Refactor composite keys

Author: peterdettman

prov/src/main/java/org/bouncycastle/jcajce/CompositePrivateKey.java

@@ -267,57 +267,67 @@ public String getFormat()
      */
     public byte[] getEncoded()
     {
-        if (this.algorithmIdentifier.getAlgorithm().on(IANAObjectIdentifiers.id_alg))
+        ASN1ObjectIdentifier algOid = algorithmIdentifier.getAlgorithm();
+
+        if (algOid.on(IANAObjectIdentifiers.id_alg))
         {
             try
             {
                 PrivateKey key0 = keys.get(0);
                 PrivateKey key1 = keys.get(1);
 
-                byte[] mldsaKey = ((MLDSAPrivateKey)key0).getSeed();
+                byte[] mldsaSeed = ((MLDSAPrivateKey)key0).getSeed();
 
-                byte[] key1Encoded = key1.getEncoded();
-                PrivateKeyInfo pki = PrivateKeyInfo.getInstance(key1Encoded);
+                PrivateKeyInfo pki = PrivateKeyInfo.getInstance(key1.getEncoded());
 
-                byte[] tradKey;
+                byte[] tradSK;
                 String key1Algorithm = key1.getAlgorithm();
                 if (key1Algorithm.contains("Ed"))
                 {
-                    tradKey = ASN1OctetString.getInstance(pki.parsePrivateKey()).getOctets();
+                    tradSK = ASN1OctetString.getInstance(pki.parsePrivateKey()).getOctets();
                 }
                 else if (key1Algorithm.contains("EC"))
                 {
                     ECPrivateKey ecPrivateKey = ECPrivateKey.getInstance(pki.parsePrivateKey());
 
-                    // TODO Do we also want to remove any parameters from the ECPrivateKey? 
+                    /*
+                     * TODO
+                     * - Confirm pki.privateKeyAlgorithm is id_ecPublicKey with X9.62 Parameters namedCurve OID.
+                     * - If ecPrivateKey.parameters are present, must match pki.privateKeyAlgorithm
+                     * The private key MUST be encoded as ECPrivateKey specified in [RFC5915] with the 'NamedCurve'
+                     * parameter set to the OID of the curve, but without the 'publicKey' field.
+                     */
+                    // TODO Also need to ensure that ECPrivateKey.parameters are present
                     ASN1BitString publicKey = ecPrivateKey.getPublicKey();
                     if (publicKey != null)
                     {
                         ecPrivateKey = new ECPrivateKey(ecPrivateKey.getPrivateKey(), ecPrivateKey.getParametersObject(), null);
                     }
 
-                    tradKey = ecPrivateKey.getEncoded();
+                    tradSK = ecPrivateKey.getEncoded(ASN1Encoding.DER);
                 }
                 else
                 {
-                    tradKey = pki.getPrivateKey().getOctets();
+                    tradSK = pki.getPrivateKey().getOctets();
                 }
 
-                return new PrivateKeyInfo(algorithmIdentifier, Arrays.concatenate(mldsaKey, tradKey)).getEncoded();
+                return new PrivateKeyInfo(algorithmIdentifier, Arrays.concatenate(mldsaSeed, tradSK)).getEncoded();
             }
             catch (IOException e)
             {
                 throw new IllegalStateException("unable to encode composite public key: " + e.getMessage());
             }
         }
+
         ASN1EncodableVector v = new ASN1EncodableVector();
 
-        if (algorithmIdentifier.getAlgorithm().equals(MiscObjectIdentifiers.id_composite_key))
+        if (MiscObjectIdentifiers.id_composite_key.equals(algOid))
         {
             for (int i = 0; i < keys.size(); i++)
             {
-                PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
-                v.add(info);
+                PrivateKeyInfo pki = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
+
+                v.add(pki);
             }
 
             try
@@ -334,8 +344,9 @@ else if (key1Algorithm.contains("EC"))
             byte[] keyEncoding = null;
             for (int i = 0; i < keys.size(); i++)
             {
-                PrivateKeyInfo info = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
-                keyEncoding = Arrays.concatenate(keyEncoding, info.getPrivateKey().getOctets());
+                PrivateKeyInfo pki = PrivateKeyInfo.getInstance(keys.get(i).getEncoded());
+
+                keyEncoding = Arrays.concatenate(keyEncoding, pki.getPrivateKey().getOctets());
             }
 
