Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

core/src/test/java/org/bouncycastle/crypto/test/Ed25519Test.java

@@ -34,6 +34,8 @@ public static void main(String[] args)
 
     public void performTest() throws Exception
     {
+        basicSigTest();
+
         for (int i = 0; i < 10; ++i)
         {
             testConsistency(Ed25519.Algorithm.Ed25519, null);
@@ -43,7 +45,6 @@ public void performTest() throws Exception
             testConsistency(Ed25519.Algorithm.Ed25519ph, context);
         }
 
-        basicSigTest();
         testRegressionInfiniteLoop();
     }
 
@@ -837,9 +838,9 @@ private void testRegressionInfiniteLoop() throws Exception
 
             signer.init(false, pub);
             signer.update(msg, 0, msg.length);
-            if (!signer.verifySignature(sig)) {
-                fail("signature verification failed for test vector: " + error);
-            }
+            boolean shouldVerify = signer.verifySignature(sig);
+
+            isTrue("signature verification failed for test vector: " + error, shouldVerify);
         }
     }
 }

pkix/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java

@@ -121,7 +121,7 @@ public boolean verify(String provider)
         {
             sig.update(spkacSeq.getPublicKeyAndChallenge().getEncoded());
 
-            return sig.verify(spkacSeq.getSignature().getBytes());
+            return sig.verify(spkacSeq.getSignature().getOctets());
         }
         catch (Exception e)
         {

pkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java

@@ -434,7 +434,7 @@ public boolean verify(byte[] expected)
                 {
                     if (sigs[i] != null)
                     {
-                        if (!sigs[i].verify(ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes()))
+                        if (!sigs[i].verify(ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets()))
                         {
                             failed = true;
                         }

pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java

@@ -259,7 +259,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1
 
         sig.update(req.toASN1Structure().getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.toASN1Structure().getSignature().getBytes()))
+        if (!sig.verify(req.toASN1Structure().getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java

@@ -14,6 +14,7 @@
 import java.util.Collections;
 import java.util.List;
 
+import org.bouncycastle.asn1.ASN1BitString;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -250,7 +251,7 @@ protected boolean engineVerify(byte[] signature)
         {
             this.componentSignatures.get(i).update(this.OIDBytes);
             this.componentSignatures.get(i).update(digestResult); //in total, "OID || digest(message)" is the message fed into each component signature
-            if (!this.componentSignatures.get(i).verify(DERBitString.getInstance(signatureSequence.getObjectAt(i)).getBytes()))
+            if (!this.componentSignatures.get(i).verify(ASN1BitString.getInstance(signatureSequence.getObjectAt(i)).getOctets()))
             {
                 fail = true;
             }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java

@@ -134,6 +134,11 @@ else if (key instanceof RSAPublicKey)
     protected int engineGetOutputSize(
         int     inputLen) 
     {
+        if (tlsRsaSpec != null)
+        {
+            return TlsRsaKeyExchange.PRE_MASTER_SECRET_LENGTH;
+        }
+
         try
         {
             return cipher.getOutputBlockSize();
@@ -334,6 +339,7 @@ else if (key instanceof RSAPrivateKey)
             }
             else if (params instanceof TLSRSAPremasterSecretParameterSpec)
             {
+                // TODO Restrict mode to DECRYPT_MODE (and/or UNWRAP_MODE)
                 if (!(param instanceof RSAKeyParameters) || !((RSAKeyParameters)param).isPrivate())
                 {
                     throw new InvalidKeyException("RSA private key required for TLS decryption");
@@ -353,6 +359,7 @@ else if (params instanceof TLSRSAPremasterSecretParameterSpec)
         }
         else
         {
+            // TODO Remove after checking all AsymmetricBlockCipher init methods?
             param = new ParametersWithRandom(param, CryptoServicesRegistrar.getSecureRandom());
         }
 
@@ -446,6 +453,7 @@ protected byte[] engineDoFinal(
         int     inputLen) 
         throws IllegalBlockSizeException, BadPaddingException
     {
+        // TODO Can input actually be null?
         if (input != null)
         {
             engineUpdate(input, inputOffset, inputLen);
@@ -462,16 +470,8 @@ protected int engineDoFinal(
         int     outputOffset) 
         throws IllegalBlockSizeException, BadPaddingException, ShortBufferException
     {
-        int outputSize;
-        if (tlsRsaSpec != null)
-        {
-            outputSize = TlsRsaKeyExchange.PRE_MASTER_SECRET_LENGTH;
-        }
-        else
-        {
-            outputSize = engineGetOutputSize(input == null ? 0 : inputLen);
-        }
-
+        // TODO Can input actually be null?
+        int outputSize = engineGetOutputSize(input == null ? 0 : inputLen);
         if (outputOffset > output.length - outputSize)
         {
             throw new ShortBufferException("output buffer too short for input.");

