CMS: Prepare ML-DSA tests (not working yet)

peterdettman · peterdettman · commit bb265da7ba02 · 2025-03-12T20:26:06.000+07:00
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java b/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java
@@ -61,6 +61,9 @@ public class CMSTestUtil
     public static KeyPairGenerator ecDsaKpg;
     public static KeyPairGenerator ed25519Kpg;
     public static KeyPairGenerator ed448Kpg;
+    public static KeyPairGenerator mlDsa44Kpg;
+    public static KeyPairGenerator mlDsa65Kpg;
+    public static KeyPairGenerator mlDsa87Kpg;
     public static KeyPairGenerator mlKem512Kpg;
     public static KeyPairGenerator mlKem768Kpg;
     public static KeyPairGenerator mlKem1024Kpg;
@@ -170,6 +173,11 @@ public class CMSTestUtil
             ed448Kpg = KeyPairGenerator.getInstance("Ed448", "BC");
 
             ntruKpg = KeyPairGenerator.getInstance(BCObjectIdentifiers.ntruhps2048509.getId(), "BC");
+
+            mlDsa44Kpg = KeyPairGenerator.getInstance("ML-DSA-44", "BC");
+            mlDsa65Kpg = KeyPairGenerator.getInstance("ML-DSA-65", "BC");
+            mlDsa87Kpg = KeyPairGenerator.getInstance("ML-DSA-87", "BC");
+
             mlKem512Kpg = KeyPairGenerator.getInstance("ML-KEM-512", "BC");
             mlKem768Kpg = KeyPairGenerator.getInstance("ML-KEM-768", "BC");
             mlKem1024Kpg = KeyPairGenerator.getInstance("ML-KEM-1024", "BC");
@@ -300,6 +308,21 @@ public static KeyPair makeMLKem1024KeyPair()
         return mlKem1024Kpg.generateKeyPair();
     }
 
+    public static KeyPair makeMLDsa44KeyPair()
+    {
+        return mlDsa44Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLDsa65KeyPair()
+    {
+        return mlDsa65Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLDsa87KeyPair()
+    {
+        return mlDsa87Kpg.generateKeyPair();
+    }
+
     public static SecretKey makeDesede128Key()
     {
         return desede128kg.generateKey();
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java
@@ -144,6 +144,13 @@ public class NewSignedDataTest
     private static KeyPair         _signEd448KP;
     private static X509Certificate _signEd448Cert;
 
+    private static KeyPair         _signMLDsa44KP;
+    private static X509Certificate _signMLDsa44Cert;
+    private static KeyPair         _signMLDsa65KP;
+    private static X509Certificate _signMLDsa65Cert;
+    private static KeyPair         _signMLDsa87KP;
+    private static X509Certificate _signMLDsa87Cert;
+
     private static String          _reciDN;
     private static KeyPair         _reciKP;
     private static X509Certificate _reciCert;
@@ -704,6 +711,9 @@ public class NewSignedDataTest
         noParams.add(NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
         noParams.add(EdECObjectIdentifiers.id_Ed25519);
         noParams.add(EdECObjectIdentifiers.id_Ed448);
+        noParams.add(NISTObjectIdentifiers.id_ml_dsa_44);
+        noParams.add(NISTObjectIdentifiers.id_ml_dsa_65);
+        noParams.add(NISTObjectIdentifiers.id_ml_dsa_87);
     }
 
     public NewSignedDataTest(String name)
@@ -776,6 +786,15 @@ private static void init()
             _signEd448KP   = CMSTestUtil.makeEd448KeyPair();
             _signEd448Cert = CMSTestUtil.makeCertificate(_signEd448KP, _signDN, _origKP, _origDN);
 
