Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

core/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java

@@ -91,7 +91,7 @@ public BigInteger[] generateSignature(byte[] message)
             {
                 do
                 {
-                    e = generateRandomInteger(n, random);
+                    e = BigIntegers.createRandomInRange(BigInteger.ONE, n.subtract(BigInteger.ONE), random);
                     Fe = basePointMultiplier.multiply(ec.getG(), e).normalize().getAffineXCoord();
                 }
                 while (Fe.isZero());
@@ -148,23 +148,6 @@ protected ECMultiplier createBasePointMultiplier()
         return new FixedPointCombMultiplier();
     }
 
-    /**
-     * Generates random integer such that its value is less than that of n
-     */
-    private static BigInteger generateRandomInteger(BigInteger n, SecureRandom random)
-    {
-        int nBitLength = n.bitLength();
-
-        BigInteger k;
-        do
-        {
-            k = BigIntegers.createRandomBigInteger(nBitLength, random);
-        }
-        while (k.equals(BigIntegers.ZERO) || k.compareTo(n) >= 0);
-
-        return k;
-    }
-
     private static ECFieldElement hash2FieldElement(ECCurve curve, byte[] hash)
     {
         byte[] data = Arrays.reverse(hash);

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/hkdf/HKDFSpi.java

@@ -15,7 +15,9 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.ArrayList;
 import java.util.List;
+import org.bouncycastle.util.Arrays;
 
 class HKDFSpi
         extends KDFSpi
@@ -67,7 +69,6 @@ protected byte[] engineDeriveData(AlgorithmParameterSpec derivationSpec)
             throw new InvalidAlgorithmParameterException("Invalid AlgorithmParameterSpec provided");
         }
 
-        // TODO: deal with the multi ikm/salt thing
         HKDFParameters hkdfParameters = null;
         int derivedDataLength = 0;
         if (derivationSpec instanceof HKDFParameterSpec.ExtractThenExpand)
@@ -77,7 +78,10 @@ protected byte[] engineDeriveData(AlgorithmParameterSpec derivationSpec)
             List<SecretKey> ikms = spec.ikms();
             List<SecretKey> salts = spec.salts();
 
-            hkdfParameters = new HKDFParameters(ikms.get(0).getEncoded(), salts.get(0).getEncoded(), spec.info());
+            byte[] salt = flattenSecretKeys(salts);
+            byte[] ikm = flattenSecretKeys(ikms);
+
+            hkdfParameters = new HKDFParameters(ikm, salt, spec.info());
             derivedDataLength = spec.length();
 
             hkdf.init(hkdfParameters);
@@ -94,7 +98,10 @@ else if (derivationSpec instanceof HKDFParameterSpec.Extract)
             List<SecretKey> ikms = spec.ikms();
             List<SecretKey> salts = spec.salts();
 
-            return hkdf.extractPRK(salts.get(0).getEncoded(), ikms.get(0).getEncoded());
+            byte[] salt = flattenSecretKeys(salts);
+            byte[] ikm = flattenSecretKeys(ikms);
+
+            return hkdf.extractPRK(salt, ikm);
         }
         else if (derivationSpec instanceof org.bouncycastle.jcajce.spec.HKDFParameterSpec)
         {
@@ -126,6 +133,33 @@ private static KDFParameters requireNull(KDFParameters kdfParameters,
         return null;
     }
 
+    private byte[] flattenSecretKeys(List<SecretKey> keys)
+    {
+        if (keys.size() == 1)
+        {
+            return keys.get(0).getEncoded();
+        }
+        int len = 0;
+        int off = 0;
+
+        List<byte[]> encoding = new ArrayList<byte[]>();
+        for (int i = 0; i < keys.size(); i++)
+        {
+            encoding.add(keys.get(i).getEncoded());
+            len += encoding.get(i).length;
+        }
+        byte[] res = new byte[len];
+        for (int i = 0; i < encoding.size(); i++)
+        {
+            System.arraycopy(encoding.get(i), 0, res, off, encoding.get(i).length);
+            off += encoding.get(i).length;
+        }
+
+        encoding.clear();
+
+        return res;
+    }
+
     public static class HKDFwithSHA256 extends HKDFSpi
     {
         public HKDFwithSHA256(KDFParameters kdfParameters) throws InvalidAlgorithmParameterException

