bcgit
diff --git a/‎core/src/main/jdk1.4/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java‎
Lines changed: 117 additions & 60 deletions b/‎core/src/main/jdk1.4/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java‎
Lines changed: 117 additions & 60 deletions
diff --git a/‎core/src/main/jdk1.4/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java‎
Lines changed: 25 additions & 14 deletions b/‎core/src/main/jdk1.4/org/bouncycastle/pqc/crypto/util/PrivateKeyInfoFactory.java‎
Lines changed: 25 additions & 14 deletions
diff --git a/‎core/src/main/jdk1.4/org/bouncycastle/pqc/crypto/util/PublicKeyFactory.java‎
Lines changed: 50 additions & 0 deletions b/‎core/src/main/jdk1.4/org/bouncycastle/pqc/crypto/util/PublicKeyFactory.java‎
Lines changed: 50 additions & 0 deletions
@@ -43,6 +43,7 @@
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMParameters;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.mlkem.MLKEMPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.newhope.NHPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.ntru.NTRUParameters;
 import org.bouncycastle.pqc.crypto.ntru.NTRUPrivateKeyParameters;
@@ -147,22 +148,12 @@ else if (algOID.on(BCObjectIdentifiers.sphincsPlus) || algOID.on(BCObjectIdentif
                 return new SPHINCSPlusPrivateKeyParameters(spParams, ASN1OctetString.getInstance(obj).getOctets());
             }
         }
-        else if (Utils.shldsaParams.containsKey(algOID))
+        else if (Utils.slhdsaParams.containsKey(algOID))
         {
             SLHDSAParameters spParams = Utils.slhdsaParamsLookup(algOID);
+            ASN1OctetString slhdsaKey = parseOctetString(keyInfo.getPrivateKey(), spParams.getN() * 4);
 
-            ASN1Encodable obj = keyInfo.parsePrivateKey();
-            if (obj instanceof ASN1Sequence)
-            {
-                SPHINCSPLUSPrivateKey spKey = SPHINCSPLUSPrivateKey.getInstance(obj);
-                SPHINCSPLUSPublicKey publicKey = spKey.getPublicKey();
-                return new SLHDSAPrivateKeyParameters(spParams, spKey.getSkseed(), spKey.getSkprf(),
-                    publicKey.getPkseed(), publicKey.getPkroot());
-            }
-            else
-            {
-                return new SLHDSAPrivateKeyParameters(spParams, ASN1OctetString.getInstance(obj).getOctets());
-            }
+            return new SLHDSAPrivateKeyParameters(spParams, slhdsaKey.getOctets());
         }
         else if (algOID.on(BCObjectIdentifiers.picnic))
         {
@@ -203,10 +194,37 @@ else if (algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_512) ||
             algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_768) ||
             algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_1024))
         {
-            ASN1OctetString kyberKey = ASN1OctetString.getInstance(keyInfo.parsePrivateKey());
-            MLKEMParameters kyberParams = Utils.mlkemParamsLookup(algOID);
+            ASN1Primitive mlkemKey = parsePrimitiveString(keyInfo.getPrivateKey(), 64);
+            MLKEMParameters mlkemParams = Utils.mlkemParamsLookup(algOID);
 
-            return new MLKEMPrivateKeyParameters(kyberParams, kyberKey.getOctets());
+            MLKEMPublicKeyParameters pubParams = null;
+            if (keyInfo.getPublicKeyData() != null)
+            {
+                pubParams = PublicKeyFactory.MLKEMConverter.getPublicKeyParams(mlkemParams, keyInfo.getPublicKeyData());
+            }
+
+            if (mlkemKey instanceof ASN1OctetString)
+            {
+                // TODO This should be explicitly EXPANDED_KEY or SEED (tag already removed) but is length-flexible
+                return new MLKEMPrivateKeyParameters(mlkemParams, ((ASN1OctetString)mlkemKey).getOctets(), pubParams);
+            }
+            else if (mlkemKey instanceof ASN1Sequence)
+            {
+                ASN1Sequence keySeq = (ASN1Sequence)mlkemKey;
+                byte[] seed = ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets();
+                byte[] encoding = ASN1OctetString.getInstance(keySeq.getObjectAt(1)).getOctets();
+
+                // TODO This should only allow seed but is length-flexible
+                MLKEMPrivateKeyParameters mlkemPriv = new MLKEMPrivateKeyParameters(mlkemParams, seed, pubParams);
+                if (!Arrays.constantTimeAreEqual(mlkemPriv.getEncoded(), encoding))
+                {
+                    throw new IllegalArgumentException("inconsistent " + mlkemParams.getName() + " private key");
+                }
+
+                return mlkemPriv;
+            }
+
+            throw new IllegalArgumentException("invalid " + mlkemParams.getName() + " private key");
         }
         else if (algOID.on(BCObjectIdentifiers.pqc_kem_ntrulprime))
         {
@@ -235,58 +253,37 @@ else if (algOID.on(BCObjectIdentifiers.pqc_kem_sntruprime))
         }
         else if (Utils.mldsaParams.containsKey(algOID))
         {
-            ASN1Encodable keyObj = keyInfo.parsePrivateKey();
-            MLDSAParameters spParams = Utils.mldsaParamsLookup(algOID);
+            ASN1Encodable mldsaKey = parsePrimitiveString(keyInfo.getPrivateKey(), 32);
+            MLDSAParameters mldsaParams = Utils.mldsaParamsLookup(algOID);
 
