Added marker interface for BCKeys to allow composite to fall back to other providers.

Author: dghgit

prov/src/main/java/org/bouncycastle/jcajce/interfaces/BCKey.java

@@ -0,0 +1,8 @@
+package org.bouncycastle.jcajce.interfaces;
+
+/**
+ * Marker interface for key implementations that are implemented inside Bouncy Castle.
+ */
+public interface BCKey
+{
+}

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java

@@ -16,6 +16,7 @@
 import java.security.spec.MGF1ParameterSpec;
 import java.security.spec.PSSParameterSpec;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -29,6 +30,7 @@
 import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.jcajce.CompositePrivateKey;
 import org.bouncycastle.jcajce.CompositePublicKey;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.spec.ContextParameterSpec;
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
@@ -94,6 +96,7 @@ public class SignatureSpi
 
     //List of Signatures. Each entry corresponds to a component signature from the composite definition.
     private final ASN1ObjectIdentifier algorithm;
+    private final String[] algs;
     private final Signature[] componentSignatures;
     private final byte[] domain;
     private final Digest preHashDigest;
@@ -110,20 +113,8 @@ public class SignatureSpi
         this.preHashDigest = preHashDigest;
         this.domain = domainSeparators.get(algorithm);
 
-        String[] algs = CompositeIndex.getPairing(algorithm);
-
+        this.algs = CompositeIndex.getPairing(algorithm);
         this.componentSignatures = new Signature[algs.length];
-        try
-        {
-            for (int i = 0; i != componentSignatures.length; i++)
-            {
-                componentSignatures[i] = Signature.getInstance(algs[i], "BC");
-            }
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw Exceptions.illegalStateException(e.getMessage(), e);
-        }
     }
 
     protected void engineInitVerify(PublicKey publicKey)
@@ -137,11 +128,13 @@ protected void engineInitVerify(PublicKey publicKey)
         this.compositeKey = publicKey;
 
         CompositePublicKey compositePublicKey = (CompositePublicKey)this.compositeKey;
+
         if (!compositePublicKey.getAlgorithmIdentifier().getAlgorithm().equals(this.algorithm))
         {
             throw new InvalidKeyException("Provided composite public key cannot be used with the composite signature algorithm.");
         }
-
+        createComponentSignatures(compositePublicKey.getPublicKeys());
+        
         sigInitVerify();
     }
 
@@ -171,10 +164,33 @@ protected void engineInitSign(PrivateKey privateKey)
         {
             throw new InvalidKeyException("Provided composite private key cannot be used with the composite signature algorithm.");
         }
+        createComponentSignatures(compositePrivateKey.getPrivateKeys());
 
         sigInitSign();
     }
 
+    private void createComponentSignatures(List keys)
+    {
+        try
+        {
+            for (int i = 0; i != componentSignatures.length; i++)
+            {
+                if (keys.get(i) instanceof BCKey)
+                {
+                    componentSignatures[i] = Signature.getInstance(algs[i], "BC");
+                }
+                else
+                {
+                    componentSignatures[i] = Signature.getInstance(algs[i]);
+                }
+            }
+        }
+        catch (GeneralSecurityException e)
+        {
+            throw Exceptions.illegalStateException(e.getMessage(), e);
+        }
+    }
+
     private void sigInitSign()
         throws InvalidKeyException
     {

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java

@@ -25,6 +25,7 @@
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
@@ -37,7 +38,7 @@
 import org.bouncycastle.util.Arrays;
 
 public class BCECPrivateKey
-    implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder
+    implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder, BCKey
 {
     static final long serialVersionUID = 994553197664784084L;
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java

@@ -21,6 +21,7 @@
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
@@ -32,7 +33,7 @@
 import org.bouncycastle.util.Properties;
 
 public class BCECPublicKey
-    implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
+    implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder, BCKey
 {
     static final long serialVersionUID = 2422789860422731812L;
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/edec/BCEdDSAPrivateKey.java

