Add some ObjectIdentifier. Pass the test for HSS signer.

gefeili · dghgit · commit 15c5a960c505 · 2025-03-22T05:21:30.000Z
diff --git a/core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -165,7 +165,8 @@ public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo, Obj
         SubjectPublicKeyInfoConverter converter = (SubjectPublicKeyInfoConverter)converters.get(algID.getAlgorithm());
         if (null == converter)
         {
-            throw new IOException("algorithm identifier in public key not recognised: " + algID.getAlgorithm());
+            return org.bouncycastle.pqc.crypto.util.PublicKeyFactory.createKey(keyInfo, defaultParams);
+            //throw new IOException("algorithm identifier in public key not recognised: " + algID.getAlgorithm());
         }
 
         return converter.getPublicKeyParameters(keyInfo, defaultParams);
diff --git a/core/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java b/core/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java
@@ -35,6 +35,9 @@
 import org.bouncycastle.crypto.params.X448PublicKeyParameters;
 import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.internal.asn1.rosstandart.RosstandartObjectIdentifiers;
+import org.bouncycastle.pqc.crypto.lms.Composer;
+import org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters;
+import org.bouncycastle.util.Arrays;
 
 /**
  * Factory to create ASN.1 subject public key info objects from lightweight public keys.
@@ -192,6 +195,15 @@ else if (publicKey instanceof Ed25519PublicKeyParameters)
 
             return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), key.getEncoded());
         }
+        else if (publicKey instanceof HSSPublicKeyParameters)
+        {
+            HSSPublicKeyParameters params = (HSSPublicKeyParameters)publicKey;
+            final byte tag_OctetString = (byte) 0x04;
+            byte[] encoding = Composer.compose().u32str(params.getL()).bytes(params.getLMSPublicKey()).build();
+
+            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
+            return new SubjectPublicKeyInfo(algorithmIdentifier, Arrays.concatenate(new byte[]{tag_OctetString, (byte)encoding.length}, encoding));
+        }
         else
         {
             throw new IOException("key parameters not recognized");
diff --git a/core/src/main/java/org/bouncycastle/internal/asn1/kisa/KISAObjectIdentifiers.java b/core/src/main/java/org/bouncycastle/internal/asn1/kisa/KISAObjectIdentifiers.java
@@ -28,4 +28,7 @@ public interface KISAObjectIdentifiers
 
     /** RFC 4010: SeedEncryptionAlgorithmInCMS; OID 1.2.840.113549.1.9.16.0.24 */
     static final ASN1ObjectIdentifier id_mod_cms_seed = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.24");
+
+    /** RFC 9708 MTS-HashSig-2013; OID 1.2.840.113549.1.9.16.0.64 */
+    static final ASN1ObjectIdentifier id_mod_mts_hashsig_2013 = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.64");
 }
diff --git a/pkix/src/main/java/org/bouncycastle/operator/bc/BcHssLmsContentSignerBuilder.java b/pkix/src/main/java/org/bouncycastle/operator/bc/BcHssLmsContentSignerBuilder.java
@@ -1,81 +1,96 @@
 package org.bouncycastle.operator.bc;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Signer;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.pqc.crypto.MessageSigner;
+import org.bouncycastle.pqc.crypto.lms.HSSPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.lms.HSSSigner;
+import org.bouncycastle.util.Arrays;
 
 public class BcHssLmsContentSignerBuilder
     extends BcContentSignerBuilder
 {
-    public BcHssLmsContentSignerBuilder(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
+    private static final AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
+
+    public BcHssLmsContentSignerBuilder()
     {
-        super(sigAlgId, digAlgId);
+        super(sigAlgId, null);
     }
 
     protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
         throws OperatorCreationException
     {
-        Digest dig = digestProvider.get(digAlgId);
-
-        return new HssSigner(dig);
+        return new HssSigner();
     }
 
-    private static class HssSigner
+    static class HssSigner
         implements Signer
     {
         private final MessageSigner hss = new HSSSigner();
-        private final Digest digest;
+        private final ByteArrayOutputStream stream = new ByteArrayOutputStream();
+        private HSSPublicKeyParameters publicKeyParameters;
+        static final byte tag_OctetString = 0x04;
 
-        public HssSigner(Digest digest)
+        public HssSigner()
         {
-            this.digest = digest;
         }
 
         @Override
         public void init(boolean forSigning, CipherParameters param)
         {
             hss.init(forSigning, param);
+            if (forSigning)
+            {
+                publicKeyParameters = ((HSSPrivateKeyParameters)param).getPublicKey();
+            }
+            else
+            {
+                publicKeyParameters = (HSSPublicKeyParameters)param;
+            }
         }
 
         @Override
         public void update(byte b)
         {
-            digest.update(b);
+            stream.write(b);
         }
 
         @Override
         public void update(byte[] in, int off, int len)
         {
-            digest.update(in, off, len);
+            stream.write(in, off, len);
         }
 
         @Override
         public byte[] generateSignature()
             throws CryptoException, DataLengthException
         {
-            byte[] hash = new byte[digest.getDigestSize()];
-            digest.doFinal(hash, 0);
-            return hss.generateSignature(hash);
+            byte[] msg = stream.toByteArray();
+            stream.reset();
+            return hss.generateSignature(msg);
         }
 
         @Override
         public boolean verifySignature(byte[] signature)
         {
-            byte[] hash = new byte[digest.getDigestSize()];
-            digest.doFinal(hash, 0);
-            return hss.verifySignature(hash, signature);
+            byte[] msg = stream.toByteArray();
+            stream.reset();
+            return hss.verifySignature(msg, signature);
         }
 
         @Override
         public void reset()
         {
-            digest.reset();
+            stream.reset();
         }
     }
 }
diff --git a/pkix/src/main/java/org/bouncycastle/operator/bc/BcHssLmsContentVerifierProviderBuilder.java b/pkix/src/main/java/org/bouncycastle/operator/bc/BcHssLmsContentVerifierProviderBuilder.java
@@ -0,0 +1,30 @@
+package org.bouncycastle.operator.bc;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.util.PublicKeyFactory;
+import org.bouncycastle.operator.OperatorCreationException;
+
+public class BcHssLmsContentVerifierProviderBuilder
+    extends BcContentVerifierProviderBuilder
+{
+    public BcHssLmsContentVerifierProviderBuilder()
+    {
+    }
+
+    protected Signer createSigner(AlgorithmIdentifier sigAlgId)
+        throws OperatorCreationException
+    {
+        return new BcHssLmsContentSignerBuilder.HssSigner();
+    }
+
+    protected AsymmetricKeyParameter extractKeyParameters(SubjectPublicKeyInfo publicKeyInfo)
+        throws IOException
+    {
+        return PublicKeyFactory.createKey(publicKeyInfo);
+    }
+}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java
@@ -2,13 +2,17 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.MessageDigest;
+import java.security.SecureRandom;
 import java.security.Security;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Date;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
@@ -27,8 +31,14 @@
 import org.bouncycastle.asn1.cms.SignerInfo;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v1CertificateBuilder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.bc.BcX509v1CertificateBuilder;
+import org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
 import org.bouncycastle.cert.jcajce.JcaCertStore;
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.CMSProcessableByteArray;
@@ -40,11 +50,31 @@
 import org.bouncycastle.cms.SignerInformationStore;
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
 import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DSAParametersGenerator;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.DSAParameters;
+import org.bouncycastle.crypto.util.PublicKeyFactory;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.DigestCalculatorProvider;
 import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
+import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
+import org.bouncycastle.operator.bc.BcHssLmsContentSignerBuilder;
+import org.bouncycastle.operator.bc.BcHssLmsContentVerifierProviderBuilder;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.pqc.crypto.lms.HSSKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.lms.HSSKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.lms.LMOtsParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.lms.LMSParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSigParameters;
 import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
 import org.bouncycastle.util.Store;
 
