fixed checkstyle issue, initial experiment with ML-DSA seed files

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java

@@ -429,4 +429,18 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier hqc128 = pqc_kem_hqc.branch("1");
     ASN1ObjectIdentifier hqc192 = pqc_kem_hqc.branch("2");
     ASN1ObjectIdentifier hqc256 = pqc_kem_hqc.branch("3");
+
+    /**
+     * ML-KEM/ML-DSA seed parameters algorithms - temporary
+     * 
+     */
+    //TODO: delete before release
+    ASN1ObjectIdentifier id_id_alg_seed = bc.branch("10");
+
+    ASN1ObjectIdentifier id_id_alg_ml_dsa_44_seed = id_id_alg_seed.branch("1");
+    ASN1ObjectIdentifier id_id_alg_ml_dsa_65_seed = id_id_alg_seed.branch("2");
+    ASN1ObjectIdentifier id_id_alg_ml_dsa_87_seed = id_id_alg_seed.branch("3");
+    ASN1ObjectIdentifier id_id_alg_ml_kem_512_seed = id_id_alg_seed.branch("4");
+    ASN1ObjectIdentifier id_id_alg_ml_kem_768_seed = id_id_alg_seed.branch("5");
+    ASN1ObjectIdentifier id_id_alg_ml_kem_1024_seed = id_id_alg_seed.branch("6");
 }

core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java

@@ -279,6 +279,9 @@ class Utils
         mldsaParams.put(NISTObjectIdentifiers.id_ml_dsa_44, MLDSAParameters.ml_dsa_44);
         mldsaParams.put(NISTObjectIdentifiers.id_ml_dsa_65, MLDSAParameters.ml_dsa_65);
         mldsaParams.put(NISTObjectIdentifiers.id_ml_dsa_87, MLDSAParameters.ml_dsa_87);
+        mldsaParams.put(BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed, MLDSAParameters.ml_dsa_44);
+        mldsaParams.put(BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed, MLDSAParameters.ml_dsa_65);
+        mldsaParams.put(BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed, MLDSAParameters.ml_dsa_87);
         mldsaParams.put(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512, MLDSAParameters.ml_dsa_44_with_sha512);
         mldsaParams.put(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512, MLDSAParameters.ml_dsa_65_with_sha512);
         mldsaParams.put(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512, MLDSAParameters.ml_dsa_87_with_sha512);

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLDSAPrivateKey.java

@@ -25,4 +25,12 @@ public interface MLDSAPrivateKey
      * @return the seed for the private key, null if not available.
      */
     byte[] getSeed();
+
+    /**
+     * Return the encoding of the key or an encoding of its key generation parameters (the seed).
+     *
+     * @param asKeyGenParams return a key gen parameters structure.
+     * @return a PKCS#8 of the private key encoding, or a PKCS#8 of the seed.
+     */
+    byte[] getEncoded(boolean asKeyGenParams);
 }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/BCMLDSAPrivateKey.java

@@ -91,6 +91,21 @@ public final String getAlgorithm()
         return algorithm;
     }
 
+    public byte[] getEncoded(boolean asKeyGenParams)
+    {
+        if (asKeyGenParams)
+        {
+            byte[] seed = params.getSeed();
+            if (seed == null)
+            {
+                return null;
+            }
+            return KeyUtil.getEncodedPrivateKeyInfo(getParameterSpec(), seed, attributes);
+        }
+
+        return getEncoded();
+    }
+
     public byte[] getEncoded()
     {
         if (encoding == null)

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/MLDSAKeyFactorySpi.java

@@ -13,6 +13,7 @@
 import java.util.Set;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -44,14 +45,22 @@ public class MLDSAKeyFactorySpi
         hashKeyOids.add(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512);
     }
 
+    private final boolean isHashOnly;
+
     public MLDSAKeyFactorySpi(Set<ASN1ObjectIdentifier> keyOids)
     {
         super(keyOids);
+
+        this.isHashOnly = false;
     }
 
-    public MLDSAKeyFactorySpi(ASN1ObjectIdentifier keyOid)
+    public MLDSAKeyFactorySpi(ASN1ObjectIdentifier keyOid, ASN1ObjectIdentifier seedOid)
     {
-        super(keyOid);
+        super(setOf(keyOid, seedOid));
+
+        this.isHashOnly = (keyOid.equals(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512)
+            || keyOid.equals(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512)
+            || keyOid.equals(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512));
     }
 
     public final KeySpec engineGetKeySpec(Key key, Class keySpec)
@@ -165,7 +174,37 @@ public PublicKey engineGeneratePublic(
     public PrivateKey generatePrivate(PrivateKeyInfo keyInfo)
         throws IOException
     {
-        return new BCMLDSAPrivateKey(keyInfo);
+        BCMLDSAPrivateKey key = new BCMLDSAPrivateKey(keyInfo);
+
+        if (!isHashOnly || (key.getAlgorithm().indexOf("WITH") > 0))
+        {
+            return key;
+        }
+
+        // keyfactory for hash-only, convert key to hash-only.
+        MLDSAPrivateKeyParameters kParams = key.getKeyParams();
+        MLDSAParameters mldsaParameters = null;
+        if (kParams.getParameters().equals(MLDSAParameters.ml_dsa_44))
+        {
+            mldsaParameters = MLDSAParameters.ml_dsa_44_with_sha512;
+        }
+        else if (kParams.getParameters().equals(MLDSAParameters.ml_dsa_65))
+        {
+            mldsaParameters = MLDSAParameters.ml_dsa_65_with_sha512;
+        }
+        else if (kParams.getParameters().equals(MLDSAParameters.ml_dsa_87))
+        {
+            mldsaParameters = MLDSAParameters.ml_dsa_87_with_sha512;
+        }
+        else
+        {
+            throw new IllegalStateException("unknown ML-DSA parameters");
+        }
+        
+        MLDSAPrivateKeyParameters hkParams = new MLDSAPrivateKeyParameters(
+            mldsaParameters, kParams.getRho(), kParams.getK(), kParams.getTr(), kParams.getS1(), kParams.getS2(), kParams.getT0(), kParams.getT1(), kParams.getSeed());
+
+        return new BCMLDSAPrivateKey(hkParams);
     }
 
