added short hand oid for SHA-256 HKDF to CMS algorithms

added SLH-DSA time stamp test.
minor refactoring of NewEnvelopedDataTest.

Author: dghgit

pkix/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java

@@ -12,6 +12,7 @@
 import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
 import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 
 public class CMSAlgorithm
@@ -105,5 +106,7 @@ public class CMSAlgorithm
 
     public static final ASN1ObjectIdentifier  SHAKE128_LEN = NISTObjectIdentifiers.id_shake128_len.intern();
     public static final ASN1ObjectIdentifier  SHAKE256_LEN = NISTObjectIdentifiers.id_shake256_len.intern();
-    public static final ASN1ObjectIdentifier ChaCha20Poly1305 = PKCSObjectIdentifiers.id_alg_AEADChaCha20Poly1305.intern();
+    public static final ASN1ObjectIdentifier  ChaCha20Poly1305 = PKCSObjectIdentifiers.id_alg_AEADChaCha20Poly1305.intern();
+
+    public static final AlgorithmIdentifier   SHA256_HKDF = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hkdf_with_sha256);
 }

pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java

@@ -736,7 +736,7 @@ public void testMLKem512()
 
         // note: use cert req ID as key ID, don't want to use issuer/serial in this case!
         edGen.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(_reciMLKem512Cert, CMSAlgorithm.AES128_WRAP)
-            .setKDF(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hkdf_with_sha256)));
+            .setKDF(CMSAlgorithm.SHA256_HKDF));
 
         CMSEnvelopedData ed = edGen.generate(
             new CMSProcessableByteArray(data),
@@ -781,7 +781,7 @@ public void testMLKem768()
 
         // note: use cert req ID as key ID, don't want to use issuer/serial in this case!
         edGen.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(_reciMLKem768Cert, CMSAlgorithm.AES256_WRAP)
-            .setKDF(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hkdf_with_sha256)));
+            .setKDF(CMSAlgorithm.SHA256_HKDF));
 
         CMSEnvelopedData ed = edGen.generate(
             new CMSProcessableByteArray(data),

pkix/src/test/java/org/bouncycastle/tsp/test/PQCTSPTest.java

@@ -195,78 +195,153 @@ public void testSPHINCSPlus()
         assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
     }
 
-    public void testMLDSA()
-            throws Exception
+    public void testSLHDSA()
+        throws Exception
+    {
+        //
+        // set up the keys
+        //
+        PrivateKey privKey;
+        PublicKey pubKey;
+
+        try
         {
-            //
-            // set up the keys
-            //
-            PrivateKey privKey;
-            PublicKey pubKey;
+            KeyPairGenerator g = KeyPairGenerator.getInstance("SLH-DSA", BC);
 
-            try
-            {
-                KeyPairGenerator g = KeyPairGenerator.getInstance("ML-DSA", BC);
+            KeyPair p = g.generateKeyPair();
 
-                KeyPair p = g.generateKeyPair();
+            privKey = p.getPrivate();
+            pubKey = p.getPublic();
+        }
+        catch (Exception e)
+        {
+            fail("error setting up keys - " + e);
+            return;
+        }
 
-                privKey = p.getPrivate();
-                pubKey = p.getPublic();
-            }
-            catch (Exception e)
-            {
-                fail("error setting up keys - " + e);
-                return;
-            }
+        //
+        // extensions
+        //
 
-            //
-            // extensions
-            //
+        //
+        // create the certificate - version 1
+        //
 
-            //
-            // create the certificate - version 1
-            //
+        ContentSigner sigGen = new JcaContentSignerBuilder("SLH-DSA")
+            .setProvider(BC).build(privKey);
+        JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
+            new X500Name("CN=Test"),
+            BigInteger.valueOf(1),
+            new Date(System.currentTimeMillis() - 50000),
+            new Date(System.currentTimeMillis() + 50000),
+            new X500Name("CN=Test"),
+            pubKey);
 
