Merge branch 'main' into 1958-aead-parameters

# Conflicts:
#	core/src/test/java/org/bouncycastle/crypto/test/RegressionTest.java

Author: gefeili

core/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyStatement.java

@@ -0,0 +1,91 @@
+package org.bouncycastle.asn1.x509;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
+
+/**
+ * <pre>
+ * PrivateKeyStatement ::= SEQUENCE {
+ *       signer  IssuerAndSerialNumber,
+ *       cert    Certificate OPTIONAL }
+ * </pre>
+ */
+public class PrivateKeyStatement
+    extends ASN1Object
+{
+    private final IssuerAndSerialNumber signer;
+    private final Certificate cert;
+
+    public static PrivateKeyStatement getInstance(Object obj)
+    {
+        if (obj instanceof PrivateKeyStatement)
+        {
+            return (PrivateKeyStatement)obj;
+        }
+
+        if (obj != null)
+        {
+            return new PrivateKeyStatement(ASN1Sequence.getInstance(obj));
+        }
+
+        return null;
+    }
+
+    private PrivateKeyStatement(ASN1Sequence seq)
+    {
+        if (seq.size() == 1)
+        {
+             this.signer = IssuerAndSerialNumber.getInstance(seq.getObjectAt(0));
+             this.cert = null;
+        }
+        else if (seq.size() == 2)
+        {
+             this.signer = IssuerAndSerialNumber.getInstance(seq.getObjectAt(0));
+             this.cert = Certificate.getInstance(seq.getObjectAt(1));
+        }
+        else
+        {
+             throw new IllegalArgumentException("unknown sequence in PrivateKeyStatement");
+        }
+    }
+
+    public PrivateKeyStatement(IssuerAndSerialNumber signer)
+    {
+        this.signer = signer;
+        this.cert = null;
+    }
+
+    public PrivateKeyStatement(Certificate cert)
+    {
+        this.signer = new IssuerAndSerialNumber(cert.getIssuer(), cert.getSerialNumber().getValue());
+        this.cert = cert;
+    }
+
+    public IssuerAndSerialNumber getSigner()
+    {
+        return signer;
+    }
+
+    public Certificate getCert()
+    {
+        return cert;
+    }
+
+    public ASN1Primitive toASN1Primitive()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector(2);
+
+        v.add(signer);
+
+        if (cert != null)
+        {
+            v.add(cert);
+        }
+
+        return new DERSequence(v);
+    }
+}

core/src/main/java/org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java

@@ -7,23 +7,25 @@ public interface X509AttributeIdentifiers
     /**
      * @deprecated use id_at_role
      */
-    static final ASN1ObjectIdentifier RoleSyntax = new ASN1ObjectIdentifier("2.5.4.72");
+    ASN1ObjectIdentifier RoleSyntax = new ASN1ObjectIdentifier("2.5.4.72");
 
-    static final ASN1ObjectIdentifier id_pe_ac_auditIdentity = X509ObjectIdentifiers.id_pe.branch("4");
-    static final ASN1ObjectIdentifier id_pe_aaControls       = X509ObjectIdentifiers.id_pe.branch("6");
-    static final ASN1ObjectIdentifier id_pe_ac_proxying      = X509ObjectIdentifiers.id_pe.branch("10");
+    ASN1ObjectIdentifier id_pe_ac_auditIdentity = X509ObjectIdentifiers.id_pe.branch("4");
+    ASN1ObjectIdentifier id_pe_aaControls = X509ObjectIdentifiers.id_pe.branch("6");
+    ASN1ObjectIdentifier id_pe_ac_proxying = X509ObjectIdentifiers.id_pe.branch("10");
 
-    static final ASN1ObjectIdentifier id_ce_targetInformation= X509ObjectIdentifiers.id_ce.branch("55");
+    ASN1ObjectIdentifier id_ce_targetInformation = X509ObjectIdentifiers.id_ce.branch("55");
 
-    static final ASN1ObjectIdentifier id_aca = X509ObjectIdentifiers.id_pkix.branch("10");
+    ASN1ObjectIdentifier id_aca = X509ObjectIdentifiers.id_pkix.branch("10");
 
