Merge branch 'main' into java-25-kdf

royb · royb · commit 91ed2b02c39b · 2025-11-22T02:00:05.000-05:00
# Conflicts:
#	tls/build.gradle
diff --git a/bc-build.properties b/bc-build.properties
@@ -3,9 +3,9 @@
 # intended to hold user-specific settings that are *not* committed to 
 # the repository.
 
-release.suffix: 1.82
-release.name: 1.82
-release.version: 1.82
+release.suffix: 1.83
+release.name: 1.83
+release.version: 1.83
 release.debug: false
 
 mail.jar.home: ./libs/javax.mail-1.4.7.jar
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java b/core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java
@@ -246,6 +246,13 @@ else if (mlkemKey instanceof ASN1Sequence)
 
                 // TODO This should only allow seed but is length-flexible
                 MLKEMPrivateKeyParameters mlkemPriv = new MLKEMPrivateKeyParameters(mlkemParams, seed, pubParams);
+
+                /*
+                 * RFC 9881 8.2. When receiving a private key that contains both the seed and the expandedKey, the
+                 * recipient SHOULD perform a seed consistency check to ensure that the sender properly generated
+                 * the private key. [..] If the check is done and the seed and the expandedKey are not consistent,
+                 * the recipient MUST reject the private key as malformed.
+                 */
                 if (!Arrays.constantTimeAreEqual(mlkemPriv.getEncoded(), encoding))
                 {
                     throw new IllegalArgumentException("inconsistent " + mlkemParams.getName() + " private key");
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java
@@ -24,6 +24,7 @@
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x500.X500Name;
@@ -848,8 +849,8 @@ public void checkCreation3()
          try
          {
              ContentSigner sigGen = new BcECContentSignerBuilder(
-                 new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA1),
-                 new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)).build(privKey);
+                 new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA256),
+                 new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(privKey);
              BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubKey);
 
              X509CertificateHolder cert = certGen.build(sigGen);
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java
@@ -116,6 +116,7 @@
 import org.bouncycastle.jce.spec.ECPublicKeySpec;
 import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.operator.BufferingContentSigner;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.ContentVerifierProvider;
 import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
@@ -2905,8 +2906,14 @@ public void checkCRLCompositeCreation()
         //
         // create the certificate - version 3
         //
-        CompositePublicKey compPub = new CompositePublicKey(IANAObjectIdentifiers.id_MLDSA65_ECDSA_P256_SHA512, mlDsaKp.getPublic(), ecPub);
-        CompositePrivateKey compPrivKey = new CompositePrivateKey(IANAObjectIdentifiers.id_MLDSA65_ECDSA_P256_SHA512, mlDsaKp.getPrivate(), ecPriv);
+        CompositePublicKey compPub = CompositePublicKey.builder(IANAObjectIdentifiers.id_MLDSA65_ECDSA_P256_SHA512)
+            .addPublicKey(mlDsaKp.getPublic(),  "BC")
+            .addPublicKey(ecPub)
+            .build();
+        CompositePrivateKey compPrivKey = CompositePrivateKey.builder(IANAObjectIdentifiers.id_MLDSA65_ECDSA_P256_SHA512)
+            .addPrivateKey(mlDsaKp.getPrivate(), "BC")
+            .addPrivateKey(ecPriv)
+            .build();
 
         ContentSigner sigGen = new JcaContentSignerBuilder("COMPOSITE").setProvider(BC).build(compPrivKey);
 
@@ -2941,6 +2948,8 @@ public void checkCRLCompositeCreation()
 
         X509CRLHolder crlHolder = crlGen.build(sigGen);
 
+        isTrue(crlHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(compPub)));
+
         X509CRL crl = new JcaX509CRLConverter().setProvider(BC).getCRL(crlHolder);
 
         // comp test
@@ -3141,6 +3150,44 @@ public void checkCrlECDSAwithDilithiumCreation()
         }
     }
 
