fixed key factory setups for certificate. Updated tests to ML-DSA.

Author: dghgit

pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java

@@ -105,6 +105,7 @@
 import org.bouncycastle.jcajce.CompositePublicKey;
 import org.bouncycastle.jcajce.provider.asymmetric.compositesignatures.CompositeSignaturesConstants;
 import org.bouncycastle.jcajce.spec.CompositeAlgorithmSpec;
+import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
 import org.bouncycastle.jcajce.spec.SLHDSAParameterSpec;
 import org.bouncycastle.jce.X509KeyUsage;
 import org.bouncycastle.jce.interfaces.ECPointEncoder;
@@ -4252,9 +4253,9 @@ public void checkCreationDilithium()
             Security.addProvider(new BouncyCastlePQCProvider());
         }
 
-        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("Dilithium", "BCPQC");
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ML-DSA-65", "BC");
 
-        kpGen.initialize(DilithiumParameterSpec.dilithium2, new SecureRandom());
+        kpGen.initialize(MLDSAParameterSpec.ml_dsa_65, new SecureRandom());
 
         KeyPair kp = kpGen.generateKeyPair();
 
@@ -4269,7 +4270,7 @@ public void checkCreationDilithium()
         //
         // create base certificate - version 3
         //
-        ContentSigner sigGen = new JcaContentSignerBuilder("Dilithium2").setProvider("BCPQC").build(privKey);
+        ContentSigner sigGen = new JcaContentSignerBuilder("ML-DSA-65").setProvider("BC").build(privKey);
         X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
             builder.build(), BigInteger.valueOf(1),
             new Date(System.currentTimeMillis() - 50000),
@@ -4284,7 +4285,7 @@ public void checkCreationDilithium()
 
         X509Certificate baseCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
 
-        isTrue("oid wrong", NISTObjectIdentifiers.id_ml_dsa_44.getId().equals(baseCert.getSigAlgOID()));
+        isTrue("oid wrong", NISTObjectIdentifiers.id_ml_dsa_65.getId().equals(baseCert.getSigAlgOID()));
         isTrue("params wrong", null == baseCert.getSigAlgParams());
 
         //
@@ -4301,7 +4302,7 @@ public void checkCreationDilithium()
 
         cert.verify(cert.getPublicKey());
 
-        isEquals("name mismatch: " + cert.getSigAlgName(), "DILITHIUM2", cert.getSigAlgName());
+        isEquals("name mismatch: " + cert.getSigAlgName(), "ML-DSA-65", cert.getSigAlgName());
 
         // check encoded works
         cert.getEncoded();

pkix/src/test/java/org/bouncycastle/cert/test/ExternalKeyTest.java

@@ -1,7 +1,6 @@
 package org.bouncycastle.cert.test;
 
 import java.io.IOException;
-import java.io.StringWriter;
 import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
@@ -12,11 +11,9 @@
 import java.security.cert.X509Certificate;
 import java.util.Date;
 
-import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.bc.ExternalValue;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.util.ASN1Dump;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.GeneralName;
@@ -26,7 +23,6 @@
 import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
 import org.bouncycastle.jcajce.ExternalPublicKey;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
 import org.bouncycastle.util.BigIntegers;
@@ -96,7 +92,7 @@ private void checkCertificate()
     private void checkCertificateDilithium()
         throws Exception
     {
-        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("Dilithium5");
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ML-DSA-87");
 
         KeyPair kp = kpGen.generateKeyPair();
 
@@ -109,7 +105,7 @@ private void checkCertificateDilithium()
         JcaX509v1CertificateBuilder certBldr = new JcaX509v1CertificateBuilder(
             name, BigInteger.valueOf(System.currentTimeMillis()), new Date(time - 5000), new Date(time + 365L * 24L * 60 * 60 * 5000), name, externalKey);
 
-        X509CertificateHolder certHolder = certBldr.build(new JcaContentSignerBuilder("Dilithium5").build(kp.getPrivate()));
+        X509CertificateHolder certHolder = certBldr.build(new JcaContentSignerBuilder("ML-DSA-87").build(kp.getPrivate()));
 
