updated parsing to handle CHOICE in ML-DSA.

dghgit · dghgit · commit 7822234fc599 · 2025-02-21T16:11:09.000+11:00
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java
@@ -5,6 +5,10 @@
 public class MLDSAPrivateKeyParameters
     extends MLDSAKeyParameters
 {
+    public static final int BOTH = 0;
+    public static final int SEED_ONLY = 1;
+    public static final int EXPANDED_KEY = 2;
+
     final byte[] rho;
     final byte[] k;
     final byte[] tr;
@@ -15,6 +19,8 @@ public class MLDSAPrivateKeyParameters
     private final byte[] t1;
     private final byte[] seed;
 
+    private final int prefFormat;
+
     public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding)
     {
         this(params, encoding, null);
@@ -36,6 +42,7 @@ public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] rho, byte[] K, b
         this.t0 = Arrays.clone(t0);
         this.t1 = Arrays.clone(t1);
         this.seed = Arrays.clone(seed);
+        this.prefFormat = (seed != null) ? BOTH : EXPANDED_KEY;
     }
 
     public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAPublicKeyParameters pubKey)
@@ -86,6 +93,36 @@ public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAP
 
             this.seed = null;
         }
+        this.prefFormat = (seed != null) ? BOTH : EXPANDED_KEY;
+    }
+
+    private MLDSAPrivateKeyParameters(MLDSAPrivateKeyParameters params, int preferredFormat)
+    {
+        super(true, params.getParameters());
+
+        this.rho = params.rho;
+        this.k = params.k;
+        this.tr = params.tr;
+        this.s1 = params.s1;
+        this.s2 = params.s2;
+        this.t0 = params.t0;
+        this.t1 = params.t1;
+        this.seed = params.seed;
+        this.prefFormat = preferredFormat;
+    }
+
+    public MLDSAPrivateKeyParameters getParametersWithFormat(int format)
+    {
+        if (this.seed == null && format == SEED_ONLY)
+        {
+            throw new IllegalArgumentException("no seed available");
+        }
+        return new MLDSAPrivateKeyParameters(this, format);
+    }
+
+    public int getPreferredFormat()
+    {
+        return prefFormat;
     }
 
     public byte[] getEncoded()
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java b/core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java
@@ -298,13 +298,13 @@ else if (privateKey instanceof MLDSAPrivateKeyParameters)
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mldsaOidLookup(params.getParameters()));
 
             byte[] seed = params.getSeed();
-            if (Properties.isOverrideSet("org.bouncycastle.mldsa.seedOnly"))
+            if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.SEED_ONLY)
             {
-                if (seed == null)    // very difficult to imagine, but...
-                {
-                    throw new IOException("no seed available");
-                }
-                return new PrivateKeyInfo(algorithmIdentifier, seed, attributes);
+                return new PrivateKeyInfo(algorithmIdentifier, new DERTaggedObject(false, 0, new DEROctetString(params.getSeed())), attributes);
+            }
+            else if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.EXPANDED_KEY)
+            {
+                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes);
             }
             return new PrivateKeyInfo(algorithmIdentifier, getBasicPQCEncoding(params.getSeed(), params.getEncoded()), attributes);
         }
@@ -406,7 +406,7 @@ private static ASN1Sequence getBasicPQCEncoding(byte[] seed, byte[] expanded)
 
         if (expanded != null)
         {
-            v.add(new DERTaggedObject(false, 1, new DEROctetString(expanded)));
+            v.add(new DEROctetString(expanded));
         }
 
         return new DERSequence(v);
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java b/core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java
@@ -8,6 +8,7 @@
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
@@ -830,6 +831,11 @@ static ASN1Primitive parseData(byte[] data)
             {
                 return ASN1OctetString.getInstance(data);
             }
+
+            if ((data[0] & 0xff) == BERTags.TAGGED)
+            {
+                return ASN1OctetString.getInstance(ASN1TaggedObject.getInstance(data), false);
+            }
         }
 
         return null;

Original file line number	Diff line number	Diff line change
`@@ -298,13 +298,13 @@ else if (privateKey instanceof MLDSAPrivateKeyParameters)`
`298`	`298`	`AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mldsaOidLookup(params.getParameters()));`
`299`	`299`
`300`	`300`	`byte[] seed = params.getSeed();`
`301`		`- if (Properties.isOverrideSet("org.bouncycastle.mldsa.seedOnly"))`
	`301`	`+ if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.SEED_ONLY)`
`302`	`302`	`{`
`303`		`- if (seed == null) // very difficult to imagine, but...`
`304`		`- {`
`305`		`- throw new IOException("no seed available");`
`306`		`- }`
`307`		`- return new PrivateKeyInfo(algorithmIdentifier, seed, attributes);`
	`303`	`+ return new PrivateKeyInfo(algorithmIdentifier, new DERTaggedObject(false, 0, new DEROctetString(params.getSeed())), attributes);`
	`304`	`+ }`
	`305`	`+ else if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.EXPANDED_KEY)`
	`306`	`+ {`
	`307`	`+ return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes);`
`308`	`308`	`}`
`309`	`309`	`return new PrivateKeyInfo(algorithmIdentifier, getBasicPQCEncoding(params.getSeed(), params.getEncoded()), attributes);`
`310`	`310`	`}`
`@@ -406,7 +406,7 @@ private static ASN1Sequence getBasicPQCEncoding(byte[] seed, byte[] expanded)`
`406`	`406`
`407`	`407`	`if (expanded != null)`
`408`	`408`	`{`
`409`		`- v.add(new DERTaggedObject(false, 1, new DEROctetString(expanded)));`
	`409`	`+ v.add(new DEROctetString(expanded));`
`410`	`410`	`}`
`411`	`411`
`412`	`412`	`return new DERSequence(v);`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`import org.bouncycastle.asn1.ASN1OctetString;`
`9`	`9`	`import org.bouncycastle.asn1.ASN1Primitive;`
`10`	`10`	`import org.bouncycastle.asn1.ASN1Sequence;`
	`11`	`+import org.bouncycastle.asn1.ASN1TaggedObject;`
`11`	`12`	`import org.bouncycastle.asn1.BERTags;`
`12`	`13`	`import org.bouncycastle.asn1.DERNull;`
`13`	`14`	`import org.bouncycastle.asn1.bc.BCObjectIdentifiers;`
`@@ -830,6 +831,11 @@ static ASN1Primitive parseData(byte[] data)`
`830`	`831`	`{`
`831`	`832`	`return ASN1OctetString.getInstance(data);`
`832`	`833`	`}`
	`834`	`+`
	`835`	`+ if ((data[0] & 0xff) == BERTags.TAGGED)`
	`836`	`+ {`
	`837`	`+ return ASN1OctetString.getInstance(ASN1TaggedObject.getInstance(data), false);`
	`838`	`+ }`
`833`	`839`	`}`
`834`	`840`
`835`	`841`	`return null;`