Add X25519 private to public key extraction and use for HPKE opening

Avoids the need to pass the full key pair when opening a sealed piece
of ciphertext, since we can just extract the public key on-demand.

Uses BouncyCastle X25519 utils under the hood.

1 files changed, 2 insertions, 7 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/hpke/DHKemX25519HkdfSha256.java b/security-utils/src/main/java/com/yahoo/security/hpke/DHKemX25519HkdfSha256.java
index 430a9d57097..8f6dffcb9c2 100644
--- a/security-utils/src/main/java/com/yahoo/security/hpke/DHKemX25519HkdfSha256.java
+++ b/security-utils/src/main/java/com/yahoo/security/hpke/DHKemX25519HkdfSha256.java
@@ -118,18 +118,13 @@ final class DHKemX25519HkdfSha256 implements Kem {
      *   shared_secret = ExtractAndExpand(dh, kem_context)
      *   return shared_secret
      * </pre>
-     *
-     * Implementation note: we take in the key pair to avoid needing to compute the public key (TODO!)
      */
     @Override
-    public byte[] decap(byte[] enc, KeyPair kpR) {
+    public byte[] decap(byte[] enc, XECPrivateKey skR) {
         var pkE = deserializePublicKey(enc);
-
-        var skR = (XECPrivateKey)kpR.getPrivate();
-        var pkR = (XECPublicKey)kpR.getPublic();
         byte[] dh = KeyUtils.ecdh(skR, pkE);
 
-        byte[] pkRm = serializePublicKey(pkR);
+        byte[] pkRm = serializePublicKey(KeyUtils.extractX25519PublicKey(skR));
         byte[] kemContext = concat(enc, pkRm);
 
         return extractAndExpand(dh, kemContext);