From 928b9a020017b4f60b57b643f9a62005fa116edc Mon Sep 17 00:00:00 2001
From: sp717 <shervilp@amazon.com>
Date: Tue, 20 Aug 2024 11:02:51 -0700
Subject: [PATCH] Update kpg behavior and relevant tests

---
 .../corretto/crypto/provider/EdGen.java       | 22 +++++++++++-
 .../crypto/provider/test/EdDSATest.java       | 35 +++++--------------
 2 files changed, 30 insertions(+), 27 deletions(-)

diff --git a/src/com/amazon/corretto/crypto/provider/EdGen.java b/src/com/amazon/corretto/crypto/provider/EdGen.java
index 68f4510a..ad9c865e 100644
--- a/src/com/amazon/corretto/crypto/provider/EdGen.java
+++ b/src/com/amazon/corretto/crypto/provider/EdGen.java
@@ -2,19 +2,31 @@
 // SPDX-License-Identifier: Apache-2.0
 package com.amazon.corretto.crypto.provider;
 
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGeneratorSpi;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 
 class EdGen extends KeyPairGeneratorSpi {
   /** Generates a new Ed25519 key and returns a pointer to it. */
   private static native long generateEvpEdKey();
 
   private final AmazonCorrettoCryptoProvider provider_;
+  private final KeyFactory kf;
 
   EdGen(AmazonCorrettoCryptoProvider provider) {
     Loader.checkNativeLibraryAvailability();
     provider_ = provider;
+    try {
+      kf = KeyFactory.getInstance("EdDSA", "SunEC");
+    } catch (GeneralSecurityException e) {
+      throw new RuntimeException("Error setting up KeyPairGenerator", e);
+    }
   }
 
   public void initialize(int keysize, SecureRandom random) {
@@ -27,6 +39,14 @@ public KeyPair generateKeyPair() {
     final EvpEdPublicKey publicKey;
     privateKey = new EvpEdPrivateKey(generateEvpEdKey());
     publicKey = privateKey.getPublicKey();
-    return new KeyPair(publicKey, privateKey);
+    try {
+      final PKCS8EncodedKeySpec privateKeyPkcs8 = new PKCS8EncodedKeySpec(privateKey.getEncoded());
+      final X509EncodedKeySpec publicKeyX509 = new X509EncodedKeySpec(publicKey.getEncoded());
+      final PrivateKey jcePrivateKey = kf.generatePrivate(privateKeyPkcs8);
+      final PublicKey jcePublicKey = kf.generatePublic(publicKeyX509);
+      return new KeyPair(jcePublicKey, jcePrivateKey);
+    } catch (GeneralSecurityException e) {
+      throw new RuntimeException("Error generating key pair", e);
+    }
   }
 }
diff --git a/tst/com/amazon/corretto/crypto/provider/test/EdDSATest.java b/tst/com/amazon/corretto/crypto/provider/test/EdDSATest.java
index 12491fcb..54c2e883 100644
--- a/tst/com/amazon/corretto/crypto/provider/test/EdDSATest.java
+++ b/tst/com/amazon/corretto/crypto/provider/test/EdDSATest.java
@@ -116,14 +116,8 @@ public void jceInteropValidation() throws GeneralSecurityException {
     // Generate keys with ACCP and use JCE KeyFactory to get equivalent JCE Keys
     final KeyPair keyPair = nativeGen.generateKeyPair();
 
-    final PKCS8EncodedKeySpec privateKeyPkcs8 =
-        new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());
-    final X509EncodedKeySpec publicKeyX509 =
-        new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
-
-    final KeyFactory kf = KeyFactory.getInstance("Ed25519", "SunEC");
-    final PrivateKey privateKey = kf.generatePrivate(privateKeyPkcs8);
-    final PublicKey publicKey = kf.generatePublic(publicKeyX509);
+    final PrivateKey privateKey = keyPair.getPrivate();
+    final PublicKey publicKey = keyPair.getPublic();
 