-            ContentSigner sigGen = new JcaContentSignerBuilder("ML-DSA")
-                .setProvider(BC).build(privKey);
-            JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
-                new X500Name("CN=Test"),
-                BigInteger.valueOf(1),
-                new Date(System.currentTimeMillis() - 50000),
-                new Date(System.currentTimeMillis() + 50000),
-                new X500Name("CN=Test"),
-                pubKey);
+        certGen.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
 
-            certGen.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
+        X509Certificate cert = new JcaX509CertificateConverter()
+            .setProvider("BC").getCertificate(certGen.build(sigGen));
 
-            X509Certificate cert = new JcaX509CertificateConverter()
-                .setProvider("BC").getCertificate(certGen.build(sigGen));
+        ContentSigner signer = new JcaContentSignerBuilder("SLH-DSA").setProvider(BC).build(privKey);
 
-            ContentSigner signer = new JcaContentSignerBuilder("ML-DSA").setProvider(BC).build(privKey);
+        TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+            new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
+                .setContentDigest(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512))
+                .build(signer, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
 
-            TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
-                new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
-                    .setContentDigest(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512))
-                    .build(signer, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
+        // tsTokenGen.addCertificates(certs);
 
-            // tsTokenGen.addCertificates(certs);
+        TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+        TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA3_256, new byte[32], BigInteger.valueOf(100));
 
-            TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
-            TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA3_256, new byte[32], BigInteger.valueOf(100));
+        TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
+
+        TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
 
-            TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
+        tsResp = new TimeStampResponse(tsResp.getEncoded());
 
-            TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
+        TimeStampToken tsToken = tsResp.getTimeStampToken();
 
-            tsResp = new TimeStampResponse(tsResp.getEncoded());
+        tsToken.validate(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build())
+            .setProvider(BC).build(cert));
 
-            TimeStampToken tsToken = tsResp.getTimeStampToken();
+        AttributeTable table = tsToken.getSignedAttributes();
 
-            tsToken.validate(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build())
-                .setProvider(BC).build(cert));
+        assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
+    }
 
-            AttributeTable table = tsToken.getSignedAttributes();
+    public void testMLDSA()
+        throws Exception
+    {
+        //
+        // set up the keys
+        //
+        PrivateKey privKey;
+        PublicKey pubKey;
 
-            assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
+        try
+        {
+            KeyPairGenerator g = KeyPairGenerator.getInstance("ML-DSA", BC);
+
+            KeyPair p = g.generateKeyPair();
+
+            privKey = p.getPrivate();
+            pubKey = p.getPublic();
         }
+        catch (Exception e)
+        {
+            fail("error setting up keys - " + e);
+            return;
+        }
+
+        //
+        // extensions
+        //
+
+        //
+        // create the certificate - version 1
+        //
+
+        ContentSigner sigGen = new JcaContentSignerBuilder("SLH-DSA")
+            .setProvider(BC).build(privKey);
+        JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
+            new X500Name("CN=Test"),
+            BigInteger.valueOf(1),
+            new Date(System.currentTimeMillis() - 50000),
+            new Date(System.currentTimeMillis() + 50000),
+            new X500Name("CN=Test"),
+            pubKey);
+
+        certGen.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
+
+        X509Certificate cert = new JcaX509CertificateConverter()
+            .setProvider("BC").getCertificate(certGen.build(sigGen));
+
+        ContentSigner signer = new JcaContentSignerBuilder("ML-DSA").setProvider(BC).build(privKey);
+
+        TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+            new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
+                .setContentDigest(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512))
+                .build(signer, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
+
+        // tsTokenGen.addCertificates(certs);
+
+        TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+        TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA3_256, new byte[32], BigInteger.valueOf(100));
+
+        TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
+
+        TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
+
+        tsResp = new TimeStampResponse(tsResp.getEncoded());
+
+        TimeStampToken tsToken = tsResp.getTimeStampToken();
+
+        tsToken.validate(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build())
+            .setProvider(BC).build(cert));
+
+        AttributeTable table = tsToken.getSignedAttributes();
+
+        assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
+    }
 }