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLImpl.java

@@ -242,7 +242,7 @@ private void doVerify(PublicKey key, SignatureCreator sigCreator)
         {
             List<PublicKey> pubKeys = ((CompositePublicKey)key).getPublicKeys();
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != pubKeys.size(); i++)
@@ -264,7 +264,7 @@ private void doVerify(PublicKey key, SignatureCreator sigCreator)
                     checkSignature(
                         (PublicKey)pubKeys.get(i), signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
                     success = true;
                 }
                 catch (SignatureException e)
@@ -286,7 +286,7 @@ private void doVerify(PublicKey key, SignatureCreator sigCreator)
         else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
         {
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != sigSeq.size(); i++)
@@ -303,7 +303,7 @@ else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
                     checkSignature(
                         key, signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
 
                     success = true;
                 }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateImpl.java

@@ -624,7 +624,7 @@ private void doVerify(
         {
             List<PublicKey> pubKeys = ((CompositePublicKey)key).getPublicKeys();
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != pubKeys.size(); i++)
@@ -645,7 +645,7 @@ private void doVerify(
                     checkSignature(
                         (PublicKey)pubKeys.get(i), signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
                     success = true;
                 }
                 catch (SignatureException e)
@@ -667,7 +667,7 @@ private void doVerify(
         else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
         {
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != sigSeq.size(); i++)
@@ -684,7 +684,7 @@ else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
                     checkSignature(
                         key, signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
 
                     success = true;
                 }

prov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java

@@ -112,8 +112,7 @@ public NetscapeCertRequest (ASN1Sequence spkac)
 
             SubjectPublicKeyInfo pubkeyinfo = SubjectPublicKeyInfo.getInstance(pkac.getObjectAt(0));
 
-            X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(
-                    pubkeyinfo).getBytes());
+            X509EncodedKeySpec xspec = new X509EncodedKeySpec(pubkeyinfo.getEncoded(ASN1Encoding.DER));
 
             keyAlg = pubkeyinfo.getAlgorithm();
             pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC")
@@ -207,7 +206,7 @@ public boolean verify(String challenge) throws NoSuchAlgorithmException,
         Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(),
                 "BC");
         sig.initVerify(pubkey);
-        sig.update(content.getBytes());
+        sig.update(content.getOctets());
 
         return sig.verify(sigBits);
     }

prov/src/main/java/org/bouncycastle/jce/provider/ProvOcspRevocationChecker.java

@@ -431,7 +431,7 @@ static boolean validatedOcspResponse(BasicOCSPResponse basicResp, PKIXCertRevoca
 
             sig.update(basicResp.getTbsResponseData().getEncoded(ASN1Encoding.DER));
 
-            if (sig.verify(basicResp.getSignature().getBytes()))
+            if (sig.verify(basicResp.getSignature().getOctets()))
             {
                 if (nonce != null)
                 {

prov/src/test/java/org/bouncycastle/jce/provider/test/EdECTest.java

@@ -158,7 +158,7 @@ public void performTest()
         // yes, the demo certificate is invalid...
         sig.update(x25519Seq.getObjectAt(0).toASN1Primitive().getEncoded(ASN1Encoding.DL));
 
-        isTrue(sig.verify(x25519Cert.getSignature().getBytes()));
+        isTrue(sig.verify(x25519Cert.getSignature().getOctets()));
 
         CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
 

prov/src/test/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java

@@ -41,7 +41,6 @@
 import org.bouncycastle.jce.spec.ECParameterSpec;
 import org.bouncycastle.jce.spec.ECPrivateKeySpec;
 import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECConstants;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
@@ -215,7 +214,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
@@ -294,7 +293,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid)
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
@@ -344,7 +343,7 @@ private void createECGOSTRequest()
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
@@ -401,7 +400,7 @@ private void createPSSTest(String algorithm)
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }