Refactoring in tls.crypto.impl

Author: peterdettman

tls/src/main/java/org/bouncycastle/tls/crypto/impl/PQCUtil.java

@@ -23,23 +23,6 @@ public static ASN1ObjectIdentifier getMLDSAObjectidentifier(int signatureScheme)
         }
     }
 
-    public static ASN1ObjectIdentifier getMLDSAObjectidentifier(MLDSAParameters parameters)
-    {
-        if (MLDSAParameters.ml_dsa_44 == parameters)
-        {
-            return NISTObjectIdentifiers.id_ml_dsa_44;
-        }
-        if (MLDSAParameters.ml_dsa_65 == parameters)
-        {
-            return NISTObjectIdentifiers.id_ml_dsa_65;
-        }
-        if (MLDSAParameters.ml_dsa_87 == parameters)
-        {
-            return NISTObjectIdentifiers.id_ml_dsa_87;
-        }
-        throw new IllegalArgumentException();
-    }
-
     public static int getMLDSASignatureScheme(MLDSAParameters parameters)
     {
         if (MLDSAParameters.ml_dsa_44 == parameters)
@@ -57,9 +40,9 @@ public static int getMLDSASignatureScheme(MLDSAParameters parameters)
         throw new IllegalArgumentException();
     }
 
-    public static boolean supportsMLDSA(AlgorithmIdentifier pubKeyAlgID, ASN1ObjectIdentifier algorithm)
+    public static boolean supportsMLDSA(AlgorithmIdentifier pubKeyAlgID, ASN1ObjectIdentifier mlDsaAlgOid)
     {
-        return pubKeyAlgID.getAlgorithm().equals(algorithm)
+        return pubKeyAlgID.getAlgorithm().equals(mlDsaAlgOid)
             && pubKeyAlgID.getParameters() == null;
     }
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsEd25519Signer.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.tls.crypto.impl.bc;
 
-import java.io.IOException;
-
 import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
 import org.bouncycastle.crypto.signers.Ed25519Signer;
 import org.bouncycastle.tls.SignatureAndHashAlgorithm;
@@ -16,11 +14,6 @@ public BcTlsEd25519Signer(BcTlsCrypto crypto, Ed25519PrivateKeyParameters privat
         super(crypto, privateKey);
     }
 
-    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
-    {
-        throw new UnsupportedOperationException();
-    }
-
     public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
     {
         if (algorithm == null || SignatureScheme.from(algorithm) != SignatureScheme.ed25519)

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsEd448Signer.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.tls.crypto.impl.bc;
 
-import java.io.IOException;
-
 import org.bouncycastle.crypto.params.Ed448PrivateKeyParameters;
 import org.bouncycastle.crypto.signers.Ed448Signer;
 import org.bouncycastle.tls.SignatureAndHashAlgorithm;
@@ -17,11 +15,6 @@ public BcTlsEd448Signer(BcTlsCrypto crypto, Ed448PrivateKeyParameters privateKey
         super(crypto, privateKey);
     }
 
-    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
-    {
-        throw new UnsupportedOperationException();
-    }
-
     public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
     {
         if (algorithm == null || SignatureScheme.from(algorithm) != SignatureScheme.ed448)

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsMLDSASigner.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.tls.crypto.impl.bc;
 
-import java.io.IOException;
-
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSASigner;
@@ -32,11 +30,6 @@ private BcTlsMLDSASigner(BcTlsCrypto crypto, MLDSAPrivateKeyParameters privateKe
         this.signatureScheme = signatureScheme;
     }
 
-    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
-    {
-        throw new UnsupportedOperationException();
-    }
-
     public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
     {
         if (algorithm == null || SignatureScheme.from(algorithm) != signatureScheme)

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRawKeyCertificate.java

@@ -26,7 +26,6 @@
 import org.bouncycastle.crypto.signers.PSSSigner;
 import org.bouncycastle.crypto.signers.RSADigestSigner;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
-import org.bouncycastle.pqc.crypto.mldsa.MLDSAParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSASigner;
 import org.bouncycastle.tls.AlertDescription;
@@ -255,16 +254,10 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException
         case SignatureScheme.DRAFT_mldsa65:
         case SignatureScheme.DRAFT_mldsa87:
         {
-            ASN1ObjectIdentifier algorithm = PQCUtil.getMLDSAObjectidentifier(signatureScheme);
-            validateMLDSA(algorithm);
+            ASN1ObjectIdentifier mlDsaAlgOid = PQCUtil.getMLDSAObjectidentifier(signatureScheme);
+            validateMLDSA(mlDsaAlgOid);
 
             MLDSAPublicKeyParameters publicKey = getPubKeyMLDSA();
-            MLDSAParameters parameters = publicKey.getParameters();
-            if (!PQCUtil.getMLDSAObjectidentifier(parameters).equals(algorithm))
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
-                    "ML-DSA public key not for " + SignatureScheme.getText(signatureScheme));
-            }
 
             MLDSASigner verifier = new MLDSASigner();
             verifier.init(false, publicKey);
@@ -485,10 +478,10 @@ protected boolean supportsKeyUsage(int keyUsageBit)
         return true;
     }
 
-    protected boolean supportsMLDSA(ASN1ObjectIdentifier algorithm)
+    protected boolean supportsMLDSA(ASN1ObjectIdentifier mlDsaAlgOid)
     {
         AlgorithmIdentifier pubKeyAlgID = keyInfo.getAlgorithm();
-        return PQCUtil.supportsMLDSA(pubKeyAlgID, algorithm);
+        return PQCUtil.supportsMLDSA(pubKeyAlgID, mlDsaAlgOid);
     }
 
     protected boolean supportsRSA_PKCS1()
@@ -582,10 +575,10 @@ public void validateKeyUsage(int keyUsageBit)
         }
     }
 
-    protected void validateMLDSA(ASN1ObjectIdentifier algorithm)
+    protected void validateMLDSA(ASN1ObjectIdentifier mlDsaAlgOid)
         throws IOException
     {
-        if (!supportsMLDSA(algorithm))
+        if (!supportsMLDSA(mlDsaAlgOid))
         {
             throw new TlsFatalAlert(AlertDescription.certificate_unknown, "No support for ML-DSA signature scheme");
         }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsSM2Signer.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.tls.crypto.impl.bc;
 
-import java.io.IOException;
-
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithID;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
@@ -22,11 +20,6 @@ public BcTlsSM2Signer(BcTlsCrypto crypto, ECPrivateKeyParameters privateKey, byt
         this.identifier = Arrays.clone(identifier);
     }
 
-    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
-    {
-        throw new UnsupportedOperationException();
-    }
-
     public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
     {
         if (algorithm == null

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsSigner.java

@@ -1,5 +1,7 @@
 package org.bouncycastle.tls.crypto.impl.bc;
 
+import java.io.IOException;
+
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.tls.SignatureAndHashAlgorithm;
 import org.bouncycastle.tls.crypto.TlsSigner;
@@ -30,6 +32,11 @@ protected BcTlsSigner(BcTlsCrypto crypto, AsymmetricKeyParameter privateKey)
         this.privateKey = privateKey;
     }
 
+    public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash) throws IOException
+    {
+        throw new UnsupportedOperationException();
+    }
+
     public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
     {
         return null;