+    public void checkMixedCompositionCreation()
+        throws Exception
+    {
+        if (Security.getProvider("SunEC") == null)
+        {
+            return;
+        }
+        KeyPairGenerator mldsaKpGen = KeyPairGenerator.getInstance("ML-DSA", "BC");
+
+        mldsaKpGen.initialize(MLDSAParameterSpec.ml_dsa_44);
+
+        KeyPair mldsaKp = mldsaKpGen.generateKeyPair();
+
+        KeyPairGenerator ecKpGen = KeyPairGenerator.getInstance("EC", "SunEC");
+
+        ecKpGen.initialize(new ECGenParameterSpec("secp256r1"));
+
+        KeyPair ecKp = ecKpGen.generateKeyPair();
+
+        CompositePublicKey compPublicKey = CompositePublicKey.builder(IANAObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256)
+            .addPublicKey(mldsaKp.getPublic(), "BC")
+            .addPublicKey(ecKp.getPublic(), "BC")
+            .build();
+        CompositePrivateKey compPrivateKey = CompositePrivateKey.builder(IANAObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256)
+            .addPrivateKey(mldsaKp.getPrivate(), "BC")
+            .addPrivateKey(ecKp.getPrivate(), "SunEC")
+            .build();
+
+        // First sign (and verify) a certificate
+        final ContentSigner certsigner = new BufferingContentSigner(new JcaContentSignerBuilder("MLDSA44-ECDSA-P256-SHA256").setProvider("BC").build(compPrivateKey), 4096);
+        final SubjectPublicKeyInfo pkinfo = SubjectPublicKeyInfo.getInstance(compPublicKey.getEncoded());
+        final X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder(new X500Name("CN=issuer"), new BigInteger("12345678"), new Date(), new Date(), new X500Name("CN=subject"), pkinfo);
+        final X509CertificateHolder certHolder = certbuilder.build(certsigner);
+        //Assert.assertNotNull("signing must have created a certificate", certHolder);
+        final ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider("BC").build(compPublicKey);
+        isTrue("Certificate signature must verify", certHolder.isSignatureValid(verifier));
+    }
+
     /*
      * we generate a self signed certificate for the sake of testing - GOST3410
      */
@@ -5465,25 +5512,25 @@ private void checkSerialisation()
 
     // TESTS REGARDING COMPOSITES https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.html
     private static String[] compositeSignaturesOIDs = {
-         "1.3.6.1.5.5.7.6.37", // id_MLDSA44_RSA2048_PSS_SHA256
-         "1.3.6.1.5.5.7.6.38", // id_MLDSA44_RSA2048_PKCS15_SHA256
-         "1.3.6.1.5.5.7.6.39", // id_MLDSA44_Ed25519_SHA512
-         "1.3.6.1.5.5.7.6.40", // id_MLDSA44_ECDSA_P256_SHA256
-         "1.3.6.1.5.5.7.6.41", // id_MLDSA65_RSA3072_PSS_SHA512
-         "1.3.6.1.5.5.7.6.42", // id_MLDSA65_RSA3072_PKCS15_SHA512
-         "1.3.6.1.5.5.7.6.43", // id_MLDSA65_RSA4096_PSS_SHA512
-         "1.3.6.1.5.5.7.6.44", // id_MLDSA65_RSA4096_PKCS15_SHA512
-         "1.3.6.1.5.5.7.6.45", // id_MLDSA65_ECDSA_P256_SHA512
-         "1.3.6.1.5.5.7.6.46", // id_MLDSA65_ECDSA_P384_SHA512
-         "1.3.6.1.5.5.7.6.47", // id_MLDSA65_ECDSA_brainpoolP256r1_SHA512
-         "1.3.6.1.5.5.7.6.48", // id_MLDSA65_Ed25519_SHA512
-         "1.3.6.1.5.5.7.6.49", // id_MLDSA87_ECDSA_P384_SHA512
-         "1.3.6.1.5.5.7.6.50", // id_MLDSA87_ECDSA_brainpoolP384r1_SHA512
-         "1.3.6.1.5.5.7.6.51", // id_MLDSA87_Ed448_SHAKE256
-         "1.3.6.1.5.5.7.6.52", // id_MLDSA87_RSA3072_PSS_SHA512
-         "1.3.6.1.5.5.7.6.53", // id_MLDSA87_RSA4096_PSS_SHA512
-         "1.3.6.1.5.5.7.6.54"  // id_MLDSA87_ECDSA_P521_SHA512
-     };
+        "1.3.6.1.5.5.7.6.37", // id_MLDSA44_RSA2048_PSS_SHA256
+        "1.3.6.1.5.5.7.6.38", // id_MLDSA44_RSA2048_PKCS15_SHA256
+        "1.3.6.1.5.5.7.6.39", // id_MLDSA44_Ed25519_SHA512
+        "1.3.6.1.5.5.7.6.40", // id_MLDSA44_ECDSA_P256_SHA256
+        "1.3.6.1.5.5.7.6.41", // id_MLDSA65_RSA3072_PSS_SHA512
+        "1.3.6.1.5.5.7.6.42", // id_MLDSA65_RSA3072_PKCS15_SHA512
+        "1.3.6.1.5.5.7.6.43", // id_MLDSA65_RSA4096_PSS_SHA512
+        "1.3.6.1.5.5.7.6.44", // id_MLDSA65_RSA4096_PKCS15_SHA512
+        "1.3.6.1.5.5.7.6.45", // id_MLDSA65_ECDSA_P256_SHA512
+        "1.3.6.1.5.5.7.6.46", // id_MLDSA65_ECDSA_P384_SHA512
+        "1.3.6.1.5.5.7.6.47", // id_MLDSA65_ECDSA_brainpoolP256r1_SHA512
+        "1.3.6.1.5.5.7.6.48", // id_MLDSA65_Ed25519_SHA512
+        "1.3.6.1.5.5.7.6.49", // id_MLDSA87_ECDSA_P384_SHA512
+        "1.3.6.1.5.5.7.6.50", // id_MLDSA87_ECDSA_brainpoolP384r1_SHA512
+        "1.3.6.1.5.5.7.6.51", // id_MLDSA87_Ed448_SHAKE256
+        "1.3.6.1.5.5.7.6.52", // id_MLDSA87_RSA3072_PSS_SHA512
+        "1.3.6.1.5.5.7.6.53", // id_MLDSA87_RSA4096_PSS_SHA512
+        "1.3.6.1.5.5.7.6.54"  // id_MLDSA87_ECDSA_P521_SHA512
+    };
 
