removed external dependency on provider composite name class

standardised names to RFC draft.

Author: dghgit

pkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java

@@ -26,7 +26,6 @@
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.util.Strings;
 
 public class DefaultSignatureAlgorithmIdentifierFinder
@@ -235,12 +234,22 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         algorithms.put("SHA3-512WITHPICNIC", BCObjectIdentifiers.picnic_with_sha3_512);
         algorithms.put("SHAKE256WITHPICNIC", BCObjectIdentifiers.picnic_with_shake256);
 
-        //Load composite signatures
-        for (ASN1ObjectIdentifier oid : CompositeSignaturesConstants.supportedIdentifiers)
-        {
-            algorithms.put(CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(oid).toUpperCase(), oid);
-            algorithms.put(oid.toString(), oid);
-        }
+        algorithms.put("MLDSA44-RSA2048-PSS-SHA256", MiscObjectIdentifiers.id_MLDSA44_RSA2048_PSS_SHA256);
+        algorithms.put("MLDSA44-RSA2048-PKCS15-SHA256", MiscObjectIdentifiers.id_MLDSA44_RSA2048_PKCS15_SHA256);
+        algorithms.put("MLDSA44-ECDSA-P256-SHA256", MiscObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256);
+        algorithms.put("MLDSA44-ECDSA-BRAINPOOLP256R1-SHA256", MiscObjectIdentifiers.id_MLDSA44_ECDSA_brainpoolP256r1_SHA256);
+        algorithms.put("MLDSA44-ED25519-SHA512", MiscObjectIdentifiers.id_MLDSA44_Ed25519_SHA512);
+        algorithms.put("MLDSA65-RSA3072-PSS-SHA512", MiscObjectIdentifiers.id_MLDSA65_RSA3072_PSS_SHA512);
+        algorithms.put("MLDSA65-RSA3072-PKCS15-SHA512", MiscObjectIdentifiers.id_MLDSA65_RSA3072_PKCS15_SHA512);
+        algorithms.put("MLDSA65-ECDSA-BRAINPOOLP256R1-SHA512", MiscObjectIdentifiers.id_MLDSA65_ECDSA_brainpoolP256r1_SHA512);
+        algorithms.put("MLDSA65-ECDSA-P256-SHA512", MiscObjectIdentifiers.id_MLDSA65_ECDSA_P256_SHA512);
+        algorithms.put("MLDSA65-ED25519-SHA512", MiscObjectIdentifiers.id_MLDSA65_Ed25519_SHA512);
+        algorithms.put("MLDSA87-ECDSA-P384-SHA512", MiscObjectIdentifiers.id_MLDSA87_ECDSA_P384_SHA512);
+        algorithms.put("MLDSA87-ECDSA-BRAINPOOLP384R1-SHA512", MiscObjectIdentifiers.id_MLDSA87_ECDSA_brainpoolP384r1_SHA512);
+        algorithms.put("MLDSA87-ED448-SHA512", MiscObjectIdentifiers.id_MLDSA87_Ed448_SHA512);
+        algorithms.put("FALCON512-ECDSA-P256-SHA256", MiscObjectIdentifiers.id_Falcon512_ECDSA_P256_SHA256);
+        algorithms.put("FALCON512-ECDSA-BRAINPOOLP256R1-SHA256", MiscObjectIdentifiers.id_Falcon512_ECDSA_brainpoolP256r1_SHA256);
+        algorithms.put("FALCON512-ED25519-SHA512", MiscObjectIdentifiers.id_Falcon512_Ed25519_SHA512);
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.

pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java

@@ -1367,8 +1367,6 @@ public void checkCertificate(
             Certificate cert = fact.generateCertificate(bIn);
 
             PublicKey k = cert.getPublicKey();
-//            System.out.println("****** " + id + " ******");
-//            System.out.println(cert);
         }
         catch (Exception e)
         {
@@ -5426,29 +5424,49 @@ private void checkSerialisation()
 
