update library from OQS to BouncyCastle

build.gradle

@@ -116,14 +116,6 @@ allprojects {
   targetCompatibility = 17
 
   repositories {
-    maven {
-      url 'https://maven.pkg.github.com/lacchain/liboqs-java'
-      content { includeGroupByRegex('org\\.openquantumsafe(\\..*)?') }
-      credentials {
-        username = project.findProperty("gpr.user") ?: System.getenv("USERNAME")
-        password = project.findProperty("gpr.key") ?: System.getenv("TOKEN")
-      }
-    }
     maven {
       url 'https://hyperledger.jfrog.io/hyperledger/besu-maven'
       content { includeGroupByRegex('org\\.hyperledger\\..*') }
@@ -685,7 +677,6 @@ task distDocker {
   dependsOn dockerDistUntar
   inputs.dir("build/docker-besu/")
   def dockerBuildDir = "build/docker-besu/"
-  def imageName = "ghcr.io/lacchain/besu"
 
   doLast {
     for (def jvmVariant in dockerVariants) {
@@ -730,8 +721,8 @@ task testDocker {
   doLast {
     for (def variant in dockerVariants) {
       exec {
-        def image = project.hasProperty('release.releaseVersion') ? "ghcr.io/lacchain/besu:" + project.property('release.releaseVersion') : "ghcr.io/lacchain/besu:${project.version}"
-        workingDir "docker/${variant}"
+        def image = project.hasProperty('release.releaseVersion') ? "${dockerImageName}:" + project.property('release.releaseVersion') : "${dockerImageName}:${project.version}"
+        workingDir "${projectDir}/docker/${variant}"
         executable "sh"
         args "-c", "bash ../test.sh ${image}-${variant}"
       }
@@ -740,9 +731,9 @@ task testDocker {
 }
 
 task dockerUpload {
-  def imageName = "ghcr.io/lacchain/besu"
-  def azureImageName = "hyperledger.azurecr.io/besu"
-  def image = "${imageName}:${dockerBuildVersion}"
+  dependsOn distDocker
+  def architecture = System.getenv('architecture')
+  def image = "${dockerImageName}:${dockerBuildVersion}"
   def additionalTags = []
 
   if (project.hasProperty('branch') && project.property('branch') == 'main') {

ethereum/core/build.gradle

@@ -60,7 +60,6 @@ dependencies {
   implementation 'org.apache.tuweni:tuweni-rlp'
   implementation 'org.hyperledger.besu:bls12-381'
   implementation 'org.immutables:value-annotations'
-  implementation 'org.openquantumsafe:liboqs-java'
 
   implementation 'io.prometheus:simpleclient_guava'
 

evm/build.gradle

@@ -40,7 +40,6 @@ dependencies {
   implementation 'com.github.ben-manes.caffeine:caffeine'
   implementation 'com.google.guava:guava'
   implementation 'net.java.dev.jna:jna'
-  implementation 'org.openquantumsafe:liboqs-java'
   implementation 'org.apache.tuweni:tuweni-bytes'
   implementation 'org.apache.tuweni:tuweni-units'
   implementation 'org.hyperledger.besu:arithmetic'

evm/src/main/java/org/hyperledger/besu/evm/precompile/FalconPrecompiledContract.java

@@ -20,38 +20,39 @@
 import org.hyperledger.besu.evm.frame.MessageFrame;
 import org.hyperledger.besu.evm.gascalculator.GasCalculator;
 
+import javax.annotation.Nonnull;
+
 import org.apache.tuweni.bytes.Bytes;
 import org.apache.tuweni.bytes.Bytes32;
-import org.openquantumsafe.Signature;
+import org.bouncycastle.pqc.crypto.falcon.FalconParameters;
+import org.bouncycastle.pqc.crypto.falcon.FalconPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.falcon.FalconSigner;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-/**
- * note: Liboqs - random number generation defaults to /dev/urandom a better form is to use the
- * OQS_RAND_agl_openssl "OpenSSL" random number algorithm, then set the environment default engine
- * to IBRand for quantum entropy
- */
 public class FalconPrecompiledContract extends AbstractPrecompiledContract {
 
   private static final Logger LOG = LoggerFactory.getLogger(AbstractBLS12PrecompiledContract.class);
 
   private static final Bytes METHOD_ABI =
       Hash.keccak256(Bytes.of("verify(bytes,bytes,bytes)".getBytes(UTF_8))).slice(0, 4);
-  // taken from liboqs C sig.h header, OQS_SIG_alg_falcon_512
   private static final String SIGNATURE_ALGORITHM = "Falcon-512";
 
