conflict resolution

Author: dghgit

pkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java

@@ -26,10 +26,11 @@
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.util.Strings;
 
 public class DefaultSignatureAlgorithmIdentifierFinder
-    implements SignatureAlgorithmIdentifierFinder
+        implements SignatureAlgorithmIdentifierFinder
 {
     private static Map algorithms = new HashMap();
     private static Set noParams = new HashSet();
@@ -234,6 +235,13 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         algorithms.put("SHA3-512WITHPICNIC", BCObjectIdentifiers.picnic_with_sha3_512);
         algorithms.put("SHAKE256WITHPICNIC", BCObjectIdentifiers.picnic_with_shake256);
 
+        //Load composite signatures
+        for (ASN1ObjectIdentifier oid : CompositeSignaturesConstants.supportedIdentifiers)
+        {
+            algorithms.put(CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(oid).toUpperCase(), oid);
+            algorithms.put(oid.toString(), oid);
+        }
+
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
         // The parameters field SHALL be NULL for RSA based signature algorithms.
@@ -519,7 +527,7 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         digestOids.put(BCObjectIdentifiers.sphincsPlus_sha2_256f, NISTObjectIdentifiers.id_sha256);
         digestOids.put(BCObjectIdentifiers.sphincsPlus_shake_256s, NISTObjectIdentifiers.id_shake256);
         digestOids.put(BCObjectIdentifiers.sphincsPlus_shake_256f, NISTObjectIdentifiers.id_shake256);
-        
+
 //        digestOids.put(GMObjectIdentifiers.sm2sign_with_rmd160, TeleTrusTObjectIdentifiers.ripemd160);
 //        digestOids.put(GMObjectIdentifiers.sm2sign_with_sha1, OIWObjectIdentifiers.idSHA1);
 //        digestOids.put(GMObjectIdentifiers.sm2sign_with_sha224, NISTObjectIdentifiers.id_sha224);
@@ -537,16 +545,16 @@ public class DefaultSignatureAlgorithmIdentifierFinder
     private static RSASSAPSSparams createPSSParams(AlgorithmIdentifier hashAlgId, int saltSize)
     {
         return new RSASSAPSSparams(
-            hashAlgId,
-            new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
-            new ASN1Integer(saltSize),
-            new ASN1Integer(1));
+                hashAlgId,
+                new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
+                new ASN1Integer(saltSize),
+                new ASN1Integer(1));
     }
 
     public AlgorithmIdentifier find(String sigAlgName)
     {
         String algorithmName = Strings.toUpperCase(sigAlgName);
-        ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier)algorithms.get(algorithmName);
+        ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier) algorithms.get(algorithmName);
         if (sigOID == null)
         {
             throw new IllegalArgumentException("Unknown signature type requested: " + sigAlgName);
@@ -559,7 +567,7 @@ public AlgorithmIdentifier find(String sigAlgName)
         }
         else if (params.containsKey(algorithmName))
         {
-            sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable)params.get(algorithmName));
+            sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable) params.get(algorithmName));
         }
         else
         {

pkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java

@@ -118,7 +118,8 @@ public JcaContentSignerBuilder setSecureRandom(SecureRandom random)
     public ContentSigner build(PrivateKey privateKey)
         throws OperatorCreationException
     {
-        if (privateKey instanceof CompositePrivateKey)
+        //Use this legacy method only for composite private keys (they have that identifier)
+        if (privateKey instanceof CompositePrivateKey && ((CompositePrivateKey)privateKey).getAlgorithmIdentifier().equals(MiscObjectIdentifiers.id_composite_key))
         {
             return buildComposite((CompositePrivateKey)privateKey);
         }

pkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java

@@ -143,7 +143,8 @@ public ContentVerifier get(AlgorithmIdentifier algorithm)
                     return createCompositeVerifier(algorithm, publicKey);
                 }
 
-                if (publicKey instanceof CompositePublicKey)
+                //Use this legacy method only for composite public keys (they have that identifier)
+                if (publicKey instanceof CompositePublicKey && ((CompositePublicKey)publicKey).getAlgorithmIdentifier().equals(MiscObjectIdentifiers.id_composite_key))
                 {
                     List<PublicKey> keys = ((CompositePublicKey)publicKey).getPublicKeys();
 

pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java

@@ -2,6 +2,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.InputStreamReader;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
@@ -60,6 +61,7 @@
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.pkcs.RSAPublicKey;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x500.X500NameBuilder;
@@ -102,6 +104,7 @@
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 import org.bouncycastle.jcajce.CompositePrivateKey;
 import org.bouncycastle.jcajce.CompositePublicKey;
+import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.jcajce.spec.CompositeAlgorithmSpec;
 import org.bouncycastle.jce.X509KeyUsage;
 import org.bouncycastle.jce.interfaces.ECPointEncoder;
@@ -112,10 +115,12 @@
 import org.bouncycastle.jce.spec.ECPublicKeySpec;
 import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.ContentVerifierProvider;
 import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
 import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
 import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
@@ -137,6 +142,7 @@
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
+import org.bouncycastle.util.test.TestFailedException;
 
 public class CertTest
     extends SimpleTest
@@ -2953,7 +2959,7 @@ public void checkCRLCompositeCreation()
         // null comp test
         try
         {
-            crl.verify(new CompositePublicKey(null, null));
+            crl.verify(new CompositePublicKey(new PublicKey[]{null, null}));
         }
         catch (InvalidKeyException e)
         {
@@ -4567,7 +4573,7 @@ public void checkCreationComposite()
         {
             vProv = new JcaContentVerifierProviderBuilder()
                 .setProvider(BC)
-                .build(new CompositePublicKey(null, null));
+                .build(new CompositePublicKey(new PublicKey[]{null, null}));
 
             certHldr.isSignatureValid(vProv);
         }
@@ -4596,7 +4602,7 @@ public void checkCreationComposite()
         // null comp test
         try
         {
-            cert.verify(new CompositePublicKey(null, null));
+            cert.verify(new CompositePublicKey(new PublicKey[]{null, null}));
         }
         catch (InvalidKeyException e)
         {
@@ -5417,6 +5423,132 @@ private void checkSerialisation()
         doSerialize(attrHolder);
     }
 