     // TESTS REGARDING COMPOSITES https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.html
     private static String[] compositeSignaturesOIDs = {
-        "2.16.840.1.114027.80.8.1.1", //id-MLDSA44-RSA2048-PSS-SHA256
-        "2.16.840.1.114027.80.8.1.2", //id-MLDSA44-RSA2048-PKCS15-SHA256
-        "2.16.840.1.114027.80.8.1.3", //id-MLDSA44-Ed25519-SHA512
-        "2.16.840.1.114027.80.8.1.4", //id-MLDSA44-ECDSA-P256-SHA256
-        "2.16.840.1.114027.80.8.1.5", //id-MLDSA44-ECDSA-brainpoolP256r1-SHA256
-        "2.16.840.1.114027.80.8.1.6", //id-MLDSA65-RSA3072-PSS-SHA512
-        "2.16.840.1.114027.80.8.1.7", //id-MLDSA65-RSA3072-PKCS15-SHA512
-        "2.16.840.1.114027.80.8.1.8", //id-MLDSA65-ECDSA-P256-SHA512
-        "2.16.840.1.114027.80.8.1.9", //id-MLDSA65-ECDSA-brainpoolP256r1-SHA512
-        "2.16.840.1.114027.80.8.1.10", //id-MLDSA65-Ed25519-SHA512
-        "2.16.840.1.114027.80.8.1.11", //id-MLDSA87-ECDSA-P384-SHA512
-        "2.16.840.1.114027.80.8.1.12", //id-MLDSA87-ECDSA-brainpoolP384r1-SHA512
-        "2.16.840.1.114027.80.8.1.13", //id-MLDSA87-Ed448-SHA512
-        // Falcon composites below were excluded from the draft. See MiscObjectIdentifiers for details.
-        "2.16.840.1.114027.80.8.1.14", //id-Falcon512-ECDSA-P256-SHA256
-        "2.16.840.1.114027.80.8.1.15", //id-Falcon512-ECDSA-brainpoolP256r1-SHA256
-        "2.16.840.1.114027.80.8.1.16", //id-Falcon512-Ed25519-SHA512
+            "2.16.840.1.114027.80.8.1.1", //id-MLDSA44-RSA2048-PSS-SHA256
+            "2.16.840.1.114027.80.8.1.2", //id-MLDSA44-RSA2048-PKCS15-SHA256
+            "2.16.840.1.114027.80.8.1.3", //id-MLDSA44-Ed25519-SHA512
+            "2.16.840.1.114027.80.8.1.4", //id-MLDSA44-ECDSA-P256-SHA256
+            "2.16.840.1.114027.80.8.1.5", //id-MLDSA44-ECDSA-brainpoolP256r1-SHA256
+            "2.16.840.1.114027.80.8.1.6", //id-MLDSA65-RSA3072-PSS-SHA512
+            "2.16.840.1.114027.80.8.1.7", //id-MLDSA65-RSA3072-PKCS15-SHA512
+            "2.16.840.1.114027.80.8.1.8", //id-MLDSA65-ECDSA-P256-SHA512
+            "2.16.840.1.114027.80.8.1.9", //id-MLDSA65-ECDSA-brainpoolP256r1-SHA512
+            "2.16.840.1.114027.80.8.1.10", //id-MLDSA65-Ed25519-SHA512
+            "2.16.840.1.114027.80.8.1.11", //id-MLDSA87-ECDSA-P384-SHA512
+            "2.16.840.1.114027.80.8.1.12", //id-MLDSA87-ECDSA-brainpoolP384r1-SHA512
+            "2.16.840.1.114027.80.8.1.13", //id-MLDSA87-Ed448-SHA512
+            // Falcon composites below were excluded from the draft. See MiscObjectIdentifiers for details.
+            "2.16.840.1.114027.80.8.1.14", //id-Falcon512-ECDSA-P256-SHA256
+            "2.16.840.1.114027.80.8.1.15", //id-Falcon512-ECDSA-brainpoolP256r1-SHA256
+            "2.16.840.1.114027.80.8.1.16", //id-Falcon512-Ed25519-SHA512
+        };
+
+    private static String[] compositeSignaturesIDs = {
+        "MLDSA44-RSA2048-PSS-SHA256",
+        "MLDSA44-RSA2048-PKCS15-SHA256",
+        "MLDSA44-ED25519-SHA512",
+        "MLDSA44-ECDSA-P256-SHA256", 
+        "MLDSA44-ECDSA-BRAINPOOLP256R1-SHA256",
+        "MLDSA65-RSA3072-PSS-SHA512", 
+        "MLDSA65-RSA3072-PKCS15-SHA512",
+        "MLDSA65-ECDSA-P256-SHA512",
+        "MLDSA65-ECDSA-BRAINPOOLP256R1-SHA512",
+        "MLDSA65-ED25519-SHA512", 
+        "MLDSA87-ECDSA-P384-SHA512", 
+        "MLDSA87-ECDSA-BRAINPOOLP384R1-SHA512", 
+        "MLDSA87-ED448-SHA512", 
+        "FALCON512-ECDSA-P256-SHA256", 
+        "FALCON512-ECDSA-BRAINPOOLP256R1-SHA256", 
+        "FALCON512-ED25519-SHA512"
     };
 
     private void checkCompositeSignatureCertificateCreation()
     {
         try
         {
+            int index = 0;
             for (String oid : compositeSignaturesOIDs)
             {
                 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(oid, "BC");
@@ -5462,22 +5480,23 @@ private void checkCompositeSignatureCertificateCreation()
                 X500Name subject = new X500Name(subjectName);
 
