diff --git a/.ci/api-current.txt b/.ci/api-current.txt index 705718ba32..4815aaeb79 100644 --- a/.ci/api-current.txt +++ b/.ci/api-current.txt @@ -643,6 +643,8 @@ public final class net.corda.core.contracts.CommandWithParties extends java.lang public String toString() ## public final class net.corda.core.contracts.ComponentGroupEnum extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.contracts.ComponentGroupEnum valueOf(String) public static net.corda.core.contracts.ComponentGroupEnum[] values() ## @@ -1198,6 +1200,8 @@ public static final class net.corda.core.contracts.TransactionVerificationExcept ## @CordaSerializable public static final class net.corda.core.contracts.TransactionVerificationException$Direction extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.contracts.TransactionVerificationException$Direction valueOf(String) public static net.corda.core.contracts.TransactionVerificationException.Direction[] values() ## @@ -1878,8 +1882,6 @@ public final class net.corda.core.crypto.Crypto extends java.lang.Object public static final net.corda.core.crypto.SignatureScheme RSA_SHA256 @NotNull public static final org.bouncycastle.asn1.DLSequence SHA512_256 - @NotNull - public static final net.corda.core.crypto.SignatureScheme SPHINCS256_SHA256 ## public final class net.corda.core.crypto.CryptoUtils extends java.lang.Object @NotNull @@ -2698,6 +2700,8 @@ public final class net.corda.core.flows.DistributionRecordKey extends java.lang. ## @CordaSerializable public final class net.corda.core.flows.DistributionRecordType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.flows.DistributionRecordType valueOf(String) public static net.corda.core.flows.DistributionRecordType[] values() ## @@ -3249,8 +3253,25 @@ public final class net.corda.core.flows.LedgerRecoveryException extends net.cord ## @StartableByRPC public final class net.corda.core.flows.LedgerRecoveryFlow extends net.corda.core.flows.FlowLogic + public (java.util.Collection) + public (java.util.Collection, net.corda.core.flows.RecoveryTimeWindow) + public (java.util.Collection, net.corda.core.flows.RecoveryTimeWindow, boolean) + public (java.util.Collection, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean) + public (java.util.Collection, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean, boolean) + public (java.util.Collection, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean, boolean, boolean, int) public (net.corda.core.flows.LedgerRecoveryParameters, net.corda.core.utilities.ProgressTracker) public (net.corda.core.flows.LedgerRecoveryParameters, net.corda.core.utilities.ProgressTracker, int, kotlin.jvm.internal.DefaultConstructorMarker) + public (net.corda.core.identity.Party) + public (net.corda.core.identity.Party, net.corda.core.flows.RecoveryTimeWindow) + public (net.corda.core.identity.Party, net.corda.core.flows.RecoveryTimeWindow, boolean) + public (net.corda.core.identity.Party, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean) + public (net.corda.core.identity.Party, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean, boolean) + public (boolean) + public (boolean, net.corda.core.flows.RecoveryTimeWindow) + public (boolean, net.corda.core.flows.RecoveryTimeWindow, boolean) + public (boolean, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean) + public (boolean, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean, int) + public (boolean, net.corda.core.flows.RecoveryTimeWindow, boolean, boolean, int, boolean) @Suspendable @NotNull public net.corda.core.flows.LedgerRecoveryResult call() @@ -3824,6 +3845,8 @@ public final class net.corda.core.flows.StateConsumptionDetails extends java.lan ## @CordaSerializable public static final class net.corda.core.flows.StateConsumptionDetails$ConsumedStateType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.flows.StateConsumptionDetails$ConsumedStateType valueOf(String) public static net.corda.core.flows.StateConsumptionDetails.ConsumedStateType[] values() ## @@ -4778,6 +4801,8 @@ public interface net.corda.core.node.ServicesForResolution ## @CordaSerializable public final class net.corda.core.node.StatesToRecord extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.StatesToRecord valueOf(String) public static net.corda.core.node.StatesToRecord[] values() ## @@ -5015,6 +5040,8 @@ public static final class net.corda.core.node.services.PartyInfo$SingleNode exte public String toString() ## public final class net.corda.core.node.services.ServiceLifecycleEvent extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.ServiceLifecycleEvent valueOf(String) public static net.corda.core.node.services.ServiceLifecycleEvent[] values() ## @@ -5067,6 +5094,8 @@ public final class net.corda.core.node.services.TimeWindowChecker extends java.l ## @CordaSerializable public final class net.corda.core.node.services.TransactionStatus extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.TransactionStatus valueOf(String) public static net.corda.core.node.services.TransactionStatus[] values() ## @@ -5129,6 +5158,8 @@ public static final class net.corda.core.node.services.Vault$ConstraintInfo$Comp ## @CordaSerializable public static final class net.corda.core.node.services.Vault$ConstraintInfo$Type extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.Vault$ConstraintInfo$Type valueOf(String) public static net.corda.core.node.services.Vault.ConstraintInfo.Type[] values() ## @@ -5170,6 +5201,8 @@ public static final class net.corda.core.node.services.Vault$Page extends java.l ## @CordaSerializable public static final class net.corda.core.node.services.Vault$RelevancyStatus extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.Vault$RelevancyStatus valueOf(String) public static net.corda.core.node.services.Vault.RelevancyStatus[] values() ## @@ -5232,6 +5265,8 @@ public static final