prov/src/test/jdk25/org/bouncycastle/jcajce/provider/kdf/test/HKDFTest.java

@@ -18,7 +18,6 @@
 import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 import java.security.Security;
-import java.security.spec.KeySpec;
 
 import static org.bouncycastle.util.Arrays.areEqual;
 
@@ -46,7 +45,7 @@ public void testKDF()
         byte[] okm = Hex.decode("2124ffb29fac4e0fbbc7d5d87492bff3");
         byte[] genOkm;
         HKDFParameterSpec.ExtractThenExpand hkdfParams1 = HKDFParameterSpec.ofExtract().addIKM(ikm)
-                                                                          .addSalt(salt).thenExpand(info, okm.length);
+                .addSalt(salt).thenExpand(info, okm.length);
 
         genOkm = kdfHkdf.deriveData(hkdfParams1);
 
@@ -77,12 +76,13 @@ public void testKDF()
         //kdf.init(new KDFParameter(new SHA1Digest()));
         //kdf.deriveData(hkdfParams);
     }
+
     private boolean doComparison(String algorithm, byte[] ikm, byte[] salt, byte[] info)
             throws Exception
     {
         KDF kdf = KDF.getInstance(algorithm, "BC");
         HKDFParameterSpec.ExtractThenExpand spec = HKDFParameterSpec.ofExtract().addIKM(ikm)
-                                                                          .addSalt(salt).thenExpand(info, ikm.length);
+                .addSalt(salt).thenExpand(info, ikm.length);
 
         org.bouncycastle.jcajce.spec.HKDFParameterSpec pre25spec = new org.bouncycastle.jcajce.spec.HKDFParameterSpec(ikm, salt, info, ikm.length);
         byte[] kdfSecret = kdf.deriveData(spec);
@@ -97,7 +97,7 @@ public void testSecretKeyFactoryComparison()
             throws Exception
     {
         setUp();
-        String[] algorithms = new String[] {
+        String[] algorithms = new String[]{
                 "HKDF-SHA256",
                 "HKDF-SHA384",
                 "HKDF-SHA512",
@@ -106,12 +106,12 @@ public void testSecretKeyFactoryComparison()
         byte[] salt = new byte[16];
         byte[] info = new byte[16];
         SecureRandom random = new SecureRandom();
-        for (String algorithm: algorithms)
+        for (String algorithm : algorithms)
         {
             random.nextBytes(ikm);
             random.nextBytes(salt);
             random.nextBytes(info);
-            if(!doComparison(algorithm, ikm, salt, info))
+            if (!doComparison(algorithm, ikm, salt, info))
             {
                 fail("failed to generate same secret using kdf and secret key factory for: " + algorithm);
             }
@@ -183,6 +183,79 @@ public void testExceptionHandling()
 //        }
     }
 
