added raw encoding for composite private keys.

Author: dghgit

docs/releasenotes.html

@@ -28,6 +28,7 @@ <h3>2.1.2 Defects Fixed</h3>
 <h3>2.2.3 Additional Features and Functionality</h3>
 <ul>
 <li>CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03.</li>
+<li>ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings as per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06, draft-ietf-lamps-dilithium-certificates-05, and draft-ietf-lamps-x509-slhdsa.</li>
 </ul>
 
 <a id="r1rv79"><h3>2.2.1 Version</h3></a>

pkix/src/test/java/org/bouncycastle/openssl/test/CompositeKeyTest.java

@@ -2,7 +2,6 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.FileOutputStream;
-import java.io.FileWriter;
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
@@ -49,6 +48,7 @@
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
 import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.ContentVerifierProvider;
@@ -476,19 +476,27 @@ public void testMLDSA44andP256()
 
         CompositePrivateKey mlecPriv = new CompositePrivateKey(MiscObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256, mldsaPriv, ecPriv);
 
-        JcaPEMWriter pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa44_ec_p256_priv.pem"));
+        StringWriter sWrt = new StringWriter();
+        JcaPEMWriter pWrt = new JcaPEMWriter(sWrt);
 
         pWrt.writeObject(mlecPriv);
 
         pWrt.close();
 
         CompositePublicKey mlecPub = new CompositePublicKey(mldsaPub, ecPub);
 
-        pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa44_ec_p256_pub.pem"));
+        pWrt = new JcaPEMWriter(sWrt);
 
         pWrt.writeObject(mlecPub);
 
         pWrt.close();
+
+        PEMParser pPrs = new PEMParser(new StringReader(sWrt.toString()));
+
+        JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC");
+        CompositePrivateKey prKey = (CompositePrivateKey)keyConverter.getPrivateKey((PrivateKeyInfo)pPrs.readObject());
+
+        CompositePublicKey puKey = (CompositePublicKey)keyConverter.getPublicKey((SubjectPublicKeyInfo)pPrs.readObject());
     }
 
     public void testMLDSA87andEd448()
@@ -513,19 +521,27 @@ public void testMLDSA87andEd448()
 
         CompositePrivateKey mlecPriv = new CompositePrivateKey(MiscObjectIdentifiers.id_MLDSA87_Ed448_SHA512, mldsaPriv, ecPriv);
 
-        JcaPEMWriter pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa87_ed448_priv.pem"));
+        StringWriter sWrt = new StringWriter();
+        JcaPEMWriter pWrt = new JcaPEMWriter(sWrt);
 
         pWrt.writeObject(mlecPriv);
 
         pWrt.close();
 
         CompositePublicKey mlecPub = new CompositePublicKey(mldsaPub, ecPub);
 
-        pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa87_ed448_pub.pem"));
+        pWrt = new JcaPEMWriter(sWrt);
 
         pWrt.writeObject(mlecPub);
 
         pWrt.close();
+
+        PEMParser pPrs = new PEMParser(new StringReader(sWrt.toString()));
+
+        JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC");
+        CompositePrivateKey prKey = (CompositePrivateKey)keyConverter.getPrivateKey((PrivateKeyInfo)pPrs.readObject());
+
+        CompositePublicKey puKey = (CompositePublicKey)keyConverter.getPublicKey((SubjectPublicKeyInfo)pPrs.readObject());
     }
 
     private static void doOutput(String fileName, String contents)

prov/src/main/java/org/bouncycastle/jcajce/CompositePrivateKey.java

@@ -16,6 +16,7 @@
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeIndex;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Exceptions;
 
 /**
@@ -138,23 +139,33 @@ public byte[] getEncoded()
                 PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
                 v.add(info);
             }
+
+            try
+            {
+                return new PrivateKeyInfo(new AlgorithmIdentifier(this.algorithmIdentifier), new DERSequence(v)).getEncoded(ASN1Encoding.DER);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalStateException("unable to encode composite private key: " + e.getMessage());
+            }
         }
         else
         {
+            byte[] keyEncoding = null;
             for (int i = 0; i < keys.size(); i++)
             {
                 PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
-                v.add(info.getPrivateKey());
+                keyEncoding = Arrays.concatenate(keyEncoding, info.getPrivateKey().getOctets());
             }
-        }
 
-        try
-        {
-            return new PrivateKeyInfo(new AlgorithmIdentifier(this.algorithmIdentifier), new DERSequence(v)).getEncoded(ASN1Encoding.DER);
-        }
-        catch (IOException e)
-        {
-            throw new IllegalStateException("unable to encode composite private key: " + e.getMessage());
+            try
+            {
+                return new PrivateKeyInfo(new AlgorithmIdentifier(this.algorithmIdentifier), keyEncoding).getEncoded(ASN1Encoding.DER);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalStateException("unable to encode composite private key: " + e.getMessage());
+            }
         }
     }
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/KeyFactorySpi.java

@@ -43,6 +43,7 @@
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Exceptions;
 
 /**
@@ -157,12 +158,13 @@ public PrivateKey generatePrivate(PrivateKeyInfo keyInfo)
             helper = new BCJcaJceHelper();
         }
 
-        ASN1Sequence seq = DERSequence.getInstance(keyInfo.parsePrivateKey());
         ASN1ObjectIdentifier keyIdentifier = keyInfo.getPrivateKeyAlgorithm().getAlgorithm();
 
         if (MiscObjectIdentifiers.id_alg_composite.equals(keyIdentifier)
             || MiscObjectIdentifiers.id_composite_key.equals(keyIdentifier))
         {
+            ASN1Sequence seq = DERSequence.getInstance(keyInfo.parsePrivateKey());
+
             PrivateKey[] privKeys = new PrivateKey[seq.size()];
 
             for (int i = 0; i != seq.size(); i++)
@@ -186,6 +188,24 @@ public PrivateKey generatePrivate(PrivateKeyInfo keyInfo)
         }
         try
         {
+            ASN1Sequence seq;
+            // TODO: backwards compatibility code - should be deleted after 1.84.
+            try
+            {
+                seq = DERSequence.getInstance(keyInfo.parsePrivateKey());
+            }
+            catch (Exception e)
+            {
+                // new raw encoding - we capitalise on the fact initial key is first 32 bytes.
+                ASN1EncodableVector v = new ASN1EncodableVector();
+                byte[] data = keyInfo.getPrivateKey().getOctets();
+
+                v.add(new DEROctetString(Arrays.copyOfRange(data, 0, 32)));
+                v.add(new DEROctetString(Arrays.copyOfRange(data, 32, data.length)));
+
+                seq = new DERSequence(v);
+            }
+
             List<KeyFactory> factories = getKeyFactoriesFromIdentifier(keyIdentifier); //Get key factories for each component algorithm.
             PrivateKey[] privateKeys = new PrivateKey[seq.size()];
             AlgorithmIdentifier[] algIds = pairings.get(keyIdentifier);