update library from OQS to BouncyCastle

build.gradle

@@ -116,14 +116,6 @@ allprojects {
   targetCompatibility = 17
 
   repositories {
-    maven {
-      url 'https://maven.pkg.github.com/lacchain/liboqs-java'
-      content { includeGroupByRegex('org\\.openquantumsafe(\\..*)?') }
-      credentials {
-        username = project.findProperty("gpr.user") ?: System.getenv("USERNAME")
-        password = project.findProperty("gpr.key") ?: System.getenv("TOKEN")
-      }
-    }
     maven {
       url 'https://hyperledger.jfrog.io/hyperledger/besu-maven'
       content { includeGroupByRegex('org\\.hyperledger\\..*') }

crypto/algorithms/build.gradle

@@ -29,7 +29,7 @@ jar {
 }
 
 dependencies {
-  api 'org.bouncycastle:bcprov-jdk15on'
+  api 'org.bouncycastle:bcprov-jdk18on'
   api 'org.slf4j:slf4j-api'
 
   implementation 'net.java.dev.jna:jna'

enclave/build.gradle

@@ -9,7 +9,7 @@ dependencies {
   implementation 'io.vertx:vertx-web'
   implementation 'org.apache.tuweni:tuweni-net'
 
-  runtimeOnly('org.bouncycastle:bcpkix-jdk15on')
+  runtimeOnly('org.bouncycastle:bcpkix-jdk18on')
 
   // test dependencies.
   testImplementation project(':testutil')
@@ -20,7 +20,7 @@ dependencies {
   // integration test dependencies.
   integrationTestImplementation project(':testutil')
   integrationTestImplementation 'org.assertj:assertj-core'
-  integrationTestImplementation 'org.bouncycastle:bcpkix-jdk15on'
+  integrationTestImplementation 'org.bouncycastle:bcpkix-jdk18on'
   integrationTestImplementation 'org.awaitility:awaitility'
   integrationTestImplementation 'org.junit.jupiter:junit-jupiter-api'
   integrationTestImplementation 'org.mockito:mockito-core'

ethereum/api/build.gradle

@@ -69,14 +69,14 @@ dependencies {
   implementation 'org.apache.tuweni:tuweni-toml'
   implementation 'org.apache.tuweni:tuweni-units'
   implementation 'org.antlr:antlr4-runtime'
-  implementation 'org.bouncycastle:bcprov-jdk15on'
+  implementation 'org.bouncycastle:bcprov-jdk18on'
   implementation 'org.springframework.security:spring-security-crypto'
   implementation 'org.xerial.snappy:snappy-java'
 
   annotationProcessor "org.immutables:value"
   implementation "org.immutables:value-annotations"
 
-  runtimeOnly 'org.bouncycastle:bcpkix-jdk15on'
+  runtimeOnly 'org.bouncycastle:bcpkix-jdk18on'
   runtimeOnly 'io.netty:netty-transport-native-epoll'
   runtimeOnly 'io.netty:netty-transport-native-kqueue'
 
@@ -106,7 +106,7 @@ dependencies {
 
   testRuntimeOnly 'org.junit.vintage:junit-vintage-engine'
 
-  testSupportImplementation 'org.bouncycastle:bcpkix-jdk15on'
+  testSupportImplementation 'org.bouncycastle:bcpkix-jdk18on'
 
   integrationTestImplementation project(':config')
   integrationTestImplementation project(path: ':config', configuration: 'testSupportArtifacts')

ethereum/core/build.gradle

@@ -60,7 +60,6 @@ dependencies {
   implementation 'org.apache.tuweni:tuweni-rlp'
   implementation 'org.hyperledger.besu:bls12-381'
   implementation 'org.immutables:value-annotations'
-  implementation 'org.openquantumsafe:liboqs-java'
 
   implementation 'io.prometheus:simpleclient_guava'
 

ethereum/trie/build.gradle

@@ -37,7 +37,7 @@ dependencies {
   implementation 'com.google.guava:guava'
   implementation 'io.opentelemetry:opentelemetry-api'
   implementation 'org.apache.tuweni:tuweni-bytes'
-  implementation 'org.bouncycastle:bcprov-jdk15on'
+  implementation 'org.bouncycastle:bcprov-jdk18on'
 
   annotationProcessor 'org.immutables:value'
 

