Merge remote-tracking branch 'origin/main'

Author: mwcw

core/build.gradle

@@ -8,6 +8,7 @@ application {
     mainClass.set("org.bouncycastle.crypto.fpe.SP80038GMicroBenchmark")
 }
 
+jar.archiveBaseName = "bccore-$vmrange"
 
 test {
     forkEvery = 1;

core/src/main/java/org/bouncycastle/pqc/crypto/crystals/dilithium/Packing.java

@@ -22,7 +22,7 @@ static PolyVecK unpackPublicKey(PolyVecK t1, byte[] publicKey, DilithiumEngine e
 
         for (i = 0; i < engine.getDilithiumK(); ++i)
         {
-            t1.getVectorIndex(i).polyt1Unpack(Arrays.copyOfRange(publicKey, i * DilithiumEngine.DilithiumPolyT1PackedBytes, DilithiumEngine.SeedBytes + (i + 1) * DilithiumEngine.DilithiumPolyT1PackedBytes));
+            t1.getVectorIndex(i).polyt1Unpack(Arrays.copyOfRange(publicKey, i * DilithiumEngine.DilithiumPolyT1PackedBytes, (i + 1) * DilithiumEngine.DilithiumPolyT1PackedBytes));
         }
         return t1;
     }

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/Packing.java

@@ -22,7 +22,7 @@ static PolyVecK unpackPublicKey(PolyVecK t1, byte[] publicKey, MLDSAEngine engin
 
         for (i = 0; i < engine.getDilithiumK(); ++i)
         {
-            t1.getVectorIndex(i).polyt1Unpack(Arrays.copyOfRange(publicKey, i * MLDSAEngine.DilithiumPolyT1PackedBytes, MLDSAEngine.SeedBytes + (i + 1) * MLDSAEngine.DilithiumPolyT1PackedBytes));
+            t1.getVectorIndex(i).polyt1Unpack(Arrays.copyOfRange(publicKey, i * MLDSAEngine.DilithiumPolyT1PackedBytes, (i + 1) * MLDSAEngine.DilithiumPolyT1PackedBytes));
         }
         return t1;
     }

core/src/test/java/org/bouncycastle/pqc/crypto/test/AllTests.java

@@ -39,6 +39,7 @@ public static Test suite()
         suite.addTestSuite(FalconTest.class);
         suite.addTestSuite(MLKEMTest.class);
         suite.addTestSuite(CrystalsDilithiumTest.class);
+        suite.addTestSuite(MLDSATest.class);
         suite.addTestSuite(NTRULPRimeTest.class);
         suite.addTestSuite(SNTRUPrimeTest.class);
         suite.addTestSuite(BIKETest.class);

core/src/test/java/org/bouncycastle/pqc/crypto/test/MLDSATest.java

@@ -0,0 +1,317 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.crystals.dilithium.*;
+import org.bouncycastle.pqc.crypto.mldsa.*;
+import org.bouncycastle.pqc.crypto.util.PrivateKeyFactory;
+import org.bouncycastle.pqc.crypto.util.PrivateKeyInfoFactory;
+import org.bouncycastle.pqc.crypto.util.PublicKeyFactory;
+import org.bouncycastle.pqc.crypto.util.SubjectPublicKeyInfoFactory;
+import org.bouncycastle.test.TestResourceFinder;
+import org.bouncycastle.util.Arrays;
+
+import org.bouncycastle.util.encoders.Hex;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.SecureRandom;
+import java.util.HashMap;
+
+public class MLDSATest extends TestCase
+{
+    public void testKeyGen() throws IOException
+    {
+        String[] files = new String[]{
+                "keyGen_ML-DSA-44.txt",
+                "keyGen_ML-DSA-65.txt",
+                "keyGen_ML-DSA-87.txt",
+        };
+
+        MLDSAParameters[] params = new MLDSAParameters[]{
+                MLDSAParameters.ml_dsa_44,
+                MLDSAParameters.ml_dsa_65,
+                MLDSAParameters.ml_dsa_87,
+        };
+
+        TestSampler sampler = new TestSampler();
+        for (int fileIndex = 0; fileIndex != files.length; fileIndex++)
+        {
+            String name = files[fileIndex];
+            // System.out.println("testing: " + name);
+            InputStream src = TestResourceFinder.findTestResource("pqc/crypto/dilithium/acvp", name);
+            BufferedReader bin = new BufferedReader(new InputStreamReader(src));
+
+            String line = null;
+            HashMap<String, String> buf = new HashMap<String, String>();
+            while ((line = bin.readLine()) != null)
+            {
+                line = line.trim();
+
+                if (line.startsWith("#"))
+                {
+                    continue;
+                }
+                if (line.length() == 0)
+                {
+                    if (buf.size() > 0)
+                    {
+                        byte[] seed = Hex.decode((String) buf.get("seed"));
+                        byte[] pk = Hex.decode((String) buf.get("pk"));
+                        byte[] sk = Hex.decode((String) buf.get("sk"));
+
+                        MLDSAParameters parameters = params[fileIndex];
+
+                        MLDSAKeyPairGenerator kpGen = new MLDSAKeyPairGenerator();
+                        MLDSAKeyGenerationParameters genParam = new MLDSAKeyGenerationParameters(new SecureRandom(), parameters);
+                        //
+                        // Generate keys and test.
+                        //
+                        kpGen.init(genParam);
+                        AsymmetricCipherKeyPair kp = kpGen.internalGenerateKeyPair(seed);
+
+                        MLDSAPublicKeyParameters pubParams = (MLDSAPublicKeyParameters) PublicKeyFactory.createKey(
+                                SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(kp.getPublic()));
+                        MLDSAPrivateKeyParameters privParams = (MLDSAPrivateKeyParameters) PrivateKeyFactory.createKey(
+                                PrivateKeyInfoFactory.createPrivateKeyInfo(kp.getPrivate()));
+
+
+
+
+                        assertTrue(name + ": public key", Arrays.areEqual(pk, pubParams.getEncoded()));
+                        assertTrue(name + ": secret key", Arrays.areEqual(sk, privParams.getEncoded()));
+
+                    }
+                    buf.clear();
+
+                    continue;
+                }
+
+                int a = line.indexOf("=");
+                if (a > -1)
+                {
+                    buf.put(line.substring(0, a).trim(), line.substring(a + 1).trim());
+                }
+            }
+            // System.out.println("testing successful!");
+        }
+    }
+
+    public void testSigGen() throws IOException
+    {
+        String[] files = new String[]{
+                "sigGen_ML-DSA-44.txt",
+                "sigGen_ML-DSA-65.txt",
+                "sigGen_ML-DSA-87.txt",
+        };
+
+        MLDSAParameters[] params = new MLDSAParameters[]{
+                MLDSAParameters.ml_dsa_44,
+                MLDSAParameters.ml_dsa_65,
+                MLDSAParameters.ml_dsa_87,
+        };
+
+        TestSampler sampler = new TestSampler();
+        for (int fileIndex = 0; fileIndex != files.length; fileIndex++)
+        {
+            String name = files[fileIndex];
+            // System.out.println("testing: " + name);
+            InputStream src = TestResourceFinder.findTestResource("pqc/crypto/dilithium/acvp", name);
+            BufferedReader bin = new BufferedReader(new InputStreamReader(src));
+
+            String line = null;
+            HashMap<String, String> buf = new HashMap<String, String>();
+            while ((line = bin.readLine()) != null)
+            {
+                line = line.trim();
+
+                if (line.startsWith("#"))
+                {
+                    continue;
+                }
+                if (line.length() == 0)
+                {
+                    if (buf.size() > 0)
+                    {
+                        boolean deterministic = !buf.containsKey("rnd");
+                        byte[] sk = Hex.decode((String) buf.get("sk"));
+                        byte[] message = Hex.decode((String) buf.get("message"));
+                        byte[] signature = Hex.decode((String) buf.get("signature"));
+                        byte[] rnd = new byte[32];
+                        if (!deterministic)
+                        {
+                            rnd = Hex.decode((String) buf.get("rnd"));
+                        }
+
+                        MLDSAParameters parameters = params[fileIndex];
+
+                        MLDSAPrivateKeyParameters privParams = new MLDSAPrivateKeyParameters(parameters, sk, null);
+
+                        // sign
+                        MLDSASigner signer = new MLDSASigner();
+
+                        signer.init(true, privParams);
+                        byte[] sigGenerated = signer.internalGenerateSignature(message, rnd);
