Add Mayo to PQC Provider

Author: gefeili

core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java

@@ -248,7 +248,7 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier falcon = bc_sig.branch("7");
 
     ASN1ObjectIdentifier falcon_512 = new ASN1ObjectIdentifier("1.3.9999.3.6");  // falcon.branch("1");
-    ASN1ObjectIdentifier falcon_1024 =  new ASN1ObjectIdentifier("1.3.9999.3.9"); // falcon.branch("2");
+    ASN1ObjectIdentifier falcon_1024 = new ASN1ObjectIdentifier("1.3.9999.3.9"); // falcon.branch("2");
 
     /*
      * Dilithium
@@ -403,15 +403,15 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier ntrulpr953 = pqc_kem_ntrulprime.branch("4");
     ASN1ObjectIdentifier ntrulpr1013 = pqc_kem_ntrulprime.branch("5");
     ASN1ObjectIdentifier ntrulpr1277 = pqc_kem_ntrulprime.branch("6");
-    
+
     ASN1ObjectIdentifier pqc_kem_sntruprime = pqc_kem_ntruprime.branch("2");
     ASN1ObjectIdentifier sntrup653 = pqc_kem_sntruprime.branch("1");
     ASN1ObjectIdentifier sntrup761 = pqc_kem_sntruprime.branch("2");
     ASN1ObjectIdentifier sntrup857 = pqc_kem_sntruprime.branch("3");
     ASN1ObjectIdentifier sntrup953 = pqc_kem_sntruprime.branch("4");
     ASN1ObjectIdentifier sntrup1013 = pqc_kem_sntruprime.branch("5");
     ASN1ObjectIdentifier sntrup1277 = pqc_kem_sntruprime.branch("6");
-    
+
     /**
      * BIKE
      **/
@@ -432,7 +432,6 @@ public interface BCObjectIdentifiers
 
     /**
      * ML-KEM/ML-DSA seed parameters algorithms - temporary
-     * 
      */
     //TODO: delete before release
     ASN1ObjectIdentifier id_id_alg_seed = bc.branch("10");
@@ -443,4 +442,13 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier id_id_alg_ml_kem_512_seed = id_id_alg_seed.branch("4");
     ASN1ObjectIdentifier id_id_alg_ml_kem_768_seed = id_id_alg_seed.branch("5");
     ASN1ObjectIdentifier id_id_alg_ml_kem_1024_seed = id_id_alg_seed.branch("6");
+
+    /**
+     * Mayo
+     */
+    ASN1ObjectIdentifier mayo = bc_sig.branch("10");
+    ASN1ObjectIdentifier mayo1 = mayo.branch("1");
+    ASN1ObjectIdentifier mayo2 = mayo.branch("2");
+    ASN1ObjectIdentifier mayo3 = mayo.branch("3");
+    ASN1ObjectIdentifier mayo5 = mayo.branch("4");
 }

core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoKeyPairGenerator.java

@@ -110,6 +110,6 @@ public AsymmetricCipherKeyPair generateKeyPair()
         Arrays.clear(O);
         Arrays.clear(P3);
 
-        return new AsymmetricCipherKeyPair(new MayoPublicKeyParameter(p, cpk), new MayoPrivateKeyParameter(p, seed_sk));
+        return new AsymmetricCipherKeyPair(new MayoPublicKeyParameters(p, cpk), new MayoPrivateKeyParameters(p, seed_sk));
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoParameters.java

@@ -2,7 +2,7 @@
 
 public class MayoParameters
 {
-    public static final MayoParameters MAYO1 = new MayoParameters(
+    public static final MayoParameters mayo1 = new MayoParameters(
         "MAYO_1",          // name
         86,                 // n
         78,                 // m
@@ -30,7 +30,7 @@ public class MayoParameters
         24                  // sk_seed_bytes
     );
 
-    public static final MayoParameters MAYO2 = new MayoParameters(
+    public static final MayoParameters mayo2 = new MayoParameters(
         "MAYO_2",          // name
         81,                 // n
         64,                 // m
@@ -58,7 +58,7 @@ public class MayoParameters
         24                  // sk_seed_bytes
     );
 