+    // TESTS REGARDING COMPOSITES https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.html
+    private static String[] compositeSignaturesOIDs = {
+            "2.16.840.1.114027.80.8.1.1", //id-MLDSA44-RSA2048-PSS-SHA256
+            "2.16.840.1.114027.80.8.1.2", //id-MLDSA44-RSA2048-PKCS15-SHA256
+            "2.16.840.1.114027.80.8.1.3", //id-MLDSA44-Ed25519-SHA512
+            "2.16.840.1.114027.80.8.1.4", //id-MLDSA44-ECDSA-P256-SHA256
+            "2.16.840.1.114027.80.8.1.5", //id-MLDSA44-ECDSA-brainpoolP256r1-SHA256
+            "2.16.840.1.114027.80.8.1.6", //id-MLDSA65-RSA3072-PSS-SHA512
+            "2.16.840.1.114027.80.8.1.7", //id-MLDSA65-RSA3072-PKCS15-SHA512
+            "2.16.840.1.114027.80.8.1.8", //id-MLDSA65-ECDSA-P256-SHA512
+            "2.16.840.1.114027.80.8.1.9", //id-MLDSA65-ECDSA-brainpoolP256r1-SHA512
+            "2.16.840.1.114027.80.8.1.10", //id-MLDSA65-Ed25519-SHA512
+            "2.16.840.1.114027.80.8.1.11", //id-MLDSA87-ECDSA-P384-SHA512
+            "2.16.840.1.114027.80.8.1.12", //id-MLDSA87-ECDSA-brainpoolP384r1-SHA512
+            "2.16.840.1.114027.80.8.1.13", //id-MLDSA87-Ed448-SHA512
+            // Falcon composites below were excluded from the draft. See MiscObjectIdentifiers for details.
+            "2.16.840.1.114027.80.8.1.14", //id-Falcon512-ECDSA-P256-SHA256
+            "2.16.840.1.114027.80.8.1.15", //id-Falcon512-ECDSA-brainpoolP256r1-SHA256
+            "2.16.840.1.114027.80.8.1.16", //id-Falcon512-Ed25519-SHA512
+    };
+
+    private void checkCompositeSignatureCertificateCreation()
+    {
+        try
+        {
+            for (String oid : compositeSignaturesOIDs)
+            {
+                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(oid, "BC");
+                KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+                String subjectName = "CN=ROOT CA";
+                X500Name issuer = new X500Name(subjectName);
+                BigInteger serial = BigInteger.valueOf(5);
+                Date notBefore = new Date();
+                Date notAfter = new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24 * 365L);
+                X500Name subject = new X500Name(subjectName);
+
+                JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, keyPair.getPublic());
+                X509CertificateHolder certHolder = certificateBuilder.build(new JcaContentSignerBuilder(oid).build(keyPair.getPrivate()));
+                X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
+
+                isEquals(oid, cert.getSigAlgOID());
+                CompositePublicKey compositePublicKey = (CompositePublicKey) cert.getPublicKey();
+                isEquals(CompositeSignaturesConstants.ASN1IdentifierAlgorithmNameMap.get(new ASN1ObjectIdentifier(oid)), compositePublicKey.getAlgorithm());
+
+                isEquals(subjectName, cert.getSubjectX500Principal().getName());
+
+                cert.verify(cert.getPublicKey());
+
+            }
+        }
+        catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateException | OperatorCreationException |
+               SignatureException | InvalidKeyException | TestFailedException e)
+        {
+            fail("checkCompositeSignatureCertificateCreation failed: " + e.getMessage());
+        }
+    }
+
+    private void checkParseCompositePublicKey()
+    {
+        try
+        {
+            //compositePublicKeyExampleRFC.pem contains the sample public key from https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.html
+            PEMParser pemParser = new PEMParser(new InputStreamReader(this.getClass().getResourceAsStream("compositePublicKeyExampleRFC.pem")));
+            SubjectPublicKeyInfo subjectPublicKeyInfo = (SubjectPublicKeyInfo) pemParser.readObject();
+            isEquals(subjectPublicKeyInfo.getAlgorithm().getAlgorithm(), MiscObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256);
+
+            CompositePublicKey compositePublicKey = new CompositePublicKey(subjectPublicKeyInfo);
+
+            isEquals(compositePublicKey.getPublicKeys().get(0).getAlgorithm(), "DILITHIUM2");
+            isEquals(compositePublicKey.getPublicKeys().get(1).getAlgorithm(), "ECDSA");
+        }
+        catch (Exception e)
+        {
+            fail("checkParseCompositePublicKey failed: " + e.getMessage());
+        }
+    }
+
+    private void checkParseCompositePrivateKey()
+    {
+        try
+        {
+            //compositePrivateKeyExample.pem does NOT contain the sample private key from https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.html
+            //because the at this moment, the Dilithium private key formats don't match.
+            //this sample was generated from this BC implementation
+            PEMParser pemParser = new PEMParser(new InputStreamReader(this.getClass().getResourceAsStream("compositePrivateKeyExample.pem")));
+            PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) pemParser.readObject();
+
+            isEquals(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm(), MiscObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256);
+
+            CompositePrivateKey compositePrivateKey = new CompositePrivateKey(privateKeyInfo);
+
+            isEquals(compositePrivateKey.getPrivateKeys().get(0).getAlgorithm(), "DILITHIUM2");
+            isEquals(compositePrivateKey.getPrivateKeys().get(1).getAlgorithm(), "ECDSA");
+        }
+        catch (Exception e)
+        {
+            fail("checkParseCompositePrivateKey failed: " + e.getMessage());
+        }
+    }
+
+    private void checkParseAndVerifyCompositeCertificate()
+    {
+        try
+        {
+            //compositeCertificateExampleRFC.pem contains the sample certificate from https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-sigs-13.html
+            PEMParser pemParser = new PEMParser(new InputStreamReader(this.getClass().getResourceAsStream("compositeCertificateExampleRFC.pem")));
+            X509CertificateHolder certificateHolder = (X509CertificateHolder) pemParser.readObject();
+            JcaX509CertificateConverter x509Converter = new JcaX509CertificateConverter().setProvider("BC");
+            X509Certificate certificate = x509Converter.getCertificate(certificateHolder);
+
+            isEquals(certificate.getSigAlgOID(), MiscObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256.toString());
+
+            CompositePublicKey compositePublicKey = (CompositePublicKey) certificate.getPublicKey();
+
+            isEquals(compositePublicKey.getPublicKeys().get(0).getAlgorithm(), "DILITHIUM2");
+            isEquals(compositePublicKey.getPublicKeys().get(1).getAlgorithm(), "ECDSA");
+
+            certificate.verify(compositePublicKey);
+        }
+        catch (Exception e)
+        {
+            fail("checkParseAndVerifyCompositeCertificate failed: " + e.getMessage());
+        }
+    }
+
     private void doSerialize(Serializable encodable)
         throws Exception
     {
@@ -5565,6 +5697,11 @@ public void performTest()
         zeroDataTest();
 
         checkSerialisation();
+
+        checkCompositeSignatureCertificateCreation();
+        checkParseCompositePublicKey();
+        checkParseCompositePrivateKey();
+        checkParseAndVerifyCompositeCertificate();
     }
 
     private Extensions generateExtensions(Vector oids, Vector values)