     private static final String[] compositeSignaturesIDs = {
         "MLDSA44-RSA2048-PSS-SHA256",
@@ -5532,7 +5579,7 @@ private void checkCompositeSignatureCertificateCreation()
 
             isEquals(subjectName, cert.getSubjectX500Principal().getName());
 
-            cert.verify(cert.getPublicKey());
+            cert.verify(cert.getPublicKey(), "BC");
             index++;
         }
     }
@@ -5723,6 +5770,7 @@ public void performTest()
         checkCreationDilithiumSigWithECDSASig();
 
         checkCreationComposite();
+        checkMixedCompositionCreation();
         checkCompositeCertificateVerify();
 
         createECCert("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java
@@ -3,13 +3,15 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.math.BigInteger;
+import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.MessageDigest;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.security.spec.X509EncodedKeySpec;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -78,7 +78,7 @@ public final class BouncyCastleProvider extends Provider
 {
     private static final Logger LOG = Logger.getLogger(BouncyCastleProvider.class.getName());
 
-    private static String info = "BouncyCastle Security Provider v1.83b";
+    private static String info = "BouncyCastle Security Provider v1.83";
 
     public static final String PROVIDER_NAME = "BC";
 
@@ -183,7 +183,7 @@ public final class BouncyCastleProvider extends Provider
      */
     public BouncyCastleProvider()
     {
-        super(PROVIDER_NAME, 1.8299, info);
+        super(PROVIDER_NAME, 1.8300, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java
@@ -22,7 +22,7 @@ public class BouncyCastlePQCProvider
     extends Provider
     implements ConfigurableProvider
 {
-    private static String info = "BouncyCastle Post-Quantum Security Provider v1.83b";
+    private static String info = "BouncyCastle Post-Quantum Security Provider v1.83";
 
     public static String PROVIDER_NAME = "BCPQC";
 
@@ -51,7 +51,7 @@ public class BouncyCastlePQCProvider
      */
     public BouncyCastlePQCProvider()
     {
-        super(PROVIDER_NAME, 1.8299, info);
+        super(PROVIDER_NAME, 1.83, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
diff --git a/prov/src/main/jdk1.4/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/prov/src/main/jdk1.4/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -51,7 +51,7 @@
 public final class BouncyCastleProvider extends Provider
     implements ConfigurableProvider
 {
-    private static String info = "BouncyCastle Security Provider v1.82";
+    private static String info = "BouncyCastle Security Provider v1.83";
 
     public static final String PROVIDER_NAME = "BC";
 