+  private final FalconSigner falconSigner = new FalconSigner();
+
   public FalconPrecompiledContract(final GasCalculator gasCalculator) {
     super("Falcon", gasCalculator);
   }
 
   @Override
   public long gasRequirement(final Bytes input) {
-    long value = gasCalculator().sha256PrecompiledContractGasCost(input);
-    return value;
+    return gasCalculator().sha256PrecompiledContractGasCost(input);
   }
 
+  @Nonnull
   @Override
-  public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
+  public PrecompileContractResult computePrecompile(
+      final Bytes methodInput, @Nonnull final MessageFrame messageFrame) {
     Bytes methodAbi = methodInput.slice(0, METHOD_ABI.size());
     if (!methodAbi.xor(METHOD_ABI).isZero()) {
       throw new IllegalArgumentException("Unexpected method ABI: " + methodAbi.toHexString());
@@ -66,7 +67,10 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
     int dataLength = input.slice(dataOffset, 32).trimLeadingZeros().toInt();
 
     Bytes signatureSlice = input.slice(signatureOffset + 32, signatureLength);
-    Bytes pubKeySlice = input.slice(pubKeyOffset + 32, pubKeyLength);
+    Bytes pubKeySlice =
+        input.slice(
+            pubKeyOffset + 32 + 1,
+            pubKeyLength - 1); // BouncyCastle omits the first byte since it is always zero
     Bytes dataSlice = input.slice(dataOffset + 32, dataLength);
 
     if (LOG.isTraceEnabled()) {
@@ -77,16 +81,18 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
           pubKeySlice.toHexString(),
           dataSlice.toHexString());
     }
-    Signature verifier = new Signature(SIGNATURE_ALGORITHM);
+    FalconPublicKeyParameters falconPublicKeyParameters =
+        new FalconPublicKeyParameters(FalconParameters.falcon_512, pubKeySlice.toArray());
+    falconSigner.init(false, falconPublicKeyParameters);
     final boolean verifies =
-        verifier.verify(dataSlice.toArray(), signatureSlice.toArray(), pubKeySlice.toArray());
+        falconSigner.verifySignature(dataSlice.toArray(), signatureSlice.toArray());
 
     if (verifies) {
       LOG.debug("Signature is VALID");
-      return Bytes32.leftPad(Bytes.of(0));
+      return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(0)));
     } else {
       LOG.debug("Signature is INVALID");
-      return Bytes32.leftPad(Bytes.of(1));
+      return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(1)));
     }
   }
 }