-            if (keyObj instanceof ASN1Sequence)
+            MLDSAPublicKeyParameters pubParams = null;
+            if (keyInfo.getPublicKeyData() != null)
             {
-                ASN1Sequence keyEnc = ASN1Sequence.getInstance(keyObj);
-
-                int version = ASN1Integer.getInstance(keyEnc.getObjectAt(0)).intValueExact();
-                if (version != 0)
-                {
-                    throw new IOException("unknown private key version: " + version);
-                }
-
-                if (keyInfo.getPublicKeyData() != null)
-                {
-                    MLDSAPublicKeyParameters pubParams = PublicKeyFactory.MLDSAConverter.getPublicKeyParams(spParams, keyInfo.getPublicKeyData());
+                pubParams = PublicKeyFactory.MLDSAConverter.getPublicKeyParams(mldsaParams, keyInfo.getPublicKeyData());
+            }
 
-                    return new MLDSAPrivateKeyParameters(spParams,
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(1)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(2)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(3)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(4)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(5)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(6)).getOctets(),
-                        pubParams.getT1()); // encT1
-                }
-                else
-                {
-                    return new MLDSAPrivateKeyParameters(spParams,
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(1)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(2)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(3)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(4)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(5)).getOctets(),
-                        ASN1BitString.getInstance(keyEnc.getObjectAt(6)).getOctets(),
-                        null);
-                }
+            if (mldsaKey instanceof ASN1OctetString)
+            {
+                // TODO This should be explicitly EXPANDED_KEY or SEED (tag already removed) but is length-flexible
+                return new MLDSAPrivateKeyParameters(mldsaParams, ((ASN1OctetString)mldsaKey).getOctets(), pubParams);
             }
-            else if (keyObj instanceof DEROctetString)
+            else if (mldsaKey instanceof ASN1Sequence)
             {
-                byte[] data = ASN1OctetString.getInstance(keyObj).getOctets();
-                if (keyInfo.getPublicKeyData() != null)
+                ASN1Sequence keySeq = (ASN1Sequence)mldsaKey;
+                byte[] seed = ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets();
+                byte[] encoding = ASN1OctetString.getInstance(keySeq.getObjectAt(1)).getOctets();
+
+                // TODO This should only allow seed but is length-flexible
+                MLDSAPrivateKeyParameters mldsaPriv = new MLDSAPrivateKeyParameters(mldsaParams, seed, pubParams);
+                if (!Arrays.constantTimeAreEqual(mldsaPriv.getEncoded(), encoding))
                 {
-                    MLDSAPublicKeyParameters pubParams = PublicKeyFactory.MLDSAConverter.getPublicKeyParams(spParams, keyInfo.getPublicKeyData());
-                    return new MLDSAPrivateKeyParameters(spParams, data, pubParams);
+                    throw new IllegalArgumentException("inconsistent " + mldsaParams.getName() + " private key");
                 }
-                return new MLDSAPrivateKeyParameters(spParams, data);
-            }
-            else
-            {
-                throw new IOException("not supported");
+
+                return mldsaPriv;
             }
+
+            throw new IllegalArgumentException("invalid " + mldsaParams.getName() + " private key");
         }
         else if (algOID.equals(BCObjectIdentifiers.dilithium2)
             || algOID.equals(BCObjectIdentifiers.dilithium3) || algOID.equals(BCObjectIdentifiers.dilithium5))
@@ -380,6 +377,66 @@ else if (algOID.equals(PQCObjectIdentifiers.mcElieceCca2))
         }
     }
 
