added parameter setting to allow for pre-hash calculation - relates to github #2162

dghgit · dghgit · commit c85597677a32 · 2025-09-13T18:19:30.000+10:00
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java
@@ -34,9 +34,11 @@
 import org.bouncycastle.jcajce.CompositePrivateKey;
 import org.bouncycastle.jcajce.CompositePublicKey;
 import org.bouncycastle.jcajce.interfaces.BCKey;
+import org.bouncycastle.jcajce.spec.CompositeSignatureSpec;
 import org.bouncycastle.jcajce.spec.ContextParameterSpec;
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Exceptions;
 import org.bouncycastle.util.encoders.Hex;
 
@@ -102,9 +104,10 @@ public class SignatureSpi
     private final String[] algs;
     private final Signature[] componentSignatures;
     private final byte[] domain;
-    private final Digest preHashDigest;
+    private final Digest baseDigest;
     private final JcaJceHelper helper = new BCJcaJceHelper();
 
+    private Digest preHashDigest;
     private ContextParameterSpec contextSpec;
     private AlgorithmParameters engineParams = null;
 
@@ -113,6 +116,7 @@ public class SignatureSpi
     SignatureSpi(ASN1ObjectIdentifier algorithm, Digest preHashDigest)
     {
         this.algorithm = algorithm;
+        this.baseDigest = preHashDigest;
         this.preHashDigest = preHashDigest;
         this.domain = domainSeparators.get(algorithm);
 
@@ -329,9 +333,16 @@ protected byte[] engineSign()
     private void processPreHashedMessage(byte[] r)
         throws SignatureException
     {
-        byte[] dig = new byte[preHashDigest.getDigestSize()];
+        byte[] dig = new byte[baseDigest.getDigestSize()];
 
-        preHashDigest.doFinal(dig, 0);
+        try
+        {
+            preHashDigest.doFinal(dig, 0);
+        }
+        catch (IllegalStateException e)
+        {
+            throw new SignatureException(e.getMessage());
+        }
 
         for (int i = 0; i < this.componentSignatures.length; i++)
         {
@@ -443,6 +454,20 @@ protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec)
                 throw new InvalidAlgorithmParameterException("keys invalid on reset: " + e.getMessage(), e);
             }
         }
+        else if (algorithmParameterSpec instanceof CompositeSignatureSpec)
+        {
+            CompositeSignatureSpec compositeSignatureSpec = (CompositeSignatureSpec)algorithmParameterSpec;
+
+            if (compositeSignatureSpec.isPrehashMode())
+            {
+                this.preHashDigest = new NullDigest(baseDigest.getDigestSize());
+            }
+            else
+            {
+                this.preHashDigest = this.baseDigest;
+            }
+            this.contextSpec = (ContextParameterSpec)compositeSignatureSpec.getSecondarySpec();
+        }
         else
         {
             throw new InvalidAlgorithmParameterException("unknown parameterSpec passed to composite signature");
@@ -494,6 +519,74 @@ protected final AlgorithmParameters engineGetParameters()
         return engineParams;
     }
 