evm/src/test/java/org/hyperledger/besu/evm/precompile/FalconPrecompiledContractTest.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.hyperledger.besu.evm.precompile;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
+import org.hyperledger.besu.evm.frame.MessageFrame;
+import org.hyperledger.besu.evm.gascalculator.IstanbulGasCalculator;
+
+import org.apache.tuweni.bytes.Bytes;
+import org.apache.tuweni.bytes.Bytes32;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+class FalconPrecompiledContractTest {
+  final FalconPrecompiledContract contract =
+      new FalconPrecompiledContract(new IstanbulGasCalculator());
+
+  FalconPrecompiledContractTest() {}
+
+  private final MessageFrame messageFrame = mock(MessageFrame.class);
+
+  static Arguments[] parameters() {
+    return new Arguments[] {
+      Arguments.of(
+          "de8f50a10000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000031200000000000000000000000000000000000000000000000000000000000006b30000000000000000000000000000000000000000000000000000000000000292390191ef48486eb9d9a6823d8e6ff0d7f4df8bed13af7fa55a7e8dfa0d19725842a5451bcf4c061982d021c63a7d666c2024fe57033b1a1bda8c2179c518c94d434947eacc109efe792857ff6450cc853e8bb9d5d951b3ddb1397fadc2210762b479e386e660a68eb2ad034a58a3d0cce2370edf257ff4f81fe97c9bb10c1a96ee87d2414fdf4ea39f9f7c0604d1a3aebe5d73a6a1f7221a99eb2389b905da94766cd27a9a89f13d56b97cdd346689cfc5b3bdbbdc5102d3b5f93a2a95be40afcaac416d831391474c2298da0a359bc958a5f227de991a338944d6ebe4963f1a4ba5bb3d5c672526992329c84c5770c03a5e43504a28fa86f3b9bd72354c0b1921d1b568e5212856d8436f79a8c409e631082a4e28b7cb99d89c2a9ab3c196c56a77e6d05718196b316d8e9bedcfc214e2a33c02f0afd821dbfcb966c8bb8dde01c812a2045b6bc8de767f97b739dc8ed262f43dfc092e49f34c7728839895e4620620e4a193e94dbf2a9d439e249e6ec3377ed6734030acd43d138b982c36df814a4257f971a53aa5d92a7670915469013e68124edae3fc11b4ca470938ee2f218bc0e11468a6092f233de914790c972f77d95f968ac5f6e0968e0efa8d628825f3fbad2254e04e9ba34defc698b2e19e9629290f4e5682270595035b07404b091f5325293ed4021c619d7f0914ac47219b9e5df6fda5acbb398adb5c8540dc3390a548d82be42fac8f6ef9963546bcf278e63fdd49d0abbe62208e3956468771df4a50dd7a3aa197d81f58c14425ee166d29aef3eb2c171ff9b24f575e0ae9a65227d1e57ab6c5df11a369645dac717ab671a4c10aef72824134d0e68676bb138ca20eb5e08a0d1f90ee48af1cce1f21c72394ac427f382ced545183689cdb72cec8ea30c77389a16204356259e4b1142d000000000000000000000000000000000000000000000000000000000000038109b7107f987f937ea7566bca38e1578b8d0b59294e68bd208bfa90133101f5efd8755e9f1fd20564762585baa5a4f165ebec6df80ab5248a22bba940a7754abe5329b5c60345f395ad2a33ac106e65f14b91d0dca308ae4cc6db5fe69eee9fe4a392ff64f52865070eb5587e7f83ab6c187cc0584b3552920a3d4b50ab0a4a1e8d9dea3d4b5eb015a2f4ab59ae3d0ad2c081d8d2428a83806de7973ec65975ff8fd7287c642b6a83250255b61838cb4d68c52600b8c5330fce48aaeb806d4fb99a9add5e56577454a5a5ad5699711dd04854bf11484713dea5d9abd17f9214c33c4f4d47a6600bc241011f52e29d9820ac85ab70dfccb1d08c003b489c0826bf28ccee71945637b7161e6a99584451bf8351a43a0b0755ce3044f0840b7ad0489