class net.corda.core.node.services.Vault$StateMetadata exten ## @CordaSerializable public static final class net.corda.core.node.services.Vault$StateStatus extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.Vault$StateStatus valueOf(String) public static net.corda.core.node.services.Vault.StateStatus[] values() ## @@ -5290,6 +5325,8 @@ public static final class net.corda.core.node.services.Vault$Update extends java ## @CordaSerializable public static final class net.corda.core.node.services.Vault$UpdateType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.Vault$UpdateType valueOf(String) public static net.corda.core.node.services.Vault.UpdateType[] values() ## @@ -5389,6 +5426,8 @@ public final class net.corda.core.node.services.diagnostics.NodeVersionInfo exte ## @CordaSerializable public final class net.corda.core.node.services.vault.AggregateFunctionType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.AggregateFunctionType valueOf(String) public static net.corda.core.node.services.vault.AggregateFunctionType[] values() ## @@ -5498,6 +5537,8 @@ public final class net.corda.core.node.services.vault.AttachmentSort extends net public static final class net.corda.core.node.services.vault.AttachmentSort$AttachmentSortAttribute extends java.lang.Enum @NotNull public final String getColumnName() + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.AttachmentSort$AttachmentSortAttribute valueOf(String) public static net.corda.core.node.services.vault.AttachmentSort.AttachmentSortAttribute[] values() ## @@ -5538,12 +5579,16 @@ public abstract class net.corda.core.node.services.vault.BaseSort extends java.l @DoNotImplement @CordaSerializable public final class net.corda.core.node.services.vault.BinaryComparisonOperator extends java.lang.Enum implements net.corda.core.node.services.vault.Operator + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.BinaryComparisonOperator valueOf(String) public static net.corda.core.node.services.vault.BinaryComparisonOperator[] values() ## @DoNotImplement @CordaSerializable public final class net.corda.core.node.services.vault.BinaryLogicalOperator extends java.lang.Enum implements net.corda.core.node.services.vault.Operator + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.BinaryLogicalOperator valueOf(String) public static net.corda.core.node.services.vault.BinaryLogicalOperator[] values() ## @@ -5789,6 +5834,8 @@ public final class net.corda.core.node.services.vault.Builder extends java.lang. @DoNotImplement @CordaSerializable public final class net.corda.core.node.services.vault.CollectionOperator extends java.lang.Enum implements net.corda.core.node.services.vault.Operator + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.CollectionOperator valueOf(String) public static net.corda.core.node.services.vault.CollectionOperator[] values() ## @@ -6014,6 +6061,8 @@ public static final class net.corda.core.node.services.vault.CriteriaExpression$ @DoNotImplement @CordaSerializable public final class net.corda.core.node.services.vault.EqualityComparisonOperator extends java.lang.Enum implements net.corda.core.node.services.vault.Operator + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.EqualityComparisonOperator valueOf(String) public static net.corda.core.node.services.vault.EqualityComparisonOperator[] values() ## @@ -6066,12 +6115,16 @@ public interface net.corda.core.node.services.vault.IQueryCriteriaParser extends @DoNotImplement @CordaSerializable public final class net.corda.core.node.services.vault.LikenessOperator extends java.lang.Enum implements net.corda.core.node.services.vault.Operator + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.LikenessOperator valueOf(String) public static net.corda.core.node.services.vault.LikenessOperator[] values() ## @DoNotImplement @CordaSerializable public final class net.corda.core.node.services.vault.NullOperator extends java.lang.Enum implements net.corda.core.node.services.vault.Operator + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.NullOperator valueOf(String) public static net.corda.core.node.services.vault.NullOperator[] values() ## @@ -6379,6 +6432,8 @@ public static final class net.corda.core.node.services.vault.QueryCriteria$SoftL ## @CordaSerializable public static final class net.corda.core.node.services.vault.QueryCriteria$SoftLockingType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.QueryCriteria$SoftLockingType valueOf(String) public static net.corda.core.node.services.vault.QueryCriteria.SoftLockingType[] values() ## @@ -6402,6 +6457,8 @@ public static final class net.corda.core.node.services.vault.QueryCriteria$TimeC ## @CordaSerializable public static final class net.corda.core.node.services.vault.QueryCriteria$TimeInstantType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.QueryCriteria$TimeInstantType valueOf(String) public static net.corda.core.node.services.vault.QueryCriteria.TimeInstantType[] values() ## @@ -6606,11 +6663,15 @@ public static final class net.corda.core.node.services.vault.Sort$CommonStateAtt public final String getAttributeChild() @NotNull public final String getAttributeParent() + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.Sort$CommonStateAttribute valueOf(String) public static net.corda.core.node.services.vault.Sort.CommonStateAttribute[] values() ## @CordaSerializable public static final class net.corda.core.node.services.vault.Sort$Direction extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.Sort$Direction valueOf(String) public static net.corda.core.node.services.vault.Sort.Direction[] values() ## @@ -6619,6 +6680,8 @@ public static final class net.corda.core.node.services.vault.Sort$Direction exte public static final class net.corda.core.node.services.vault.Sort$FungibleStateAttribute extends java.lang.Enum implements net.corda.core.node.services.vault.Sort$Attribute @NotNull public final String getAttributeName() + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.Sort$FungibleStateAttribute valueOf(String) public static net.corda.core.node.services.vault.Sort.FungibleStateAttribute[] values() ## @@ -6627,6 +6690,8 @@ public static final class net.corda.core.node.services.vault.Sort$FungibleStateA public static final class net.corda.core.node.services.vault.Sort$LinearStateAttribute extends java.lang.Enum implements net.corda.core.node.services.vault.Sort$Attribute @NotNull public final String getAttributeName() + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.Sort$LinearStateAttribute valueOf(String) public static net.corda.core.node.services.vault.Sort.LinearStateAttribute[] values() ## @@ -6654,6 +6719,8 @@ public static final class net.corda.core.node.services.vault.Sort$SortColumn ext public static final class net.corda.core.node.services.vault.Sort$VaultStateAttribute extends java.lang.Enum implements net.corda.core.node.services.vault.Sort$Attribute @NotNull public final String getAttributeName() + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.node.services.vault.Sort$VaultStateAttribute valueOf(String) public static net.corda.core.node.services.vault.Sort.VaultStateAttribute[] values() ## @@ -6834,6 +6901,8 @@ public interface net.corda.core.serialization.ClassWhitelist public @interface net.corda.core.serialization.ConstructorForDeserialization ## public final class net.corda.core.serialization.ContextPropertyKeys extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.serialization.ContextPropertyKeys valueOf(String) public static net.corda.core.serialization.ContextPropertyKeys[] values() ## @@ -6967,6 +7036,8 @@ public interface net.corda.core.serialization.SerializationContext public abstract net.corda.core.serialization.SerializationContext withoutReferences() ## public static final class net.corda.core.serialization.SerializationContext$UseCase extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.serialization.SerializationContext$UseCase valueOf(String) public static net.corda.core.serialization.SerializationContext.UseCase[] values() ## @@ -7306,6 +7377,8 @@ public static final class net.corda.core.transactions.ContractUpgradeWireTransac public (kotlin.jvm.internal.DefaultConstructorMarker) ## public static final class net.corda.core.transactions.ContractUpgradeWireTransaction$Component extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.transactions.ContractUpgradeWireTransaction$Component valueOf(String) public static net.corda.core.transactions.ContractUpgradeWireTransaction.Component[] values() ## @@ -7537,6 +7610,8 @@ public static final class net.corda.core.transactions.LedgerTransaction$InOutGro @NotNull public String toString() ## +public final class net.corda.core.transactions.LedgerTransactionKt extends java.lang.Object +## @CordaSerializable public final class net.corda.core.transactions.MissingContractAttachments extends net.corda.core.flows.FlowException public (java.util.List) @@ -7651,6 +7726,8 @@ public final class net.corda.core.transactions.NotaryChangeWireTransaction exten public String toString() ## public static final class net.corda.core.transactions.NotaryChangeWireTransaction$Component extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.core.transactions.NotaryChangeWireTransaction$Component valueOf(String) public static net.corda.core.transactions.NotaryChangeWireTransaction.Component[] values() ## @@ -7881,6 +7958,8 @@ public abstract class net.corda.core.transactions.TraversableTransaction extends public final net.corda.core.crypto.DigestService getDigestService() @NotNull public java.util.List getInputs() + @NotNull + public final java.util.List getLegacyAttachments() @Nullable public net.corda.core.crypto.SecureHash getNetworkParametersHash() @Nullable @@ -9441,6 +9520,8 @@ public class net.corda.testing.driver.SharedMemoryIncremental extends net.corda. public static net.corda.testing.driver.SharedMemoryIncremental INSTANCE ## public final class net.corda.testing.driver.VerifierType extends java.lang.Enum + @NotNull + public static kotlin.enums.EnumEntries getEntries() public static net.corda.testing.driver.VerifierType valueOf(String) public static net.corda.testing.driver.VerifierType[] values() ## diff --git a/build.gradle b/build.gradle index 7626b91725..db6f192b40 100644 --- a/build.gradle +++ b/build.gradle @@ -383,6 +383,8 @@ allprojects { url "${publicArtifactURL}/corda-dependencies-dev" content { includeGroup 'co.paralleluniverse' + // Remove below when BC 2.73.6 is released + includeGroup 'org.bouncycastle' } } maven { diff --git a/client/jackson/build.gradle b/client/jackson/build.gradle index 19a1ff21eb..7b7f8f08b0 100644 --- a/client/jackson/build.gradle +++ b/client/jackson/build.gradle @@ -18,8 +18,8 @@ dependencies { implementation "com.google.guava:guava:$guava_version" // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - implementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" implementation "org.slf4j:slf4j-api:$slf4j_version" testImplementation project(':finance:workflows') diff --git a/constants.properties b/constants.properties index d16e907459..d3c4f57087 100644 --- a/constants.properties +++ b/constants.properties @@ -20,8 +20,8 @@ guavaVersion=28.0-jre quasarVersion=0.9.0_r3 dockerJavaVersion=3.2.5 proguardVersion=7.3.1 -# Bouncy Castle version must not be changed on a patch release. Needs a full release test cycle to flush out any issues. -bouncycastleVersion=1.75 +# Switch to release version when out +bouncycastleVersion=2.73.6-SNAPSHOT classgraphVersion=4.8.135 disruptorVersion=3.4.2 typesafeConfigVersion=1.3.4 diff --git a/core-tests/build.gradle b/core-tests/build.gradle index 4d0f767387..9c5fbcfa41 100644 --- a/core-tests/build.gradle +++ b/core-tests/build.gradle @@ -105,7 +105,7 @@ dependencies { testImplementation "com.esotericsoftware:kryo:$kryo_version" testImplementation "co.paralleluniverse:quasar-core:$quasar_version" testImplementation "org.hibernate:hibernate-core:$hibernate_version" - testImplementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" + testImplementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" testImplementation "io.netty:netty-common:$netty_version" testImplementation "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version" @@ -123,7 +123,7 @@ dependencies { smokeTestImplementation project(":testing:cordapps:4.11-workflows") smokeTestImplementation project(":finance:contracts") smokeTestImplementation "org.assertj:assertj-core:${assertj_version}" - smokeTestImplementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" + smokeTestImplementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" smokeTestImplementation "co.paralleluniverse:quasar-core:$quasar_version" smokeTestImplementation "org.junit.jupiter:junit-jupiter-api:${junit_jupiter_version}" smokeTestImplementation "junit:junit:$junit_version" diff --git a/core-tests/src/test/kotlin/net/corda/coretests/crypto/CompositeKeyTests.kt b/core-tests/src/test/kotlin/net/corda/coretests/crypto/CompositeKeyTests.kt index e3b0db28a3..24ed2ba451 100644 --- a/core-tests/src/test/kotlin/net/corda/coretests/crypto/CompositeKeyTests.kt +++ b/core-tests/src/test/kotlin/net/corda/coretests/crypto/CompositeKeyTests.kt @@ -295,21 +295,19 @@ class CompositeKeyTests { val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256) val keyPairR1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256) val keyPairEd = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512) - val keyPairSP = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256) val RSASignature = keyPairRSA.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairRSA.public).schemeNumberID))) val K1Signature = keyPairK1.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairK1.public).schemeNumberID))) val R1Signature = keyPairR1.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairR1.public).schemeNumberID))) val EdSignature = keyPairEd.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairEd.public).schemeNumberID))) - val SPSignature = keyPairSP.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairSP.public).schemeNumberID))) - val compositeKey = CompositeKey.Builder().addKeys(keyPairRSA.public, keyPairK1.public, keyPairR1.public, keyPairEd.public, keyPairSP.public).build() as CompositeKey + val compositeKey = CompositeKey.Builder().addKeys(keyPairRSA.public, keyPairK1.public, keyPairR1.public, keyPairEd.public).build() as CompositeKey - val signatures = listOf(RSASignature, K1Signature, R1Signature, EdSignature, SPSignature) + val signatures = listOf(RSASignature, K1Signature, R1Signature, EdSignature) assertTrue { compositeKey.isFulfilledBy(signatures.byKeys()) } // One signature is missing. - val signaturesWithoutRSA = listOf(K1Signature, R1Signature, EdSignature, SPSignature) + val signaturesWithoutRSA = listOf(K1Signature, R1Signature, EdSignature) assertFalse { compositeKey.isFulfilledBy(signaturesWithoutRSA.byKeys()) } } @@ -320,20 +318,18 @@ class CompositeKeyTests { val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256) val keyPairR1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256) val keyPairEd = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512) - val keyPairSP = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256) val RSASignature = keyPairRSA.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairRSA.public).schemeNumberID))) val K1Signature = keyPairK1.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairK1.public).schemeNumberID))) val R1Signature = keyPairR1.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairR1.public).schemeNumberID))) val EdSignature = keyPairEd.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairEd.public).schemeNumberID))) - val SPSignature = keyPairSP.sign(SignableData(secureHash, SignatureMetadata(1, Crypto.findSignatureScheme(keyPairSP.public).schemeNumberID))) - val compositeKey = CompositeKey.Builder().addKeys(keyPairRSA.public, keyPairK1.public, keyPairR1.public, keyPairEd.public, keyPairSP.public).build() as CompositeKey + val compositeKey = CompositeKey.Builder().addKeys(keyPairRSA.public, keyPairK1.public, keyPairR1.public, keyPairEd.public).build() as CompositeKey - val signatures = listOf(RSASignature, K1Signature, R1Signature, EdSignature, SPSignature) + val signatures = listOf(RSASignature, K1Signature, R1Signature, EdSignature) assertTrue { compositeKey.isFulfilledBy(signatures.byKeys()) } // One signature is missing. - val signaturesWithoutRSA = listOf(K1Signature, R1Signature, EdSignature, SPSignature) + val signaturesWithoutRSA = listOf(K1Signature, R1Signature, EdSignature) assertFalse { compositeKey.isFulfilledBy(signaturesWithoutRSA.byKeys()) } // Create self sign CA. @@ -374,13 +370,12 @@ class CompositeKeyTests { val (_, pub3) = Crypto.generateKeyPair(Crypto.RSA_SHA256) val (_, pub4) = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512) val (_, pub5) = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256) - val (_, pub6) = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256) - val (_, pub7) = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256) + val (_, pub6) = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256) // Using default weight = 1, thus all weights are equal. - val composite1 = CompositeKey.Builder().addKeys(pub1, pub2, pub3, pub4, pub5, pub6, pub7).build() as CompositeKey + val composite1 = CompositeKey.Builder().addKeys(pub1, pub2, pub3, pub4, pub5, pub6).build() as CompositeKey // Store in reverse order. - val composite2 = CompositeKey.Builder().addKeys(pub7, pub6, pub5, pub4, pub3, pub2, pub1).build() as