@@ -104,7 +134,7 @@ public static void main(String args[])
         throws Exception
     {
         init();
-
+        //checkCreationHssLms();
         junit.textui.TestRunner.run(PQCSignedDataTest.class);
     }
 
@@ -321,7 +351,7 @@ public void testLmsEncapsulated()
 
         assertTrue(digAlgIds.contains(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)));
         assertTrue(digAlgIds.size() == 1);
-        
+
         certs = s.getCertificates();
 
         SignerInformationStore signers = s.getSignerInfos();
@@ -352,6 +382,81 @@ public void testLmsEncapsulated()
         }
     }
 
+    public void testCheckCreationHssLms()
+        throws Exception
+    {
+        //
+        // set up the keys
+        //
+        AsymmetricKeyParameter privKey;
+        AsymmetricKeyParameter pubKey;
+
+        AsymmetricCipherKeyPairGenerator kpg = new HSSKeyPairGenerator();
+
+        kpg.init(new HSSKeyGenerationParameters(
+            new LMSParameters[]{new LMSParameters(LMSigParameters.lms_sha256_n32_h5, LMOtsParameters.sha256_n32_w4)}, new SecureRandom()));
+
+        AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
+
+        privKey = (AsymmetricKeyParameter)pair.getPrivate();
+        pubKey = (AsymmetricKeyParameter)pair.getPublic();
+
+        //
+        // distinguished name table.
+        //
+        X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
+
+        builder.addRDN(RFC4519Style.c, "AU");
+        builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
+        builder.addRDN(RFC4519Style.l, "Melbourne");
+        builder.addRDN(RFC4519Style.st, "Victoria");
+        builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
+
+        //
+        // extensions
+        //
+
+        //
+        // create the certificate - version 3
+        //
+
+
+        ContentSigner sigGen = new BcHssLmsContentSignerBuilder().build(privKey);
+        X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubKey);
+
+
+        X509CertificateHolder cert = certGen.build(sigGen);
+
+        assertTrue(cert.isValidOn(new Date()));
+
+        assertTrue(cert.isSignatureValid(new BcHssLmsContentVerifierProviderBuilder().build(pubKey)));
+
+
+        //
+        // create the certificate - version 1
+        //
+
+        sigGen = new BcHssLmsContentSignerBuilder().build(privKey);
+        X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubKey);
+
+        cert = certGen1.build(sigGen);
+
+        assertTrue(cert.isValidOn(new Date()));
+
+        assertTrue(cert.isSignatureValid(new BcHssLmsContentVerifierProviderBuilder().build(pubKey)));
+
+        AsymmetricKeyParameter certPubKey = PublicKeyFactory.createKey(cert.getSubjectPublicKeyInfo());
+
+        assertTrue(cert.isSignatureValid(new BcHssLmsContentVerifierProviderBuilder().build(certPubKey)));
+
+        ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
+        CertificateFactory fact = CertificateFactory.getInstance("X.509");
+
+        X509Certificate x509cert = (X509Certificate)fact.generateCertificate(bIn);
+
+        //System.out.println(cert);
+    }
+
     public void testTryLmsSettings()
         throws Exception
     {
diff --git a/util/src/main/java/org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.java b/util/src/main/java/org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.java
@@ -28,4 +28,7 @@ public interface KISAObjectIdentifiers
 
