removed use of PrivateKeyInfo to recover private key algorithm in CompositePrivateKey.

Author: dghgit

prov/src/main/java/org/bouncycastle/jcajce/CompositePrivateKey.java

@@ -20,7 +20,6 @@
 import org.bouncycastle.jcajce.interfaces.MLDSAPrivateKey;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeIndex;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.KeyFactorySpi;
-import org.bouncycastle.jcajce.provider.asymmetric.mldsa.BCMLDSAPrivateKey;
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Exceptions;
@@ -136,7 +135,14 @@ private PrivateKey processKey(PrivateKey key)
         if (key instanceof MLDSAPrivateKey)
         {
             // TODO: we don't insist on seed but we try to accommodate it - the debate continues
-            return ((MLDSAPrivateKey)key).getPrivateKey(true);
+            try
+            {
+                return ((MLDSAPrivateKey)key).getPrivateKey(true);
+            }
+            catch (Exception e)
+            {
+                return key;
+            }
         }
         else
         {
@@ -258,7 +264,7 @@ public byte[] getEncoded()
         {
             try
             {
-                byte[] mldsaKey = ((BCMLDSAPrivateKey)keys.get(0)).getSeed();
+                byte[] mldsaKey = ((MLDSAPrivateKey)keys.get(0)).getSeed();
                 PrivateKeyInfo pki = PrivateKeyInfoFactory.createPrivateKeyInfo(PrivateKeyFactory.createKey(keys.get(1).getEncoded()));
                 byte[] tradKey = pki.getPrivateKey().getOctets();
                 return new PrivateKeyInfo(algorithmIdentifier, Arrays.concatenate(mldsaKey, tradKey)).getEncoded();

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java

@@ -24,7 +24,6 @@
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.Digest;
@@ -204,7 +203,7 @@ protected void engineInitSign(PrivateKey privateKey)
         }
         else
         {
-            ASN1ObjectIdentifier sigAlgorithm = PrivateKeyInfo.getInstance(compositePrivateKey.getEncoded()).getPrivateKeyAlgorithm().getAlgorithm();
+            ASN1ObjectIdentifier sigAlgorithm = compositePrivateKey.getAlgorithmIdentifier().getAlgorithm();
 
             this.algorithm = sigAlgorithm;
             this.baseDigest = CompositeIndex.getDigest(sigAlgorithm);

prov/src/test/java/org/bouncycastle/jcajce/provider/test/CompositeSignaturesTest.java

@@ -4,6 +4,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
@@ -37,6 +38,7 @@
 import org.bouncycastle.jcajce.CompositePrivateKey;
 import org.bouncycastle.jcajce.CompositePublicKey;
 import org.bouncycastle.jcajce.interfaces.MLDSAPrivateKey;
+import org.bouncycastle.jcajce.interfaces.MLDSAPublicKey;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeIndex;
 import org.bouncycastle.jcajce.provider.asymmetric.mldsa.BCMLDSAPublicKey;
 import org.bouncycastle.jcajce.spec.CompositeSignatureSpec;
@@ -338,7 +340,70 @@ public void testMixedComposition()
         signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
         TestCase.assertTrue(signature.verify(signatureValue));
 
+        //
+        // as COMPOSITE on sig creation
+        //
+        compPublicKey = CompositePublicKey.builder(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256)
+            .addPublicKey(mldsaKp.getPublic(), "BC")
+            .addPublicKey(ecKp.getPublic(), "SunEC")
+            .build();
+        compPrivateKey = CompositePrivateKey.builder(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256)
+            .addPrivateKey(mldsaKp.getPrivate(), "BC")
+            .addPrivateKey(ecKp.getPrivate(), "SunEC")
+            .build();
+
+        signature = Signature.getInstance("COMPOSITE", "BC");
+
+        signature.initSign(compPriv);
+        signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+        signatureValue = signature.sign();
 
+        signature = Signature.getInstance(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256.getId(), "BC");
+        signature.initVerify(compPub);
+        signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+        TestCase.assertTrue(signature.verify(signatureValue));
+    }
+
+    public void testMixedCompositionHSMStyle()
+        throws Exception
+    {
+        if (Security.getProvider("SunEC") == null)
+        {
+            return;
+        }
+        KeyPairGenerator mldsaKpGen = KeyPairGenerator.getInstance("ML-DSA", "BC");
+
+        mldsaKpGen.initialize(MLDSAParameterSpec.ml_dsa_44);
+
+        KeyPair mldsaKp = mldsaKpGen.generateKeyPair();
+
+        KeyPairGenerator ecKpGen = KeyPairGenerator.getInstance("EC", "SunEC");
+
+        ecKpGen.initialize(new ECGenParameterSpec("secp256r1"));
+
+        KeyPair ecKp = ecKpGen.generateKeyPair();
+
+        CompositePublicKey compPublicKey = CompositePublicKey.builder(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256)
+            .addPublicKey(mldsaKp.getPublic(), "BC")
+            .addPublicKey(ecKp.getPublic(), "SunEC")
+            .build();
+        CompositePrivateKey compPrivateKey = CompositePrivateKey.builder(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256)
+            .addPrivateKey(new ProxyHSMPrivateKey((MLDSAPrivateKey)mldsaKp.getPrivate()), "BC")
+            .addPrivateKey(ecKp.getPrivate(), "SunEC")
+            .build();
+
+        Signature signature = Signature.getInstance("COMPOSITE", "BC");
+        
+        try
+        {
+            signature.initSign(compPrivateKey);
+            fail("proxy HSM key did not fail with BC");
+        }
+        catch (InvalidKeyException e)
+        {
+            // we want to make sure it got at least as far as passing key to ML-DSA implementation
+            assertEquals("unknown private key passed to ML-DSA", e.getMessage());
+        }
     }
 
     public void testMixedCompositionWithNull()
@@ -808,4 +873,63 @@ private static String extractString(String json, String key)
 
         return json.substring(start, end).replace("\\\"", "\"");
     }
+
+    private static class ProxyHSMPrivateKey
+        implements MLDSAPrivateKey
+    {
+        private final MLDSAPrivateKey privateKey;
+
+        ProxyHSMPrivateKey(MLDSAPrivateKey privateKey)
+        {
+            this.privateKey = privateKey;
+        }
+
+        @Override
+        public String getAlgorithm()
+        {
+            return privateKey.getAlgorithm();
+        }
+
+        @Override
+        public String getFormat()
+        {
+            throw new IllegalStateException("getFormat() called");
+        }
+
+        @Override
+        public byte[] getEncoded()
+        {
+            throw new IllegalStateException("getEncoded() called");
+        }
+
+        @Override
+        public MLDSAParameterSpec getParameterSpec()
+        {
+            return privateKey.getParameterSpec();
+        }
+
+        @Override
+        public MLDSAPublicKey getPublicKey()
+        {
+            return privateKey.getPublicKey();
+        }
+
+        @Override
+        public byte[] getPrivateData()
+        {
+            throw new IllegalStateException("getPrivateData() called");
+        }
+
+        @Override
+        public byte[] getSeed()
+        {
+            throw new IllegalStateException("getSeed() called");
+        }
+
+        @Override
+        public MLDSAPrivateKey getPrivateKey(boolean preferSeedOnly)
+        {
+            throw new IllegalStateException("getPrivateKey() called");
+        }
+    }
 }