     public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo)
@@ -188,7 +227,7 @@ public static class MLDSA44
     {
         public MLDSA44()
         {
-            super(NISTObjectIdentifiers.id_ml_dsa_44);
+            super(NISTObjectIdentifiers.id_ml_dsa_44, BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed);
         }
     }
 
@@ -197,7 +236,7 @@ public static class MLDSA65
     {
         public MLDSA65()
         {
-            super(NISTObjectIdentifiers.id_ml_dsa_65);
+            super(NISTObjectIdentifiers.id_ml_dsa_65, BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed);
         }
     }
 
@@ -206,7 +245,7 @@ public static class MLDSA87
     {
         public MLDSA87()
         {
-            super(NISTObjectIdentifiers.id_ml_dsa_87);
+            super(NISTObjectIdentifiers.id_ml_dsa_87, BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed);
         }
     }
 
@@ -224,7 +263,7 @@ public static class HashMLDSA44
     {
         public HashMLDSA44()
         {
-            super(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512);
+            super(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512, BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed);
         }
     }
 
@@ -233,7 +272,7 @@ public static class HashMLDSA65
     {
         public HashMLDSA65()
         {
-            super(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512);
+            super(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512, BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed);
         }
     }
 
@@ -242,7 +281,7 @@ public static class HashMLDSA87
     {
         public HashMLDSA87()
         {
-            super(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512);
+            super(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512, BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed);
         }
     }
 }

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/BaseKeyFactorySpi.java

@@ -7,6 +7,7 @@
 import java.security.spec.KeySpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -33,6 +34,16 @@ protected BaseKeyFactorySpi(ASN1ObjectIdentifier keyOid)
         this.keyOids = null;
     }
 
+    protected static Set setOf(ASN1ObjectIdentifier oid1, ASN1ObjectIdentifier oid2)
+    {
+        Set hashSet = new HashSet(2);
+
+        hashSet.add(oid1);
+        hashSet.add(oid2);
+
+        return hashSet;
+    }
+
     public PrivateKey engineGeneratePrivate(KeySpec keySpec)
         throws InvalidKeySpecException
     {

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.java

@@ -1,12 +1,16 @@
 package org.bouncycastle.pqc.jcajce.provider.util;
 
+import java.security.spec.AlgorithmParameterSpec;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
 import org.bouncycastle.pqc.crypto.util.PrivateKeyInfoFactory;
 import org.bouncycastle.pqc.crypto.util.SubjectPublicKeyInfoFactory;
 
@@ -91,6 +95,45 @@ public static byte[] getEncodedPrivateKeyInfo(PrivateKeyInfo info)
          }
     }
 
+    public static byte[] getEncodedPrivateKeyInfo(AlgorithmParameterSpec paramSpec, byte[] seed, ASN1Set attributes)
+    {
+        byte[] enc = null;
+
+        try
+        {
+            if (paramSpec instanceof MLDSAParameterSpec)
+            {
+                String name = ((MLDSAParameterSpec)paramSpec).getName();
+                if (name.equals(MLDSAParameterSpec.ml_dsa_44.getName()) || name.equals(MLDSAParameterSpec.ml_dsa_44_with_sha512.getName()))
+                {
+                    enc = new PrivateKeyInfo(new AlgorithmIdentifier(BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed), seed, attributes).getEncoded();
+                }
+                else if (name.equals(MLDSAParameterSpec.ml_dsa_65.getName()) || name.equals(MLDSAParameterSpec.ml_dsa_65_with_sha512.getName()))
+                {
+                    enc = new PrivateKeyInfo(new AlgorithmIdentifier(BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed), seed, attributes).getEncoded();
+                }
+                else if (name.equals(MLDSAParameterSpec.ml_dsa_87.getName()) || name.equals(MLDSAParameterSpec.ml_dsa_87_with_sha512.getName()))
+                {
+                    enc = new PrivateKeyInfo(new AlgorithmIdentifier(BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed), seed, attributes).getEncoded();
+                }
+                else
+                {
+                    throw new IllegalStateException("unknown ML-DSA algorithm");
+                }
+            }
+        }
+        catch (IllegalStateException e)
+        {
+            throw e;
+        }
+        catch (Exception e)
+        {
+            return null;
+        }
+
+        return enc;
+    }
+
     public static byte[] getEncodedPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes)
     {
         if (!privateKey.isPrivate())

prov/src/test/java/org/bouncycastle/pqc/jcajce/provider/test/MLDSATest.java

@@ -124,6 +124,7 @@ private void tryKeyFact(KeyFactory kFact, KeyPair kpValid, KeyPair kpInvalid, St
         throws Exception
     {
         kFact.generatePrivate(new PKCS8EncodedKeySpec(kpValid.getPrivate().getEncoded()));
+        kFact.generatePrivate(new PKCS8EncodedKeySpec(((MLDSAPrivateKey)kpValid.getPrivate()).getEncoded(true)));
         kFact.generatePublic(new X509EncodedKeySpec(kpValid.getPublic().getEncoded()));
 
         try