+    public void testExtractWithConcatenatedIKMAndSalts()
+            throws Exception
+    {
+        setUp();
+        KDF kdfHkdf = KDF.getInstance("HKDF-SHA256", "BC");
+
+        byte[][] ikms = new byte[][]
+                {
+                        Hex.decode("000102030405060708090a0b0c0d0e0f"),
+                        Hex.decode("101112131415161718191a1b1c1d1e1f"),
+                        Hex.decode("202122232425262728292a2b2c2d2e2f"),
+                        Hex.decode("303132333435363738393a3b3c3d3e3f"),
+                        Hex.decode("404142434445464748494a4b4c4d4e4f"),
+                };
+
+        byte[][] salts = new byte[][]
+                {
+                        Hex.decode("606162636465666768696a6b6c6d6e6f"),
+                        Hex.decode("707172737475767778797a7b7c7d7e7f"),
+                        Hex.decode("808182838485868788898a8b8c8d8e8f"),
+                        Hex.decode("909192939495969798999a9b9c9d9e9f"),
+                        Hex.decode("a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"),
+                };
+        byte[] info = Hex.decode("b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+                + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+                + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+                + "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+                + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+        byte[] okm = Hex.decode(
+                "b11e398dc80327a1c8e7f78c596a4934" +
+                        "4f012eda2d4efad8a050cc4c19afa97c" +
+                        "59045a99cac7827271cb41c65e590e09" +
+                        "da3275600c2f09b8367793a9aca3db71" +
+                        "cc30c58179ec3e87c14c01d5c1f3434f" +
+                        "1d87");
+
+        HKDFParameterSpec.ExtractThenExpand hkdfParams1 = HKDFParameterSpec.ofExtract()
+                .addIKM(ikms[0]).addIKM(ikms[1]).addIKM(ikms[2]).addIKM(ikms[3]).addIKM(ikms[4])
+                .addSalt(salts[0]).addSalt(salts[1]).addSalt(salts[2]).addSalt(salts[3]).addSalt(salts[4])
+                .thenExpand(info, okm.length);
+
+        byte[] genOkm = kdfHkdf.deriveData(hkdfParams1);
+
+        if (!areEqual(genOkm, okm))
+        {
+            fail("HKDF failed for multiple ikms/salts");
+        }
+
+        HKDFParameterSpec.Extract hkdfParams2 = HKDFParameterSpec.ofExtract()
+                .addIKM(ikms[0]).addIKM(ikms[1]).addIKM(ikms[2]).addIKM(ikms[3]).addIKM(ikms[4])
+                .addSalt(salts[0]).addSalt(salts[1]).addSalt(salts[2]).addSalt(salts[3]).addSalt(salts[4])
+                .extractOnly();
+
+        okm = Hex.decode("06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244");
+        genOkm = kdfHkdf.deriveData(hkdfParams2);
+
+        if (!areEqual(genOkm, okm))
+        {
+            fail("HKDF failed for multiple ikms/salts");
+        }
+    }
+
+    /**
+     * Helper method to concatenate two byte arrays.
+     */
+    private byte[] concatenate(byte[] first, byte[] second)
+    {
+        byte[] result = new byte[first.length + second.length];
+        System.arraycopy(first, 0, result, 0, first.length);
+        System.arraycopy(second, 0, result, first.length, second.length);
+        return result;
+    }
+
     private static class InvalidKDFParameters
             implements KDFParameters
     {

tls/src/main/java/org/bouncycastle/jsse/BCSSLParameters.java

@@ -44,6 +44,7 @@ private static <T> List<T> copyList(Collection<T> list)
     private String[] signatureSchemes = null;
     private String[] signatureSchemesCert = null;
     private String[] namedGroups = null;
+    private String[] earlyNamedGroups = null;
 
     public BCSSLParameters()
     {
@@ -326,4 +327,34 @@ public void setNamedGroups(String[] namedGroups)
 
         this.namedGroups = check;
     }
+
+    public String[] getEarlyNamedGroups()
+    {
+        return TlsUtils.clone(earlyNamedGroups);
+    }
+
+    public void setEarlyNamedGroups(String[] earlyNamedGroups)
+    {
+        String[] check = null;
+
+        if (earlyNamedGroups != null)
+        {
+            check = TlsUtils.clone(earlyNamedGroups);
+            HashSet<String> seenEntries = new HashSet<String>();
+            for (String entry : check)
+            {
+                if (TlsUtils.isNullOrEmpty(entry))
+                {
+                    throw new IllegalArgumentException("'earlyNamedGroups' entries cannot be null or empty strings");
+                }
+
+                if (!seenEntries.add(entry))
+                {
+                    throw new IllegalArgumentException("'earlyNamedGroups' contains duplicate entry: " + entry);
+                }
+            }
+        }
+
+        this.earlyNamedGroups = check;
+    }
 }