bcgit
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAEngine.java‎
Lines changed: 47 additions & 1 deletion b/‎core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAEngine.java‎
Lines changed: 47 additions & 1 deletion
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java‎
Lines changed: 6 additions & 1 deletion b/‎core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPublicKeyParameters.java‎
Lines changed: 12 additions & 0 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPublicKeyParameters.java‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/BCMLDSAPrivateKey.java‎
Lines changed: 7 additions & 1 deletion b/‎prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/BCMLDSAPrivateKey.java‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/MLDSAKeyFactorySpi.java‎
Lines changed: 22 additions & 22 deletions b/‎prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/MLDSAKeyFactorySpi.java‎
Lines changed: 22 additions & 22 deletions
@@ -300,7 +300,53 @@ byte[][] generateKeyPairInternal(byte[] seed)
 
         byte[][] sk = Packing.packSecretKey(rho, tr, key, t0, s1, s2, this);
 
-        return new byte[][]{ sk[0], sk[1], sk[2], sk[3], sk[4], sk[5], encT1, seed};
+        return new byte[][]{sk[0], sk[1], sk[2], sk[3], sk[4], sk[5], encT1, seed};
+    }
+
+    byte[] deriveT1(byte[] rho, byte[] key, byte[] tr, byte[] s1Enc, byte[] s2Enc, byte[] t0Enc)
+    {
+        PolyVecMatrix aMatrix = new PolyVecMatrix(this);
+
+        PolyVecL s1 = new PolyVecL(this), s1hat;
+        PolyVecK s2 = new PolyVecK(this), t1 = new PolyVecK(this), t0 = new PolyVecK(this);
+
+        Packing.unpackSecretKey(t0, s1, s2, t0Enc, s1Enc, s2Enc, this);
+
+        // System.out.print("rho = ");
+        // Helper.printByteArray(rho);
+
+        // System.out.println("key = ");
+        // Helper.printByteArray(key);
+
+        aMatrix.expandMatrix(rho);
+        // System.out.print(aMatrix.toString("aMatrix"));
+
+        s1hat = new PolyVecL(this);
+
+        s1.copyPolyVecL(s1hat);
+        s1hat.polyVecNtt();
+
+        // System.out.println(s1hat.toString("s1hat"));
+
+        aMatrix.pointwiseMontgomery(t1, s1hat);
+        // System.out.println(t1.toString("t1"));
+
+        t1.reduce();
+        t1.invNttToMont();
+
+        t1.addPolyVecK(s2);
+        // System.out.println(s2.toString("s2"));
+        // System.out.println(t1.toString("t1"));
+        t1.conditionalAddQ();
+        t1.power2Round(t0);
+
+        // System.out.println(t1.toString("t1"));
+        // System.out.println(t0.toString("t0"));
+
+        byte[] encT1 = Packing.packPublicKey(t1, this);
+        // System.out.println("enc t1 = ");
+        // Helper.printByteArray(encT1);
+        return encT1;
     }
 
     SHAKEDigest getShake256Digest()
 
@@ -81,7 +81,7 @@ public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAP
             }
             else
             {
-                this.t1 = null;
+                this.t1 = eng.deriveT1(rho, k, tr, s1, s2, t0);;
             }
             this.seed = null;
         }
@@ -117,6 +117,11 @@ public byte[] getSeed()
 
     public MLDSAPublicKeyParameters getPublicKeyParameters()
     {
+        if (this.t1 == null)
+        {
+            return null;
+        }
+        
         return new MLDSAPublicKeyParameters(getParameters(), rho, t1);
     }
 
 
@@ -18,11 +18,23 @@ public MLDSAPublicKeyParameters(MLDSAParameters params, byte[] encoding)
         super(false, params);
         this.rho = Arrays.copyOfRange(encoding, 0, MLDSAEngine.SeedBytes);
         this.t1 = Arrays.copyOfRange(encoding, MLDSAEngine.SeedBytes, encoding.length);
+        if (t1.length == 0)
+        {
+            throw new IllegalArgumentException("encoding too short");
+        }
     }
 
     public MLDSAPublicKeyParameters(MLDSAParameters params, byte[] rho, byte[] t1)
     {
         super(false, params);
+        if (rho == null)
+        {
+            throw new NullPointerException("rho cannot be null");
+        }
+        if (t1 == null)
+        {
+            throw new NullPointerException("t1 cannot be null");
+        }
         this.rho = Arrays.clone(rho);
         this.t1 = Arrays.clone(t1);
     }
 