     /** RFC 4010: SeedEncryptionAlgorithmInCMS; OID 1.2.840.113549.1.9.16.0.24 */
     static final ASN1ObjectIdentifier id_mod_cms_seed = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.24");
+
+    /** RFC 9708 MTS-HashSig-2013; OID 1.2.840.113549.1.9.16.0.64 */
+    static final ASN1ObjectIdentifier id_mod_mts_hashsig_2013 = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.64");
 }
diff --git a/util/src/main/java/org/bouncycastle/asn1/mod/ModObjectIdentifiers.java b/util/src/main/java/org/bouncycastle/asn1/mod/ModObjectIdentifiers.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1.mod;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+public interface ModObjectIdentifiers
+{
+    //TODO: add more from RFC 6268, RFC 5911
+
+    //   id_mod OBJECT IDENTIFIER  ::= { iso(1) identified_organization(3)
+    //       dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) }
+    ASN1ObjectIdentifier id_mod = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.0");
+
+    /**
+     * PUBLIC-KEY, SIGNATURE-ALGORITHM, SMIME-CAPS
+     *      FROM AlgorithmInformation-2009  -- RFC 5911 [CMSASN1]
+     *      { iso(1) identified-organization(3) dod(6) internet(1)
+     *      security(5) mechanisms(5) pkix(7) id-mod(0)
+     *      id-mod-algorithmInformation-02(58) } ;
+     *      1.3.6.1.5.5.7.0.58
+     */
+    ASN1ObjectIdentifier id_mod_algorithmInformation_02 = id_mod.branch("58");
+}