+    /**
+     * So it seems for the new PQC algorithms, there's a couple of approaches to what goes in the OCTET STRING
+     */
+    private static ASN1OctetString parseOctetString(ASN1OctetString octStr, int expectedLength)
+        throws IOException
+    {
+        byte[] data = octStr.getOctets();
+        //
+        // it's the right length for a RAW encoding, just return it.
+        //
+        if (data.length == expectedLength)
+        {
+            return octStr;
+        }
+
+        //
+        // possible internal OCTET STRING, possibly long form with or without the internal OCTET STRING
+        ASN1OctetString obj = Utils.parseOctetData(data);
+
+        if (obj != null)
+        {
+            return ASN1OctetString.getInstance(obj);
+        }
+
+        return octStr;
+    }
+
+    /**
+     * So it seems for the new PQC algorithms, there's a couple of approaches to what goes in the OCTET STRING
+     * and in this case there may also be SEQUENCE.
+     */
+    private static ASN1Primitive parsePrimitiveString(ASN1OctetString octStr, int expectedLength)
+        throws IOException
+    {
+        byte[] data = octStr.getOctets();
+        //
+        // it's the right length for a RAW encoding, just return it.
+        //
+        if (data.length == expectedLength)
+        {
+            return octStr;
+        }
+
+        //
+        // possible internal OCTET STRING, possibly long form with or without the internal OCTET STRING
+        // or possible SEQUENCE
+        ASN1Encodable obj = Utils.parseData(data);
+
+        if (obj instanceof ASN1OctetString)
+        {
+            return ASN1OctetString.getInstance(obj);
+        }
+        if (obj instanceof ASN1Sequence)
+        {
+            return ASN1Sequence.getInstance(obj);
+        }
+
+        return octStr;
+    }
+
     private static short[] convert(byte[] octets)
     {
         short[] rv = new short[octets.length / 2];
 
@@ -3,9 +3,11 @@
 import java.io.IOException;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -55,7 +57,8 @@ private PrivateKeyInfoFactory()
      * @return the appropriate PrivateKeyInfo
      * @throws java.io.IOException on an error encoding the key
      */
-    public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey) throws IOException
+    public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey)
+        throws IOException
     {
         return createPrivateKeyInfo(privateKey, null);
     }
@@ -68,7 +71,8 @@ public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter private
      * @return the appropriate PrivateKeyInfo
      * @throws java.io.IOException on an error encoding the key
      */
-    public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes) throws IOException
+    public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes)
+        throws IOException
     {
         if (privateKey instanceof SPHINCSPrivateKeyParameters)
         {
@@ -97,7 +101,7 @@ else if (privateKey instanceof NHPrivateKeyParameters)
         else if (privateKey instanceof SPHINCSPlusPrivateKeyParameters)
         {
             SPHINCSPlusPrivateKeyParameters params = (SPHINCSPlusPrivateKeyParameters)privateKey;
-                                                               
+
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.sphincsPlusOidLookup(params.getParameters()));
 
             return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, params.getPublicKey());
@@ -108,7 +112,7 @@ else if (privateKey instanceof SLHDSAPrivateKeyParameters)
 
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.slhdsaOidLookup(params.getParameters()));
 
-            return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, params.getPublicKey());
+            return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes);
         }
         else if (privateKey instanceof PicnicPrivateKeyParameters)
         {
@@ -184,7 +188,7 @@ else if (privateKey instanceof FalconPrivateKeyParameters)
         else if (privateKey instanceof MLKEMPrivateKeyParameters)
         {
             MLKEMPrivateKeyParameters params = (MLKEMPrivateKeyParameters)privateKey;
-            
+
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mlkemOidLookup(params.getParameters()));
 
             byte[] seed = params.getSeed();
@@ -234,19 +238,15 @@ else if (privateKey instanceof MLDSAPrivateKeyParameters)
 
             AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mldsaOidLookup(params.getParameters()));
 
