updated to use raw seed encodings for ML-KEM, ML-DSA, and SLH-DSA, added code for identifying previous wrapped encodings.

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java

@@ -6,6 +6,7 @@
 import org.bouncycastle.asn1.ASN1BitString;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -95,6 +96,27 @@ private static int getVersionValue(ASN1Integer version)
         return versionValue;
     }
 
+    /**
+     * Construct a PrivateKeyInfo around a raw encoding.
+     *
+     * @param privateKeyAlgorithm algorithm identifier for the private key.
+     * @param privateKey byte encoding of the private key, used as a raw encoding.
+     */
+    public PrivateKeyInfo(
+        AlgorithmIdentifier privateKeyAlgorithm,
+        byte[] privateKey)
+        throws IOException
+    {
+        this(privateKeyAlgorithm, privateKey, null, null);
+    }
+
+    /**
+     * Construct a PrivateKeyInfo around an ASN.1 structure/primitive.
+     *
+     * @param privateKeyAlgorithm algorithm identifier for the private key.
+     * @param privateKey the ASN.1 structure/primitive representing the private key.
+     * @throws IOException if encoding the privateKey object into an OCTET STRING fails.
+     */
     public PrivateKeyInfo(
         AlgorithmIdentifier privateKeyAlgorithm,
         ASN1Encodable privateKey)
@@ -103,6 +125,14 @@ public PrivateKeyInfo(
         this(privateKeyAlgorithm, privateKey, null, null);
     }
 
+    /**
+     * Construct a PrivateKeyInfo around an ASN.1 structure/primitive with attributes.
+     *
+     * @param privateKeyAlgorithm algorithm identifier for the private key.
+     * @param privateKey the ASN.1 structure/primitive representing the private key.
+     * @param attributes attributes associated with private key.
+     * @throws IOException if encoding the privateKey object into an OCTET STRING fails.
+     */
     public PrivateKeyInfo(
         AlgorithmIdentifier privateKeyAlgorithm,
         ASN1Encodable privateKey,
@@ -112,12 +142,55 @@ public PrivateKeyInfo(
         this(privateKeyAlgorithm, privateKey, attributes, null);
     }
 
+    /**
+     * Construct a PrivateKeyInfo around an ASN.1 structure/primitive with attributes.
+     *
+     * @param privateKeyAlgorithm algorithm identifier for the private key.
+     * @param privateKey byte encoding of the private key, used as a raw encoding.
+     * @param attributes attributes associated with private key.
+     * @throws IOException if encoding the privateKey object into an OCTET STRING fails.
+     */
+    public PrivateKeyInfo(
+        AlgorithmIdentifier privateKeyAlgorithm,
+        byte[] privateKey,
+        ASN1Set attributes)
+        throws IOException
+    {
+        this(privateKeyAlgorithm, privateKey, attributes, null);
+    }
+
+    /**
+     * Construct a PrivateKeyInfo around an ASN.1 structure/primitive with attributes and the public key.
+     *
+     * @param privateKeyAlgorithm algorithm identifier for the private key.
+     * @param privateKey the ASN.1 structure/primitive representing the private key.
+     * @param attributes attributes associated with private key.
+     * @param publicKey public key encoding.
+     * @throws IOException if encoding the privateKey object into an OCTET STRING fails.
+     */
     public PrivateKeyInfo(
         AlgorithmIdentifier privateKeyAlgorithm,
         ASN1Encodable privateKey,
         ASN1Set attributes,
         byte[] publicKey)
         throws IOException
+    {
+        this(privateKeyAlgorithm, privateKey.toASN1Primitive().getEncoded(ASN1Encoding.DER), attributes, publicKey);
+    }
+
+    /**
+     * Construct a PrivateKeyInfo around a raw encoding with attributes and the public key.
+     * 
+     * @param privateKeyAlgorithm algorithm identifier for the private key.
+     * @param privateKey byte encoding of the private key, used as a raw encoding.
+     * @param attributes attributes associated with private key.
+     * @param publicKey public key encoding.
+     */
+    public PrivateKeyInfo(
+        AlgorithmIdentifier privateKeyAlgorithm,
+        byte[] privateKey,
+        ASN1Set attributes,
+        byte[] publicKey)
     {
         this.version = new ASN1Integer(publicKey != null ? BigIntegers.ONE : BigIntegers.ZERO);
         this.privateKeyAlgorithm = privateKeyAlgorithm;
@@ -222,7 +295,7 @@ public boolean hasPublicKey()
      *
      * @return the public key as an ASN.1 primitive.
      * @throws IOException - if the bit string doesn't represent a DER
-     * encoded object.
+     *                     encoded object.
      */
     public ASN1Encodable parsePublicKey()
         throws IOException