+
+                        assertTrue(Arrays.areEqual(sigGenerated, signature));
+                    }
+                    buf.clear();
+
+                    continue;
+                }
+
+                int a = line.indexOf("=");
+                if (a > -1)
+                {
+                    buf.put(line.substring(0, a).trim(), line.substring(a + 1).trim());
+                }
+            }
+            // System.out.println("testing successful!");
+        }
+    }
+
+    public void testSigVer() throws IOException
+    {
+        String[] files = new String[]{
+                "sigVer_ML-DSA-44.txt",
+                "sigVer_ML-DSA-65.txt",
+                "sigVer_ML-DSA-87.txt",
+        };
+
+        MLDSAParameters[] params = new MLDSAParameters[]{
+                MLDSAParameters.ml_dsa_44,
+                MLDSAParameters.ml_dsa_65,
+                MLDSAParameters.ml_dsa_87,
+        };
+
+        TestSampler sampler = new TestSampler();
+        for (int fileIndex = 0; fileIndex != files.length; fileIndex++)
+        {
+            String name = files[fileIndex];
+            // System.out.println("testing: " + name);
+            InputStream src = TestResourceFinder.findTestResource("pqc/crypto/dilithium/acvp", name);
+            BufferedReader bin = new BufferedReader(new InputStreamReader(src));
+
+            String line = null;
+            HashMap<String, String> buf = new HashMap<String, String>();
+            while ((line = bin.readLine()) != null)
+            {
+                line = line.trim();
+
+                if (line.startsWith("#"))
+                {
+                    continue;
+                }
+                if (line.length() == 0)
+                {
+                    if (buf.size() > 0)
+                    {
+                        boolean testPassed = Boolean.parseBoolean((String) buf.get("testPassed"));
+                        String reason = buf.get("reason");
+                        byte[] pk = Hex.decode((String) buf.get("pk"));
+                        byte[] sk = Hex.decode((String) buf.get("sk"));
+                        byte[] message = Hex.decode((String) buf.get("message"));
+                        byte[] signature = Hex.decode((String) buf.get("signature"));
+
+                        MLDSAParameters parameters = params[fileIndex];
+
+                        MLDSAPublicKeyParameters pubParams = new MLDSAPublicKeyParameters(parameters, pk);
+                        MLDSAPrivateKeyParameters privParams = new MLDSAPrivateKeyParameters(parameters, sk, null);
+
+
+                        MLDSASigner verifier = new MLDSASigner();
+                        verifier.init(false, pubParams);
+
+                        boolean ver = verifier.internalVerifySignature(message, signature);
+                        assertEquals("expected " + testPassed + " " + reason, testPassed, ver);
+                    }
+                    buf.clear();
+
+                    continue;
+                }
+
+                int a = line.indexOf("=");
+                if (a > -1)
+                {
+                    buf.put(line.substring(0, a).trim(), line.substring(a + 1).trim());
+                }
+            }
+            // System.out.println("testing successful!");
+        }
+    }
+
+    public void testRNG()
+    {
+        String temp = "061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1";
+        byte[] seed = Hex.decode(temp);
+
+        NISTSecureRandom r = new NISTSecureRandom(seed, null);
+
+        String testBytesString = "7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2D";
+        byte[] testBytes = Hex.decode(testBytesString);
+
+        byte[] randBytes = new byte[testBytes.length];
+        r.nextBytes(randBytes);
+
+        assertTrue(Arrays.areEqual(randBytes, testBytes));
+    }
+
+
+    public void testMLDSARandom()
+    {
+
+        MLDSAKeyPairGenerator keyGen = new MLDSAKeyPairGenerator();
+
+        SecureRandom random = new SecureRandom();
+
+        for (MLDSAParameters param : new MLDSAParameters[]{MLDSAParameters.ml_dsa_44, MLDSAParameters.ml_dsa_65, MLDSAParameters.ml_dsa_87})
+        {
+            keyGen.init(new MLDSAKeyGenerationParameters(random, param));
+            for (int msgSize = 0; msgSize < 2049; )
+            {
+                byte[] msg = new byte[msgSize];
+                if (msgSize < 128)
+                {
+                    msgSize += 1;
+                }
+                else
+                {
+                    msgSize += 12;
+                }
+                for (int i = 0; i != 100; i++)
+                {
+                    random.nextBytes(msg);
+                    AsymmetricCipherKeyPair keyPair = keyGen.generateKeyPair();
+
+                    // sign
+                    MLDSASigner signer = new MLDSASigner();
+                    MLDSAPrivateKeyParameters skparam = (MLDSAPrivateKeyParameters) keyPair.getPrivate();
+                    ParametersWithRandom skwrand = new ParametersWithRandom(skparam, random);
+                    signer.init(true, skwrand);
+
+                    byte[] sigGenerated = signer.generateSignature(msg);
+
+                    // verify
+                    MLDSASigner verifier = new MLDSASigner();
+                    MLDSAPublicKeyParameters pkparam = (MLDSAPublicKeyParameters) keyPair.getPublic();
+                    verifier.init(false, pkparam);
+
+                    boolean ok = verifier.verifySignature(msg, sigGenerated);
+
+                    if (!ok) {
+                        System.out.println("Verify failed");
+                        System.out.println("MSG:"+Hex.toHexString(msg));
+                        System.out.println("SIG: "+Hex.toHexString(sigGenerated));
+                        System.out.println("PK: "+Hex.toHexString(pkparam.getEncoded()));
+                        System.out.println("SK: "+Hex.toHexString(skparam.getEncoded()));
+                    }
+
+                    assertTrue("count = " + i, ok);
+                }
+            }
+        }
+    }
+}