+    private static class NullDigest
+        implements Digest
+    {
+        private final int expectedSize;
+        private final OpenByteArrayOutputStream bOut = new OpenByteArrayOutputStream();
+
+        NullDigest(int expectedSize)
+        {
+            this.expectedSize = expectedSize;
+        }
+
+        public String getAlgorithmName()
+        {
+            return "NULL";
+        }
+
+        public int getDigestSize()
+        {
+            return bOut.size();
+        }
+
+        public void update(byte in)
+        {
+            bOut.write(in);
+        }
+
+        public void update(byte[] in, int inOff, int len)
+        {
+            bOut.write(in, inOff, len);
+        }
+
+        public int doFinal(byte[] out, int outOff)
+        {
+            int size = bOut.size();
+            if (size != expectedSize)
+            {
+                throw new IllegalStateException("provided pre-hash digest is the wrong length");
+            }
+
+            bOut.copy(out, outOff);
+
+            reset();
+
+            return size;
+        }
+
+        public void reset()
+        {
+            bOut.reset();
+        }
+
+        private class OpenByteArrayOutputStream
+            extends ByteArrayOutputStream
+        {
+            public void reset()
+            {
+                super.reset();
+
+                Arrays.clear(buf);
+            }
+
+            void copy(byte[] out, int outOff)
+            {
+                System.arraycopy(buf, 0, out, outOff, this.size());
+            }
+        }
+    }
+
     public static final class HashMLDSA44_ECDSA_P256_SHA256
         extends SignatureSpi
     {
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/spec/CompositeSignatureSpec.java b/prov/src/main/java/org/bouncycastle/jcajce/spec/CompositeSignatureSpec.java
@@ -0,0 +1,45 @@
+package org.bouncycastle.jcajce.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * Parameters for the CompositeSignature algorithm.
+ */
+public class CompositeSignatureSpec
+    implements AlgorithmParameterSpec
+{
+    private final boolean isPrehashMode;
+    private final AlgorithmParameterSpec secondaryParameterSpec;
+
+    /**
+     * Base Constructor.
+     *
+     * @param isPrehashMode if true, msg passed in will be the precalculated pre-hash.
+     */
+    public CompositeSignatureSpec(boolean isPrehashMode)
+    {
+        this(isPrehashMode, null);
+    }
+
+    /**
+     * Constructor which allows for another parameter spec (usually ContextParameterSpec).
+     *
+     * @param isPrehashMode if true, msg passed in will be the precalculated pre-hash.
+     * @param secondaryParameterSpec the other spec, in addition to pre-hash mode, which needs to be applied.
+     */
+    public CompositeSignatureSpec(boolean isPrehashMode, AlgorithmParameterSpec secondaryParameterSpec)
+    {
+        this.isPrehashMode = isPrehashMode;
+        this.secondaryParameterSpec = secondaryParameterSpec;
+    }
+
+    public boolean isPrehashMode()
+    {
+        return isPrehashMode;
+    }
+
+    public AlgorithmParameterSpec getSecondarySpec()
+    {
+        return secondaryParameterSpec;
+    }
+}
diff --git a/prov/src/test/java/org/bouncycastle/jcajce/provider/test/CompositeSignaturesTest.java b/prov/src/test/java/org/bouncycastle/jcajce/provider/test/CompositeSignaturesTest.java
@@ -7,10 +7,12 @@
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.Security;
 import java.security.Signature;
+import java.security.SignatureException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
@@ -37,6 +39,7 @@
 import org.bouncycastle.jcajce.interfaces.MLDSAPrivateKey;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeIndex;
 import org.bouncycastle.jcajce.provider.asymmetric.mldsa.BCMLDSAPublicKey;
+import org.bouncycastle.jcajce.spec.CompositeSignatureSpec;
 import org.bouncycastle.jcajce.spec.ContextParameterSpec;
 import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
 import org.bouncycastle.jcajce.spec.MLDSAPrivateKeySpec;
@@ -45,6 +48,7 @@
 import org.bouncycastle.test.TestResourceFinder;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
 
 public class CompositeSignaturesTest
     extends TestCase
@@ -410,20 +414,136 @@ public void testMixedCompositionWithNull()
 