-            byte[] seed = params.getSeed();
-            if (seed == null)
+            if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.SEED_ONLY)
             {
-                MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
-
-                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, pubParams.getEncoded());
+                return new PrivateKeyInfo(algorithmIdentifier, new DERTaggedObject(false, 0, new DEROctetString(params.getSeed())), attributes);
             }
-            else
+            else if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.EXPANDED_KEY)
             {
-                MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();
-
-                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getSeed()), attributes);
+                return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes);
             }
+            return new PrivateKeyInfo(algorithmIdentifier, getBasicPQCEncoding(params.getSeed(), params.getEncoded()), attributes);
         }
         else if (privateKey instanceof DilithiumPrivateKeyParameters)
         {
@@ -277,4 +277,15 @@ else if (privateKey instanceof HQCPrivateKeyParameters)
             throw new IOException("key parameters not recognized");
         }
     }
+
+    private static ASN1Sequence getBasicPQCEncoding(byte[] seed, byte[] expanded)
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector(2);
+
+        v.add(new DEROctetString(seed));
+
+        v.add(new DEROctetString(expanded));
+
+        return new DERSequence(v);
+    }
 }
@@ -472,6 +472,56 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje
         }
     }
 
+    static class MLKEMConverter
+        extends SubjectPublicKeyInfoConverter
+    {
+        AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+            throws IOException
+        {
+            MLKEMParameters parameters = Utils.mlkemParamsLookup(keyInfo.getAlgorithm().getAlgorithm());
+
+            try
+            {
+                ASN1Primitive obj = keyInfo.parsePublicKey();
+                KyberPublicKey kyberKey = KyberPublicKey.getInstance(obj);
+
+                return new MLKEMPublicKeyParameters(parameters, kyberKey.getT(), kyberKey.getRho());
+            }
+            catch (Exception e)
+            {
+                // we're a raw encoding
+                return new MLKEMPublicKeyParameters(parameters, keyInfo.getPublicKeyData().getOctets());
+            }
+        }
+
+        static MLKEMPublicKeyParameters getPublicKeyParams(MLKEMParameters parameters, ASN1BitString publicKeyData)
+        {
+            try
+            {
+                ASN1Primitive obj = ASN1Primitive.fromByteArray(publicKeyData.getOctets());
+                if (obj instanceof ASN1Sequence)
+                {
+                    ASN1Sequence keySeq = ASN1Sequence.getInstance(obj);
+
+                    return new MLKEMPublicKeyParameters(parameters,
+                        ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets(),
+                        ASN1OctetString.getInstance(keySeq.getObjectAt(1)).getOctets());
+                }
+                else
+                {
+                    byte[] encKey = ASN1OctetString.getInstance(obj).getOctets();
+
+                    return new MLKEMPublicKeyParameters(parameters, encKey);
+                }
+            }
+            catch (Exception e)
+            {
+                // we're a raw encoding
+                return new MLKEMPublicKeyParameters(parameters, publicKeyData.getOctets());
+            }
+        }
+    }
+    
     private static class KyberConverter
         extends SubjectPublicKeyInfoConverter
     {
Original file line number	Diff line number	Diff line change
`@@ -3,9 +3,11 @@`
`3`	`3`	`import java.io.IOException;`
`4`	`4`
`5`	`5`	`import org.bouncycastle.asn1.ASN1EncodableVector;`
	`6`	`+import org.bouncycastle.asn1.ASN1Sequence;`
`6`	`7`	`import org.bouncycastle.asn1.ASN1Set;`
`7`	`8`	`import org.bouncycastle.asn1.DEROctetString;`
`8`	`9`	`import org.bouncycastle.asn1.DERSequence;`
	`10`	`+import org.bouncycastle.asn1.DERTaggedObject;`
`9`	`11`	`import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;`
`10`	`12`	`import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;`
`11`	`13`	`import org.bouncycastle.asn1.x509.AlgorithmIdentifier;`
`@@ -55,7 +57,8 @@ private PrivateKeyInfoFactory()`