-    public static final MayoParameters MAYO3 = new MayoParameters(
+    public static final MayoParameters mayo3 = new MayoParameters(
         "MAYO_3",          // name
         118,                // n
         108,                // m
@@ -86,7 +86,7 @@ public class MayoParameters
         32                  // sk_seed_bytes
     );
 
-    public static final MayoParameters MAYO5 = new MayoParameters(
+    public static final MayoParameters mayo5 = new MayoParameters(
         "MAYO_5",          // name
         154,                // n
         142,                // m

core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoPrivateKeyParameter.java

@@ -0,0 +1,25 @@
+package org.bouncycastle.pqc.crypto.mayo;
+
+import org.bouncycastle.util.Arrays;
+
+public class MayoPrivateKeyParameters
+    extends MayoKeyParameters
+{
+    private final byte[] seed_sk;
+
+    public MayoPrivateKeyParameters(MayoParameters params, byte[] seed_sk)
+    {
+        super(true, params);
+        this.seed_sk = seed_sk;
+    }
+
+    public byte[] getEncoded()
+    {
+        return Arrays.clone(seed_sk);
+    }
+
+    public byte[] getSeedSk()
+    {
+        return Arrays.clone(seed_sk);
+    }
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoPrivateKeyParameters.java

@@ -2,13 +2,12 @@
 
 import org.bouncycastle.util.Arrays;
 
-public class MayoPublicKeyParameter
+public class MayoPublicKeyParameters
     extends MayoKeyParameters
 {
-    // Represents the field: uint64_t p[P1_LIMBS_MAX + P2_LIMBS_MAX + P3_LIMBS_MAX];
     private final byte[] p;
 
-    public MayoPublicKeyParameter(MayoParameters params, byte[] p)
+    public MayoPublicKeyParameters(MayoParameters params, byte[] p)
     {
         super(false, params);
         this.p = p;

…/crypto/mayo/MayoPublicKeyParameter.java …crypto/mayo/MayoPublicKeyParameters.javacore/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoPublicKeyParameter.java renamed to core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoPublicKeyParameters.java core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoPublicKeyParameter.java renamed to core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoPublicKeyParameters.java

@@ -16,8 +16,8 @@ public class MayoSigner
 {
     private SecureRandom random;
     MayoParameters params;
-    private MayoPublicKeyParameter pubKey;
-    private MayoPrivateKeyParameter privKey;
+    private MayoPublicKeyParameters pubKey;
+    private MayoPrivateKeyParameters privKey;
 
     @Override
     public void init(boolean forSigning, CipherParameters param)
@@ -30,19 +30,19 @@ public void init(boolean forSigning, CipherParameters param)
             if (param instanceof ParametersWithRandom)
             {
                 ParametersWithRandom withRandom = (ParametersWithRandom)param;
-                privKey = (MayoPrivateKeyParameter)withRandom.getParameters();
+                privKey = (MayoPrivateKeyParameters)withRandom.getParameters();
                 random = withRandom.getRandom();
             }
             else
             {
-                privKey = (MayoPrivateKeyParameter)param;
+                privKey = (MayoPrivateKeyParameters)param;
                 random = null;
             }
             params = privKey.getParameters();
         }
         else
         {
-            pubKey = (MayoPublicKeyParameter)param;
+            pubKey = (MayoPublicKeyParameters)param;
             params = pubKey.getParameters();
             privKey = null;
             random = null;

