added key translation for Dilithium and Falcon

Author: dghgit

prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java

@@ -30,6 +30,7 @@
 import org.bouncycastle.pqc.asn1.PQCObjectIdentifiers;
 import org.bouncycastle.pqc.jcajce.provider.dilithium.DilithiumKeyFactorySpi;
 import org.bouncycastle.pqc.jcajce.provider.falcon.FalconKeyFactorySpi;
+import org.bouncycastle.pqc.jcajce.provider.kyber.KyberKeyFactorySpi;
 import org.bouncycastle.pqc.jcajce.provider.lms.LMSKeyFactorySpi;
 import org.bouncycastle.pqc.jcajce.provider.mceliece.McElieceCCA2KeyFactorySpi;
 import org.bouncycastle.pqc.jcajce.provider.mceliece.McElieceKeyFactorySpi;
@@ -322,6 +323,12 @@ private void loadPQCKeys()
         addKeyInfoConverter(BCObjectIdentifiers.dilithium2_aes, new DilithiumKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.dilithium3_aes, new DilithiumKeyFactorySpi());
         addKeyInfoConverter(BCObjectIdentifiers.dilithium5_aes, new DilithiumKeyFactorySpi());
+        addKeyInfoConverter(BCObjectIdentifiers.kyber512, new KyberKeyFactorySpi());
+        addKeyInfoConverter(BCObjectIdentifiers.kyber768, new KyberKeyFactorySpi());
+        addKeyInfoConverter(BCObjectIdentifiers.kyber1024, new KyberKeyFactorySpi());
+        addKeyInfoConverter(BCObjectIdentifiers.kyber512_aes, new KyberKeyFactorySpi());
+        addKeyInfoConverter(BCObjectIdentifiers.kyber768_aes, new KyberKeyFactorySpi());
+        addKeyInfoConverter(BCObjectIdentifiers.kyber1024_aes, new KyberKeyFactorySpi());
     }
 
     public void setParameter(String parameterName, Object parameter)

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/dilithium/SignatureSpi.java

@@ -1,6 +1,7 @@
 package org.bouncycastle.pqc.jcajce.provider.dilithium;
 
 import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -9,6 +10,7 @@
 import java.security.SignatureException;
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumParameters;
@@ -45,26 +47,30 @@ protected SignatureSpi(DilithiumSigner signer, DilithiumParameters parameters)
     protected void engineInitVerify(PublicKey publicKey)
         throws InvalidKeyException
     {
-        if (publicKey instanceof BCDilithiumPublicKey)
+        if (!(publicKey instanceof BCDilithiumPublicKey))
         {
-            BCDilithiumPublicKey key = (BCDilithiumPublicKey)publicKey;
-            CipherParameters param = key.getKeyParams();
-
-            if (parameters != null)
+            try
             {
-                String canonicalAlg = Strings.toUpperCase(parameters.getName());
-                if (!canonicalAlg.equals(key.getAlgorithm()))
-                {
-                    throw new InvalidKeyException("signature configured for " + canonicalAlg);
-                }
+                publicKey = new BCDilithiumPublicKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
+            }
+            catch (Exception e)
+            {
+                throw new InvalidKeyException("unknown public key passed to Dilithium: " + e.getMessage(), e);
             }
-
-            signer.init(false, param);
         }
-        else
+
+        BCDilithiumPublicKey key = (BCDilithiumPublicKey)publicKey;
+
+        if (parameters != null)
         {
-            throw new InvalidKeyException("unknown public key passed to Dilithium");
+            String canonicalAlg = Strings.toUpperCase(parameters.getName());
+            if (!canonicalAlg.equals(key.getAlgorithm()))
+            {
+                throw new InvalidKeyException("signature configured for " + canonicalAlg);
+            }
         }
+
+        signer.init(false, key.getKeyParams());
     }
 
     protected void engineInitSign(PrivateKey privateKey, SecureRandom random)

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/falcon/SignatureSpi.java

@@ -1,6 +1,7 @@
 package org.bouncycastle.pqc.jcajce.provider.falcon;
 
 import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -9,11 +10,13 @@
 import java.security.SignatureException;
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.pqc.crypto.falcon.FalconParameters;
 import org.bouncycastle.pqc.crypto.falcon.FalconPrivateKeyParameters;
 import org.bouncycastle.pqc.crypto.falcon.FalconSigner;
+import org.bouncycastle.pqc.jcajce.provider.dilithium.BCDilithiumPublicKey;
 import org.bouncycastle.util.Strings;
 
 public class SignatureSpi
@@ -45,26 +48,30 @@ protected SignatureSpi(FalconSigner signer, FalconParameters parameters)
     protected void engineInitVerify(PublicKey publicKey)
         throws InvalidKeyException
     {
-        if (publicKey instanceof BCFalconPublicKey)
+        if (!(publicKey instanceof BCFalconPublicKey))
         {
-            BCFalconPublicKey key = (BCFalconPublicKey)publicKey;
-            CipherParameters param = key.getKeyParams();
-
-            if (parameters != null)
+            try
             {
-                String canonicalAlg = Strings.toUpperCase(parameters.getName());
-                if (!canonicalAlg.equals(key.getAlgorithm()))
-                {
-                    throw new InvalidKeyException("signature configured for " + canonicalAlg);
-                }
+                publicKey = new BCFalconPublicKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
+            }
+            catch (Exception e)
+            {
+                throw new InvalidKeyException("unknown public key passed to Falcon: " + e.getMessage(), e);
             }
-
-            signer.init(false, param);
         }
-        else
+
+        BCFalconPublicKey key = (BCFalconPublicKey)publicKey;
+
+        if (parameters != null)
         {
-            throw new InvalidKeyException("unknown public key passed to Falcon");
+            String canonicalAlg = Strings.toUpperCase(parameters.getName());
+            if (!canonicalAlg.equals(key.getAlgorithm()))
+            {
+                throw new InvalidKeyException("signature configured for " + canonicalAlg);
+            }
         }
+
+        signer.init(false, key.getKeyParams());
     }
 
     protected void engineInitSign(PrivateKey privateKey, SecureRandom random)