128()
+    {
+        implTestOutputXof(new AsconXof128());
+    }
+
+    public void testOutputXof_AsconCXof128()
+    {
+        implTestOutputXof(new AsconCXof128());
+    }
+
     public void testParametersDigest_AsconHash()
         throws Exception
     {
@@ -460,7 +485,7 @@ public ExtendedDigest createDigest()
         }, 32);
     }
 
-    public void testParametersXof_AsconCxof128()
+    public void testParametersXof_AsconCXof128()
         throws Exception
     {
         implTestParametersDigest(new CreateDigest()
@@ -1005,6 +1030,35 @@ private void implTestExceptionsXof(CreateDigest operator)
         }
     }
 
+    private void implTestOutputXof(Xof ascon)
+    {
+        Random random = new Random();
+
+        byte[] expected = new byte[64];
+        ascon.doFinal(expected, 0, expected.length);
+
+        byte[] output = new byte[64];
+        for (int i = 0; i < 64; ++i)
+        {
+            random.nextBytes(output);
+
+            int pos = 0;
+            while (pos <= output.length - 16)
+            {
+                int len = random.nextInt(17);
+                ascon.doOutput(output, pos, len);
+                pos += len;
+            }
+
+            ascon.doFinal(output, pos, output.length - pos);
+
+            if (!areEqual(expected, output))
+            {
+                fail("");
+            }
+        }
+    }
+
     private void implTestParametersDigest(CreateDigest operator, int digestSize)
     {
         ExtendedDigest ascon = operator.createDigest();
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/Grain128AEADTest.java b/core/src/test/java/org/bouncycastle/crypto/test/Grain128AEADTest.java
@@ -228,17 +228,8 @@ static void isEqualTo(
         }
     }
 
-//    public static void main(String[] args)
-//    {
-//        runTest(new AsconTest());
-//        runTest(new ElephantTest());
-//        runTest(new GiftCofbTest());
-//        runTest(new Grain128AEADTest());
-//        runTest(new ISAPTest());
-//        runTest(new PhotonBeetleTest());
-//        runTest(new RomulusTest());
-//        runTest(new SparkleTest());
-//        runTest(new XoodyakTest());
-//    }
+    public static void main(String[] args)
+    {
+        runTest(new Grain128AEADTest());
+    }
 }
-
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/SampleCredentials.java b/pkix/src/test/java/org/bouncycastle/cert/test/SampleCredentials.java
@@ -52,16 +52,16 @@ private static SampleCredentials load(String algorithm, String path, String name
             Reader reader = new InputStreamReader(input);
 
             PemReader pemReader = new PemReader(reader);
-            PemObject pemPub = expectPemObject(pemReader, "PRIVATE KEY");
-            PemObject pemPriv = expectPemObject(pemReader, "PUBLIC KEY");
+            PemObject pemPriv = expectPemObject(pemReader, "PRIVATE KEY");
+            PemObject pemPub = expectPemObject(pemReader, "PUBLIC KEY");
             PemObject pemCert = expectPemObject(pemReader, "CERTIFICATE");
             pemReader.close();
 
             KeyFactory kf = KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
             CertificateFactory cf = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
 
-            PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(pemPub.getContent()));
-            PublicKey publicKey = kf.generatePublic(new X509EncodedKeySpec(pemPriv.getContent()));
+            PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(pemPriv.getContent()));
+            PublicKey publicKey = kf.generatePublic(new X509EncodedKeySpec(pemPub .getContent()));
             KeyPair keyPair = new KeyPair(publicKey, privateKey);
 
             X509Certificate certificate = (X509Certificate)cf.generateCertificate(
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java
@@ -3522,14 +3522,33 @@ private static void implTestVerifySignedData(byte[] signedData, SampleCredential
     {
         CMSSignedData sd = new CMSSignedData(signedData);
 
-        assertTrue(sd.verifySignatures(new SignerInformationVerifierProvider()
+        // Verify using the certificate from the supplied credentials
+        SignerInformationVerifierProvider verifierProvider = new SignerInformationVerifierProvider()
         {
             public SignerInformationVerifier get(SignerId signerId)
                 throws OperatorCreationException
             {
                 return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(credentials.getCertificate());
             }
-        }));
+        };
+
+        // External signer verification
+        {
+            SignerInformationStore signers = sd.getSignerInfos();
+
+            Iterator it = signers.getSigners().iterator();
+            while (it.hasNext())
+            {
+                SignerInformation signer = (SignerInformation)it.next();
+
+                SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
+
+                assertTrue(signer.verify(verifier));
+            }
+        }
+
+        // Built-in signer verification
+        assertTrue(sd.verifySignatures(verifierProvider));
     }
 
