Merge branch 'main' into 1958-aead-parameters

Author: gefeili

HOWTO.md

@@ -0,0 +1,129 @@
+# Bouncy Castle Java API How To
+## Using Bouncy Castle with GraalVM Native Image
+### Problem: Provider Not Registered at Build Time with `UnsupportedFeatureError` Exception
+#### Error message
+```text
+Trying to verify a provider that was not registered at build time: BC version...
+```
+#### Cause:
+Bouncy Castle security provider isn't properly registered during GraalVM native image build process.
+
+### Solution 1: Static Initializer Approach (No GraalVM SDK)
+#### Step 1. Create Initializer Class 
+```java
+package com.yourpackage.crypto;  // ← Replace with your actual package
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import java.security.Security;
+
+public class BCInitializer {
+    static {
+        // Force provider registration during image build
+        Security.addProvider(new BouncyCastleProvider());
+    }
+}
+```
+
+#### Step 2. And then in the native-image build configuration 
+For Maven (`pom.xml`)
+```xml
+<plugin>
+    <groupId>org.graalvm.buildtools</groupId>
+    <artifactId>native-maven-plugin</artifactId>
+    <version>0.9.28</version>
+    <configuration>
+        <buildArgs>
+            <!-- Initialize Bouncy Castle and our initializer -->
+            <arg>--initialize-at-build-time=org.bouncycastle,com.yourpackage.crypto.BCInitializer</arg>
+            <!-- Required for SecureRandom components -->
+            <arg>--initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG$Default,org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV</arg>
+        </buildArgs>
+    </configuration>
+</plugin>
+```
+
+For Gradle (`build.gradle`),
+```gradle
+    buildArgs.add('--initialize-at-build-time=com.yourpackage.crypto.BCInitializer')
+    buildArgs.add("--initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG\$Default,org.bouncycastle.jcajce.provider.drbg.DRBG\$NonceAndIV")
+```
+# Key Configuration
+
+| Argument                        | Purpose                                                         |
+| ------------------------------- |-----------------------------------------------------------------|
+| `--initialize-at-build-time`    | Forces inclusion of BC classes and triggers static initializer. |
+| `--initialize-at-run-time`      | Solves stateful SecureRandom initialization issues.             |
+|`--enable-all-security-services`	| (optional) Enables JCE security infrastructure                  |
+
+
+### Solution 2: GraalVM Feature Approach (With SDK)
+
+#### Step 1: Create a Native Image Feature
+```java
+package com.yourpackage.crypto;  // ← Replace with your actual package
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.graalvm.nativeimage.hosted.Feature;
+
+import java.security.Security;
+
+/**
+ * A GraalVM Feature that registers the Bouncy Castle provider.
+ * This is required so that native image builds verify and include the provider.
+ */
+public class BouncyCastleFeature implements Feature {
+    
+    @Override
+    public void afterRegistration(AfterRegistrationAccess access) {
+        // Register the Bouncy Castle provider
+        Security.addProvider(new BouncyCastleProvider());
+    }
+}
+```
+
+#### Step 2: Configure Dependencies and Build
+##### 2.1 add dependency
+```xml
+<dependency>
+    <groupId>org.graalvm.sdk</groupId>
+    <artifactId>graal-sdk</artifactId>
+    <version>21.0.0</version> <!-- Match your GraalVM version -->
+    <scope>provided</scope>
+</dependency>
+```
+##### 2.2 add plugin
+```xml
+<plugin>
+    <groupId>org.graalvm.buildtools</groupId>
+    <artifactId>native-maven-plugin</artifactId>
+    <version>0.9.28</version>
+    <configuration>
+        <buildArgs>
+            <arg>--features=com.yourpackage.crypto.BouncyCastleFeature</arg>  <!-- replace with correct package path -->
+            <arg>--initialize-at-build-time=org.bouncycastle</arg>
+            <arg>--initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG$Default,org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV</arg>
+        </buildArgs>
+    </configuration>
+</plugin>
+```
+Key Configuration Explanations:
+`--features=...`
+- Registers custom feature class that adds BouncyCastle provider at build time
+- Required for JCE security provider verification
+
+### Troubleshooting
+#### Common Issues
+##### Classpath Conflicts:
+
+```text
+Error: Class-path entry contains class from image builder
+```
+Fix: Add `-H:+AllowDeprecatedBuilderClassesOnImageClasspath` (temporary) or ensure graal-sdk has provided scope
+
+##### Missing Algorithms:
+Example of the error message:
+```text
+No such algorithm: AES/CBC/PKCS5Padding
+```
+
+Fix: Verify `--initialize-at-build-time` includes `org.bouncycastle`

ant/jdk14.xml

@@ -196,8 +196,6 @@
                 <exclude name="**/TlsClientRawKeysTest.java"/>
             </fileset>
 