                 JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, keyPair.getPublic());
-                X509CertificateHolder certHolder = certificateBuilder.build(new JcaContentSignerBuilder(oid).build(keyPair.getPrivate()));
+                X509CertificateHolder certHolder = certificateBuilder.build(new JcaContentSignerBuilder(compositeSignaturesIDs[index]).build(keyPair.getPrivate()));
                 X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
 
                 isEquals(oid, cert.getSigAlgOID());
                 CompositePublicKey compositePublicKey = (CompositePublicKey)cert.getPublicKey();
-                isEquals(CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(new ASN1ObjectIdentifier(oid)), compositePublicKey.getAlgorithm());
 
+                isEquals(CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(new ASN1ObjectIdentifier(oid)).getId(), compositePublicKey.getAlgorithm());
+    
                 isEquals(subjectName, cert.getSubjectX500Principal().getName());
 
                 cert.verify(cert.getPublicKey());
-
+                index++;
             }
         }
         catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateException | OperatorCreationException |
             SignatureException | InvalidKeyException | TestFailedException e)
-        {
+        {                       e.printStackTrace();
             fail("checkCompositeSignatureCertificateCreation failed: " + e.getMessage());
         }
     }

prov/src/main/java/org/bouncycastle/jcajce/CompositePrivateKey.java

@@ -1,23 +1,23 @@
 package org.bouncycastle.jcajce;
 
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
 
-import java.io.IOException;
-import java.security.PrivateKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
 /**
  * A composite private key class.
  */
@@ -107,7 +107,7 @@ public List<PrivateKey> getPrivateKeys()
 
     public String getAlgorithm()
     {
-        return CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(this.algorithmIdentifier);
+        return CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(this.algorithmIdentifier).getId();
     }
 
     public ASN1ObjectIdentifier getAlgorithmIdentifier()

prov/src/main/java/org/bouncycastle/jcajce/CompositePublicKey.java

@@ -1,23 +1,23 @@
 package org.bouncycastle.jcajce;
 
+import java.io.IOException;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
 
-import java.io.IOException;
-import java.security.PublicKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
 /**
  * A composite key class.
  */
@@ -108,7 +108,7 @@ public List<PublicKey> getPublicKeys()
 
     public String getAlgorithm()
     {
-        return CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(this.algorithmIdentifier);
+        return CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(this.algorithmIdentifier).getId();
     }
 
     public ASN1ObjectIdentifier getAlgorithmIdentifier()

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/CompositeSignatures.java

@@ -1,14 +1,14 @@
 package org.bouncycastle.jcajce.provider.asymmetric;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
 
-import java.util.HashMap;
-import java.util.Map;
-
 /**
  * Experimental implementation of composite signatures according to https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.
  */
@@ -35,15 +35,15 @@ public void configure(ConfigurableProvider provider)
         {
             for (ASN1ObjectIdentifier oid : CompositeSignaturesConstants.supportedIdentifiers)
             {
-                String algName = CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(oid);
-                provider.addAlgorithm("KeyFactory." + algName, PREFIX + "KeyFactorySpi"); //Key factory is the same for all composite signatures.
-                provider.addAlgorithm("Alg.Alias.KeyFactory", oid, algName);
+                CompositeSignaturesConstants.CompositeName algName = CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(oid);
+                provider.addAlgorithm("KeyFactory." + algName.getId(), PREFIX + "KeyFactorySpi"); //Key factory is the same for all composite signatures.
+                provider.addAlgorithm("Alg.Alias.KeyFactory", oid, algName.getId());
 
-                provider.addAlgorithm("KeyPairGenerator." + algName, PREFIX + "KeyPairGeneratorSpi$" + algName);
-                provider.addAlgorithm("Alg.Alias.KeyPairGenerator", oid, algName);
+                provider.addAlgorithm("KeyPairGenerator." + algName.getId(), PREFIX + "KeyPairGeneratorSpi$" + algName);
+                provider.addAlgorithm("Alg.Alias.KeyPairGenerator", oid, algName.getId());
 
-                provider.addAlgorithm("Signature." + algName, PREFIX + "SignatureSpi$" + algName);
-                provider.addAlgorithm("Alg.Alias.Signature", oid, algName);
+                provider.addAlgorithm("Signature." + algName.getId(), PREFIX + "SignatureSpi$" + algName);
+                provider.addAlgorithm("Alg.Alias.Signature", oid, algName.getId());
 
                 provider.addKeyInfoConverter(oid, new KeyFactorySpi());
             }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/CompositeSignaturesConstants.java