@@ -10,6 +10,7 @@
 import org.bouncycastle.jcajce.interfaces.MLDSAPublicKey;
 import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
 import org.bouncycastle.pqc.crypto.util.PrivateKeyFactory;
 import org.bouncycastle.pqc.jcajce.provider.util.KeyUtil;
 import org.bouncycastle.util.Arrays;
@@ -101,7 +102,12 @@ public byte[] getEncoded()
 
     public MLDSAPublicKey getPublicKey()
     {
-        return new BCMLDSAPublicKey(params.getPublicKeyParameters());
+        MLDSAPublicKeyParameters publicKeyParameters = params.getPublicKeyParameters();
+        if (publicKeyParameters == null)
+        {
+            return null;
+        }
+        return new BCMLDSAPublicKey(publicKeyParameters);
     }
 
     @Override
 
@@ -22,9 +22,10 @@
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;
 import org.bouncycastle.pqc.jcajce.provider.util.BaseKeyFactorySpi;
+import org.bouncycastle.util.Arrays;
 
 public class MLDSAKeyFactorySpi
-        extends BaseKeyFactorySpi
+    extends BaseKeyFactorySpi
 {
     private static final Set<ASN1ObjectIdentifier> pureKeyOids = new HashSet<ASN1ObjectIdentifier>();
     private static final Set<ASN1ObjectIdentifier> hashKeyOids = new HashSet<ASN1ObjectIdentifier>();
@@ -54,7 +55,7 @@ public MLDSAKeyFactorySpi(ASN1ObjectIdentifier keyOid)
     }
 
     public final KeySpec engineGetKeySpec(Key key, Class keySpec)
-            throws InvalidKeySpecException
+        throws InvalidKeySpecException
     {
         if (key instanceof BCMLDSAPrivateKey)
         {
@@ -93,15 +94,15 @@ else if (key instanceof BCMLDSAPublicKey)
         else
         {
             throw new InvalidKeySpecException("Unsupported key type: "
-                    + key.getClass() + ".");
+                + key.getClass() + ".");
         }
 
         throw new InvalidKeySpecException("Unknown key specification: "
-                + keySpec + ".");
+            + keySpec + ".");
     }
 
     public final Key engineTranslateKey(Key key)
-            throws InvalidKeyException
+        throws InvalidKeyException
     {
         if (key instanceof BCMLDSAPrivateKey || key instanceof BCMLDSAPublicKey)
         {
@@ -127,16 +128,15 @@ public PrivateKey engineGeneratePrivate(
             }
             else
             {
+                params = new MLDSAPrivateKeyParameters(
+                    mldsaParameters, spec.getPrivateData(), null);
                 byte[] publicData = spec.getPublicData();
                 if (publicData != null)
                 {
-                    params = new MLDSAPrivateKeyParameters(
-                        mldsaParameters, spec.getPrivateData(), new MLDSAPublicKeyParameters(mldsaParameters, publicData));
-                }
-                else
-                {
-                    params = new MLDSAPrivateKeyParameters(
-                        mldsaParameters, spec.getPrivateData(), null);
+                    if (!Arrays.areEqual(publicData, params.getPublicKey()))
+                    {
+                        throw new InvalidKeySpecException("public key data does not match private key data");
+                    }
                 }
             }
 
@@ -163,19 +163,19 @@ public PublicKey engineGeneratePublic(
     }
 
     public PrivateKey generatePrivate(PrivateKeyInfo keyInfo)
-            throws IOException
+        throws IOException
     {
         return new BCMLDSAPrivateKey(keyInfo);
     }
 
     public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo)
-            throws IOException
+        throws IOException
     {
         return new BCMLDSAPublicKey(keyInfo);
     }
 
     public static class Pure
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public Pure()
         {
@@ -184,7 +184,7 @@ public Pure()
     }
 
     public static class MLDSA44
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public MLDSA44()
         {
@@ -193,7 +193,7 @@ public MLDSA44()
     }
 
     public static class MLDSA65
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public MLDSA65()
         {
@@ -202,7 +202,7 @@ public MLDSA65()
     }
 
     public static class MLDSA87
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public MLDSA87()
         {
@@ -211,7 +211,7 @@ public MLDSA87()
     }
 
     public static class Hash
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public Hash()
         {
@@ -220,7 +220,7 @@ public Hash()
     }
 
