added support for ML-DSA context parameter.

corrected private key encoding to the latest draft.

Author: dghgit

pkix/src/test/java/org/bouncycastle/openssl/test/CompositeKeyTest.java

@@ -2,6 +2,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.FileOutputStream;
+import java.io.FileWriter;
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
@@ -473,21 +474,21 @@ public void testMLDSA44andP256()
         PrivateKey mldsaPriv = mldsaKp.getPrivate();
         PublicKey mldsaPub = mldsaKp.getPublic();
 
-        CompositePrivateKey mlecPriv = new CompositePrivateKey(mldsaPriv, ecPriv);
-
-//        JcaPEMWriter pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa44_ec_p256_priv.pem"));
-//
-//        pWrt.writeObject(mlecPriv);
-//
-//        pWrt.close();
-//
-//        CompositePublicKey mlecPub = new CompositePublicKey(mldsaPub, ecPub);
-//
-//        pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa44_ec_p256_pub.pem"));
-//
-//        pWrt.writeObject(mlecPub);
-//
-//        pWrt.close();
+        CompositePrivateKey mlecPriv = new CompositePrivateKey(MiscObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256, mldsaPriv, ecPriv);
+
+        JcaPEMWriter pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa44_ec_p256_priv.pem"));
+
+        pWrt.writeObject(mlecPriv);
+
+        pWrt.close();
+
+        CompositePublicKey mlecPub = new CompositePublicKey(mldsaPub, ecPub);
+
+        pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa44_ec_p256_pub.pem"));
+
+        pWrt.writeObject(mlecPub);
+
+        pWrt.close();
     }
 
     public void testMLDSA87andEd448()
@@ -510,21 +511,21 @@ public void testMLDSA87andEd448()
         PrivateKey mldsaPriv = mldsaKp.getPrivate();
         PublicKey mldsaPub = mldsaKp.getPublic();
 
-        CompositePrivateKey mlecPriv = new CompositePrivateKey(mldsaPriv, ecPriv);
-
-//        JcaPEMWriter pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa87_ed448_priv.pem"));
-//
-//        pWrt.writeObject(mlecPriv);
-//
-//        pWrt.close();
-//
-//        CompositePublicKey mlecPub = new CompositePublicKey(mldsaPub, ecPub);
-//
-//        pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa87_ed448_pub.pem"));
-//
-//        pWrt.writeObject(mlecPub);
-//
-//        pWrt.close();
+        CompositePrivateKey mlecPriv = new CompositePrivateKey(MiscObjectIdentifiers.id_MLDSA87_Ed448_SHA512, mldsaPriv, ecPriv);
+
+        JcaPEMWriter pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa87_ed448_priv.pem"));
+
+        pWrt.writeObject(mlecPriv);
+
+        pWrt.close();
+
+        CompositePublicKey mlecPub = new CompositePublicKey(mldsaPub, ecPub);
+
+        pWrt = new JcaPEMWriter(new FileWriter("/tmp/mldsa87_ed448_pub.pem"));
+
+        pWrt.writeObject(mlecPub);
+
+        pWrt.close();
     }
 
     private static void doOutput(String fileName, String contents)

prov/src/main/java/org/bouncycastle/jcajce/CompositePrivateKey.java

@@ -132,16 +132,21 @@ public byte[] getEncoded()
     {
         ASN1EncodableVector v = new ASN1EncodableVector();
 
-        for (int i = 0; i < keys.size(); i++)
+        if (algorithmIdentifier.equals(MiscObjectIdentifiers.id_composite_key))
         {
-            ASN1EncodableVector kV = new ASN1EncodableVector();
-
-            PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
-
-            kV.add(info.getPrivateKeyAlgorithm());
-            kV.add(info.getPrivateKey());
-
-            v.add(new DERSequence(kV));
+            for (int i = 0; i < keys.size(); i++)
+            {
+                PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
+                v.add(info);
+            }
+        }
+        else
+        {
+            for (int i = 0; i < keys.size(); i++)
+            {
+                PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
+                v.add(info.getPrivateKey());
+            }
         }
 
         try

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/COMPOSITE.java

@@ -8,14 +8,27 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
+import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.jcajce.CompositePrivateKey;
 import org.bouncycastle.jcajce.CompositePublicKey;
+import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
@@ -89,35 +102,112 @@ public PrivateKey generatePrivate(PrivateKeyInfo keyInfo)
             ASN1Sequence keySeq = ASN1Sequence.getInstance(keyInfo.parsePrivateKey());
             PrivateKey[] privKeys = new PrivateKey[keySeq.size()];
 