             try

prov/src/main/java/org/bouncycastle/jcajce/CompositePublicKey.java

@@ -246,13 +246,15 @@ public String getFormat()
     @Override
     public byte[] getEncoded()
     {
-        if (this.algorithmIdentifier.getAlgorithm().on(IANAObjectIdentifiers.id_alg))
+        ASN1ObjectIdentifier algOid = algorithmIdentifier.getAlgorithm();
+
+        if (algOid.on(IANAObjectIdentifiers.id_alg))
         {
             try
             {
-                byte[] mldsaKey = org.bouncycastle.pqc.crypto.util.SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(org.bouncycastle.pqc.crypto.util.PublicKeyFactory.createKey(keys.get(0).getEncoded())).getPublicKeyData().getBytes();
-                byte[] tradKey = SubjectPublicKeyInfo.getInstance(keys.get(1).getEncoded()).getPublicKeyData().getBytes();
-                return new SubjectPublicKeyInfo(getAlgorithmIdentifier(), Arrays.concatenate(mldsaKey, tradKey)).getEncoded();
+                byte[] mldsaPK = SubjectPublicKeyInfo.getInstance(keys.get(0).getEncoded()).getPublicKeyData().getOctets();
+                byte[] tradPK = SubjectPublicKeyInfo.getInstance(keys.get(1).getEncoded()).getPublicKeyData().getOctets();
+                return new SubjectPublicKeyInfo(algorithmIdentifier, Arrays.concatenate(mldsaPK, tradPK)).getEncoded(ASN1Encoding.DER);
             }
             catch (IOException e)
             {
@@ -264,18 +266,20 @@ public byte[] getEncoded()
 
         for (int i = 0; i < keys.size(); i++)
         {
-            if (this.algorithmIdentifier.getAlgorithm().equals(MiscObjectIdentifiers.id_composite_key))
+            SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(keys.get(i).getEncoded());
+
+            if (MiscObjectIdentifiers.id_composite_key.equals(algOid))
             {
                 //Legacy, component is the whole SubjectPublicKeyInfo
-                v.add(SubjectPublicKeyInfo.getInstance(keys.get(i).getEncoded()));
+                v.add(spki);
             }
             else
             {
                 //component is the value of subjectPublicKey from SubjectPublicKeyInfo
-                SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keys.get(i).getEncoded());
-                v.add(keyInfo.getPublicKeyData());
+                v.add(spki.getPublicKeyData());
             }
         }
+
         try
         {
             return new SubjectPublicKeyInfo(this.algorithmIdentifier, new DERSequence(v)).getEncoded(ASN1Encoding.DER);
@@ -286,31 +290,26 @@ public byte[] getEncoded()
         }
     }
 
-
     public int hashCode()
     {
-        return keys.hashCode();
+        return algorithmIdentifier.hashCode() ^ keys.hashCode();
     }
 
-    public boolean equals(Object o)
+    public boolean equals(Object obj)
     {
-        if (o == this)
+        if (obj == this)
         {
             return true;
         }
 
-        if (o instanceof CompositePublicKey)
+        if (!(obj instanceof CompositePublicKey))
         {
-            boolean isEqual = true;
-            CompositePublicKey comparedKey = (CompositePublicKey)o;
-            if (!comparedKey.getAlgorithmIdentifier().equals(this.algorithmIdentifier) || !this.keys.equals(comparedKey.keys))
-            {
-                isEqual = false;
-            }
-
-            return isEqual;
+            return false;
         }
 
-        return false;
+        CompositePublicKey that = (CompositePublicKey)obj;
+
+        return this.algorithmIdentifier.equals(that.algorithmIdentifier)
+            && this.keys.equals(that.keys);
     }
 }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/KeyFactorySpi.java