`55`	`57`	`* @return the appropriate PrivateKeyInfo`
`56`	`58`	`* @throws java.io.IOException on an error encoding the key`
`57`	`59`	`*/`
`58`		`- public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey) throws IOException`
	`60`	`+ public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey)`
	`61`	`+ throws IOException`
`59`	`62`	`{`
`60`	`63`	`return createPrivateKeyInfo(privateKey, null);`
`61`	`64`	`}`
`@@ -68,7 +71,8 @@ public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter private`
`68`	`71`	`* @return the appropriate PrivateKeyInfo`
`69`	`72`	`* @throws java.io.IOException on an error encoding the key`
`70`	`73`	`*/`
`71`		`- public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes) throws IOException`
	`74`	`+ public static PrivateKeyInfo createPrivateKeyInfo(AsymmetricKeyParameter privateKey, ASN1Set attributes)`
	`75`	`+ throws IOException`
`72`	`76`	`{`
`73`	`77`	`if (privateKey instanceof SPHINCSPrivateKeyParameters)`
`74`	`78`	`{`
`@@ -97,7 +101,7 @@ else if (privateKey instanceof NHPrivateKeyParameters)`
`97`	`101`	`else if (privateKey instanceof SPHINCSPlusPrivateKeyParameters)`
`98`	`102`	`{`
`99`	`103`	`SPHINCSPlusPrivateKeyParameters params = (SPHINCSPlusPrivateKeyParameters)privateKey;`
`100`		`-`
	`104`	`+`
`101`	`105`	`AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.sphincsPlusOidLookup(params.getParameters()));`
`102`	`106`
`103`	`107`	`return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, params.getPublicKey());`
`@@ -108,7 +112,7 @@ else if (privateKey instanceof SLHDSAPrivateKeyParameters)`
`108`	`112`
`109`	`113`	`AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.slhdsaOidLookup(params.getParameters()));`
`110`	`114`
`111`		`- return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, params.getPublicKey());`
	`115`	`+ return new PrivateKeyInfo(algorithmIdentifier, params.getEncoded(), attributes);`
`112`	`116`	`}`
`113`	`117`	`else if (privateKey instanceof PicnicPrivateKeyParameters)`
`114`	`118`	`{`
`@@ -184,7 +188,7 @@ else if (privateKey instanceof FalconPrivateKeyParameters)`
`184`	`188`	`else if (privateKey instanceof MLKEMPrivateKeyParameters)`
`185`	`189`	`{`
`186`	`190`	`MLKEMPrivateKeyParameters params = (MLKEMPrivateKeyParameters)privateKey;`
`187`		`-`
	`191`	`+`
`188`	`192`	`AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mlkemOidLookup(params.getParameters()));`
`189`	`193`
`190`	`194`	`byte[] seed = params.getSeed();`
`@@ -234,19 +238,15 @@ else if (privateKey instanceof MLDSAPrivateKeyParameters)`
`234`	`238`
`235`	`239`	`AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mldsaOidLookup(params.getParameters()));`
`236`	`240`
`237`		`- byte[] seed = params.getSeed();`
`238`		`- if (seed == null)`
	`241`	`+ if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.SEED_ONLY)`
`239`	`242`	`{`
`240`		`- MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();`
`241`		`-`
`242`		`- return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes, pubParams.getEncoded());`
	`243`	`+ return new PrivateKeyInfo(algorithmIdentifier, new DERTaggedObject(false, 0, new DEROctetString(params.getSeed())), attributes);`
`243`	`244`	`}`
`244`		`- else`
	`245`	`+ else if (params.getPreferredFormat() == MLDSAPrivateKeyParameters.EXPANDED_KEY)`
`245`	`246`	`{`
`246`		`- MLDSAPublicKeyParameters pubParams = params.getPublicKeyParameters();`
`247`		`-`
`248`		`- return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getSeed()), attributes);`
	`247`	`+ return new PrivateKeyInfo(algorithmIdentifier, new DEROctetString(params.getEncoded()), attributes);`
`249`	`248`	`}`
	`249`	`+ return new PrivateKeyInfo(algorithmIdentifier, getBasicPQCEncoding(params.getSeed(), params.getEncoded()), attributes);`
`250`	`250`	`}`
`251`	`251`	`else if (privateKey instanceof DilithiumPrivateKeyParameters)`
`252`	`252`	`{`
`@@ -277,4 +277,15 @@ else if (privateKey instanceof HQCPrivateKeyParameters)`
`277`	`277`	`throw new IOException("key parameters not recognized");`
`278`	`278`	`}`
`279`	`279`	`}`
	`280`	`+`
	`281`	`+ private static ASN1Sequence getBasicPQCEncoding(byte[] seed, byte[] expanded)`
	`282`	`+ {`
	`283`	`+ ASN1EncodableVector v = new ASN1EncodableVector(2);`
	`284`	`+`
	`285`	`+ v.add(new DEROctetString(seed));`
	`286`	`+`
	`287`	`+ v.add(new DEROctetString(expanded));`
	`288`	`+`
	`289`	`+ return new DERSequence(v);`
	`290`	`+ }`
`280`	`291`	`}`