CompositeKey + val composite2 = CompositeKey.Builder().addKeys(pub6, pub5, pub4, pub3, pub2, pub1).build() as CompositeKey // There are 7! = 5040 permutations, but as sorting is deterministic the following should never fail. assertEquals(composite1.children, composite2.children) } diff --git a/core/build.gradle b/core/build.gradle index 68d4084526..ea7d76882d 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -37,7 +37,7 @@ dependencies { implementation "com.github.ben-manes.caffeine:caffeine:$caffeine_version" implementation "org.apache.commons:commons-lang3:$commons_lang3_version" // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" // required to use @Type annotation implementation "org.hibernate:hibernate-core:$hibernate_version" // FastThreadLocal @@ -55,7 +55,7 @@ dependencies { testImplementation "com.natpryce:hamkrest:$hamkrest_version" // AssertJ: for fluent assertions for testing testImplementation "org.assertj:assertj-core:$assertj_version" - testImplementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastle_version" + testImplementation "org.bouncycastle:bcpkix-lts8on:$bouncycastle_version" testImplementation "org.ow2.asm:asm:$asm_version" testRuntimeOnly "com.esotericsoftware:kryo:$kryo_version" diff --git a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt index c4813eb5c8..88eaf43198 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt @@ -6,19 +6,16 @@ import net.corda.core.crypto.internal.AliasPrivateKey import net.corda.core.crypto.internal.Curve25519.isOnCurve25519 import net.corda.core.crypto.internal.Instances.withSignature import net.corda.core.crypto.internal.PublicKeyCache -import net.corda.core.crypto.internal.bouncyCastlePQCProvider import net.corda.core.crypto.internal.cordaBouncyCastleProvider import net.corda.core.crypto.internal.cordaSecurityProvider import net.corda.core.crypto.internal.providerMap import net.corda.core.internal.utilities.PrivateInterner import net.corda.core.serialization.serialize import net.corda.core.utilities.ByteSequence -import org.bouncycastle.asn1.ASN1Integer import org.bouncycastle.asn1.ASN1ObjectIdentifier import org.bouncycastle.asn1.DERNull import org.bouncycastle.asn1.DERUTF8String import org.bouncycastle.asn1.DLSequence -import org.bouncycastle.asn1.bc.BCObjectIdentifiers import org.bouncycastle.asn1.edec.EdECObjectIdentifiers import org.bouncycastle.asn1.nist.NISTObjectIdentifiers import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers @@ -48,9 +45,6 @@ import org.bouncycastle.math.ec.ECConstants import org.bouncycastle.math.ec.FixedPointCombMultiplier import org.bouncycastle.math.ec.WNafUtil import org.bouncycastle.math.ec.rfc8032.Ed25519 -import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PrivateKey -import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PublicKey -import org.bouncycastle.pqc.jcajce.spec.SPHINCS256KeyGenParameterSpec import java.math.BigInteger import java.security.InvalidKeyException import java.security.Key @@ -79,7 +73,6 @@ import javax.crypto.spec.SecretKeySpec *
  • ECDSA_SECP256K1_SHA256 (ECDSA using the secp256k1 Koblitz curve and SHA256 as hash algorithm). *
  • ECDSA_SECP256R1_SHA256 (ECDSA using the secp256r1 (NIST P-256) curve and SHA256 as hash algorithm). *
  • EDDSA_ED25519_SHA512 (EdDSA using the ed25519 twisted Edwards curve and SHA512 as hash algorithm). - *
  • SPHINCS256_SHA512 (SPHINCS-256 hash-based signature scheme using SHA512 as hash algorithm). * */ object Crypto { @@ -155,26 +148,6 @@ object Crypto { @JvmField val SHA512_256 = DLSequence(arrayOf(NISTObjectIdentifiers.id_sha512_256)) - /** - * SPHINCS-256 hash-based signature scheme using SHA512 for message hashing. It provides 128bit security against - * post-quantum attackers at the cost of larger key nd signature sizes and loss of compatibility. - */ - // TODO: change val name to SPHINCS256_SHA512. This will break backwards compatibility. - @JvmField - val SPHINCS256_SHA256 = SignatureScheme( - 5, - "SPHINCS-256_SHA512", - AlgorithmIdentifier(BCObjectIdentifiers.sphincs256_with_SHA512, null), - listOf(AlgorithmIdentifier(BCObjectIdentifiers.sphincs256, DLSequence(arrayOf(ASN1Integer(0), SHA512_256)))), - bouncyCastlePQCProvider.name, - "SPHINCS256", - "SHA512withSPHINCS256", - SPHINCS256KeyGenParameterSpec(SPHINCS256KeyGenParameterSpec.SHA512_256), - 256, - "SPHINCS-256 hash-based signature scheme. It provides 128bit security against post-quantum attackers " + - "at the cost of larger key sizes and loss of compatibility." - ) - /** Corda [CompositeKey] signature type. */ // TODO: change the val name to a more descriptive one as it's now confusing and looks like a Key type. @JvmField @@ -204,7 +177,6 @@ object Crypto { ECDSA_SECP256K1_SHA256, ECDSA_SECP256R1_SHA256, EDDSA_ED25519_SHA512, - SPHINCS256_SHA256, COMPOSITE_KEY ).associateBy { it.schemeCodeName } @@ -469,7 +441,7 @@ object Crypto { // Note that deterministic signature schemes, such as EdDSA, original SPHINCS-256 and RSA PKCS#1, do not require // extra randomness, but we have to ensure that non-deterministic algorithms (i.e., ECDSA) use non-blocking // SecureRandom implementation. - if (signatureScheme == EDDSA_ED25519_SHA512 || signatureScheme == SPHINCS256_SHA256 || signatureScheme == RSA_SHA256) { + if (signatureScheme == EDDSA_ED25519_SHA512 || signatureScheme == RSA_SHA256) { signature.initSign(privateKey) } else { // The rest of the algorithms will require a SecureRandom input (i.e., ECDSA or any new algorithm for which @@ -970,7 +942,6 @@ object Crypto { return when (key) { is BCECPublicKey, is EdECPublicKey -> publicKeyOnCurve(signatureScheme, key) is BCRSAPublicKey -> key.modulus.bitLength() >= 2048 // Although the recommended RSA key size is 3072, we accept any key >= 2048bits. - is BCSphincs256PublicKey -> true else -> throw IllegalArgumentException("Unsupported