         X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
 //        System.err.println(ASN1Dump.dumpAsString(ASN1Primitive.fromByteArray(cert.getEncoded())));

pkix/src/test/java/org/bouncycastle/pkcs/test/PKCS10Test.java

@@ -22,6 +22,7 @@
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
 import org.bouncycastle.operator.ContentSigner;
@@ -34,7 +35,6 @@
 import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
 import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
 import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
-import org.bouncycastle.pqc.jcajce.spec.DilithiumParameterSpec;
 import org.bouncycastle.test.PrintTestResult;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
@@ -195,13 +195,13 @@ public void testAltRequestAttributes()
         p256Kpg.initialize(new ECNamedCurveGenParameterSpec("P-256"));
         KeyPair p256Kp = p256Kpg.generateKeyPair();
 
-        KeyPairGenerator dilKpg = KeyPairGenerator.getInstance("Dilithium", "BC");
-        dilKpg.initialize(DilithiumParameterSpec.dilithium2);
+        KeyPairGenerator dilKpg = KeyPairGenerator.getInstance("ML-DSA", "BC");
+        dilKpg.initialize(MLDSAParameterSpec.ml_dsa_44);
         KeyPair dilKp = dilKpg.generateKeyPair();
 
         JcaPKCS10CertificationRequestBuilder jcaPkcs10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=Test"), p256Kp.getPublic());
 
-        ContentSigner altSigner = new JcaContentSignerBuilder("Dilithium2").setProvider("BC").build(dilKp.getPrivate());
+        ContentSigner altSigner = new JcaContentSignerBuilder("ML-DSA-44").setProvider("BC").build(dilKp.getPrivate());
 
         PKCS10CertificationRequest request = jcaPkcs10Builder.build(new JcaContentSignerBuilder("SHA256withECDSA").setProvider("BC").build(p256Kp.getPrivate()), dilKp.getPublic(), altSigner);
 
@@ -219,8 +219,8 @@ public void testDeltaRequestAttribute()
         p256Kpg.initialize(new ECNamedCurveGenParameterSpec("P-256"));
         KeyPair p256Kp = p256Kpg.generateKeyPair();
 
-        KeyPairGenerator dilKpg = KeyPairGenerator.getInstance("Dilithium", "BC");
-        dilKpg.initialize(DilithiumParameterSpec.dilithium2);
+        KeyPairGenerator dilKpg = KeyPairGenerator.getInstance("ML-DSA", "BC");
+        dilKpg.initialize(MLDSAParameterSpec.ml_dsa_44);
         KeyPair dilKp = dilKpg.generateKeyPair();
 
         PKCS10CertificationRequestBuilder pkcs10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=Test"), p256Kp.getPublic());

prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java

@@ -424,9 +424,10 @@ private void loadPQCKeys()
         addKeyInfoConverter(NISTObjectIdentifiers.id_ml_dsa_65, new MLDSAKeyFactorySpi());
         addKeyInfoConverter(NISTObjectIdentifiers.id_ml_dsa_87, new MLDSAKeyFactorySpi());
 
-        addKeyInfoConverter(NISTObjectIdentifiers.id_ml_dsa_44, new DilithiumKeyFactorySpi());
-        addKeyInfoConverter(NISTObjectIdentifiers.id_ml_dsa_65, new DilithiumKeyFactorySpi());
-        addKeyInfoConverter(NISTObjectIdentifiers.id_ml_dsa_87, new DilithiumKeyFactorySpi());
+        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_512, new MLKEMKeyFactorySpi());
+        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_768, new MLKEMKeyFactorySpi());
+        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_1024, new MLKEMKeyFactorySpi());
+
         addKeyInfoConverter(BCObjectIdentifiers.dilithium2_aes, new DilithiumKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.dilithium3_aes, new DilithiumKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.dilithium5_aes, new DilithiumKeyFactorySpi());
@@ -442,13 +443,7 @@ private void loadPQCKeys()
         addKeyInfoConverter(BCObjectIdentifiers.hqc192, new HQCKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.hqc256, new HQCKeyFactorySpi());
 
-        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_512, new MLKEMKeyFactorySpi());
-        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_768, new MLKEMKeyFactorySpi());
-        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_1024, new MLKEMKeyFactorySpi());
 
-        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_512, new KyberKeyFactorySpi());
-        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_768, new KyberKeyFactorySpi());
-        addKeyInfoConverter(NISTObjectIdentifiers.id_alg_ml_kem_1024, new KyberKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.kyber512_aes, new KyberKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.kyber768_aes, new KyberKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.kyber1024_aes, new KyberKeyFactorySpi());