-    static final ASN1ObjectIdentifier id_aca_authenticationInfo    = id_aca.branch("1");
-    static final ASN1ObjectIdentifier id_aca_accessIdentity        = id_aca.branch("2");
-    static final ASN1ObjectIdentifier id_aca_chargingIdentity      = id_aca.branch("3");
-    static final ASN1ObjectIdentifier id_aca_group                 = id_aca.branch("4");
+    ASN1ObjectIdentifier id_aca_authenticationInfo = id_aca.branch("1");
+    ASN1ObjectIdentifier id_aca_accessIdentity = id_aca.branch("2");
+    ASN1ObjectIdentifier id_aca_chargingIdentity = id_aca.branch("3");
+    ASN1ObjectIdentifier id_aca_group = id_aca.branch("4");
     // { id-aca 5 } is reserved
-    static final ASN1ObjectIdentifier id_aca_encAttrs              = id_aca.branch("6");
+    ASN1ObjectIdentifier id_aca_encAttrs = id_aca.branch("6");
 
-    static final ASN1ObjectIdentifier id_at_role = new ASN1ObjectIdentifier("2.5.4.72");
-    static final ASN1ObjectIdentifier id_at_clearance = new ASN1ObjectIdentifier("2.5.1.5.55");
+    ASN1ObjectIdentifier id_at_role = new ASN1ObjectIdentifier("2.5.4.72");
+    ASN1ObjectIdentifier id_at_clearance = new ASN1ObjectIdentifier("2.5.1.5.55");
+
+    ASN1ObjectIdentifier id_at_privateKeyStatement = new ASN1ObjectIdentifier("1.3.6.1.4.1.22112.2.1");
 }

core/src/main/java/org/bouncycastle/crypto/generators/ECCSIKeyPairGenerator.java

@@ -0,0 +1,82 @@
+package org.bouncycastle.crypto.generators;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.CryptoServicePurpose;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
+import org.bouncycastle.crypto.params.ECCSIKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECCSIPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECCSIPublicKeyParameters;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.BigIntegers;
+
+/**
+ * A key pair generator for the ECCSI scheme (Elliptic Curve-based Certificateless Signatures
+ * for Identity-based Encryption) as defined in RFC 6507.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc6507">
+ *      RFC 6507: Elliptic Curve-Based Certificateless Signatures for Identity-based Encryption (ECCSI)
+ *      </a>
+ */
+
+public class ECCSIKeyPairGenerator
+    implements AsymmetricCipherKeyPairGenerator
+{
+    private BigInteger q;
+    private ECPoint G;
+    private Digest digest;
+    private ECCSIKeyGenerationParameters parameters;
+
+    /**
+     * Initializes the key pair generator with the specified parameters.
+     *
+     * @param parameters an instance of {@link ECCSIKeyGenerationParameters} which encapsulates the elliptic
+     *                   curve domain parameters, the digest algorithm, and an associated identifier.
+     */
+    @Override
+    public void init(KeyGenerationParameters parameters)
+    {
+        this.parameters = (ECCSIKeyGenerationParameters)parameters;
+        this.q = this.parameters.getQ();
+        this.G = this.parameters.getG();
+        this.digest = this.parameters.getDigest();
+
+        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties("ECCSI", this.parameters.getN(), null, CryptoServicePurpose.KEYGEN));
+    }
+
+    @Override
+    public AsymmetricCipherKeyPair generateKeyPair()
+    {
+        SecureRandom random = parameters.getRandom();
+        this.digest.reset();
+        byte[] id = parameters.getId();
+        ECPoint kpak = parameters.getKPAK();
+        // 1) Choose v, a random (ephemeral) non-zero element of F_q;
+        BigInteger v = BigIntegers.createRandomBigInteger(256, random).mod(q);
+        // 2) Compute PVT = [v]G
+        ECPoint pvt = G.multiply(v).normalize();
+
+        // 3) Compute a hash value HS = hash( G || KPAK || ID || PVT ), an N-octet integer;
+        byte[] tmp = G.getEncoded(false);
+        digest.update(tmp, 0, tmp.length);
+        tmp = kpak.getEncoded(false);
+        digest.update(tmp, 0, tmp.length);
+        digest.update(id, 0, id.length);
+        tmp = pvt.getEncoded(false);
+        digest.update(tmp, 0, tmp.length);
+        tmp = new byte[digest.getDigestSize()];
+        digest.doFinal(tmp, 0);
+        BigInteger HS = new BigInteger(1, tmp).mod(q);
+
+        // 4) Compute SSK = ( KSAK + HS * v ) modulo q;
+        BigInteger ssk = parameters.computeSSK(HS.multiply(v));
+        ECCSIPublicKeyParameters pub = new ECCSIPublicKeyParameters(pvt);
+        return new AsymmetricCipherKeyPair(new ECCSIPublicKeyParameters(pvt), new ECCSIPrivateKeyParameters(ssk, pub));
+    }
+}