core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoSigner.java

@@ -43,6 +43,8 @@
 import org.bouncycastle.pqc.crypto.hqc.HQCParameters;
 import org.bouncycastle.pqc.crypto.hqc.HQCPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.lms.HSSPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.mayo.MayoParameters;
+import org.bouncycastle.pqc.crypto.mayo.MayoPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
@@ -183,7 +185,7 @@ else if (algOID.on(BCObjectIdentifiers.sphincsPlus) || algOID.on(BCObjectIdentif
                 return new SPHINCSPlusPrivateKeyParameters(spParams, ASN1OctetString.getInstance(obj).getOctets());
             }
         }
-        else if (Utils.shldsaParams.containsKey(algOID))
+        else if (Utils.slhdsaParams.containsKey(algOID))
         {
             SLHDSAParameters spParams = Utils.slhdsaParamsLookup(algOID);
             ASN1OctetString slhdsaKey = parseOctetString(keyInfo.getPrivateKey(), spParams.getN() * 4);
@@ -479,6 +481,12 @@ else if (algOID.equals(PQCObjectIdentifiers.mcElieceCca2))
 
             return new McElieceCCA2PrivateKeyParameters(mKey.getN(), mKey.getK(), mKey.getField(), mKey.getGoppaPoly(), mKey.getP(), Utils.getDigestName(mKey.getDigest().getAlgorithm()));
         }
+        else if (algOID.on(BCObjectIdentifiers.mayo))
+        {
+            byte[] keyEnc = ASN1OctetString.getInstance(keyInfo.parsePrivateKey()).getOctets();
+            MayoParameters mayoParams = Utils.mayoParamsLookup(algOID);
+            return new MayoPrivateKeyParameters(mayoParams, keyEnc);
+        }
         else
         {
             throw new RuntimeException("algorithm identifier in private key not recognised");

core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java

@@ -33,6 +33,7 @@
 import org.bouncycastle.pqc.crypto.lms.Composer;
 import org.bouncycastle.pqc.crypto.lms.HSSPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.lms.LMSPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.mayo.MayoPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.newhope.NHPrivateKeyParameters;
@@ -336,6 +337,13 @@ else if (privateKey instanceof RainbowPrivateKeyParameters)
             byte[] encoding = params.getEncoded();
             return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(encoding), attributes);
         }
+        else if (privateKey instanceof MayoPrivateKeyParameters)
+        {
+            MayoPrivateKeyParameters params = (MayoPrivateKeyParameters)privateKey;
+            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mayoOidLookup(params.getParameters()));
+            byte[] encoding = params.getEncoded();
+            return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(encoding), attributes);
+        }
         else
         {
             throw new IOException("key parameters not recognized");

core/src/main/java/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java

@@ -40,6 +40,8 @@
 import org.bouncycastle.pqc.crypto.hqc.HQCPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.lms.LMSKeyParameters;
+import org.bouncycastle.pqc.crypto.mayo.MayoParameters;
+import org.bouncycastle.pqc.crypto.mayo.MayoPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMParameters;
@@ -253,6 +255,11 @@ public class PublicKeyFactory
         converters.put(NISTObjectIdentifiers.id_hash_slh_dsa_shake_192f_with_shake256, new SLHDSAConverter());
         converters.put(NISTObjectIdentifiers.id_hash_slh_dsa_shake_256s_with_shake256, new SLHDSAConverter());
         converters.put(NISTObjectIdentifiers.id_hash_slh_dsa_shake_256f_with_shake256, new SLHDSAConverter());
+
+        converters.put(BCObjectIdentifiers.mayo1, new MayoConverter());
+        converters.put(BCObjectIdentifiers.mayo2, new MayoConverter());
+        converters.put(BCObjectIdentifiers.mayo3, new MayoConverter());
+        converters.put(BCObjectIdentifiers.mayo5, new MayoConverter());
     }
 
     /**
@@ -847,4 +854,18 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje
             return new RainbowPublicKeyParameters(rainbowParams, keyEnc);
         }
     }
+
+    private static class MayoConverter
+        extends SubjectPublicKeyInfoConverter
+    {
+        AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+            throws IOException
+        {
+            byte[] keyEnc = ASN1OctetString.getInstance(keyInfo.parsePublicKey()).getOctets();
+
+            MayoParameters mayoParams = Utils.mayoParamsLookup(keyInfo.getAlgorithm().getAlgorithm());
+
+            return new MayoPublicKeyParameters(mayoParams, keyEnc);
+        }
+    }
 }