e6572c896666463e2cfc8ebe1258e3a963ab1433b173865705c15f044bcfde1b780d29e422604a9081d2349f6d6b40671b7c6ae77f44c16a22412e9e32cb116363d99ca4d2c3ace6730fd45fc6612d389edcd1c9b2201ba32a4705fac61005e184b89a4c90983acd7afee694ac9d904473eb512ec2d4875c1c954b791506f02c9e65f5d04976ea4e81d22d4884eb1c47eeb1a7ee109e12e61ce0ee4dfa88fdacb78ed61b0a327c2069d8cd33d184e68a60c22f6804faceca968cf5c1c276c7d16386f38bb82d5ea1e11d801f5ef33d3a3b0171dc870741ce8373c779ae8935211348c436285703681f1e6b0adc05c35c56196c246731ee2a4a998ef918a165023a76d324c58419cd9e76ebca0e13823d90b2ebc641717b404e2ee2937d48b38441e88f1086c15c95de8a48632bee5fb56f99f07ac31037323000317c291e2eace7865ece23548e804679241f1366748b1656cd58c28b86d5e08e269d0e3a668a834f4178a188dd63384042773fac10b3d96f533ecabe3a8a27e091d5846d6ead8ac9241437240ad4f7d274b78403402210ad042ddf73d59e02abf657aa41e101455df638d44c181e4ca219f2c6679088ff11af439115d8ef38f3614b957e1ebb9cc2e6bee0c0664da7ba3f1268404a5bac8ed45854881972382908861cc7f14f5d03b112273917854617590aad70eeedf398cb206ff5c7f7a9c5390dfa27e14b1148518833b3375cdfaf5a73680cdd7d0ea5f664672fe91ae6700032a3ee21aeb3ab7b6a0f66b0f65597a7fb6f5c1a9b1459d48885db3734abec9918c0f3a8135bbb2279984a054115e9c12a8f10ca25b93be8a3acfb94dc6a90d4da0e0a7ada80000000000000000000000000000000000000000000000000000000000000064486c8e99de7f81a3b0f4610bb555be687d67e079f5b03ee9d18c21d766fe3d2d36ea378a89294f839dc9bcd9a8251f92cfd39aacc1e228f44442e95b3c59ef904613ece9d312028b07a3cb26b3c9844dcdb2699299d7d47fd63f7889d6c5ce34626b583a",
+          null),
+      Arguments.of(
+          "de8f50a10000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000031200000000000000000000000000000000000000000000000000000000000006b30000000000000000000000000000000000000000000000000000000000000292390191ef48486eb9d9a6823d8e6ff0d7f4df8bed13af7fa55a7e8dfa0d19725842a5451bcf4c061982d021c63a7d666c2024fe57033b1a1bda8c2179c518c94d434947eacc109efe792857ff6450cc853e8bb9d5d951b3ddb1397fadc2210762b479e386e660a68eb2ad034a58a3d0cce2370edf257ff4f81fe97c9bb10c1a96ee87d2414fdf4ea39f9f7c0604d1a3aebe5d73a6a1f7221a99eb2389b905da94766cd27a9a89f13d56b97cdd346689cfc5b3bdbbdc5102d3b5f93a2a95be40afcaac416d831391474c2298da0a359bc958a5f227de991a338944d6ebe4963f1a4ba5bb3d5c672526992329c84c5770c03a5e43504a28fa86f3b9bd72354c0b1921d1b568e5212856d8436f79a8c409e631082a4e28b7cb99d89c2a9ab3c196c56a77e6d05718196b316d8e9bedcfc214e2a33c02f0afd821dbfcb966c8bb8dde01c812a2045b6bc8de767f97b739dc8ed262f43dfc092e49f34c7728839895e4620620e4a193e94dbf2a9d439e249e6ec3377ed6734030acd43d138b982c36df814a4257f971a53aa5d92a7670915469013e68124edae3fc11b4ca470938ee2f218bc0e11468a6092f233de914790c972f77d95f968ac5f6e0968e0efa8d628825f3fbad2254e04e9ba34defc698b2e19e9629290f4e5682270595035b07404b091f5325293ed4021c619d7f0914ac47219b9e5df6fda5acbb398adb5c8540dc3390a548d82be42fac8f6ef9963546bcf278e63fdd49d0abbe62208e3956468771df4a50dd7a3aa197d81f58c14425ee166d29aef3eb2c171ff9b24f575e0ae9a65227d1e57ab6c5df11a369645dac717ab671a4c10aef72824134d0e68676bb138ca20eb5e08a0d1f90ee48af1cce1f21c72394ac427f382ced545