Add X25519 private to public key extraction and use for HPKE opening

Avoids the need to pass the full key pair when opening a sealed piece
of ciphertext, since we can just extract the public key on-demand.

Uses BouncyCastle X25519 utils under the hood.

1 files changed, 9 insertions, 0 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
index 9fe64baa80a..cef0dd9a62e 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
@@ -13,6 +13,7 @@ import org.bouncycastle.jce.spec.ECParameterSpec;
 import org.bouncycastle.jce.spec.ECPublicKeySpec;
 import org.bouncycastle.math.ec.ECPoint;
 import org.bouncycastle.math.ec.FixedPointCombMultiplier;
+import org.bouncycastle.math.ec.rfc7748.X25519;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
@@ -317,6 +318,14 @@ public class KeyUtils {
         }
     }
 
+    // TODO unify with extractPublicKey()
+    public static XECPublicKey extractX25519PublicKey(XECPrivateKey privateKey) {
+        byte[] privScalar = toRawX25519PrivateKeyBytes(privateKey);
+        byte[] pubPoint = new byte[X25519.POINT_SIZE];
+        X25519.generatePublicKey(privScalar, 0, pubPoint, 0); // scalarMultBase => public key point
+        return fromRawX25519PublicKey(pubPoint);
+    }
+
     /**
      * Computes a shared secret using the Elliptic Curve Diffie-Hellman (ECDH) protocol for X25519 curves.
      * <p>