-            for (int i = 0; i != keySeq.size(); i++)
-            {
-                ASN1Sequence kSeq = ASN1Sequence.getInstance(keySeq.getObjectAt(i));
+            ASN1Encodable firstKey = keySeq.getObjectAt(0);
 
-                if (kSeq.size() == 2)
+            if (firstKey instanceof ASN1OctetString)
+            {
+                System.err.println(keyInfo.getPrivateKeyAlgorithm().getAlgorithm());
+                CompositeSignaturesConstants.CompositeName name = CompositeSignaturesConstants.ASN1IdentifierCompositeNameMap.get(keyInfo.getPrivateKeyAlgorithm().getAlgorithm());
+                switch (name)
                 {
-                    ASN1EncodableVector v = new ASN1EncodableVector(2);
-
-                    v.add(keyInfo.getVersion());
-                    v.add(kSeq.getObjectAt(0));
-                    v.add(kSeq.getObjectAt(1));
-
-                    PrivateKeyInfo privInfo = PrivateKeyInfo.getInstance(new DERSequence(v));
-
-                    privKeys[i] = provider.getKeyInfoConverter(
-                                               privInfo.getPrivateKeyAlgorithm().getAlgorithm()).generatePrivate(privInfo);
+                case MLDSA44_Ed25519_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_44), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA65_Ed25519_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_65), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA87_Ed448_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_87), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA44_RSA2048_PSS_SHA256:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_44), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA65_RSA3072_PSS_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_65), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA44_RSA2048_PKCS15_SHA256:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_44), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA65_RSA3072_PKCS15_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_65), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA44_ECDSA_P256_SHA256:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_44), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA44_ECDSA_brainpoolP256r1_SHA256:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_44), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA65_ECDSA_P256_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_65), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA65_ECDSA_brainpoolP256r1_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_65), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, TeleTrusTObjectIdentifiers.brainpoolP256r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA87_ECDSA_P384_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_87), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp384r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case MLDSA87_ECDSA_brainpoolP384r1_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_87), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, TeleTrusTObjectIdentifiers.brainpoolP384r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case Falcon512_ECDSA_P256_SHA256:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(BCObjectIdentifiers.falcon_512), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case Falcon512_ECDSA_brainpoolP256r1_SHA256:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(BCObjectIdentifiers.falcon_512), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, TeleTrusTObjectIdentifiers.brainpoolP256r1), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                case Falcon512_Ed25519_SHA512:
+                    privKeys[0] = createPrivateKey(new AlgorithmIdentifier(BCObjectIdentifiers.falcon_512), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    privKeys[1] = createPrivateKey(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), ASN1OctetString.getInstance(keySeq.getObjectAt(0)));
+                    break;
+                default:
+                    throw new IllegalArgumentException("unknown composite algorithm");
                 }
-                else
+            }
+            else
+            {
+                for (int i = 0; i != keySeq.size(); i++)
                 {
+                    ASN1Sequence kSeq = ASN1Sequence.getInstance(keySeq.getObjectAt(i));
+
                     PrivateKeyInfo privInfo = PrivateKeyInfo.getInstance(kSeq);
 
                     privKeys[i] = provider.getKeyInfoConverter(
-                            privInfo.getPrivateKeyAlgorithm().getAlgorithm()).generatePrivate(privInfo);
+                        privInfo.getPrivateKeyAlgorithm().getAlgorithm()).generatePrivate(privInfo);
                 }
             }
 
             return new CompositePrivateKey(privKeys);
         }
 
+        private PrivateKey createPrivateKey(AlgorithmIdentifier algId, ASN1OctetString enc)
+            throws IOException
+        {
+            ASN1EncodableVector v = new ASN1EncodableVector();
+
+            v.add(new ASN1Integer(0));
+            v.add(algId);
+            v.add(enc);
+
+            PrivateKeyInfo privInfo = PrivateKeyInfo.getInstance(new DERSequence(v));
+
+            return provider.getKeyInfoConverter(
+                privInfo.getPrivateKeyAlgorithm().getAlgorithm()).generatePrivate(privInfo);
+        }
+
         public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo)
             throws IOException
         {