key type: ${key.javaClass.name}") } } @@ -1003,7 +974,6 @@ object Crypto { key is BCEdDSAPublicKey && key is EdECPublicKey -> internPublicKey(key) // The BC implementation is not public key is BCECPublicKey -> internPublicKey(key) key is BCRSAPublicKey -> internPublicKey(key) - key is BCSphincs256PublicKey -> internPublicKey(key) key is CompositeKey -> internPublicKey(key) else -> decodePublicKey(key.encoded) } @@ -1023,7 +993,6 @@ object Crypto { key is BCEdDSAPrivateKey && key is EdECPrivateKey -> key // The BC implementation is not public key is BCECPrivateKey -> key key is BCRSAPrivateKey -> key - key is BCSphincs256PrivateKey -> key else -> decodePrivateKey(key.encoded) } } diff --git a/core/src/main/kotlin/net/corda/core/crypto/SignatureScheme.kt b/core/src/main/kotlin/net/corda/core/crypto/SignatureScheme.kt index 885868873a..b4d6eeb2f0 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/SignatureScheme.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/SignatureScheme.kt @@ -10,12 +10,12 @@ import java.security.spec.AlgorithmParameterSpec * This class is used to define a digital signature scheme. * @param schemeNumberID unique number ID for better efficiency on-wire serialisation. * @param schemeCodeName unique code name for this signature scheme (e.g. RSA_SHA256, ECDSA_SECP256K1_SHA256, ECDSA_SECP256R1_SHA256, - * EDDSA_ED25519_SHA512, SPHINCS-256_SHA512). + * EDDSA_ED25519_SHA512). * @param signatureOID ASN.1 algorithm identifier of the signature algorithm (e.g 1.3.101.112 for EdDSA) * @param alternativeOIDs ASN.1 algorithm identifiers for keys of the signature, where we want to map multiple keys to * the same signature scheme. * @param providerName the provider's name (e.g. "BC"). - * @param algorithmName which signature algorithm is used (e.g. RSA, ECDSA. EdDSA, SPHINCS-256). + * @param algorithmName which signature algorithm is used (e.g. RSA, ECDSA. EdDSA). * @param signatureName a signature-scheme name as required to create [Signature] objects (e.g. "SHA256withECDSA") * @param algSpec parameter specs for the underlying algorithm. Note that RSA is defined by the key size rather than algSpec. * eg. ECGenParameterSpec("secp256k1"). diff --git a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt index 7eeafaf519..e68a6bfc8b 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt @@ -2,7 +2,6 @@ package net.corda.core.crypto.internal import net.corda.core.crypto.CordaSecurityProvider import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider import java.security.Provider import java.security.Security import java.util.Collections.unmodifiableMap @@ -26,16 +25,11 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().also { Security.addProvider(it) } -val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply { - require(name == "BCPQC") { "Invalid PQCProvider name" } -}.also { - Security.addProvider(it) -} // This map is required to defend against users that forcibly call Security.addProvider / Security.removeProvider // that could cause unexpected and suspicious behaviour. // i.e. if someone removes a Provider and then he/she adds a new one with the same name. // The val is immutable to avoid any harmful state changes. internal val providerMap: Map = unmodifiableMap( - listOf(cordaBouncyCastleProvider, cordaSecurityProvider, bouncyCastlePQCProvider) + listOf(cordaBouncyCastleProvider, cordaSecurityProvider) .associateByTo(LinkedHashMap(), Provider::getName) ) diff --git a/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt b/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt index fd1862e19f..06b2e711a3 100644 --- a/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt +++ b/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt @@ -5,21 +5,16 @@ import net.corda.core.crypto.Crypto.ECDSA_SECP256K1_SHA256 import net.corda.core.crypto.Crypto.ECDSA_SECP256R1_SHA256 import net.corda.core.crypto.Crypto.EDDSA_ED25519_SHA512 import net.corda.core.crypto.Crypto.RSA_SHA256 -import net.corda.core.crypto.Crypto.SPHINCS256_SHA256 import net.corda.core.crypto.internal.PlatformSecureRandomService import net.corda.core.utilities.OpaqueBytes import org.apache.commons.lang3.ArrayUtils.EMPTY_BYTE_ARRAY import org.assertj.core.api.Assertions.assertThatIllegalArgumentException import org.assertj.core.api.Assertions.assertThatThrownBy -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey import org.bouncycastle.jce.ECNamedCurveTable import org.bouncycastle.jce.interfaces.ECKey import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec -import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PrivateKey -import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PublicKey import org.junit.Assert.assertNotEquals import org.junit.Test import java.math.BigInteger @@ -54,21 +49,18 @@ class CryptoUtilsTest { val ecdsaKKeyPair = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256) val ecdsaRKeyPair = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256) val eddsaKeyPair = Crypto.generateKeyPair(EDDSA_ED25519_SHA512) - val sphincsKeyPair = Crypto.generateKeyPair(SPHINCS256_SHA256) // not null private keys assertNotNull(rsaKeyPair.private) assertNotNull(ecdsaKKeyPair.private) assertNotNull(ecdsaRKeyPair.private) assertNotNull(eddsaKeyPair.private) - assertNotNull(sphincsKeyPair.private) // not null public keys assertNotNull(rsaKeyPair.public) assertNotNull(ecdsaKKeyPair.public) assertNotNull(ecdsaRKeyPair.public) assertNotNull(eddsaKeyPair.public) - assertNotNull(sphincsKeyPair.public) // fail on unsupported algorithm try { @@ -298,66 +290,11 @@ class CryptoUtilsTest { } } - @Test(timeout=300_000) - fun `SPHINCS-256 full process keygen-sign-verify`() { - val keyPair = Crypto.generateKeyPair(SPHINCS256_SHA256) - val (privKey, pubKey) = keyPair - // test for some data - val signedData = Crypto.doSign(privKey, testBytes) - val