bcgit
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java‎
Lines changed: 80 additions & 12 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java‎
Lines changed: 80 additions & 12 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java‎
Lines changed: 45 additions & 24 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java‎
Lines changed: 45 additions & 24 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/PublicKeyFactory.java‎
Lines changed: 4 additions & 4 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/PublicKeyFactory.java‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java‎
Lines changed: 41 additions & 10 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java‎
Lines changed: 41 additions & 10 deletions
diff --git a/‎prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/BCMLKEMPrivateKey.java‎
Lines changed: 1 addition & 1 deletion b/‎prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/BCMLKEMPrivateKey.java‎
Lines changed: 1 addition & 1 deletion
@@ -11,6 +11,7 @@
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -228,10 +229,28 @@ else if (algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_512) ||
                 algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_768) ||
                 algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_1024))
         {
-            ASN1OctetString mlkemKey = parseOctetString(keyInfo.getPrivateKey(), 64);
+            ASN1Primitive mlkemKey = parsePrimitiveString(keyInfo.getPrivateKey(), 64);
             MLKEMParameters mlkemParams = Utils.mlkemParamsLookup(algOID);
 
-            return new MLKEMPrivateKeyParameters(mlkemParams, mlkemKey.getOctets());
+            if (mlkemKey instanceof ASN1Sequence)
+            {
+                ASN1Sequence keySeq = ASN1Sequence.getInstance(mlkemKey);
+
+                if (keySeq.getObjectAt(0) instanceof ASN1OctetString)
+                {
+                    return new MLKEMPrivateKeyParameters(mlkemParams, ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets());
+                }
+                else
+                {
+                    return new MLKEMPrivateKeyParameters(mlkemParams, ASN1OctetString.getInstance((ASN1TaggedObject)keySeq.getObjectAt(0), false).getOctets());
+                }
+            }
+            else if (mlkemKey instanceof ASN1OctetString)
+            {
+                return new MLKEMPrivateKeyParameters(mlkemParams, ASN1OctetString.getInstance(mlkemKey).getOctets());
+            }
+
+            throw new IllegalArgumentException("unknown key format");
         }
         else if (algOID.on(BCObjectIdentifiers.pqc_kem_ntrulprime))
         {
@@ -260,18 +279,33 @@ else if (algOID.on(BCObjectIdentifiers.pqc_kem_sntruprime))
         }
         else if (Utils.mldsaParams.containsKey(algOID))
         {
-            ASN1Encodable keyObj = parseOctetString(keyInfo.getPrivateKey(), 32);
+            ASN1Encodable keyObj = parsePrimitiveString(keyInfo.getPrivateKey(), 32);
             MLDSAParameters spParams = Utils.mldsaParamsLookup(algOID);
 
-            if (keyObj instanceof DEROctetString)
+            MLDSAPublicKeyParameters pubParams = null;
+            if (keyInfo.getPublicKeyData() != null)
+            {
+                pubParams = PublicKeyFactory.MLDSAConverter.getPublicKeyParams(spParams, keyInfo.getPublicKeyData());
+            }
+
+            if (keyObj instanceof ASN1OctetString)
             {
                 byte[] data = ASN1OctetString.getInstance(keyObj).getOctets();
-                if (keyInfo.getPublicKeyData() != null)
+
+                return new MLDSAPrivateKeyParameters(spParams, data, pubParams);
+            }
+            else if (keyObj instanceof ASN1Sequence)
+            {
+                ASN1Sequence keySeq = ASN1Sequence.getInstance(keyObj);
+
+                if (keySeq.getObjectAt(0) instanceof ASN1OctetString)
+                {
+                    return new MLDSAPrivateKeyParameters(spParams, ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets(), pubParams);
+                }
+                else
                 {
-                    MLDSAPublicKeyParameters pubParams = PublicKeyFactory.MLDSAConverter.getPublicKeyParams(spParams, keyInfo.getPublicKeyData());
-                    return new MLDSAPrivateKeyParameters(spParams, data, pubParams);
+                    return new MLDSAPrivateKeyParameters(spParams, ASN1OctetString.getInstance((ASN1TaggedObject)keySeq.getObjectAt(0), false).getOctets(), pubParams);
                 }
-                return new MLDSAPrivateKeyParameters(spParams, data);
             }
             else
             {
@@ -464,15 +498,49 @@ private static ASN1OctetString parseOctetString(ASN1OctetString octStr, int expe
 