ethereum/verkletrie/build.gradle

@@ -37,7 +37,7 @@ dependencies {
   implementation 'io.opentelemetry:opentelemetry-api'
   implementation 'org.apache.tuweni:tuweni-bytes'
   implementation 'org.apache.tuweni:tuweni-units'
-  implementation 'org.bouncycastle:bcprov-jdk15on'
+  implementation 'org.bouncycastle:bcprov-jdk18on'
   implementation 'org.hyperledger.besu:ipa-multipoint'
 
   annotationProcessor "org.immutables:value"

evm/build.gradle

@@ -40,7 +40,6 @@ dependencies {
   implementation 'com.github.ben-manes.caffeine:caffeine'
   implementation 'com.google.guava:guava'
   implementation 'net.java.dev.jna:jna'
-  implementation 'org.openquantumsafe:liboqs-java'
   implementation 'org.apache.tuweni:tuweni-bytes'
   implementation 'org.apache.tuweni:tuweni-units'
   implementation 'org.hyperledger.besu:arithmetic'

evm/src/main/java/org/hyperledger/besu/evm/precompile/FalconPrecompiledContract.java

@@ -20,26 +20,26 @@
 import org.hyperledger.besu.evm.frame.MessageFrame;
 import org.hyperledger.besu.evm.gascalculator.GasCalculator;
 
+import javax.annotation.Nonnull;
+
 import org.apache.tuweni.bytes.Bytes;
 import org.apache.tuweni.bytes.Bytes32;
-import org.openquantumsafe.Signature;
+import org.bouncycastle.pqc.crypto.falcon.FalconParameters;
+import org.bouncycastle.pqc.crypto.falcon.FalconPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.falcon.FalconSigner;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-/**
- * note: Liboqs - random number generation defaults to /dev/urandom a better form is to use the
- * OQS_RAND_agl_openssl "OpenSSL" random number algorithm, then set the environment default engine
- * to IBRand for quantum entropy
- */
 public class FalconPrecompiledContract extends AbstractPrecompiledContract {
 
   private static final Logger LOG = LoggerFactory.getLogger(AbstractBLS12PrecompiledContract.class);
 
   private static final Bytes METHOD_ABI =
       Hash.keccak256(Bytes.of("verify(bytes,bytes,bytes)".getBytes(UTF_8))).slice(0, 4);
-  // taken from liboqs C sig.h header, OQS_SIG_alg_falcon_512
   private static final String SIGNATURE_ALGORITHM = "Falcon-512";
 
+  private final FalconSigner falconSigner = new FalconSigner();
+
   public FalconPrecompiledContract(final GasCalculator gasCalculator) {
     super("Falcon", gasCalculator);
   }
@@ -50,8 +50,10 @@ public long gasRequirement(final Bytes input) {
     return value;
   }
 
+  @Nonnull
   @Override
-  public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
+  public PrecompileContractResult computePrecompile(
+      final Bytes methodInput, @Nonnull final MessageFrame messageFrame) {
     Bytes methodAbi = methodInput.slice(0, METHOD_ABI.size());
     if (!methodAbi.xor(METHOD_ABI).isZero()) {
       throw new IllegalArgumentException("Unexpected method ABI: " + methodAbi.toHexString());
@@ -66,7 +68,7 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
     int dataLength = input.slice(dataOffset, 32).trimLeadingZeros().toInt();
 
     Bytes signatureSlice = input.slice(signatureOffset + 32, signatureLength);
-    Bytes pubKeySlice = input.slice(pubKeyOffset + 32, pubKeyLength);
+    Bytes pubKeySlice = input.slice(pubKeyOffset + 32 + 1, pubKeyLength - 1);
     Bytes dataSlice = input.slice(dataOffset + 32, dataLength);
 
     if (LOG.isTraceEnabled()) {
@@ -77,16 +79,18 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
           pubKeySlice.toHexString(),
           dataSlice.toHexString());
     }
-    Signature verifier = new Signature(SIGNATURE_ALGORITHM);
+    FalconPublicKeyParameters falconPublicKeyParameters =
+        new FalconPublicKeyParameters(FalconParameters.falcon_512, pubKeySlice.toArray());
+    falconSigner.init(false, falconPublicKeyParameters);
     final boolean verifies =
-        verifier.verify(dataSlice.toArray(), signatureSlice.toArray(), pubKeySlice.toArray());
+        falconSigner.verifySignature(dataSlice.toArray(), signatureSlice.toArray());
 