     }
 
+    public void testPrehash()
+        throws Exception
+    {
+        doTestPrehash("MLDSA44-ECDSA-P256-SHA256", "SHA256");
+        doTestPrehash("MLDSA65-ECDSA-P256-SHA512", "SHA512");
+    }
+
+    public void testPrehashWithContext()
+        throws Exception
+    {
+        doTestPrehash("MLDSA44-ECDSA-P256-SHA256", "SHA256", new ContextParameterSpec(Hex.decode("deadbeef")));
+        doTestPrehash("MLDSA65-ECDSA-P256-SHA512", "SHA512", new ContextParameterSpec(Hex.decode("deadbeef")));
+    }
+
+    private void doTestPrehash(String sigName, String digestName)
+        throws Exception
+    {
+        byte[] msg = Strings.toUTF8ByteArray(messageToBeSigned);
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(sigName, "BC");
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        // full msg sign, verify hash
+        Signature signature = Signature.getInstance(sigName, "BC");
+        signature.initSign(keyPair.getPrivate());
+        signature.update(msg);
+
+        byte[] signatureValue = signature.sign();
+
+        signature.initVerify(keyPair.getPublic());
+        signature.setParameter(new CompositeSignatureSpec(true));
+        signature.update(MessageDigest.getInstance(digestName, "BC").digest(msg));
+        assertTrue(signature.verify(signatureValue));
+
+        // full msg sign, verify hash
+        signature = Signature.getInstance(sigName, "BC");
+        signature.initSign(keyPair.getPrivate());
+        signature.setParameter(new CompositeSignatureSpec(true));
+        signature.update(MessageDigest.getInstance(digestName, "BC").digest(msg));
+        
+        signatureValue = signature.sign();
+
+        signature.initVerify(keyPair.getPublic());
+        signature.setParameter(new CompositeSignatureSpec(false));
+        signature.update(msg);
+        assertTrue(signature.verify(signatureValue));
+
+        // exceptions
+        signature.initSign(keyPair.getPrivate());
+        try
+        {
+            signature.setParameter(new CompositeSignatureSpec(true));
+            signature.update(Hex.decode("beef"));
+            signature.sign();
+            fail("sign");
+        }
+        catch (SignatureException e)
+        {
+            assertEquals("provided pre-hash digest is the wrong length", e.getMessage());
+        }
+
+        // exceptions
+         signature.initVerify(keyPair.getPublic());
+         try
+         {
+             signature.setParameter(new CompositeSignatureSpec(true));
+             signature.update(Hex.decode("beef"));
+             signature.verify(signatureValue);
+             fail("verify");
+         }
+         catch (SignatureException e)
+         {
+             assertEquals("provided pre-hash digest is the wrong length", e.getMessage());
+         }
+    }
+
+    private void doTestPrehash(String sigName, String digestName, ContextParameterSpec contextSpec)
+        throws Exception
+    {
+        byte[] msg = Strings.toUTF8ByteArray(messageToBeSigned);
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(sigName, "BC");
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        // full msg sign, verify hash
+        Signature signature = Signature.getInstance(sigName, "BC");
+        signature.initSign(keyPair.getPrivate());
+        signature.setParameter(contextSpec);
+        signature.update(msg);
+
+        byte[] signatureValue = signature.sign();
+
+        signature.initVerify(keyPair.getPublic());
+        signature.setParameter(new CompositeSignatureSpec(true, contextSpec));
+        signature.update(MessageDigest.getInstance(digestName, "BC").digest(msg));
+        assertTrue(signature.verify(signatureValue));
+
+        // full msg sign, verify hash
+        signature = Signature.getInstance(sigName, "BC");
+        signature.initSign(keyPair.getPrivate());
+        signature.setParameter(new CompositeSignatureSpec(true, contextSpec));
+        signature.update(MessageDigest.getInstance(digestName, "BC").digest(msg));
+
+        signatureValue = signature.sign();
+
+        signature.initVerify(keyPair.getPublic());
+        signature.setParameter(new CompositeSignatureSpec(false, contextSpec));
+        signature.update(msg);
+        assertTrue(signature.verify(signatureValue));
+
+        signature.initVerify(keyPair.getPublic());
+        signature.setParameter(new CompositeSignatureSpec(false));
+        signature.update(msg);
+        assertFalse(signature.verify(signatureValue));
+    }
+
     public void testSigningAndVerificationInternal()
         throws Exception
     {
+        byte[] msg = Strings.toUTF8ByteArray(messageToBeSigned);
+
         for (String oid : compositeSignaturesOIDs)
         {
             KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(oid, "BC");
             KeyPair keyPair = keyPairGenerator.generateKeyPair();
             Signature signature = Signature.getInstance(oid, "BC");
             signature.initSign(keyPair.getPrivate());
-            signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+            signature.update(msg);
             byte[] signatureValue = signature.sign();
 
             signature.initVerify(keyPair.getPublic());
-            signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+            signature.update(msg);
             TestCase.assertTrue(signature.verify(signatureValue));
         }
     }
