moved ML-DSA to SHA-512 as the default message digest (CNSA compliance)

dghgit · dghgit · commit 03e8aeb350fa · 2025-10-02T20:23:32.000+10:00
diff --git a/pkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java b/pkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
@@ -161,9 +161,9 @@ public class DefaultDigestAlgorithmIdentifierFinder
         digestOids.put(NISTObjectIdentifiers.id_hash_slh_dsa_shake_256s_with_shake256, NISTObjectIdentifiers.id_shake256);
         digestOids.put(NISTObjectIdentifiers.id_hash_slh_dsa_shake_256f_with_shake256, NISTObjectIdentifiers.id_shake256);
 
-        digestOids.put(NISTObjectIdentifiers.id_ml_dsa_44, NISTObjectIdentifiers.id_shake256);
-        digestOids.put(NISTObjectIdentifiers.id_ml_dsa_65, NISTObjectIdentifiers.id_shake256);
-        digestOids.put(NISTObjectIdentifiers.id_ml_dsa_87, NISTObjectIdentifiers.id_shake256);
+        digestOids.put(NISTObjectIdentifiers.id_ml_dsa_44, NISTObjectIdentifiers.id_sha512);
+        digestOids.put(NISTObjectIdentifiers.id_ml_dsa_65, NISTObjectIdentifiers.id_sha512);
+        digestOids.put(NISTObjectIdentifiers.id_ml_dsa_87, NISTObjectIdentifiers.id_sha512);
         digestOids.put(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512, NISTObjectIdentifiers.id_sha512);
         digestOids.put(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512, NISTObjectIdentifiers.id_sha512);
         digestOids.put(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512, NISTObjectIdentifiers.id_sha512);
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/PQCSignedDataTest.java
@@ -586,6 +586,11 @@ public void testMLDSAEncapsulated()
 
         CMSSignedData s = gen.generate(msg, true);
 
+        AlgorithmIdentifier digestAlgorithmID = s.getSignerInfos().getSigners().iterator().next().getDigestAlgorithmID();
+        // CNSA compliance requires SHA-384 or SHA-512. We now default to SHA-512
+        assertEquals(NISTObjectIdentifiers.id_sha512, digestAlgorithmID.getAlgorithm());
+        assertNull(digestAlgorithmID.getParameters());
+
         checkSignature(s, gen);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -586,6 +586,11 @@ public void testMLDSAEncapsulated()`
`586`	`586`
`587`	`587`	`CMSSignedData s = gen.generate(msg, true);`
`588`	`588`
	`589`	`+ AlgorithmIdentifier digestAlgorithmID = s.getSignerInfos().getSigners().iterator().next().getDigestAlgorithmID();`
	`590`	`+ // CNSA compliance requires SHA-384 or SHA-512. We now default to SHA-512`
	`591`	`+ assertEquals(NISTObjectIdentifiers.id_sha512, digestAlgorithmID.getAlgorithm());`
	`592`	`+ assertNull(digestAlgorithmID.getParameters());`
	`593`	`+`
`589`	`594`	`checkSignature(s, gen);`
`590`	`595`	`}`
`591`	`596`