         //
         // possible internal OCTET STRING, possibly long form with or without the internal OCTET STRING
-        data = Utils.readOctetString(data);
-        if (data != null)
+        ASN1OctetString obj = Utils.parseOctetData(data);
+
+        if (obj != null)
+        {
+            return ASN1OctetString.getInstance(obj);
+        }
+
+        return octStr;
+    }
+
+    /**
+     * So it seems for the new PQC algorithms, there's a couple of approaches to what goes in the OCTET STRING
+     * and in this case there may also be SEQUENCE.
+     */
+    private static ASN1Primitive parsePrimitiveString(ASN1OctetString octStr, int expectedLength)
+        throws IOException
+    {
+        byte[] data = octStr.getOctets();
+        //
+        // it's the right length for a RAW encoding, just return it.
+        //
+        if (data.length == expectedLength)
+        {
+            return octStr;
+        }
+
+        //
+        // possible internal OCTET STRING, possibly long form with or without the internal OCTET STRING
+        // or possible SEQUENCE
+        ASN1Encodable obj = Utils.parseData(data);
+      
+        if (obj instanceof ASN1OctetString)
         {
-            return new DEROctetString(data);
+            return ASN1OctetString.getInstance(obj);
+        }
+        if (obj instanceof ASN1Sequence)
+        {
+            return ASN1Sequence.getInstance(obj);
         }
 
         return octStr;
     }
-    
+
     private static short[] convert(byte[] octets)
     {
         short[] rv = new short[octets.length / 2];
 
@@ -3,9 +3,11 @@
 import java.io.IOException;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -32,7 +34,6 @@
 import org.bouncycastle.pqc.crypto.lms.HSSPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.lms.LMSPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;
-import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.newhope.NHPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.ntru.NTRUPrivateKeyParameters;
@@ -246,16 +247,18 @@ else if (privateKey instanceof MLKEMPrivateKeyParameters)
             MLKEMPrivateKeyParameters params = (MLKEMPrivateKeyParameters)privateKey;
 
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mlkemOidLookup(params.getParameters()));
-
-            byte[] seed = params.getSeed();
-            if (seed == null)
-            {
-                return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes);
-            }
-            else
-            {
-                return new PrivateKeyInfo(algorithmIdentifier, seed, attributes);
-            }
+                                                  
+            return new PrivateKeyInfo(algorithmIdentifier, getBasicPQCEncoding(params.getSeed(), params.getEncoded()), attributes);
+//            byte[] seed = params.getSeed();
+//
+//            if (seed == null)
+//            {
+//                return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes);
+//            }
+//            else
+//            {
+//                return new PrivateKeyInfo(algorithmIdentifier, seed, attributes);
+//            }
         }
         else if (privateKey instanceof NTRULPRimePrivateKeyParameters)
         {
@@ -294,19 +297,20 @@ else if (privateKey instanceof MLDSAPrivateKeyParameters)
 
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mldsaOidLookup(params.getParameters()));
 
-            byte[] seed = params.getSeed();
-            if (seed == null)
-            {
-                MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
-
-                return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes, pubParams.getEncoded());
-            }
-            else
-            {
-                MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
-
-                return new PrivateKeyInfo(algorithmIdentifier, params.getSeed(), attributes);
-            }
+            return new PrivateKeyInfo(algorithmIdentifier, getBasicPQCEncoding(params.getSeed(), params.getEncoded()), attributes);
+//            byte[] seed = params.getSeed();
+//            if (seed == null)
+//            {
+//                MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
+//
+//                return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes, pubParams.getEncoded());
+//            }
+//            else
+//            {
+//                MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
+//
+//                return new PrivateKeyInfo(algorithmIdentifier, seed, attributes, pubParams.getEncoded());
+//            }
         }
         else if (privateKey instanceof DilithiumPrivateKeyParameters)
         {
@@ -395,6 +399,23 @@ private static XMSSPrivateKey xmssCreateKeyStructure(XMSSPrivateKeyParameters ke
         }
     }
 
+    private static ASN1Sequence getBasicPQCEncoding(byte[] seed, byte[] expanded)
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector(2);
+        
+        if (seed != null)
+        {
+            v.add(new DEROctetString(seed));
+        }
+
+        if (expanded != null)
+        {
+            v.add(new DERTaggedObject(false, 1, new DEROctetString(expanded)));
+        }
+
+        return new DERSequence(v);
+    }
+
     private static XMSSMTPrivateKey xmssmtCreateKeyStructure(XMSSMTPrivateKeyParameters keyParams)
         throws IOException
     {
 
@@ -438,11 +438,11 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje
             throws IOException
         {
             byte[] keyEnc = keyInfo.getPublicKeyData().getOctets();
-            byte[] data = Utils.readOctetString(keyEnc);
+            ASN1OctetString data = (ASN1OctetString)Utils.parseData(keyEnc);
 
             if (data != null)
             {
-                return getLmsKeyParameters(data);
+                return getLmsKeyParameters(data.getOctets());
             }
 
             return getLmsKeyParameters(keyEnc);
@@ -567,11 +567,11 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje
             throws IOException
         {
             byte[] keyEnc = keyInfo.getPublicKeyData().getOctets();
-            byte[] data = Utils.readOctetString(keyEnc);
+            ASN1OctetString data = Utils.parseOctetData(keyEnc);
 
             if (data != null)
             {
-                return getNtruPublicKeyParameters(keyInfo, data);
+                return getNtruPublicKeyParameters(keyInfo, data.getOctets());
             }
 
             return getNtruPublicKeyParameters(keyInfo, keyEnc);
 
