diff --git a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt index 61901618e2..d0e9f4b817 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt @@ -5,6 +5,8 @@ import net.i2p.crypto.eddsa.EdDSAKey import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable import org.bouncycastle.jce.ECNamedCurveTable import org.bouncycastle.jce.interfaces.ECKey +import org.bouncycastle.jce.provider.BouncyCastleProvider +import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider import org.bouncycastle.pqc.jcajce.spec.SPHINCS256KeyGenParameterSpec import java.security.* import java.security.spec.InvalidKeySpecException @@ -26,6 +28,10 @@ import java.security.spec.X509EncodedKeySpec */ object Crypto { + init { + Security.addProvider(BouncyCastleProvider()) // register Bouncy Castle Crypto Provider (for RSA, ECDSA). + Security.addProvider(BouncyCastlePQCProvider()) // register Bouncy Castle Post-Quantum Crypto Provider (for SPHINCS-256). + } /** * RSA_SHA256 signature scheme using SHA256 as hash algorithm and MGF1 (with SHA256) as mask generation function. * Note: Recommended key size >= 3072 bits. diff --git a/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt b/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt index dd0884c95e..d2aee4fa2c 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt @@ -143,7 +143,7 @@ operator fun KeyPair.component1(): PrivateKey = this.private operator fun KeyPair.component2(): PublicKey = this.public /** A simple wrapper that will make it easier to swap out the EC algorithm we use in future */ -fun generateKeyPair(): KeyPair = KeyPairGenerator().generateKeyPair() +fun generateKeyPair(): KeyPair = Crypto.generateKeyPair() /** * Returns a key pair derived from the given private key entropy. This is useful for unit tests and other cases where diff --git a/core/src/main/kotlin/net/corda/core/crypto/X509Utilities.kt b/core/src/main/kotlin/net/corda/core/crypto/X509Utilities.kt index 82d6ed6b86..87aab99113 100644 --- a/core/src/main/kotlin/net/corda/core/crypto/X509Utilities.kt +++ b/core/src/main/kotlin/net/corda/core/crypto/X509Utilities.kt @@ -38,7 +38,6 @@ import java.security.spec.ECGenParameterSpec import java.time.Instant import java.time.temporal.ChronoUnit import java.util.* -import javax.security.auth.x500.X500Principal object X509Utilities { diff --git a/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt b/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt index 60e1717451..98eaffd387 100644 --- a/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt +++ b/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt @@ -9,14 +9,11 @@ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo import org.bouncycastle.jce.ECNamedCurveTable import org.bouncycastle.jce.interfaces.ECKey -import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PrivateKey import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PublicKey import org.junit.Assert.assertNotEquals import org.junit.Test import java.security.KeyFactory -import java.security.Security import java.security.spec.PKCS8EncodedKeySpec import java.security.spec.X509EncodedKeySpec import java.util.* @@ -30,11 +27,6 @@ import kotlin.test.fail */ class CryptoUtilsTest { - init { - Security.addProvider(BouncyCastleProvider()) - Security.addProvider(BouncyCastlePQCProvider()) - } - val testString = "Hello World" val testBytes = testString.toByteArray() diff --git a/core/src/test/kotlin/net/corda/core/crypto/TransactionSignatureTest.kt b/core/src/test/kotlin/net/corda/core/crypto/TransactionSignatureTest.kt index 7cce0a7094..4aad5b6580 100644 --- a/core/src/test/kotlin/net/corda/core/crypto/TransactionSignatureTest.kt +++ b/core/src/test/kotlin/net/corda/core/crypto/TransactionSignatureTest.kt @@ -1,9 +1,6 @@ package net.corda.core.crypto -import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider import org.junit.Test -import java.security.Security import java.security.SignatureException import java.time.Instant import kotlin.test.assertTrue @@ -13,11 +10,6 @@ import kotlin.test.assertTrue */ class TransactionSignatureTest { - init { - Security.addProvider(BouncyCastleProvider()) - Security.addProvider(BouncyCastlePQCProvider()) - } - val testBytes = "12345678901234567890123456789012".toByteArray() /** valid sign and verify. */ diff --git a/core/src/test/kotlin/net/corda/core/serialization/KryoTests.kt b/core/src/test/kotlin/net/corda/core/serialization/KryoTests.kt index bbcd85b20b..e030fee171 100644 --- a/core/src/test/kotlin/net/corda/core/serialization/KryoTests.kt +++ b/core/src/test/kotlin/net/corda/core/serialization/KryoTests.kt @@ -7,14 +7,11 @@ import net.corda.core.messaging.Ack import net.corda.node.services.persistence.NodeAttachmentService import org.assertj.core.api.Assertions.assertThat import org.assertj.core.api.Assertions.assertThatThrownBy -import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider import org.junit.Before import org.junit.Test import org.slf4j.LoggerFactory import java.io.ByteArrayInputStream import java.io.InputStream -import java.security.Security import java.time.Instant import java.util.* import kotlin.test.assertEquals @@ -110,8 +107,6 @@ class KryoTests { @Test fun `serialize - deserialize MetaData`() { - Security.addProvider(BouncyCastleProvider()) - Security.addProvider(BouncyCastlePQCProvider()) val testString = "Hello World" val testBytes = testString.toByteArray() val keyPair1 = Crypto.generateKeyPair("ECDSA_SECP256K1_SHA256")