     private static class TestCMSSignatureAlgorithmNameGenerator

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ private void ensureNoAbsorbWhileSqueezing(boolean m_squeezing)`
`100`	`100`	`{`
`101`	`101`	`if (m_squeezing)`
`102`	`102`	`{`
`103`		`- throw new IllegalArgumentException("attempt to absorb while squeezing");`
	`103`	`+ throw new IllegalStateException("attempt to absorb while squeezing");`
`104`	`104`	`}`
`105`	`105`	`}`
`106`	`106`	`}`
Original file line number	Diff line number	Diff line change
`@@ -239,43 +239,49 @@ protected void processBufferAAD(byte[] input, int inOff)`
`239`	`239`	`@Override`
`240`	`240`	`protected void processFinalAAD()`
`241`	`241`	`{`
	`242`	`+ // Encode(ad length) denotes the message length encoded in the DER format.`
	`243`	`+`
`242`	`244`	`int len = aadOperator.getLen();`
`243`	`245`	`byte[] input = ((StreamAADOperator)aadOperator).getBytes();`
`244`		`- byte[] ader;`
`245`	`246`
`246`		`- //encodeDer`
	`247`	`+ // Need up to 5 bytes for the DER length as an 'int'`
	`248`	`+ byte[] ader = new byte[5];`
	`249`	`+`
	`250`	`+ int pos;`
`247`	`251`	`if (len < 128)`
`248`	`252`	`{`
`249`		`- ader = new byte[1];`
`250`		`- ader[0] = (byte)len;`
	`253`	`+ pos = ader.length - 1;`
	`254`	`+ ader[pos] = (byte)len;`
`251`	`255`	`}`
`252`	`256`	`else`
`253`	`257`	`{`
`254`		`- // aderlen is the highest bit position divided by 8`
`255`		`- int aderlen = len_length(len);`
`256`		`- ader = new byte[1 + aderlen];`
`257`		`- ader[0] = (byte)(0x80 \| aderlen);`
`258`		`- int tmp = len;`
`259`		`- for (int i = 1; i < ader.length; ++i)`
	`258`	`+ pos = ader.length;`
	`259`	`+`
	`260`	`+ int dl = len;`
	`261`	`+ do`
`260`	`262`	`{`
`261`		`- ader[i] = (byte)tmp;`
`262`		`- tmp >>>= 8;`
	`263`	`+ ader[--pos] = (byte)dl;`
	`264`	`+ dl >>>= 8;`
`263`	`265`	`}`
	`266`	`+ while (dl != 0);`
	`267`	`+`
	`268`	`+ int count = ader.length - pos;`
	`269`	`+ ader[--pos] = (byte)(0x80 \| count);`
`264`	`270`	`}`
`265`	`271`
`266`		`- absorbAadData(ader, ader.length);`
`267`		`- absorbAadData(input, len);`
	`272`	`+ absorbAadData(ader, pos, ader.length - pos);`
	`273`	`+ absorbAadData(input, 0, len);`
`268`	`274`	`}`
`269`	`275`
`270`		`- private void absorbAadData(byte[] ader, int len)`
	`276`	`+ private void absorbAadData(byte[] buf, int off, int len)`
`271`	`277`	`{`
`272`	`278`	`for (int i = 0; i < len; ++i)`
`273`	`279`	`{`
`274`		`- byte ader_i = ader[i];`
	`280`	`+ byte b = buf[off + i];`
`275`	`281`	`for (int j = 0; j < 8; ++j)`
`276`	`282`	`{`
`277`	`283`	`shift();`
`278`		`- updateInternalState((ader_i >> j) & 1);`
	`284`	`+ updateInternalState((b >> j) & 1);`
`279`	`285`	`}`
`280`	`286`	`}`
`281`	`287`	`}`
`@@ -319,21 +325,4 @@ protected void processBufferDecrypt(byte[] input, int inOff, byte[] output, int`
`319`	`325`	`output[outOff + i] = cc;`
`320`	`326`	`}`
`321`	`327`	`}`
`322`		`-`
`323`		`- private static int len_length(int v)`
`324`		`- {`
`325`		`- if ((v & 0xff) == v)`
`326`		`- {`
`327`		`- return 1;`
`328`		`- }`
`329`		`- if ((v & 0xffff) == v)`
`330`		`- {`
`331`		`- return 2;`
`332`		`- }`
`333`		`- if ((v & 0xffffff) == v)`
`334`		`- {`
`335`		`- return 3;`
`336`		`- }`
`337`		`- return 4;`
`338`		`- }`
`339`	`328`	`}`