     // Set up ACCP and JCE Signature Instances
     final Signature nativeSig = Signature.getInstance("Ed25519", NATIVE_PROVIDER);
@@ -131,7 +125,7 @@ public void jceInteropValidation() throws GeneralSecurityException {
 
     // Sign with ACCP and verify with SunEC
     final byte[] message = new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
-    nativeSig.initSign(keyPair.getPrivate());
+    nativeSig.initSign(privateKey);
     nativeSig.update(message, 0, message.length);
     final byte[] signatureACCP = nativeSig.sign();
     jceSig.initVerify(publicKey);
@@ -142,7 +136,7 @@ public void jceInteropValidation() throws GeneralSecurityException {
     jceSig.initSign(privateKey);
     jceSig.update(message, 0, message.length);
     final byte[] signatureJCE = jceSig.sign();
-    nativeSig.initVerify(keyPair.getPublic());
+    nativeSig.initVerify(publicKey);
     nativeSig.update(message);
     assertTrue(nativeSig.verify(signatureJCE), "JCE->Native: Ed25519");
 
@@ -157,18 +151,11 @@ public void bcInteropValidation() throws GeneralSecurityException {
     final Signature bcSig = Signature.getInstance("Ed25519", BOUNCYCASTLE_PROVIDER);
     final KeyPair keyPair = nativeGen.generateKeyPair();
 
-    final PKCS8EncodedKeySpec privateKeyPkcs8 =
-        new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());
-    final X509EncodedKeySpec publicKeyX509 =
-        new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
-
-    final KeyFactory kf = KeyFactory.getInstance("Ed25519", BOUNCYCASTLE_PROVIDER);
-
-    final PrivateKey privateKey = kf.generatePrivate(privateKeyPkcs8);
-    final PublicKey publicKey = kf.generatePublic(publicKeyX509);
+    final PrivateKey privateKey = keyPair.getPrivate();
+    final PublicKey publicKey = keyPair.getPublic();
 
     // Sign with ACCP, Verify with BouncyCastle
-    nativeSig.initSign(keyPair.getPrivate());
+    nativeSig.initSign(privateKey);
     nativeSig.update(message, 0, message.length);
     final byte[] signatureACCP = nativeSig.sign();
     bcSig.initVerify(publicKey);
@@ -179,7 +166,7 @@ public void bcInteropValidation() throws GeneralSecurityException {
     bcSig.initSign(privateKey);
     bcSig.update(message, 0, message.length);
     final byte[] signatureBC = bcSig.sign();
-    nativeSig.initVerify(keyPair.getPublic());
+    nativeSig.initVerify(publicKey);
     nativeSig.update(message);
     assertTrue(nativeSig.verify(signatureBC), "BC->Native: Ed25519");
 
@@ -229,10 +216,6 @@ public void mismatchSignature() throws GeneralSecurityException {
 
     final KeyPair kp = nativeGen.generateKeyPair();
 
-    final X509EncodedKeySpec publicKeyX509 = new X509EncodedKeySpec(kp.getPublic().getEncoded());
-    final KeyFactory kf = KeyFactory.getInstance("Ed25519", BOUNCYCASTLE_PROVIDER);
-    final PublicKey pbkJCE = kf.generatePublic(publicKeyX509);
-
     final Signature nativeSig = Signature.getInstance("Ed25519", NATIVE_PROVIDER);
     final Signature jceSig = Signature.getInstance("Ed25519", "SunEC");
 
@@ -244,7 +227,7 @@ public void mismatchSignature() throws GeneralSecurityException {
     nativeSig.update(message2, 0, message2.length);
     assertTrue(!nativeSig.verify(signature));
 
-    jceSig.initVerify(pbkJCE);
+    jceSig.initVerify(kp.getPublic());
     jceSig.update(message2, 0, message2.length);
     assertTrue(!jceSig.verify(signature));
   }