@@ -25,7 +25,6 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -56,20 +55,24 @@ public class KeyFactorySpi
     extends BaseKeyFactorySpi
     implements AsymmetricKeyInfoConverter
 {
+    private static AlgorithmIdentifier createECAlgID(ASN1ObjectIdentifier curveOid)
+    {
+        return new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new X962Parameters(curveOid));
+    }
 
     //Specific algorithm identifiers of all component signature algorithms for SubjectPublicKeyInfo. These do not need to be all initialized here but makes the code more readable IMHO.
     private static final AlgorithmIdentifier mlDsa44 = new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_44);
     private static final AlgorithmIdentifier mlDsa65 = new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_65);
     private static final AlgorithmIdentifier mlDsa87 = new AlgorithmIdentifier(NISTObjectIdentifiers.id_ml_dsa_87);
-    private static final AlgorithmIdentifier falcon512Identifier = new AlgorithmIdentifier(BCObjectIdentifiers.falcon_512);
+//    private static final AlgorithmIdentifier falcon512Identifier = new AlgorithmIdentifier(BCObjectIdentifiers.falcon_512);
     private static final AlgorithmIdentifier ed25519 = new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519);
-    private static final AlgorithmIdentifier ecDsaP256 = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new X962Parameters(SECObjectIdentifiers.secp256r1));
-    private static final AlgorithmIdentifier ecDsaBrainpoolP256r1 = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new X962Parameters(TeleTrusTObjectIdentifiers.brainpoolP256r1));
-    private static final AlgorithmIdentifier rsa = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
     private static final AlgorithmIdentifier ed448 = new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed448);
-    private static final AlgorithmIdentifier ecDsaP384 = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new X962Parameters(SECObjectIdentifiers.secp384r1));
-    private static final AlgorithmIdentifier ecDsaP521 = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new X962Parameters(SECObjectIdentifiers.secp521r1));
-    private static final AlgorithmIdentifier ecDsaBrainpoolP384r1 = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new X962Parameters(TeleTrusTObjectIdentifiers.brainpoolP384r1));
+    private static final AlgorithmIdentifier ecDsaP256 = createECAlgID(SECObjectIdentifiers.secp256r1);
+    private static final AlgorithmIdentifier ecDsaP384 = createECAlgID(SECObjectIdentifiers.secp384r1);
+    private static final AlgorithmIdentifier ecDsaP521 = createECAlgID(SECObjectIdentifiers.secp521r1);
+    private static final AlgorithmIdentifier ecDsaBrainpoolP256r1 = createECAlgID(TeleTrusTObjectIdentifiers.brainpoolP256r1);
+    private static final AlgorithmIdentifier ecDsaBrainpoolP384r1 = createECAlgID(TeleTrusTObjectIdentifiers.brainpoolP384r1);
+    private static final AlgorithmIdentifier rsa = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
 
     private static Map<ASN1ObjectIdentifier, AlgorithmIdentifier[]> pairings = new HashMap<ASN1ObjectIdentifier, AlgorithmIdentifier[]>();
     private static Map<ASN1ObjectIdentifier, int[]> componentKeySizes = new HashMap<ASN1ObjectIdentifier, int[]>();
@@ -289,7 +292,7 @@ public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo)
 
         try
         {
-            seq = DERSequence.getInstance(keyInfo.getPublicKeyData().getBytes());
+            seq = ASN1Sequence.getInstance(keyInfo.getPublicKeyData().getOctets());
         }
         catch (Exception e)
         {
@@ -299,7 +302,8 @@ public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo)
         if (MiscObjectIdentifiers.id_alg_composite.equals(keyIdentifier)
             || MiscObjectIdentifiers.id_composite_key.equals(keyIdentifier))
         {
-            ASN1Sequence keySeq = ASN1Sequence.getInstance(keyInfo.getPublicKeyData().getBytes());
+            // TODO This is redundant with 'seq' calculation above 
+            ASN1Sequence keySeq = ASN1Sequence.getInstance(keyInfo.getPublicKeyData().getOctets());
             PublicKey[] pubKeys = new PublicKey[keySeq.size()];
 
             for (int i = 0; i != keySeq.size(); i++)