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,8 @@ public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo, Obj`
`165`	`165`	`SubjectPublicKeyInfoConverter converter = (SubjectPublicKeyInfoConverter)converters.get(algID.getAlgorithm());`
`166`	`166`	`if (null == converter)`
`167`	`167`	`{`
`168`		`- throw new IOException("algorithm identifier in public key not recognised: " + algID.getAlgorithm());`
	`168`	`+ return org.bouncycastle.pqc.crypto.util.PublicKeyFactory.createKey(keyInfo, defaultParams);`
	`169`	`+ //throw new IOException("algorithm identifier in public key not recognised: " + algID.getAlgorithm());`
`169`	`170`	`}`
`170`	`171`
`171`	`172`	`return converter.getPublicKeyParameters(keyInfo, defaultParams);`
Original file line number	Diff line number	Diff line change
`@@ -28,4 +28,7 @@ public interface KISAObjectIdentifiers`
`28`	`28`
`29`	`29`	`/** RFC 4010: SeedEncryptionAlgorithmInCMS; OID 1.2.840.113549.1.9.16.0.24 */`
`30`	`30`	`static final ASN1ObjectIdentifier id_mod_cms_seed = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.24");`
	`31`	`+`
	`32`	`+ /** RFC 9708 MTS-HashSig-2013; OID 1.2.840.113549.1.9.16.0.64 */`
	`33`	`+ static final ASN1ObjectIdentifier id_mod_mts_hashsig_2013 = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.64");`
`31`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,81 +1,96 @@`
`1`	`1`	`package org.bouncycastle.operator.bc;`
`2`	`2`
	`3`	`+import java.io.ByteArrayOutputStream;`
	`4`	`+import java.io.IOException;`
	`5`	`+`
	`6`	`+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;`
`3`	`7`	`import org.bouncycastle.asn1.x509.AlgorithmIdentifier;`
`4`	`8`	`import org.bouncycastle.crypto.CipherParameters;`
`5`	`9`	`import org.bouncycastle.crypto.CryptoException;`
`6`	`10`	`import org.bouncycastle.crypto.DataLengthException;`
`7`		`-import org.bouncycastle.crypto.Digest;`
`8`	`11`	`import org.bouncycastle.crypto.Signer;`
`9`	`12`	`import org.bouncycastle.operator.OperatorCreationException;`
`10`	`13`	`import org.bouncycastle.pqc.crypto.MessageSigner;`
	`14`	`+import org.bouncycastle.pqc.crypto.lms.HSSPrivateKeyParameters;`
	`15`	`+import org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters;`
`11`	`16`	`import org.bouncycastle.pqc.crypto.lms.HSSSigner;`
	`17`	`+import org.bouncycastle.util.Arrays;`
`12`	`18`
`13`	`19`	`public class BcHssLmsContentSignerBuilder`
`14`	`20`	`extends BcContentSignerBuilder`
`15`	`21`	`{`
`16`		`- public BcHssLmsContentSignerBuilder(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)`
	`22`	`+ private static final AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);`
	`23`	`+`
	`24`	`+ public BcHssLmsContentSignerBuilder()`
`17`	`25`	`{`
`18`		`- super(sigAlgId, digAlgId);`
	`26`	`+ super(sigAlgId, null);`
`19`	`27`	`}`
`20`	`28`
`21`	`29`	`protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)`
`22`	`30`	`throws OperatorCreationException`
`23`	`31`	`{`
`24`		`- Digest dig = digestProvider.get(digAlgId);`
`25`		`-`
`26`		`- return new HssSigner(dig);`
	`32`	`+ return new HssSigner();`
`27`	`33`	`}`
`28`	`34`
`29`		`- private static class HssSigner`
	`35`	`+ static class HssSigner`
`30`	`36`	`implements Signer`
`31`	`37`	`{`
`32`	`38`	`private final MessageSigner hss = new HSSSigner();`
`33`		`- private final Digest digest;`
	`39`	`+ private final ByteArrayOutputStream stream = new ByteArrayOutputStream();`
	`40`	`+ private HSSPublicKeyParameters publicKeyParameters;`
	`41`	`+ static final byte tag_OctetString = 0x04;`
`34`	`42`
`35`		`- public HssSigner(Digest digest)`
	`43`	`+ public HssSigner()`
`36`	`44`	`{`
`37`		`- this.digest = digest;`
`38`	`45`	`}`
`39`	`46`
`40`	`47`	`@Override`
`41`	`48`	`public void init(boolean forSigning, CipherParameters param)`
`42`	`49`	`{`
`43`	`50`	`hss.init(forSigning, param);`
	`51`	`+ if (forSigning)`
	`52`	`+ {`
	`53`	`+ publicKeyParameters = ((HSSPrivateKeyParameters)param).getPublicKey();`
	`54`	`+ }`
	`55`	`+ else`
	`56`	`+ {`
	`57`	`+ publicKeyParameters = (HSSPublicKeyParameters)param;`
	`58`	`+ }`
`44`	`59`	`}`
`45`	`60`
`46`	`61`	`@Override`
`47`	`62`	`public void update(byte b)`
`48`	`63`	`{`
`49`		`- digest.update(b);`
	`64`	`+ stream.write(b);`
`50`	`65`	`}`
`51`	`66`
`52`	`67`	`@Override`
`53`	`68`	`public void update(byte[] in, int off, int len)`
`54`	`69`	`{`
`55`		`- digest.update(in, off, len);`
	`70`	`+ stream.write(in, off, len);`
`56`	`71`	`}`
`57`	`72`
`58`	`73`	`@Override`
`59`	`74`	`public byte[] generateSignature()`
`60`	`75`	`throws CryptoException, DataLengthException`
`61`	`76`	`{`
`62`		`- byte[] hash = new byte[digest.getDigestSize()];`
`63`		`- digest.doFinal(hash, 0);`
`64`		`- return hss.generateSignature(hash);`
	`77`	`+ byte[] msg = stream.toByteArray();`
	`78`	`+ stream.reset();`
	`79`	`+ return hss.generateSignature(msg);`
`65`	`80`	`}`
`66`	`81`
`67`	`82`	`@Override`
`68`	`83`	`public boolean verifySignature(byte[] signature)`
`69`	`84`	`{`
`70`		`- byte[] hash = new byte[digest.getDigestSize()];`
`71`		`- digest.doFinal(hash, 0);`
`72`		`- return hss.verifySignature(hash, signature);`
	`85`	`+ byte[] msg = stream.toByteArray();`
	`86`	`+ stream.reset();`
	`87`	`+ return hss.verifySignature(msg, signature);`
`73`	`88`	`}`
`74`	`89`
`75`	`90`	`@Override`
`76`	`91`	`public void reset()`
`77`	`92`	`{`
`78`		`- digest.reset();`
	`93`	`+ stream.reset();`
`79`	`94`	`}`
`80`	`95`	`}`
`81`	`96`	`}`