183689cdb72cec8ea30c77389a16204356259e4b1142d000000000000000000000000000000000000000000000000000000000000038109b7107f987f937ea7566bca38e1578b8d0b59294e68bd208bfa90133101f5efd8755e9f1fd20564762585baa5a4f165ebec6df80ab5248a22bba940a7754abe5329b5c60345f395ad2a33ac106e65f14b91d0dca308ae4cc6db5fe69eee9fe4a392ff64f52865070eb5587e7f83ab6c187cc0584b3552920a3d4b50ab0a4a1e8d9dea3d4b5eb015a2f4ab59ae3d0ad2c081d8d2428a83806de7973ec65975ff8fd7287c642b6a83250255b61838cb4d68c52600b8c5330fce48aaeb806d4fb99a9add5e56577454a5a5ad5699711dd04854bf11484713dea5d9abd17f9214c33c4f4d47a6600bc241011f52e29d9820ac85ab70dfccb1d08c003b489c0826bf28ccee71945637b7161e6a99584451bf8351a43a0b0755ce3044f0840b7ad0489e6572c896666463e2cfc8ebe1258e3a963ab1433b173865705c15f044bcfde1b780d29e422604a9081d2349f6d6b40671b7c6ae77f44c16a22412e9e32cb116363d99ca4d2c3ace6730fd45fc6612d389edcd1c9b2201ba32a4705fac61005e184b89a4c90983acd7afee694ac9d904473eb512ec2d4875c1c954b791506f02c9e65f5d04976ea4e81d22d4884eb1c47eeb1a7ee109e12e61ce0ee4dfa88fdacb78ed61b0a327c2069d8cd33d184e68a60c22f6804faceca968cf5c1c276c7d16386f38bb82d5ea1e11d801f5ef33d3a3b0171dc870741ce8373c779ae8935211348c436285703681f1e6b0adc05c35c56196c246731ee2a4a998ef918a165023a76d324c58419cd9e76ebca0e13823d90b2ebc641717b404e2ee2937d48b38441e88f1086c15c95de8a48632bee5fb56f99f07ac31037323000317c291e2eace7865ece23548e804679241f1366748b1656cd58c28b86d5e08e269d0e3a668a834f4178a188dd63384042773fac10b3d96f533ecabe3a8a27e091d5846d6ead8ac9241437240ad4f7d274b78403402210ad042ddf73d59e02abf657aa41e101455df638d44c181e4ca219f2c6679088ff11af439115d8ef38f3614b957e1ebb9cc2e6bee0c0664da7ba3f1268404a5bac8ed45854881972382908861cc7f14f5d03b112273917854617590aad70eeedf398cb206ff5c7f7a9c5390dfa27e14b1148518833b3375cdfaf5a73680cdd7d0ea5f664672fe91ae6700032a3ee21aeb3ab7b6a0f66b0f65597a7fb6f5c1a9b1459d48885db3734abec9918c0f3a8135bbb2279984a054115e9c12a8f10ca25b93be8a3acfb94dc6a90d4da0e0a7ada80000000000000000000000000000000000000000000000000000000000000064486c8e99de7f81a3b0f4610bb555be687d67e079f5b03ee9d18c21d766fe3d2d36ea378a89294f839dc9bcd9a8251f92cfd39aacc1e228f44442e95b3c59ef904613ece9d312028b07a3cb26b3c9844dcdb2699299d7d47fd63f7889d6c5ce34626b583b",
+          "0000000000000000000000000000000000000000000000000000000000000001")
+    };
+  }
+
+  @ParameterizedTest
+  @MethodSource("parameters")
+  void shouldRecoverAddress(final String inputString, final String expectedResult) {
+    final Bytes input = Bytes.fromHexString(inputString);
+    final Bytes expected =
+        expectedResult == null
+            ? Bytes32.leftPad(Bytes.EMPTY)
+            : Bytes32.fromHexString(expectedResult);
+    assertThat(contract.computePrecompile(input, messageFrame).getOutput()).isEqualTo(expected);
+  }
+}

gradle/versions.gradle

@@ -219,7 +219,6 @@ dependencyManagement {
     }
 
     dependency 'org.springframework.security:spring-security-crypto:6.0.2'
-    dependency  'org.openquantumsafe:liboqs-java:1.1-SNAPSHOT'
 
     dependency 'org.testcontainers:testcontainers:1.17.6'