core/src/test/java/org/bouncycastle/pqc/crypto/test/MLKEMTest.java

@@ -289,7 +289,6 @@ public void testModulus() throws IOException
             String line = null;
             while ((line = bin.readLine()) != null)
             {
-                line = line.trim();
                 line = line.trim();
                 byte[] key = Hex.decode(line);
                 MLKEMParameters parameters = params[fileIndex];

osgi_scan.xml

@@ -17,8 +17,7 @@
 
     <jar file="${ENV.BCHOME}/libs/jakarta.activation-api-2.0.0.jar"/>
     <jar file="${ENV.BCHOME}/libs/jakarta.mail-2.0.1.jar"/>
-    <jar file="${ENV.BCHOME}/core/build/libs/core-${version}.jar"/>
-    <jar file="${ENV.BCHOME}/core/build/libs/core-${version}.jar"/>
+    <jar file="${ENV.BCHOME}/core/build/libs/bccore-jdk18on-${version}.jar"/>
     <jar file="${ENV.BCHOME}/jmail/build/libs/bcjmail-jdk18on-${version}.jar"/>
     <jar file="${ENV.BCHOME}/mls/build/libs/bcmls-jdk18on-${version}.jar"/>
     <jar file="${ENV.BCHOME}/pg/build/libs/bcpg-jdk18on-${version}.jar"/>
@@ -60,4 +59,4 @@
 
     </bundle>
 
-</osgiscanner>
+</osgiscanner>

pkix/src/main/java/org/bouncycastle/cert/selector/X509CertificateHolderSelector.java

@@ -55,7 +55,7 @@ public X509CertificateHolderSelector(X500Name issuer, BigInteger serialNumber, b
     {
         this.issuer = issuer;
         this.serialNumber = serialNumber;
-        this.subjectKeyId = subjectKeyId;
+        this.subjectKeyId = Arrays.clone(subjectKeyId);
     }
 
     public X500Name getIssuer()