@@ -135,7 +135,7 @@ public final class BouncyCastleProvider extends Provider
      */
     public BouncyCastleProvider()
     {
-        super(PROVIDER_NAME, 1.8200, info);
+        super(PROVIDER_NAME, 1.8300, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
diff --git a/prov/src/test/java/org/bouncycastle/jcajce/provider/test/CompositeSignaturesTest.java b/prov/src/test/java/org/bouncycastle/jcajce/provider/test/CompositeSignaturesTest.java
@@ -759,7 +759,7 @@ else if (tcId.contains("87"))
                 MLDSAPublicKeySpec pubSpec = new MLDSAPublicKeySpec(((MLDSAPrivateKey)privKey).getParameterSpec(),
                     ((MLDSAPrivateKey)privKey).getPublicKey().getPublicData());
                 pubKey = kFact.generatePublic(pubSpec);
-                x5cpk = ((BCMLDSAPublicKey)cert.getPublicKey()).getPublicData();
+                x5cpk = ((MLDSAPublicKey)cert.getPublicKey()).getPublicData();
                 certPubKey = kFact.generatePublic(new MLDSAPublicKeySpec(((MLDSAPrivateKey)privKey).getParameterSpec(),
                     x5cpk));
             }
diff --git a/tls/build.gradle b/tls/build.gradle
@@ -48,6 +48,13 @@ sourceSets {
         }
     }
 
+    test25 {
+        java {
+            compileClasspath += main.output + test.output
+            runtimeClasspath += test.output
+            srcDir(files("src/test/jdk25"))
+        }
+    }
 }
 
 dependencies {
@@ -63,10 +70,17 @@ dependencies {
         builtBy compileJava
     }
 
+    java25Implementation project(':prov')
+    java25Implementation project(':util')
+    java25Implementation project(':pkix')
+    java25Implementation files([sourceSets.main.output.classesDirs, sourceSets.java9.output]) {
+        builtBy compileJava
+    }
+
     test11Implementation group: 'junit', name: 'junit', version: '4.13.2'
     test15Implementation group: 'junit', name: 'junit', version: '4.13.2'
     test21Implementation group: 'junit', name: 'junit', version: '4.13.2'
-
+    test25Implementation group: 'junit', name: 'junit', version: '4.13.2'
 
     test11Implementation project(':prov')
     test11Implementation project(':util')
@@ -80,6 +94,9 @@ dependencies {
     test21Implementation project(':util')
     test21Implementation project(':pkix')
 
+    test25Implementation project(':prov')
+    test25Implementation project(':util')
+    test25Implementation project(':pkix')
 }
 
 
@@ -124,6 +141,21 @@ compileTest21Java {
     options.sourcepath = files(['src/test/java', 'src/test/jdk21'])
 }
 
+compileJava25Java {
+
+    options.release = 25
+
+    def prov_jar="${project(":prov").jar.outputs.files.getFiles().getAt(0)}"
+    def util_jar="${project(":util").jar.outputs.files.getFiles().getAt(0)}"
+    def pkix_jar="${project(":pkix").jar.outputs.files.getFiles().getAt(0)}"
+
+
+    options.compilerArgs += [
+            '--module-path', "${prov_jar}${File.pathSeparator}${util_jar}${File.pathSeparator}${pkix_jar}"
+    ]
+
+    options.sourcepath = files(['src/main/java', 'src/main/jdk25'])
+}
 
 
 task sourcesJar(type: Jar) {
@@ -144,6 +176,9 @@ jar {
     into('META-INF/versions/9') {
         from sourceSets.java9.output
     }
+    into('META-INF/versions/25') {
+        from sourceSets.java25.output
+    }
     String v = "${rootProject.extensions.ext.bundle_version}"
     manifest.attributes('Multi-Release': 'true')
     manifest.attributes('Bundle-Name': 'bctls')
@@ -321,8 +356,8 @@ task test25(type: Test) {
     onlyIf {System.getenv("BC_JDK25") != null}
     dependsOn jar
 
