Added HKDF, PBEPBKDF2 and SCRYPT implementations for KDF (JDK25)

Author: royb

build.gradle

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.1.0-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradle/wrapper/gradle-wrapper.properties

@@ -79,9 +79,9 @@ checkstyleMain {
 compileJava {
     options.release = 8
 
-    options.errorprone.disableWarningsInGeneratedCode = true
-    options.errorprone.errorproneArgs = ["-Xep:IgnoredPureGetter:OFF"]
-    options.errorprone.errorproneArgs.add("-XepExcludedPaths:.*/build/generated/.*")
+//    options.errorprone.disableWarningsInGeneratedCode = true
+//    options.errorprone.errorproneArgs = ["-Xep:IgnoredPureGetter:OFF"]
+//    options.errorprone.errorproneArgs.add("-XepExcludedPaths:.*/build/generated/.*")
 }
 
 compileJava9Java {
@@ -133,7 +133,21 @@ def createStartScripts(String mainClassName) {
     application {
         applicationDistribution.into('bin') {
             from(newTask)
-            fileMode = 0755
+            filePermissions {
+                user {
+                    read = true
+                    write = true
+                    execute = true
+                }
+                group {
+                    read = true
+                    execute = true
+                }
+                other {
+                    read = true
+                    execute = true
+                }
+            }
         }
     }
 }

mls/build.gradle

@@ -3,6 +3,8 @@ plugins {
 }
 
 dependencies {
+    implementation project(':core')
+    testImplementation project(':core')
     testImplementation files('../libs/unboundid-ldapsdk-6.0.8.jar')
 }
 
@@ -17,6 +19,18 @@ sourceSets {
             srcDirs "${project(":core").projectDir}/src/main/resources"
         }
     }
+    main {
+        resources {
+            srcDirs += ["${project(':core').projectDir}/src/main/resources"]
+        }
+
+        java {
+            srcDirs = ['src/main/java']
+        }
+        resources {
+            srcDirs = ['src/main/resources']
+        }
+    }
 
     java9 {
         java {
@@ -38,6 +52,11 @@ sourceSets {
             srcDirs = ['src/main/jdk21']
         }
     }
+    java25 {
+        java {
+            srcDirs = ['src/main/jdk25']
+        }
+    }
 
 }
 
@@ -67,6 +86,15 @@ dependencies {
             sourceSets.java15.output.classesDirs]) {
         builtBy compileJava15Java
     }
+
+    java25Implementation files([
+            sourceSets.main.output.classesDirs,
+            sourceSets.java9.output.classesDirs,
+            sourceSets.java11.output.classesDirs,
+            sourceSets.java15.output.classesDirs,
+            sourceSets.java21.output.classesDirs]) {
+        builtBy compileJava21Java
+    }
 }
 
 
@@ -94,6 +122,11 @@ compileJava21Java {
     options.sourcepath = files(['src/main/java', 'src/main/jdk21'])
 }
 
+compileJava25Java {
+    options.release = 25
+    options.sourcepath = files(['src/main/java', 'src/main/jdk25'])
+}
+
 
 task sourcesJar(type: Jar) {
     archiveBaseName="bcprov"
@@ -113,6 +146,9 @@ task sourcesJar(type: Jar) {
     into('META-INF/versions/21') {
         from sourceSets.java21.allSource
     }
+    into('META-INF/versions/25') {
+        from sourceSets.java25.allSource
+    }
 }
 
 jar {
@@ -132,6 +168,9 @@ jar {
     into('META-INF/versions/21') {
         from sourceSets.java21.output
     }
+    into('META-INF/versions/25') {
+        from sourceSets.java25.output
+    }
     String v = "${rootProject.extensions.ext.bundle_version}"
     manifest.attributes('Multi-Release': 'true')
     manifest.attributes('Bundle-Name': 'bcprov')
@@ -187,18 +226,40 @@ sourceSets {
             srcDir(files("src/test/jdk21"))
         }
     }
+
+    test25 {
+        java {
+            compileClasspath += main.output + test.output
+            runtimeClasspath += test.output
+            srcDir(files("src/test/jdk25"))
+        }
+    }
+}
+
+dependencies {
+    java9Implementation project(':core')
+    java11Implementation project(':core')
+    java15Implementation project(':core')
+    java21Implementation project(':core')
+    java25Implementation project(':core')
 }
 