@@ -15,13 +15,14 @@
 import org.bouncycastle.crypto.params.Ed448PublicKeyParameters;
 import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
 import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.interfaces.EdDSAPrivateKey;
 import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Properties;
 
 public class BCEdDSAPrivateKey
-    implements EdDSAPrivateKey
+    implements EdDSAPrivateKey, BCKey
 {
     static final long serialVersionUID = 1L;
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/edec/BCEdDSAPublicKey.java

@@ -11,12 +11,13 @@
 import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
 import org.bouncycastle.crypto.params.Ed448PublicKeyParameters;
 import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Properties;
 
 public class BCEdDSAPublicKey
-    implements EdDSAPublicKey
+    implements EdDSAPublicKey, BCKey
 {
     static final long serialVersionUID = 1L;
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java

@@ -13,13 +13,14 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
 import org.bouncycastle.util.Strings;
 
 public class BCRSAPrivateKey
-    implements RSAPrivateKey, PKCS12BagAttributeCarrier
+    implements RSAPrivateKey, PKCS12BagAttributeCarrier, BCKey
 {
     static final long serialVersionUID = 5110188922551353628L;
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java

@@ -12,11 +12,12 @@
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.jcajce.interfaces.BCKey;
 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
 import org.bouncycastle.util.Strings;
 
 public class BCRSAPublicKey
-    implements RSAPublicKey
+    implements RSAPublicKey, BCKey
 {
     static final AlgorithmIdentifier DEFAULT_ALGORITHM_IDENTIFIER = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
 

prov/src/test/java/org/bouncycastle/jcajce/provider/test/CompositeSignaturesTest.java

@@ -26,11 +26,9 @@
 
 import junit.framework.TestCase;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.util.ASN1Dump;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
@@ -306,7 +304,47 @@ public void testSelfComposition()
         TestCase.assertTrue(signature.verify(signatureValue));
 
         KeyFactory compFact = KeyFactory.getInstance(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256.getId(), "BC");
-             System.err.println(ASN1Dump.dumpAsString(ASN1Primitive.fromByteArray(compPrivateKey.getEncoded())));
+        PrivateKey compPriv = compFact.generatePrivate(new PKCS8EncodedKeySpec(compPrivateKey.getEncoded()));
+        PublicKey compPub = compFact.generatePublic(new X509EncodedKeySpec(compPublicKey.getEncoded()));
+
+        signature.initSign(compPriv);
+        signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+        signatureValue = signature.sign();
+
+        signature.initVerify(compPub);
+        signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+        TestCase.assertTrue(signature.verify(signatureValue));
+
+    }
+
+    public void testMixedComposition()
+        throws Exception
+    {
+        KeyPairGenerator mldsaKpGen = KeyPairGenerator.getInstance("ML-DSA", "BC");
+
+        mldsaKpGen.initialize(MLDSAParameterSpec.ml_dsa_44);
+
+        KeyPair mldsaKp = mldsaKpGen.generateKeyPair();
+
+        KeyPairGenerator ecKpGen = KeyPairGenerator.getInstance("EC", "SunEC");
+
+        ecKpGen.initialize(new ECGenParameterSpec("secp256r1"));
+
+        KeyPair ecKp = ecKpGen.generateKeyPair();
+
+        CompositePublicKey compPublicKey = new CompositePublicKey(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256, mldsaKp.getPublic(), ecKp.getPublic());
+        CompositePrivateKey compPrivateKey = new CompositePrivateKey(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256, mldsaKp.getPrivate(), ecKp.getPrivate());
+
+        Signature signature = Signature.getInstance(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256.getId(), "BC");
+        signature.initSign(compPrivateKey);
+        signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+        byte[] signatureValue = signature.sign();
+
+        signature.initVerify(compPublicKey);
+        signature.update(Strings.toUTF8ByteArray(messageToBeSigned));
+        TestCase.assertTrue(signature.verify(signatureValue));
+
+        KeyFactory compFact = KeyFactory.getInstance(BCObjectIdentifiers.id_MLDSA44_ECDSA_P256_SHA256.getId(), "BC");
         PrivateKey compPriv = compFact.generatePrivate(new PKCS8EncodedKeySpec(compPrivateKey.getEncoded()));
         PublicKey compPub = compFact.generatePublic(new X509EncodedKeySpec(compPublicKey.getEncoded()));