-    testClassesDirs = sourceSets.test21.output.classesDirs
-    classpath = sourceSets.test21.runtimeClasspath + files(jar.archiveFile)
+    testClassesDirs = sourceSets.test25.output.classesDirs
+    classpath = sourceSets.test25.runtimeClasspath + files(jar.archiveFile)
 
     forkEvery = 1;
     maxParallelForks = 8;

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ public final class BouncyCastleProvider extends Provider`
`78`	`78`	`{`
`79`	`79`	`private static final Logger LOG = Logger.getLogger(BouncyCastleProvider.class.getName());`
`80`	`80`
`81`		`- private static String info = "BouncyCastle Security Provider v1.83b";`
	`81`	`+ private static String info = "BouncyCastle Security Provider v1.83";`
`82`	`82`
`83`	`83`	`public static final String PROVIDER_NAME = "BC";`
`84`	`84`
`@@ -183,7 +183,7 @@ public final class BouncyCastleProvider extends Provider`
`183`	`183`	`*/`
`184`	`184`	`public BouncyCastleProvider()`
`185`	`185`	`{`
`186`		`- super(PROVIDER_NAME, 1.8299, info);`
	`186`	`+ super(PROVIDER_NAME, 1.8300, info);`
`187`	`187`
`188`	`188`	`AccessController.doPrivileged(new PrivilegedAction()`
`189`	`189`	`{`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ public class BouncyCastlePQCProvider`
`22`	`22`	`extends Provider`
`23`	`23`	`implements ConfigurableProvider`
`24`	`24`	`{`
`25`		`- private static String info = "BouncyCastle Post-Quantum Security Provider v1.83b";`
	`25`	`+ private static String info = "BouncyCastle Post-Quantum Security Provider v1.83";`
`26`	`26`
`27`	`27`	`public static String PROVIDER_NAME = "BCPQC";`
`28`	`28`
`@@ -51,7 +51,7 @@ public class BouncyCastlePQCProvider`
`51`	`51`	`*/`
`52`	`52`	`public BouncyCastlePQCProvider()`
`53`	`53`	`{`
`54`		`- super(PROVIDER_NAME, 1.8299, info);`
	`54`	`+ super(PROVIDER_NAME, 1.83, info);`
`55`	`55`
`56`	`56`	`AccessController.doPrivileged(new PrivilegedAction()`
`57`	`57`	`{`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@`
`51`	`51`	`public final class BouncyCastleProvider extends Provider`
`52`	`52`	`implements ConfigurableProvider`
`53`	`53`	`{`
`54`		`- private static String info = "BouncyCastle Security Provider v1.82";`
	`54`	`+ private static String info = "BouncyCastle Security Provider v1.83";`
`55`	`55`
`56`	`56`	`public static final String PROVIDER_NAME = "BC";`
`57`	`57`
`@@ -135,7 +135,7 @@ public final class BouncyCastleProvider extends Provider`
`135`	`135`	`*/`
`136`	`136`	`public BouncyCastleProvider()`
`137`	`137`	`{`
`138`		`- super(PROVIDER_NAME, 1.8200, info);`
	`138`	`+ super(PROVIDER_NAME, 1.8300, info);`
`139`	`139`
`140`	`140`	`AccessController.doPrivileged(new PrivilegedAction()`
`141`	`141`	`{`
Original file line number	Diff line number	Diff line change
`@@ -759,7 +759,7 @@ else if (tcId.contains("87"))`
`759`	`759`	`MLDSAPublicKeySpec pubSpec = new MLDSAPublicKeySpec(((MLDSAPrivateKey)privKey).getParameterSpec(),`
`760`	`760`	`((MLDSAPrivateKey)privKey).getPublicKey().getPublicData());`
`761`	`761`	`pubKey = kFact.generatePublic(pubSpec);`
`762`		`- x5cpk = ((BCMLDSAPublicKey)cert.getPublicKey()).getPublicData();`
	`762`	`+ x5cpk = ((MLDSAPublicKey)cert.getPublicKey()).getPublicData();`
`763`	`763`	`certPubKey = kFact.generatePublic(new MLDSAPublicKeySpec(((MLDSAPrivateKey)privKey).getParameterSpec(),`
`764`	`764`	`x5cpk));`
`765`	`765`	`}`