     if (verifies) {
       LOG.debug("Signature is VALID");
-      return Bytes32.leftPad(Bytes.of(0));
+      return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(0)));
     } else {
       LOG.debug("Signature is INVALID");
-      return Bytes32.leftPad(Bytes.of(1));
+      return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(1)));
     }
   }
 }

gradle/verification-metadata.xml

@@ -3545,6 +3545,14 @@
             <sha256 value="285b8be595870f61d75e7881b0fb4edc2d1aa37d0a79c4fc8ff2dccf1d9c69fd" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.bouncycastle" name="bcpkix-jdk18on" version="1.75">
+         <artifact name="bcpkix-jdk18on-1.75.jar">
+            <sha256 value="9e2c1db5a6ed29fbc36b438d39ca9feb901bb69bad0ce8d7bc735264bea79bd3" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="bcpkix-jdk18on-1.75.pom">
+            <sha256 value="16a278d9d5bfb0a79cb2df4588279de24ec18a4adeb8cd36a884ad2f6fb733cb" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.bouncycastle" name="bcprov-jdk15on" version="1.68">
          <artifact name="bcprov-jdk15on-1.68.jar">
             <sha256 value="f732a46c8de7e2232f2007c682a21d1f4cc8a8a0149b6b7bd6aa1afdc65a0f8d" origin="Generated by Gradle"/>
@@ -3569,6 +3577,14 @@
             <sha256 value="e3bb6d9e1346cfc230e0900f177e60a12b6dbe212a92e1cd2cfb1e48d4c04839" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.bouncycastle" name="bcprov-jdk18on" version="1.75">
+         <artifact name="bcprov-jdk18on-1.75.jar">
+            <sha256 value="7f24018e9212dbda61c69212f8d7b1524c28efb978f10df590df3b4ccac47bd5" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="bcprov-jdk18on-1.75.pom">
+            <sha256 value="c6ccf55fbb9ea10c62bb20622737993099d4774688eaa0d4a45e1eedaadb9134" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.bouncycastle" name="bcutil-jdk15on" version="1.70">
          <artifact name="bcutil-jdk15on-1.70.jar">
             <sha256 value="52dc5551b0257666526c5095424567fed7dc7b00d2b1ba7bd52298411112b1d0" origin="Generated by Gradle"/>
@@ -3585,6 +3601,14 @@
             <sha256 value="570104ccac0dfa29e46fb6402f7e6a721702c255def43be301c6acb18c25e76d" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.bouncycastle" name="bcutil-jdk18on" version="1.75">
+         <artifact name="bcutil-jdk18on-1.75.jar">
+            <sha256 value="027f36578c1ffdf08878c1cc2aa1e191f4b9da119c1e8f113299c53f298fa664" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="bcutil-jdk18on-1.75.pom">
+            <sha256 value="1e60c25685e521d9eba47713df575f8e5171cac6562a243f99616bbf5a8e7b06" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.checkerframework" name="checker-compat-qual" version="2.5.5">
          <artifact name="checker-compat-qual-2.5.5.jar">
             <sha256 value="11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a" origin="Generated by Gradle"/>

gradle/versions.gradle

@@ -156,9 +156,9 @@ dependencyManagement {
 
     dependency 'org.awaitility:awaitility:4.2.0'
 
-    dependencySet(group: 'org.bouncycastle', version: '1.70') {
-      entry'bcpkix-jdk15on'
-      entry'bcprov-jdk15on'
+    dependencySet(group: 'org.bouncycastle', version: '1.75') {
+      entry'bcpkix-jdk18on'
+      entry'bcprov-jdk18on'
     }
 
     dependency 'org.fusesource.jansi:jansi:2.4.0'
@@ -219,7 +219,6 @@ dependencyManagement {
     }
 
     dependency 'org.springframework.security:spring-security-crypto:6.0.2'
-    dependency  'org.openquantumsafe:liboqs-java:1.1-SNAPSHOT'
 
     dependency 'org.testcontainers:testcontainers:1.17.6'
 

pki/build.gradle

@@ -32,7 +32,7 @@ dependencies {
 
   implementation 'com.google.guava:guava'
   implementation 'org.apache.tuweni:tuweni-bytes'
-  implementation 'org.bouncycastle:bcpkix-jdk15on'
+  implementation 'org.bouncycastle:bcpkix-jdk18on'
 
   testImplementation 'junit:junit'
   testImplementation 'org.assertj:assertj-core'