-            <fileset dir="tls/src/test/resources" includes="**/*.*"/>
-
             <fileset dir="core/src/test/" includes="**/*.properties"/>
             <fileset dir="prov/src/main/resources" includes="**/*.properties"/>
             <fileset dir="pkix/src/test/resources" includes="**/*.*"/>
@@ -214,6 +212,7 @@
         </copy>
         <copy todir="${src.dir}" overwrite="true">
             <fileset dir="pg/src/main/jdk1.5" includes="**/*.java"/>
+            <fileset dir="prov/src/test/jdk1.5" includes="**/*.java"/>
         </copy>
         <copy todir="${src.dir}" overwrite="true">
             <fileset dir="core/src/main/jdk1.4" includes="**/*.java"/>

ant/jdk15+.xml

@@ -43,7 +43,6 @@
             <fileset dir="tls/src/main/java" includes="**/*.java" />
             <fileset dir="tls/src/main/javadoc" includes="**/*.html" />
             <fileset dir="tls/src/test/java" includes="**/*.java" />
-            <fileset dir="tls/src/test/resources" includes="**/*.*" />
 
             <fileset dir="pkix/src/main/java" includes="**/*.java" />
             <fileset dir="pkix/src/main/javadoc" includes="**/*.html" />

ant/jdk18+.xml

@@ -43,7 +43,6 @@
             <fileset dir="tls/src/main/jdk1.5" includes="**/*.java" />
             <fileset dir="tls/src/main/javadoc" includes="**/*.html" />
             <fileset dir="tls/src/test/java" includes="**/*.java" />
-            <fileset dir="tls/src/test/resources" includes="**/*.*" />
 
             <fileset dir="pkix/src/main/java" includes="**/*.java" />
             <fileset dir="pkix/src/main/javadoc" includes="**/*.html" />

build.gradle

@@ -253,7 +253,10 @@ subprojects {
     }
 
     nohttp {
+        source.exclude '**/*.asc'
+        source.exclude '**/*.pem'
         source.exclude '**/*.rsp'
+        source.exclude '**/*.jar'
     }
 
     jacocoTestReport {

ci/check_java.sh

@@ -15,10 +15,12 @@ export JAVA_HOME=`openjdk_21`
 export PATH=$JAVA_HOME/bin:$PATH
 
 # Checkstyle
-./gradlew check -x test;
+./gradlew clean build check -x test;
 
 
 # OSGI scanner only, no testing
-./gradlew clean build -x test
 ./osgi_scan.sh
 
+
+# module tester
+./run_mtt.sh

core/src/main/j2me/org/bouncycastle/math/ec/ECCurve.java

@@ -593,9 +593,14 @@ protected AbstractFp(BigInteger q)
             super(FiniteFields.getPrimeField(q));
         }
 
+        public BigInteger getQ()
+        {
+            return getField().getCharacteristic();
+        }
+
         public boolean isValidFieldElement(BigInteger x)
         {
-            return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;
+            return x != null && x.signum() >= 0 && x.compareTo(this.getQ()) < 0;
         }
 
         public ECFieldElement randomFieldElement(SecureRandom r)
@@ -604,7 +609,7 @@ public ECFieldElement randomFieldElement(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = this.getField().getCharacteristic();
+            BigInteger p = this.getQ();
             ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElement(r, p));
             ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElement(r, p));
             return fe1.multiply(fe2);
@@ -616,7 +621,7 @@ public ECFieldElement randomFieldElementMult(SecureRandom r)
              * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
              * use the product of two independent elements to mitigate side-channels.
              */
-            BigInteger p = this.getField().getCharacteristic();
+            BigInteger p = this.getQ();
             ECFieldElement fe1 = this.fromBigInteger(implRandomFieldElementMult(r, p));
             ECFieldElement fe2 = this.fromBigInteger(implRandomFieldElementMult(r, p));
             return fe1.multiply(fe2);
@@ -699,12 +704,11 @@ public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger
 
             if (isInternal)
             {
-                this.q = q;
                 knownQs.add(q);
             }
             else if (knownQs.contains(q) || validatedQs.contains(q))
             {
-                this.q = q;
+                // No need to validate
             }
             else
             {
@@ -724,10 +728,9 @@ else if (knownQs.contains(q) || validatedQs.contains(q))
                 }
 
                 validatedQs.add(q);
-
-                this.q = q;
             }
 
+            this.q = q;
             this.r = ECFieldElement.Fp.calculateResidue(q);
             this.infinity = new ECPoint.Fp(this, null, null);
 

core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java

@@ -248,7 +248,7 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier falcon = bc_sig.branch("7");
 
     ASN1ObjectIdentifier falcon_512 = new ASN1ObjectIdentifier("1.3.9999.3.6");  // falcon.branch("1");
-    ASN1ObjectIdentifier falcon_1024 =  new ASN1ObjectIdentifier("1.3.9999.3.9"); // falcon.branch("2");
+    ASN1ObjectIdentifier falcon_1024 = new ASN1ObjectIdentifier("1.3.9999.3.9"); // falcon.branch("2");
 
     /*
      * Dilithium
@@ -403,15 +403,15 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier ntrulpr953 = pqc_kem_ntrulprime.branch("4");
     ASN1ObjectIdentifier ntrulpr1013 = pqc_kem_ntrulprime.branch("5");
     ASN1ObjectIdentifier ntrulpr1277 = pqc_kem_ntrulprime.branch("6");
-    
+
     ASN1ObjectIdentifier pqc_kem_sntruprime = pqc_kem_ntruprime.branch("2");
     ASN1ObjectIdentifier sntrup653 = pqc_kem_sntruprime.branch("1");
     ASN1ObjectIdentifier sntrup761 = pqc_kem_sntruprime.branch("2");
     ASN1ObjectIdentifier sntrup857 = pqc_kem_sntruprime.branch("3");
     ASN1ObjectIdentifier sntrup953 = pqc_kem_sntruprime.branch("4");
     ASN1ObjectIdentifier sntrup1013 = pqc_kem_sntruprime.branch("5");
     ASN1ObjectIdentifier sntrup1277 = pqc_kem_sntruprime.branch("6");
-    
+
     /**
      * BIKE
      **/
@@ -429,4 +429,26 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier hqc128 = pqc_kem_hqc.branch("1");
     ASN1ObjectIdentifier hqc192 = pqc_kem_hqc.branch("2");
     ASN1ObjectIdentifier hqc256 = pqc_kem_hqc.branch("3");
+
+    /**
+     * ML-KEM/ML-DSA seed parameters algorithms - temporary
+     */
+    //TODO: delete before release
+    ASN1ObjectIdentifier id_id_alg_seed = bc.branch("10");
+
+    ASN1ObjectIdentifier id_id_alg_ml_dsa_44_seed = id_id_alg_seed.branch("1");
+    ASN1ObjectIdentifier id_id_alg_ml_dsa_65_seed = id_id_alg_seed.branch("2");
+    ASN1ObjectIdentifier id_id_alg_ml_dsa_87_seed = id_id_alg_seed.branch("3");
+    ASN1ObjectIdentifier id_id_alg_ml_kem_512_seed = id_id_alg_seed.branch("4");
+    ASN1ObjectIdentifier id_id_alg_ml_kem_768_seed = id_id_alg_seed.branch("5");
+    ASN1ObjectIdentifier id_id_alg_ml_kem_1024_seed = id_id_alg_seed.branch("6");
+
+    /**
+     * Mayo
+     */
+    ASN1ObjectIdentifier mayo = bc_sig.branch("10");
+    ASN1ObjectIdentifier mayo1 = mayo.branch("1");
+    ASN1ObjectIdentifier mayo2 = mayo.branch("2");
+    ASN1ObjectIdentifier mayo3 = mayo.branch("3");
+    ASN1ObjectIdentifier mayo5 = mayo.branch("4");
 }

core/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java

@@ -95,6 +95,11 @@ public interface X509ObjectIdentifiers
      */
     static final ASN1ObjectIdentifier id_ecdsa_with_shake256 = pkix_algorithms.branch("33");
 
+    /**
+     * id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2}
+     */
+    ASN1ObjectIdentifier id_alg_noSignature = pkix_algorithms.branch("2");
+
     /** 1.3.6.1.5.5.7.9 */
     static final ASN1ObjectIdentifier id_pda = id_pkix.branch("9");
 

core/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java

@@ -12,6 +12,7 @@
 import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.field.FiniteField;
 import org.bouncycastle.math.field.PolynomialExtensionField;
 import org.bouncycastle.util.Arrays;
 
@@ -112,14 +113,15 @@ public X9ECParameters(
         this.h = h;
         this.seed = Arrays.clone(seed);
 
-        if (ECAlgorithms.isFpCurve(curve))
+        FiniteField field = curve.getField();
+        if (ECAlgorithms.isFpField(field))
         {
-            this.fieldID = new X9FieldID(curve.getField().getCharacteristic());
+            this.fieldID = new X9FieldID(field.getCharacteristic());
         }
-        else if (ECAlgorithms.isF2mCurve(curve))
+        else if (ECAlgorithms.isF2mField(field))
         {
-            PolynomialExtensionField field = (PolynomialExtensionField)curve.getField();
-            int[] exponents = field.getMinimalPolynomial().getExponentsPresent();
+            PolynomialExtensionField f2mField = (PolynomialExtensionField)field;
+            int[] exponents = f2mField.getMinimalPolynomial().getExponentsPresent();
             if (exponents.length == 3)
             {
                 this.fieldID = new X9FieldID(exponents[2], exponents[1]);