     public static class HashMLDSA44
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public HashMLDSA44()
         {
@@ -229,7 +229,7 @@ public HashMLDSA44()
     }
 
     public static class HashMLDSA65
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public HashMLDSA65()
         {
@@ -238,7 +238,7 @@ public HashMLDSA65()
     }
 
     public static class HashMLDSA87
-            extends MLDSAKeyFactorySpi
+        extends MLDSAKeyFactorySpi
     {
         public HashMLDSA87()
         {
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAP`
`81`	`81`	`}`
`82`	`82`	`else`
`83`	`83`	`{`
`84`		`- this.t1 = null;`
	`84`	`+ this.t1 = eng.deriveT1(rho, k, tr, s1, s2, t0);;`
`85`	`85`	`}`
`86`	`86`	`this.seed = null;`
`87`	`87`	`}`
`@@ -117,6 +117,11 @@ public byte[] getSeed()`
`117`	`117`
`118`	`118`	`public MLDSAPublicKeyParameters getPublicKeyParameters()`
`119`	`119`	`{`
	`120`	`+ if (this.t1 == null)`
	`121`	`+ {`
	`122`	`+ return null;`
	`123`	`+ }`
	`124`	`+`
`120`	`125`	`return new MLDSAPublicKeyParameters(getParameters(), rho, t1);`
`121`	`126`	`}`
`122`	`127`
Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,10 @@`
`22`	`22`	`import org.bouncycastle.pqc.crypto.mldsa.MLDSAPrivateKeyParameters;`
`23`	`23`	`import org.bouncycastle.pqc.crypto.mldsa.MLDSAPublicKeyParameters;`
`24`	`24`	`import org.bouncycastle.pqc.jcajce.provider.util.BaseKeyFactorySpi;`
	`25`	`+import org.bouncycastle.util.Arrays;`
`25`	`26`
`26`	`27`	`public class MLDSAKeyFactorySpi`
`27`		`- extends BaseKeyFactorySpi`
	`28`	`+ extends BaseKeyFactorySpi`
`28`	`29`	`{`
`29`	`30`	`private static final Set<ASN1ObjectIdentifier> pureKeyOids = new HashSet<ASN1ObjectIdentifier>();`
`30`	`31`	`private static final Set<ASN1ObjectIdentifier> hashKeyOids = new HashSet<ASN1ObjectIdentifier>();`
`@@ -54,7 +55,7 @@ public MLDSAKeyFactorySpi(ASN1ObjectIdentifier keyOid)`
`54`	`55`	`}`
`55`	`56`
`56`	`57`	`public final KeySpec engineGetKeySpec(Key key, Class keySpec)`
`57`		`- throws InvalidKeySpecException`
	`58`	`+ throws InvalidKeySpecException`
`58`	`59`	`{`
`59`	`60`	`if (key instanceof BCMLDSAPrivateKey)`
`60`	`61`	`{`
`@@ -93,15 +94,15 @@ else if (key instanceof BCMLDSAPublicKey)`
`93`	`94`	`else`
`94`	`95`	`{`
`95`	`96`	`throw new InvalidKeySpecException("Unsupported key type: "`
`96`		`- + key.getClass() + ".");`
	`97`	`+ + key.getClass() + ".");`
`97`	`98`	`}`
`98`	`99`
`99`	`100`	`throw new InvalidKeySpecException("Unknown key specification: "`
`100`		`- + keySpec + ".");`
	`101`	`+ + keySpec + ".");`
`101`	`102`	`}`
`102`	`103`
`103`	`104`	`public final Key engineTranslateKey(Key key)`
`104`		`- throws InvalidKeyException`
	`105`	`+ throws InvalidKeyException`
`105`	`106`	`{`
`106`	`107`	`if (key instanceof BCMLDSAPrivateKey \|\| key instanceof BCMLDSAPublicKey)`
`107`	`108`	`{`
`@@ -127,16 +128,15 @@ public PrivateKey engineGeneratePrivate(`
`127`	`128`	`}`
`128`	`129`	`else`
`129`	`130`	`{`
	`131`	`+ params = new MLDSAPrivateKeyParameters(`
	`132`	`+ mldsaParameters, spec.getPrivateData(), null);`
`130`	`133`	`byte[] publicData = spec.getPublicData();`
