Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

core/src/main/java/org/bouncycastle/pqc/crypto/cmce/CMCEPrivateKeyParameters.java

@@ -39,9 +39,7 @@ public CMCEPrivateKeyParameters(CMCEParameters params, byte[] delta, byte[] C, b
     public byte[] reconstructPublicKey()
     {
         CMCEEngine engine = getParameters().getEngine();
-        byte[] pk = new byte[engine.getPublicKeySize()];
-        engine.generate_public_key_from_private_key(privateKey);
-        return pk;
+        return engine.generate_public_key_from_private_key(privateKey);
     }
 
     public byte[] getEncoded()

docs/releasenotes.html

@@ -26,10 +26,12 @@ <h3>2.1.2 Defects Fixed</h3>
 <li>SNOVA and MAYO are now correctly added to the JCA provider module-info file.</li>
 <li>TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7.</li>
 <li>BCJSSE: Session binding map is now shared across all stages of the session lifecycle (SunJSSE compatibility).</li>
+<li>Fix CMCEPrivateKeyParameters#reconstructPublicKey method.</li>
 </ul>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>
 <li>SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService.</li>
+<li>BCJSSE: Support for integrity-only cipher suites in TLS 1.3 per RFC 9150.</li>
 </ul>
 
 <a id="r1rv81"><h3>2.2.1 Version</h3></a>

tls/src/main/java/org/bouncycastle/jsse/provider/CipherSuiteInfo.java

@@ -155,6 +155,14 @@ private static void decomposeEncryptionAlgorithm(Set<String> decomposition, int
         case EncryptionAlgorithm.NULL:
             decomposition.add("C_NULL");
             break;
+        case EncryptionAlgorithm.NULL_HMAC_SHA256:
+            decomposition.add("C_NULL_HMAC");
+            decomposeHmacSHA256(decomposition);
+            break;
+        case EncryptionAlgorithm.NULL_HMAC_SHA384:
+            decomposition.add("C_NULL_HMAC");
+            decomposeHmacSHA384(decomposition);
+            break;
         case EncryptionAlgorithm.SM4_CBC:
             decomposition.add("SM4_CBC");
             break;
@@ -174,14 +182,14 @@ private static void decomposeHashAlgorithm(Set<String> decomposition, int crypto
         switch (cryptoHashAlgorithm)
         {
         case CryptoHashAlgorithm.sha256:
-            addAll(decomposition, "SHA256", "SHA-256", "HmacSHA256");
+            decomposeHmacSHA256(decomposition);
             break;
         case CryptoHashAlgorithm.sha384:
-            addAll(decomposition, "SHA384", "SHA-384", "HmacSHA384");
+            decomposeHmacSHA384(decomposition);
+            break;
+        case CryptoHashAlgorithm.sha512:
+            decomposeHmacSHA512(decomposition);
             break;
-//        case CryptoHashAlgorithm.sha512:
-//            addAll(decomposition, "SHA512", "SHA-512", "HmacSHA512");
-//            break;
         case CryptoHashAlgorithm.sm3:
             addAll(decomposition, "SM3", "HmacSM3");
             break;
@@ -190,6 +198,21 @@ private static void decomposeHashAlgorithm(Set<String> decomposition, int crypto
         }
     }
 
+    private static void decomposeHmacSHA256(Set<String> decomposition)
+    {
+        addAll(decomposition, "SHA256", "SHA-256", "HmacSHA256");
+    }
+
+    private static void decomposeHmacSHA384(Set<String> decomposition)
+    {
+        addAll(decomposition, "SHA384", "SHA-384", "HmacSHA384");
+    }
+
+    private static void decomposeHmacSHA512(Set<String> decomposition)
+    {
+        addAll(decomposition, "SHA512", "SHA-512", "HmacSHA512");
+    }
+
     private static void decomposeKeyExchangeAlgorithm(Set<String> decomposition, int keyExchangeAlgorithm)
     {
         switch (keyExchangeAlgorithm)
@@ -263,14 +286,14 @@ private static void decomposeMACAlgorithm(Set<String> decomposition, int cipherT
             addAll(decomposition, "SHA1", "SHA-1", "HmacSHA1");
             break;
         case MACAlgorithm.hmac_sha256:
-            addAll(decomposition, "SHA256", "SHA-256", "HmacSHA256");
+            decomposeHmacSHA256(decomposition);
             break;
         case MACAlgorithm.hmac_sha384:
-            addAll(decomposition, "SHA384", "SHA-384", "HmacSHA384");
+            decomposeHmacSHA384(decomposition);
+            break;
+        case MACAlgorithm.hmac_sha512:
+            decomposeHmacSHA512(decomposition);
             break;
-//        case MACAlgorithm.hmac_sha512:
-//            addAll(decomposition, "SHA512", "SHA-512", "HmacSHA512");
-//            break;
         default:
             throw new IllegalArgumentException();
         }
@@ -381,6 +404,7 @@ private static int getCryptoHashAlgorithm(int cipherSuite)
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
+        case CipherSuite.TLS_SHA256_SHA256:
             return CryptoHashAlgorithm.sha256;
 
         case CipherSuite.TLS_AES_256_GCM_SHA384:
@@ -412,6 +436,7 @@ private static int getCryptoHashAlgorithm(int cipherSuite)
         case CipherSuite.TLS_RSA_WITH_ARIA_256_CBC_SHA384:
         case CipherSuite.TLS_RSA_WITH_ARIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_SHA384_SHA384:
             return CryptoHashAlgorithm.sha384;
 
         case CipherSuite.TLS_SM4_CCM_SM3:
@@ -455,6 +480,8 @@ private static String getTransformation(int encryptionAlgorithm)
         case EncryptionAlgorithm.CHACHA20_POLY1305:
             return "ChaCha20-Poly1305";
         case EncryptionAlgorithm.NULL:
+        case EncryptionAlgorithm.NULL_HMAC_SHA256:
+        case EncryptionAlgorithm.NULL_HMAC_SHA384:
             return "NULL";
         case EncryptionAlgorithm.SM4_CBC:
             return "SM4/CBC/NoPadding";

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLContextSpi.java

@@ -181,6 +181,9 @@ private static Map<String, CipherSuiteInfo> createSupportedCipherSuiteMap()
         addCipherSuite(cs, "TLS_AES_256_GCM_SHA384", CipherSuite.TLS_AES_256_GCM_SHA384);
         addCipherSuite(cs, "TLS_CHACHA20_POLY1305_SHA256", CipherSuite.TLS_CHACHA20_POLY1305_SHA256);
 
+        addCipherSuite(cs, "TLS_SHA256_SHA256", CipherSuite.TLS_SHA256_SHA256);
+        addCipherSuite(cs, "TLS_SHA384_SHA384", CipherSuite.TLS_SHA384_SHA384);
+
         // TLS 1.2-
         addCipherSuite(cs, "TLS_DH_anon_WITH_AES_128_CBC_SHA", CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA);
         addCipherSuite(cs, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", CipherSuite.TLS_DH_anon_WITH_AES_128_CBC_SHA256);