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/SLHDSAParameters.java

@@ -96,7 +96,7 @@ public int getType()
         return preHashDigest;
     }
 
-    int getN()
+    public int getN()
     {
         return engineProvider.getN();
     }

core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java

@@ -12,7 +12,6 @@
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
@@ -200,8 +199,8 @@ else if (algOID.on(BCObjectIdentifiers.sphincsPlus) || algOID.on(BCObjectIdentif
         }
         else if (Utils.shldsaParams.containsKey(algOID))
         {
-            ASN1OctetString slhdsaKey = parseOctetString(keyInfo.getPrivateKey());
             SLHDSAParameters spParams = Utils.slhdsaParamsLookup(algOID);
+            ASN1OctetString slhdsaKey = parseOctetString(keyInfo.getPrivateKey(), spParams.getN() * 4);
 
             return new SLHDSAPrivateKeyParameters(spParams, slhdsaKey.getOctets());
         }
@@ -244,7 +243,7 @@ else if (algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_512) ||
                 algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_768) ||
                 algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_1024))
         {
-            ASN1OctetString mlkemKey = parseOctetString(keyInfo.getPrivateKey());
+            ASN1OctetString mlkemKey = parseOctetString(keyInfo.getPrivateKey(), 64);
             MLKEMParameters mlkemParams = Utils.mlkemParamsLookup(algOID);
 
             return new MLKEMPrivateKeyParameters(mlkemParams, mlkemKey.getOctets());
@@ -276,7 +275,7 @@ else if (algOID.on(BCObjectIdentifiers.pqc_kem_sntruprime))
         }
         else if (Utils.mldsaParams.containsKey(algOID))
         {
-            ASN1Encodable keyObj = parseOctetString(keyInfo.getPrivateKey());
+            ASN1Encodable keyObj = parseOctetString(keyInfo.getPrivateKey(), 32);
             MLDSAParameters spParams = Utils.mldsaParamsLookup(algOID);
 
             if (keyObj instanceof DEROctetString)
@@ -466,31 +465,28 @@ else if (algOID.equals(PQCObjectIdentifiers.mcElieceCca2))
     /**
      * So it seems for the new PQC algorithms, there's a couple of approaches to what goes in the OCTET STRING
      */
-    private static ASN1OctetString parseOctetString(ASN1OctetString octStr)
+    private static ASN1OctetString parseOctetString(ASN1OctetString octStr, int expectedLength)
     {
-        ByteArrayInputStream bIn = new ByteArrayInputStream(octStr.getOctets());
+        byte[] data = octStr.getOctets();
+        //
+        // it's the right length for a RAW encoding, just return it.
+        //
+        if (data.length == expectedLength)
+        {
+            return octStr;
+        }
+
+        //
+        // possible internal OCTET STRING, possibly long form with or without the internal OCTET STRING
+        ByteArrayInputStream bIn = new ByteArrayInputStream(data);
 
         int tag = bIn.read();
         int len = readLen(bIn);
         if (tag == BERTags.OCTET_STRING)
         {
             if (len == bIn.available())
             {
-                return ASN1OctetString.getInstance(octStr.getOctets());
-            }
-        }
-        if (tag == BERTags.CONTEXT_SPECIFIC)
-        {
-            if (len == bIn.available())
-            {
-                return ASN1OctetString.getInstance(ASN1TaggedObject.getInstance(octStr.getOctets()), false);
-            }
-        }
-        if (tag == (BERTags.CONTEXT_SPECIFIC | BERTags.CONSTRUCTED))
-        {
-            if (len == bIn.available())
-            {
-                return ASN1OctetString.getInstance(ASN1TaggedObject.getInstance(octStr.getOctets()), true);
+                return ASN1OctetString.getInstance(data);
             }
         }
 

core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java

@@ -150,7 +150,7 @@ else if (privateKey instanceof SLHDSAPrivateKeyParameters)
 
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.slhdsaOidLookup(params.getParameters()));
 
-            return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, params.getPublicKey());
+            return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes, params.getPublicKey());
         }
         else if (privateKey instanceof PicnicPrivateKeyParameters)
         {
@@ -250,11 +250,11 @@ else if (privateKey instanceof MLKEMPrivateKeyParameters)
             byte[] seed = params.getSeed();
             if (seed == null)
             {
-                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes);
+                return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes);
             }
             else
             {
-                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(seed), attributes);
+                return new PrivateKeyInfo(algorithmIdentifier, seed, attributes);
             }
         }
         else if (privateKey instanceof NTRULPRimePrivateKeyParameters)
@@ -299,13 +299,13 @@ else if (privateKey instanceof MLDSAPrivateKeyParameters)
             {
                 MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
 
-                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, pubParams.getEncoded());
+                return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes, pubParams.getEncoded());
             }
             else
             {
                 MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
 
-                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getSeed()), attributes);
+                return new PrivateKeyInfo(algorithmIdentifier, params.getSeed(), attributes);
             }
         }
         else if (privateKey instanceof DilithiumPrivateKeyParameters)