verification = Crypto.doVerify(pubKey, signedData, testBytes) - assertTrue(verification) - - // test for empty data signing - try { - Crypto.doSign(privKey, EMPTY_BYTE_ARRAY) - fail() - } catch (e: Exception) { - // expected - } - - // test for empty source data when verifying - try { - Crypto.doVerify(pubKey, testBytes, EMPTY_BYTE_ARRAY) - fail() - } catch (e: Exception) { - // expected - } - - // test for empty signed data when verifying - try { - Crypto.doVerify(pubKey, EMPTY_BYTE_ARRAY, testBytes) - fail() - } catch (e: Exception) { - // expected - } - - // test for zero bytes data - val signedDataZeros = Crypto.doSign(privKey, test100ZeroBytes) - val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, test100ZeroBytes) - assertTrue(verificationZeros) - - // test for 1MB of data (I successfully tested it locally for 1GB as well) - val MBbyte = ByteArray(1000000) // 1.000.000 - Random().nextBytes(MBbyte) - val signedDataBig = Crypto.doSign(privKey, MBbyte) - val verificationBig = Crypto.doVerify(pubKey, signedDataBig, MBbyte) - assertTrue(verificationBig) - - // test on malformed signatures (even if they change for 1 bit) - signedData[0] = signedData[0].inc() - try { - Crypto.doVerify(pubKey, signedData, testBytes) - fail() - } catch (e: Exception) { - // expected - } - } - // test list of supported algorithms @Test(timeout=300_000) fun `Check supported algorithms`() { val algList: List = Crypto.supportedSignatureSchemes().map { it.schemeCodeName } - val expectedAlgSet = setOf("RSA_SHA256", "ECDSA_SECP256K1_SHA256", "ECDSA_SECP256R1_SHA256", "EDDSA_ED25519_SHA512", "SPHINCS-256_SHA512", "COMPOSITE") + val expectedAlgSet = setOf("RSA_SHA256", "ECDSA_SECP256K1_SHA256", "ECDSA_SECP256R1_SHA256", "EDDSA_ED25519_SHA512", "COMPOSITE") assertTrue { Sets.symmetricDifference(expectedAlgSet, algList.toSet()).isEmpty(); } } @@ -422,36 +359,6 @@ class CryptoUtilsTest { assertEquals(pubKey2, pubKey) } - @Test(timeout=300_000) - fun `SPHINCS-256 encode decode keys - required for serialization`() { - // Generate key pair. - val keyPair = Crypto.generateKeyPair(SPHINCS256_SHA256) - val privKey: BCSphincs256PrivateKey = keyPair.private as BCSphincs256PrivateKey - val pubKey: BCSphincs256PublicKey = keyPair.public as BCSphincs256PublicKey - - //1st method for encoding/decoding - val privKey2 = Crypto.decodePrivateKey(privKey.encoded) - assertEquals(privKey2, privKey) - - // Encode and decode public key. - val pubKey2 = Crypto.decodePublicKey(pubKey.encoded) - assertEquals(pubKey2, pubKey) - - //2nd method for encoding/decoding - - // Encode and decode private key. - val privKeyInfo: PrivateKeyInfo = PrivateKeyInfo.getInstance(privKey.encoded) - val decodedPrivKey = BCSphincs256PrivateKey(privKeyInfo) - // Check that decoded private key is equal to the initial one. - assertEquals(decodedPrivKey, privKey) - - // Encode and decode public key. - val pubKeyInfo: SubjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(pubKey.encoded) - val decodedPubKey = BCSphincs256PublicKey(pubKeyInfo) - // Check that decoded private key is equal to the initial one. - assertEquals(decodedPubKey, pubKey) - } - @Test(timeout=300_000) fun `RSA scheme finder by key type`() { val keyPairRSA = Crypto.generateKeyPair(RSA_SHA256) @@ -496,14 +403,6 @@ class CryptoUtilsTest { assertEquals((pubEd as EdECPublicKey).params.name, NamedParameterSpec.ED25519.name) } - @Test(timeout=300_000) - fun `SPHINCS-256 scheme finder by key type`() { - val keyPairSP = Crypto.generateKeyPair(SPHINCS256_SHA256) - val (privSP, pubSP) = keyPairSP - assertEquals(privSP.algorithm, "SPHINCS-256") - assertEquals(pubSP.algorithm, "SPHINCS-256") - } - @Test(timeout=300_000) fun `Automatic EdDSA key-type detection and decoding`() { val keyPairEd = Crypto.generateKeyPair(EDDSA_ED25519_SHA512) @@ -568,22 +467,6 @@ class CryptoUtilsTest { assertEquals(decodedPubRSA, pubRSA) } - @Test(timeout=300_000) - fun `Automatic SPHINCS-256 key-type detection and decoding`() { - val keyPairSP = Crypto.generateKeyPair(SPHINCS256_SHA256) - val (privSP, pubSP) = keyPairSP - val encodedPrivSP = privSP.encoded - val encodedPubSP = pubSP.encoded - - val decodedPrivSP = Crypto.decodePrivateKey(encodedPrivSP) - assertEquals(decodedPrivSP.algorithm, "SPHINCS-256") - assertEquals(decodedPrivSP, privSP) - - val decodedPubSP = Crypto.decodePublicKey(encodedPubSP) - assertEquals(decodedPubSP.algorithm, "SPHINCS-256") - assertEquals(decodedPubSP, pubSP) - } - @Test(timeout=300_000) fun `Failure test between K1 and R1 keys`() { val keyPairK1 = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256) @@ -904,8 +787,8 @@ class CryptoUtilsTest { } @Test(timeout=300_000) - fun `Ensure deterministic signatures of EdDSA, SPHINCS-256 and RSA PKCS1`() { - listOf(EDDSA_ED25519_SHA512, SPHINCS256_SHA256, RSA_SHA256) + fun `Ensure deterministic signatures of EdDSA and RSA PKCS1`() { + listOf(EDDSA_ED25519_SHA512, RSA_SHA256) .forEach { testDeterministicSignatures(it) } } diff --git a/node-api-tests/build.gradle b/node-api-tests/build.gradle index 3ac3d4d775..36f19894ac 100644 --- a/node-api-tests/build.gradle +++ b/node-api-tests/build.gradle @@ -24,8 +24,8 @@ dependencies { testImplementation "io.netty:netty-handler-proxy:$netty_version" // Bouncy castle support needed for X509 certificate manipulation - testImplementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - testImplementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + testImplementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + testImplementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" testRuntimeOnly "org.junit.vintage:junit-vintage-engine:${junit_vintage_version}" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junit_jupiter_version}" diff --git a/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/crypto/X509UtilitiesTest.kt