 dependencies {
     test11Implementation group: 'junit', name: 'junit', version: '4.13.2'
     test15Implementation group: 'junit', name: 'junit', version: '4.13.2'
     test21Implementation group: 'junit', name: 'junit', version: '4.13.2'
+    test25Implementation group: 'junit', name: 'junit', version: '4.13.2'
     test11Implementation files('../libs/unboundid-ldapsdk-6.0.8.jar')
     test15Implementation files('../libs/unboundid-ldapsdk-6.0.8.jar')
     test21Implementation files('../libs/unboundid-ldapsdk-6.0.8.jar')
+    test25Implementation files('../libs/unboundid-ldapsdk-6.0.8.jar')
     test11Implementation(project(":core"))
     test15Implementation(project(":core"))
     test21Implementation(project(":core"))
+    test25Implementation(project(":core"))
+    test25Implementation sourceSets.java25.output
+
+
 }
 
 
@@ -219,6 +280,11 @@ compileTest21Java {
     options.sourcepath = files(['src/test/java', 'src/test/jdk21'])
 }
 
+compileTest25Java {
+    options.release = 25
+    options.sourcepath = files(['src/test/java', 'src/test/jdk25'])
+}
+
 publishing {
     publications {
         maven(MavenPublication) {
@@ -233,6 +299,13 @@ publishing {
     }
 }
 
+configurations {
+    test11Implementation.extendsFrom testImplementation
+    test15Implementation.extendsFrom testImplementation
+    test21Implementation.extendsFrom testImplementation
+    test25Implementation.extendsFrom testImplementation
+}
+
 
 test {
     jvmArgs = ['-Dtest.java.version.prefix=any']
@@ -367,6 +440,39 @@ task test21(type: Test) {
     }
 }
 
+task test25(type: Test) {
+
+    // This is testing the 25 code base
+    onlyIf {System.getenv("BC_JDK25") != null}
+    dependsOn jar
+
+    testClassesDirs = sourceSets.test25.output.classesDirs
+    classpath = sourceSets.test25.runtimeClasspath + files(jar.archiveFile)
+
+    forkEvery = 1;
+    maxParallelForks = 8;
+
+    systemProperty 'bc.test.data.home', bcTestDataHome
+    maxHeapSize = "1536m"
+    testLogging.showStandardStreams = false
+
+    javaLauncher = javaToolchains.launcherFor {
+        languageVersion = JavaLanguageVersion.of(25)
+    }
+
+    jvmArgs = ['-Dtest.java.version.prefix=25']
+
+
+    finalizedBy jacocoTestReport
+
+    filter {
+        includeTestsMatching "AllTest*"
+        if (project.hasProperty('excludeTests')) {
+            excludeTestsMatching "${excludeTests}"
+        }
+    }
+}
+
 if (System.getenv("BC_JDK8") != null) {
     System.out.println("${project.name}: Adding test8 as dependency for test task because BC_JDK8 is defined")
     test.dependsOn("test8")
@@ -386,7 +492,10 @@ if (System.getenv("BC_JDK21") != null) {
     System.out.println("${project.name}: Adding test21 as dependency for test task because BC_JDK21 is defined")
     test.dependsOn("test21")
 }
-
+if (System.getenv("BC_JDK25") != null) {
+    System.out.println("${project.name}: Adding test25 as dependency for test task because BC_JDK25 is defined")
+    test.dependsOn("test25")
+}
 
 
 

prov/build.gradle

@@ -95,7 +95,7 @@ public final class BouncyCastleProvider extends Provider
 
     private static final String[] SYMMETRIC_GENERIC =
         {
-            "PBEPBKDF1", "PBEPBKDF2", "PBEPKCS12", "TLSKDF", "SCRYPT"
+            "PBEPBKDF1", "PBEPBKDF2", "PBEPKCS12", "TLSKDF", "SCRYPT", "HKDF"
         };
 
     private static final String[] SYMMETRIC_MACS =

prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java

@@ -0,0 +1,34 @@
+package org.bouncycastle.jcajce.provider.symmetric;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
+
+public class HKDF
+{
+    private static final String PREFIX = "org.bouncycastle.jcajce.provider.symmetric" + ".hkdf.";
+
+    public static class Mappings
+            extends AlgorithmProvider
+    {
+        public Mappings()
+        {
+        }
+
+        public void configure(ConfigurableProvider provider)
+        {
+
+            provider.addAlgorithm("KDF.HKDF", PREFIX + "HKDFSpi");
+            provider.addAlgorithm("KDF.HKDF-SHA256", PREFIX + "HKDFSpi$HKDFwithSHA256");
+            provider.addAlgorithm("KDF.HKDF-SHA384", PREFIX + "HKDFSpi$HKDFwithSHA384");
+            provider.addAlgorithm("KDF.HKDF-SHA512", PREFIX + "HKDFSpi$HKDFwithSHA512");
+
+            // Use SymmetricAlgorithmProvider?
+            //TODO: add PKCSObjectIdentifiers?
+            //PKCSObjectIdentifiers.id_alg_hkdf_with_sha256
+            //PKCSObjectIdentifiers.id_alg_hkdf_with_sha384
+            //PKCSObjectIdentifiers.id_alg_hkdf_with_sha512
+
+        }
+    }
+}

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/symmetric/HKDF.java

@@ -0,0 +1,45 @@
+package org.bouncycastle.jcajce.provider.symmetric;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
+
+public class PBEPBKDF2
+{
+    private static final String PREFIX = "org.bouncycastle.jcajce.provider.symmetric" + ".pbepbkdf2.";
+
+    public static class Mappings
+            extends AlgorithmProvider
+    {
+        public Mappings()
+        {
+        }
+
+        public void configure(ConfigurableProvider provider)
+        {
+//            provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "PBEPBKDF2Spi$AlgParams");
+//            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("KDF.PBEPBKDF2", PREFIX + "PBEPBKDF2Spi$PBKDF2withUTF8");
+            provider.addAlgorithm("Alg.Alias.KDF.PBKDF2WITHHMACSHA1", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.KDF.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.KDF." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("KDF.PBKDF2WITHASCII", PREFIX + "PBEPBKDF2Spi$PBKDF2with8BIT");
+            provider.addAlgorithm("Alg.Alias.KDF.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("Alg.Alias.KDF.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA224", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA224");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA256", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA256");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA384", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA384");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA512", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA512");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA512-224", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA512_224");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA512-256", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA512_256");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA3-224", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA3_224");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA3-256", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA3_256");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA3-384", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA3_384");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSHA3-512", PREFIX + "PBEPBKDF2Spi$PBKDF2withSHA3_512");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACGOST3411", PREFIX + "PBEPBKDF2Spi$PBKDF2withGOST3411");
+            provider.addAlgorithm("KDF.PBKDF2WITHHMACSM3", PREFIX + "PBEPBKDF2Spi$PBKDF2withSM3");
+
+
+        }
+    }
+}

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java

@@ -0,0 +1,22 @@
+package org.bouncycastle.jcajce.provider.symmetric;
+
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
+
+public class SCRYPT
+{
+    private static final String PREFIX = "org.bouncycastle.jcajce.provider.symmetric" + ".scrypt.";
+
+    public static class Mappings
+            extends AlgorithmProvider
+    {
+        public Mappings()
+        {
+        }
+
+        public void configure(ConfigurableProvider provider)
+        {
+            provider.addAlgorithm("KDF.SCRYPT", PREFIX + "SCryptSpi$ScryptWithUTF8");
+        }
+    }
+}

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/symmetric/SCRYPT.java

@@ -0,0 +1,15 @@
+package org.bouncycastle.jcajce.provider.symmetric.hkdf;
+
+import org.bouncycastle.crypto.params.HKDFParameters;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+public class HKDFParameterSpec
+        extends HKDFParameters
+        implements AlgorithmParameterSpec
+{
+    public HKDFParameterSpec(byte[] ikm, byte[] salt, byte[] info)
+    {
+        super(ikm, salt, info);
+    }
+}