@@ -1,11 +1,13 @@
 package org.bouncycastle.pqc.crypto.util;
 
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
@@ -38,7 +40,6 @@
 import org.bouncycastle.pqc.crypto.xmss.XMSSKeyParameters;
 import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLASecurityCategory;
 import org.bouncycastle.util.Integers;
-import org.bouncycastle.util.io.Streams;
 
 class Utils
 {
@@ -783,18 +784,48 @@ static RainbowParameters rainbowParamsLookup(ASN1ObjectIdentifier oid)
         return (RainbowParameters)rainbowParams.get(oid);
     }
 
-    static byte[] readOctetString(byte[] data)
-        throws IOException
+    private static boolean isRaw(byte[] data)
     {
-        if (data[0] == BERTags.OCTET_STRING)
+        // check well-formed first
+        ByteArrayInputStream bIn = new ByteArrayInputStream(data);
+
+        int tag = bIn.read();
+        int len = readLen(bIn);
+        if (len != bIn.available())
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    static ASN1OctetString parseOctetData(byte[] data)
+    {
+        // check well-formed first
+        if (!isRaw(data))
+        {
+            if (data[0] == BERTags.OCTET_STRING)
+            {
+                return ASN1OctetString.getInstance(data);
+            }
+        }
+
+        return null;
+    }
+
+    static ASN1Primitive parseData(byte[] data)
+    {
+        // check well-formed first
+        if (!isRaw(data))
         {
-            ByteArrayInputStream bIn = new ByteArrayInputStream(data);
+            if (data[0] == (BERTags.SEQUENCE | BERTags.CONSTRUCTED))
+            {
+                return ASN1Sequence.getInstance(data);
+            }
 
-            int tag = bIn.read();
-            int len = readLen(bIn);
-            if (len == bIn.available())
+            if (data[0] == BERTags.OCTET_STRING)
             {
-                return Streams.readAll(bIn);
+                return ASN1OctetString.getInstance(data);
             }
         }
 
 
@@ -42,7 +42,7 @@ public BCMLKEMPrivateKey(PrivateKeyInfo keyInfo)
     private void init(PrivateKeyInfo keyInfo)
         throws IOException
     {
-        this.attributes = keyInfo.getAttributes();;
+        this.attributes = keyInfo.getAttributes();
         this.params = (MLKEMPrivateKeyParameters)PrivateKeyFactory.createKey(keyInfo);
         this.algorithm = Strings.toUpperCase(MLKEMParameterSpec.fromName(params.getParameters().getName()).getName());
     }
Original file line number	Diff line number	Diff line change
`@@ -438,11 +438,11 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje`
`438`	`438`	`throws IOException`
`439`	`439`	`{`
`440`	`440`	`byte[] keyEnc = keyInfo.getPublicKeyData().getOctets();`
`441`		`- byte[] data = Utils.readOctetString(keyEnc);`
	`441`	`+ ASN1OctetString data = (ASN1OctetString)Utils.parseData(keyEnc);`
`442`	`442`
`443`	`443`	`if (data != null)`
`444`	`444`	`{`
`445`		`- return getLmsKeyParameters(data);`
	`445`	`+ return getLmsKeyParameters(data.getOctets());`
`446`	`446`	`}`
`447`	`447`
`448`	`448`	`return getLmsKeyParameters(keyEnc);`
`@@ -567,11 +567,11 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje`
`567`	`567`	`throws IOException`
`568`	`568`	`{`
`569`	`569`	`byte[] keyEnc = keyInfo.getPublicKeyData().getOctets();`
`570`		`- byte[] data = Utils.readOctetString(keyEnc);`
	`570`	`+ ASN1OctetString data = Utils.parseOctetData(keyEnc);`
`571`	`571`
`572`	`572`	`if (data != null)`
`573`	`573`	`{`
`574`		`- return getNtruPublicKeyParameters(keyInfo, data);`
	`574`	`+ return getNtruPublicKeyParameters(keyInfo, data.getOctets());`
`575`	`575`	`}`
`576`	`576`
`577`	`577`	`return getNtruPublicKeyParameters(keyInfo, keyEnc);`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ public BCMLKEMPrivateKey(PrivateKeyInfo keyInfo)`
`42`	`42`	`private void init(PrivateKeyInfo keyInfo)`
`43`	`43`	`throws IOException`
`44`	`44`	`{`
`45`		`- this.attributes = keyInfo.getAttributes();;`
	`45`	`+ this.attributes = keyInfo.getAttributes();`
`46`	`46`	`this.params = (MLKEMPrivateKeyParameters)PrivateKeyFactory.createKey(keyInfo);`
`47`	`47`	`this.algorithm = Strings.toUpperCase(MLKEMParameterSpec.fromName(params.getParameters().getName()).getName());`
`48`	`48`	`}`