b/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/crypto/X509UtilitiesTest.kt index b8d84467cd..b96b910468 100644 --- a/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/crypto/X509UtilitiesTest.kt +++ b/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/crypto/X509UtilitiesTest.kt @@ -9,7 +9,6 @@ import net.corda.core.crypto.Crypto.ECDSA_SECP256K1_SHA256 import net.corda.core.crypto.Crypto.ECDSA_SECP256R1_SHA256 import net.corda.core.crypto.Crypto.EDDSA_ED25519_SHA512 import net.corda.core.crypto.Crypto.RSA_SHA256 -import net.corda.core.crypto.Crypto.SPHINCS256_SHA256 import net.corda.core.crypto.Crypto.generateKeyPair import net.corda.core.crypto.SignatureScheme import net.corda.core.crypto.newSecureRandom @@ -58,7 +57,6 @@ import org.bouncycastle.asn1.x509.CRLDistPoint import org.bouncycastle.asn1.x509.Extension import org.bouncycastle.asn1.x509.KeyUsage import org.bouncycastle.asn1.x509.SubjectKeyIdentifier -import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PrivateKey import org.junit.Rule import org.junit.Test import org.junit.rules.TemporaryFolder @@ -108,12 +106,10 @@ class X509UtilitiesTest { Pair(DEFAULT_TLS_SIGNATURE_SCHEME, DEFAULT_TLS_SIGNATURE_SCHEME), Pair(DEFAULT_IDENTITY_SIGNATURE_SCHEME, DEFAULT_IDENTITY_SIGNATURE_SCHEME), Pair(DEFAULT_TLS_SIGNATURE_SCHEME, DEFAULT_IDENTITY_SIGNATURE_SCHEME), - Pair(ECDSA_SECP256R1_SHA256, SPHINCS256_SHA256), Pair(ECDSA_SECP256K1_SHA256, RSA_SHA256), Pair(EDDSA_ED25519_SHA512, ECDSA_SECP256K1_SHA256), Pair(RSA_SHA256, EDDSA_ED25519_SHA512), Pair(EDDSA_ED25519_SHA512, ECDSA_SECP256R1_SHA256), - Pair(SPHINCS256_SHA256, ECDSA_SECP256R1_SHA256) ) val schemeToKeyTypes = listOf( @@ -121,8 +117,6 @@ class X509UtilitiesTest { Triple(ECDSA_SECP256R1_SHA256, java.security.interfaces.ECPrivateKey::class.java, org.bouncycastle.jce.interfaces.ECPrivateKey::class.java), Triple(ECDSA_SECP256K1_SHA256, java.security.interfaces.ECPrivateKey::class.java, org.bouncycastle.jce.interfaces.ECPrivateKey::class.java), Triple(EDDSA_ED25519_SHA512, EdECPrivateKey::class.java, EdECPrivateKey::class.java), - // By default, JKS returns SUN RSA key. - Triple(SPHINCS256_SHA256, BCSphincs256PrivateKey::class.java, BCSphincs256PrivateKey::class.java) ) } diff --git a/node-api/build.gradle b/node-api/build.gradle index 30697e4a10..9c9c44c878 100644 --- a/node-api/build.gradle +++ b/node-api/build.gradle @@ -51,8 +51,8 @@ dependencies { implementation "com.fasterxml.jackson.core:jackson-databind:$jackson_version" // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - implementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" implementation "io.reactivex:rxjava:$rxjava_version" implementation "javax.persistence:javax.persistence-api:2.2" diff --git a/node/build.gradle b/node/build.gradle index f904c1db21..f6ddc1b088 100644 --- a/node/build.gradle +++ b/node/build.gradle @@ -135,8 +135,8 @@ dependencies { exclude group: 'org.jgroups', module: 'jgroups' } // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - implementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" implementation "com.esotericsoftware:kryo:$kryo_version" implementation "com.fasterxml.jackson.core:jackson-annotations:${jackson_version}" implementation "com.fasterxml.jackson.core:jackson-databind:$jackson_version" diff --git a/serialization-tests/build.gradle b/serialization-tests/build.gradle index a6529de351..7a9f0ed86e 100644 --- a/serialization-tests/build.gradle +++ b/serialization-tests/build.gradle @@ -15,8 +15,8 @@ dependencies { testImplementation project(':test-utils') // Bouncy castle support needed for X509 certificate manipulation - testImplementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - testImplementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + testImplementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + testImplementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" testImplementation "org.junit.jupiter:junit-jupiter-api:${junit_jupiter_version}" testImplementation "junit:junit:$junit_version" diff --git a/testing/core-test-utils/build.gradle b/testing/core-test-utils/build.gradle index 61c44ed34a..84e754f61f 100644 --- a/testing/core-test-utils/build.gradle +++ b/testing/core-test-utils/build.gradle @@ -17,8 +17,8 @@ dependencies { api "org.jetbrains.kotlin:kotlin-test" // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - implementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" implementation "org.slf4j:slf4j-api:$slf4j_version" implementation "org.mockito.kotlin:mockito-kotlin:$mockito_kotlin_version" diff --git a/testing/node-driver/build.gradle b/testing/node-driver/build.gradle index 7d1f909fe5..f7eb88c28b 100644 --- a/testing/node-driver/build.gradle +++ b/testing/node-driver/build.gradle @@ -75,8 +75,9 @@ dependencies { } // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - implementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcutil-lts8on:${bouncycastle_version}" implementation "com.google.code.findbugs:jsr305:$jsr305_version" implementation "com.google.jimfs:jimfs:1.1" diff --git a/testing/test-utils/build.gradle b/testing/test-utils/build.gradle index f42a246de2..b05805ff98 100644 --- a/testing/test-utils/build.gradle +++ b/testing/test-utils/build.gradle @@ -40,8 +40,8 @@ dependencies { implementation "com.github.ben-manes.caffeine:caffeine:$caffeine_version" // Bouncy castle support needed for X509 certificate manipulation - implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}" - implementation "org.bouncycastle:bcpkix-jdk18on:${bouncycastle_version}" + implementation "org.bouncycastle:bcprov-lts8on:${bouncycastle_version}" + implementation "org.bouncycastle:bcpkix-lts8on:${bouncycastle_version}" testImplementation "org.apache.commons:commons-lang3:$commons_lang3_version" testImplementation "org.assertj:assertj-core:$assertj_version"