`131`	`134`	`if (publicData != null)`
`132`	`135`	`{`
`133`		`- params = new MLDSAPrivateKeyParameters(`
`134`		`- mldsaParameters, spec.getPrivateData(), new MLDSAPublicKeyParameters(mldsaParameters, publicData));`
`135`		`- }`
`136`		`- else`
`137`		`- {`
`138`		`- params = new MLDSAPrivateKeyParameters(`
`139`		`- mldsaParameters, spec.getPrivateData(), null);`
	`136`	`+ if (!Arrays.areEqual(publicData, params.getPublicKey()))`
	`137`	`+ {`
	`138`	`+ throw new InvalidKeySpecException("public key data does not match private key data");`
	`139`	`+ }`
`140`	`140`	`}`
`141`	`141`	`}`
`142`	`142`
`@@ -163,19 +163,19 @@ public PublicKey engineGeneratePublic(`
`163`	`163`	`}`
`164`	`164`
`165`	`165`	`public PrivateKey generatePrivate(PrivateKeyInfo keyInfo)`
`166`		`- throws IOException`
	`166`	`+ throws IOException`
`167`	`167`	`{`
`168`	`168`	`return new BCMLDSAPrivateKey(keyInfo);`
`169`	`169`	`}`
`170`	`170`
`171`	`171`	`public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo)`
`172`		`- throws IOException`
	`172`	`+ throws IOException`
`173`	`173`	`{`
`174`	`174`	`return new BCMLDSAPublicKey(keyInfo);`
`175`	`175`	`}`
`176`	`176`
`177`	`177`	`public static class Pure`
`178`		`- extends MLDSAKeyFactorySpi`
	`178`	`+ extends MLDSAKeyFactorySpi`
`179`	`179`	`{`
`180`	`180`	`public Pure()`
`181`	`181`	`{`
`@@ -184,7 +184,7 @@ public Pure()`
`184`	`184`	`}`
`185`	`185`
`186`	`186`	`public static class MLDSA44`
`187`		`- extends MLDSAKeyFactorySpi`
	`187`	`+ extends MLDSAKeyFactorySpi`
`188`	`188`	`{`
`189`	`189`	`public MLDSA44()`
`190`	`190`	`{`
`@@ -193,7 +193,7 @@ public MLDSA44()`
`193`	`193`	`}`
`194`	`194`
`195`	`195`	`public static class MLDSA65`
`196`		`- extends MLDSAKeyFactorySpi`
	`196`	`+ extends MLDSAKeyFactorySpi`
`197`	`197`	`{`
`198`	`198`	`public MLDSA65()`
`199`	`199`	`{`
`@@ -202,7 +202,7 @@ public MLDSA65()`
`202`	`202`	`}`
`203`	`203`
`204`	`204`	`public static class MLDSA87`
`205`		`- extends MLDSAKeyFactorySpi`
	`205`	`+ extends MLDSAKeyFactorySpi`
`206`	`206`	`{`
`207`	`207`	`public MLDSA87()`
`208`	`208`	`{`
`@@ -211,7 +211,7 @@ public MLDSA87()`
`211`	`211`	`}`
`212`	`212`
`213`	`213`	`public static class Hash`
`214`		`- extends MLDSAKeyFactorySpi`
	`214`	`+ extends MLDSAKeyFactorySpi`
`215`	`215`	`{`
`216`	`216`	`public Hash()`
`217`	`217`	`{`
`@@ -220,7 +220,7 @@ public Hash()`
`220`	`220`	`}`
`221`	`221`
`222`	`222`	`public static class HashMLDSA44`
`223`		`- extends MLDSAKeyFactorySpi`
	`223`	`+ extends MLDSAKeyFactorySpi`
`224`	`224`	`{`
`225`	`225`	`public HashMLDSA44()`
`226`	`226`	`{`
`@@ -229,7 +229,7 @@ public HashMLDSA44()`
`229`	`229`	`}`
`230`	`230`
`231`	`231`	`public static class HashMLDSA65`
`232`		`- extends MLDSAKeyFactorySpi`
	`232`	`+ extends MLDSAKeyFactorySpi`
`233`	`233`	`{`
`234`	`234`	`public HashMLDSA65()`
`235`	`235`	`{`
`@@ -238,7 +238,7 @@ public HashMLDSA65()`
`238`	`238`	`}`
`239`	`239`
`240`	`240`	`public static class HashMLDSA87`
`241`		`- extends MLDSAKeyFactorySpi`
	`241`	`+ extends MLDSAKeyFactorySpi`
`242`	`242`	`{`
`243`	`243`	`public HashMLDSA87()`
`244`	`244`	`{`