Merge branch '2197-xmss-bds-initial' into 'main'

dghgit · dghgit · commit c2e3896e4e20 · 2025-12-03T05:37:00.000Z
Fix the issue of XMSSPrivateKeyParameters when try to build BDS with seeds by...

See merge request root/bc-java!121
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSPrivateKeyParameters.java
@@ -162,14 +162,7 @@ private XMSSPrivateKeyParameters(Builder builder)
             }
             else
             {
-                if (builder.index < ((1 << params.getHeight()) - 2) && tmpPublicSeed != null && tmpSecretKeySeed != null)
-                {
-                    bdsState = new BDS(params, tmpPublicSeed, tmpSecretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build(), builder.index);
-                }
-                else
-                {
-                    bdsState = new BDS(params, (1 << params.getHeight()) - 1, builder.index);
-                }
+                bdsState = new BDS(params, tmpPublicSeed, tmpSecretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build(), builder.index);
             }
             if (builder.maxIndex >= 0 && builder.maxIndex != bdsState.getMaxIndex())
             {
@@ -228,6 +221,7 @@ public XMSSPrivateKeyParameters getNextKey()
      * <p>
      * Note: this will use the range [index...index + usageCount) for the current key.
      * </p>
+     *
      * @param usageCount the number of usages the key should have.
      * @return a key based on the current key that can be used usageCount times.
      */
@@ -343,6 +337,10 @@ public Builder withPrivateKey(byte[] privateKeyVal)
 
         public XMSSPrivateKeyParameters build()
         {
+            if (!((privateKey != null) || (publicSeed != null && secretKeySeed != null)))
+            {
+                throw new IllegalStateException("publicSeed or secretKeySeed is null");
+            }
             return new XMSSPrivateKeyParameters(this);
         }
     }
diff --git a/core/src/test/java/org/bouncycastle/pqc/crypto/test/XMSSPrivateKeyTest.java b/core/src/test/java/org/bouncycastle/pqc/crypto/test/XMSSPrivateKeyTest.java
@@ -31,7 +31,8 @@ private void parsingTest(Digest digest)
     {
         XMSSParameters params = new XMSSParameters(10, digest);
         byte[] root = generateRoot(digest);
-        XMSSPrivateKeyParameters privateKey = new XMSSPrivateKeyParameters.Builder(params).withRoot(root).build();
+        XMSSPrivateKeyParameters privateKey = new XMSSPrivateKeyParameters.Builder(params).withRoot(root)
+            .withPublicSeed(new byte[digest.getDigestSize()]).withSecretKeySeed(new byte[digest.getDigestSize()]).build();
 
         byte[] export = privateKey.toByteArray();
 
diff --git a/prov/src/test/java/org/bouncycastle/pqc/jcajce/provider/test/XMSSTest.java b/prov/src/test/java/org/bouncycastle/pqc/jcajce/provider/test/XMSSTest.java
@@ -488,19 +488,19 @@ public void testKeyRebuild()
     {
         KeyPairGenerator kpg = KeyPairGenerator.getInstance("XMSS", "BCPQC");
 
-        kpg.initialize(new XMSSParameterSpec(10, XMSSParameterSpec.SHA256), new SecureRandom());
+        kpg.initialize(new XMSSParameterSpec(3, XMSSParameterSpec.SHA256), new SecureRandom());
 
         KeyPair kp = kpg.generateKeyPair();
 
         Signature sig = Signature.getInstance("SHA256withXMSS", "BCPQC");
 
         assertTrue(sig instanceof StateAwareSignature);
 
-        PrivateKey pKey1 = ((XMSSPrivateKey)kp.getPrivate()).extractKeyShard(5);
+        PrivateKey pKey1 = ((XMSSPrivateKey)kp.getPrivate()).extractKeyShard(7);
 
         sig.initSign(pKey1);
 
-        for (int i = 0; i != 5; i++)
+        for (int i = 0; i != 7; i++)
         {
             sig.update(msg, 0, msg.length);
 

Original file line number	Diff line number	Diff line change
`@@ -162,14 +162,7 @@ private XMSSPrivateKeyParameters(Builder builder)`
`162`	`162`	`}`
`163`	`163`	`else`
`164`	`164`	`{`
`165`		`- if (builder.index < ((1 << params.getHeight()) - 2) && tmpPublicSeed != null && tmpSecretKeySeed != null)`
`166`		`- {`
`167`		`- bdsState = new BDS(params, tmpPublicSeed, tmpSecretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build(), builder.index);`
`168`		`- }`
`169`		`- else`
`170`		`- {`
`171`		`- bdsState = new BDS(params, (1 << params.getHeight()) - 1, builder.index);`
`172`		`- }`
	`165`	`+ bdsState = new BDS(params, tmpPublicSeed, tmpSecretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build(), builder.index);`
`173`	`166`	`}`
`174`	`167`	`if (builder.maxIndex >= 0 && builder.maxIndex != bdsState.getMaxIndex())`
`175`	`168`	`{`
`@@ -228,6 +221,7 @@ public XMSSPrivateKeyParameters getNextKey()`
`228`	`221`	`* <p>`
`229`	`222`	`* Note: this will use the range [index...index + usageCount) for the current key.`
`230`	`223`	`* </p>`
	`224`	`+ *`
`231`	`225`	`* @param usageCount the number of usages the key should have.`
`232`	`226`	`* @return a key based on the current key that can be used usageCount times.`
`233`	`227`	`*/`
`@@ -343,6 +337,10 @@ public Builder withPrivateKey(byte[] privateKeyVal)`
`343`	`337`
`344`	`338`	`public XMSSPrivateKeyParameters build()`
`345`	`339`	`{`
	`340`	`+ if (!((privateKey != null) \|\| (publicSeed != null && secretKeySeed != null)))`
	`341`	`+ {`
	`342`	`+ throw new IllegalStateException("publicSeed or secretKeySeed is null");`
	`343`	`+ }`
`346`	`344`	`return new XMSSPrivateKeyParameters(this);`
`347`	`345`	`}`
`348`	`346`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,8 @@ private void parsingTest(Digest digest)`
`31`	`31`	`{`
`32`	`32`	`XMSSParameters params = new XMSSParameters(10, digest);`
`33`	`33`	`byte[] root = generateRoot(digest);`
`34`		`- XMSSPrivateKeyParameters privateKey = new XMSSPrivateKeyParameters.Builder(params).withRoot(root).build();`
	`34`	`+ XMSSPrivateKeyParameters privateKey = new XMSSPrivateKeyParameters.Builder(params).withRoot(root)`
	`35`	`+ .withPublicSeed(new byte[digest.getDigestSize()]).withSecretKeySeed(new byte[digest.getDigestSize()]).build();`
`35`	`36`
`36`	`37`	`byte[] export = privateKey.toByteArray();`
`37`	`38`