@@ -40,22 +40,34 @@ public abstract class CompositeSignaturesConstants
      */
     public enum CompositeName
     {
-        MLDSA44_RSA2048_PSS_SHA256,
-        MLDSA44_RSA2048_PKCS15_SHA256,
-        MLDSA44_ECDSA_P256_SHA256,
-        MLDSA44_ECDSA_brainpoolP256r1_SHA256,
-        MLDSA44_Ed25519_SHA512,
-        MLDSA65_RSA3072_PSS_SHA512,
-        MLDSA65_RSA3072_PKCS15_SHA512,
-        MLDSA65_ECDSA_brainpoolP256r1_SHA512,
-        MLDSA65_ECDSA_P256_SHA512,
-        MLDSA65_Ed25519_SHA512,
-        MLDSA87_ECDSA_P384_SHA512,
-        MLDSA87_ECDSA_brainpoolP384r1_SHA512,
-        MLDSA87_Ed448_SHA512,
-        Falcon512_ECDSA_P256_SHA256,
-        Falcon512_ECDSA_brainpoolP256r1_SHA256,
-        Falcon512_Ed25519_SHA512,
+        MLDSA44_RSA2048_PSS_SHA256("MLDSA44-RSA2048-PSS-SHA256"),
+        MLDSA44_RSA2048_PKCS15_SHA256("MLDSA44-RSA2048-PKCS15-SHA256"),
+        MLDSA44_Ed25519_SHA512("MLDSA44-Ed25519-SHA512"),
+        MLDSA44_ECDSA_P256_SHA256("MLDSA44-ECDSA-P256-SHA256"),
+        MLDSA44_ECDSA_brainpoolP256r1_SHA256("MLDSA44-ECDSA-brainpoolP256r1-SHA256"),
+        MLDSA65_RSA3072_PSS_SHA512("MLDSA65-RSA3072-PSS-SHA512"),
+        MLDSA65_RSA3072_PKCS15_SHA512("MLDSA65-RSA3072-PKCS15-SHA512"),
+        MLDSA65_ECDSA_brainpoolP256r1_SHA512("MLDSA65-ECDSA-brainpoolP256r1-SHA512"),
+        MLDSA65_ECDSA_P256_SHA512("MLDSA65-ECDSA-P256-SHA512"),
+        MLDSA65_Ed25519_SHA512("MLDSA65-Ed25519-SHA512"),
+        MLDSA87_ECDSA_P384_SHA512("MLDSA87-ECDSA-P384-SHA512"),
+        MLDSA87_ECDSA_brainpoolP384r1_SHA512("MLDSA87-ECDSA-brainpoolP384r1-SHA512"),
+        MLDSA87_Ed448_SHA512("MLDSA87-Ed448-SHA512"),
+        Falcon512_ECDSA_P256_SHA256("Falcon512-ECDSA-P256-SHA256"),
+        Falcon512_ECDSA_brainpoolP256r1_SHA256("Falcon512-ECDSA-brainpoolP256r1-SHA256"),
+        Falcon512_Ed25519_SHA512("Falcon512-Ed25519-SHA512");
+
+        private String id;
+
+        private CompositeName(String id)
+        {
+            this.id = id;
+        }
+
+        public String getId()
+        {
+            return id;
+        }
     }
 
     /**
@@ -101,24 +113,14 @@ public enum CompositeName
     /**
      * Map from ASN1 identifier to a readable string used as the composite signature name for the JCA/JCE API.
      */
-    public static final HashMap<ASN1ObjectIdentifier, String> ASN1IdentifierAlgorithmNameMap;
+    public static final HashMap<ASN1ObjectIdentifier, CompositeName> ASN1IdentifierAlgorithmNameMap;
 
     static
     {
         ASN1IdentifierAlgorithmNameMap = new HashMap<>();
         for (ASN1ObjectIdentifier oid : supportedIdentifiers)
         {
-            String algNameFromEnum = ASN1IdentifierCompositeNameMap.get(oid).name(); //Get enum so we can get name() value.
-            String[] parts = algNameFromEnum.split("_");
-            String algName = null;
-            if (parts.length < 4)
-            { //no 2nd "param", e.g., in the case of Ed25519, 3rd hash function is ignored
-                algName = parts[0] + "and" + parts[1]; // e.g., MLDSA44_Ed25519_SHA512 => MLDSA44andEd25519
-            }
-            else
-            {
-                algName = parts[0] + "and" + parts[1] + parts[2]; // e.g., MLDSA44_RSA2048_PSS_SHA256 => MLDSA44andRSA2048PSS
-            }
+            CompositeName algName = ASN1IdentifierCompositeNameMap.get(oid); //Get enum so we can get name() value.
             ASN1IdentifierAlgorithmNameMap.put(oid, algName);
         }
     }