+            _signMLDsa44KP   = CMSTestUtil.makeMLDsa44KeyPair();
+            _signMLDsa44Cert = CMSTestUtil.makeCertificate(_signMLDsa44KP, _signDN, _origKP, _origDN);
+
+            _signMLDsa65KP   = CMSTestUtil.makeMLDsa65KeyPair();
+            _signMLDsa65Cert = CMSTestUtil.makeCertificate(_signMLDsa65KP, _signDN, _origKP, _origDN);
+
+            _signMLDsa87KP   = CMSTestUtil.makeMLDsa87KeyPair();
+            _signMLDsa87Cert = CMSTestUtil.makeCertificate(_signMLDsa87KP, _signDN, _origKP, _origDN);
+
             _reciDN   = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
             _reciKP   = CMSTestUtil.makeKeyPair();
             _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
@@ -1789,13 +1808,32 @@ public void testSHA512_256ithRSADigest()
     public void testEd25519()
         throws Exception
     {
-        encapsulatedTest(_signEd25519KP, _signEd25519Cert, "Ed25519", EdECObjectIdentifiers.id_Ed25519, new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512));
+        /*
+         * RFC 8419 3.1. When signing with Ed25519, the digestAlgorithm MUST be id-sha512, and the algorithm
+         * parameters field MUST be absent.
+         * 
+         * We confirm here that our implementation defaults to SHA-512 for the digest algorithm.
+         */
+        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512);
+
+        encapsulatedTest(_signEd25519KP, _signEd25519Cert, "Ed25519", EdECObjectIdentifiers.id_Ed25519,
+            expectedDigAlgId);
     }
 
     public void testEd448()
         throws Exception
     {
-        encapsulatedTest(_signEd448KP, _signEd448Cert, "Ed448", EdECObjectIdentifiers.id_Ed448, new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256_len, new ASN1Integer(512)));
+        /*
+         * RFC 8419 3.1. When signing with Ed448, the digestAlgorithm MUST be id-shake256-len, the algorithm
+         * parameters field MUST be present, and the parameter MUST contain 512, encoded as a positive integer
+         * value.
+         * 
+         * We confirm here that our implementation defaults to id-shake256-len/512 for the digest algorithm.
+         */
+        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256_len,
+            new ASN1Integer(512));
+
+        encapsulatedTest(_signEd448KP, _signEd448Cert, "Ed448", EdECObjectIdentifiers.id_Ed448, expectedDigAlgId);
     }
 
     public void testDetachedEd25519()
@@ -2270,6 +2308,57 @@ public SignerInformationVerifier get(SignerId signerId)
         assertTrue(digAlgs.contains(new AlgorithmIdentifier(TeleTrusTObjectIdentifiers.ripemd160, DERNull.INSTANCE)));
     }
 
+//    public void testMLDsa44()
+//        throws Exception
+//    {
+//        /*
+//         * draft-ietf-lamps-cms-ml-dsa-02 3.3. SHA-512 [FIPS180] MUST be supported for use with the variants
+//         * of ML-DSA in this document; however, other hash functions MAY also be supported. When SHA-512 is
+//         * used, the id-sha512 [RFC5754] digest algorithm identifier is used and the parameters field MUST be
+//         * omitted.
+//         *
+//         * We confirm here that our implementation defaults to SHA-512 for the digest algorithm.
+//         */
+//        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512);
+//
+//        encapsulatedTest(_signMLDsa44KP, _signMLDsa44Cert, "ML-DSA-44", NISTObjectIdentifiers.id_ml_dsa_44,
+//            expectedDigAlgId);
+//    }
+//
+//    public void testMLDsa65()
+//        throws Exception
+//    {
+//        /*
+//         * draft-ietf-lamps-cms-ml-dsa-02 3.3. SHA-512 [FIPS180] MUST be supported for use with the variants
+//         * of ML-DSA in this document; however, other hash functions MAY also be supported. When SHA-512 is
+//         * used, the id-sha512 [RFC5754] digest algorithm identifier is used and the parameters field MUST be
+//         * omitted.
+//         *
+//         * We confirm here that our implementation defaults to SHA-512 for the digest algorithm.
+//         */
+//        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512);
+//
+//        encapsulatedTest(_signMLDsa65KP, _signMLDsa65Cert, "ML-DSA-65", NISTObjectIdentifiers.id_ml_dsa_65,
+//            expectedDigAlgId);
+//    }
+//
+//    public void testMLDsa87()
+//        throws Exception
+//    {
+//        /*
+//         * draft-ietf-lamps-cms-ml-dsa-02 3.3. SHA-512 [FIPS180] MUST be supported for use with the variants
+//         * of ML-DSA in this document; however, other hash functions MAY also be supported. When SHA-512 is
+//         * used, the id-sha512 [RFC5754] digest algorithm identifier is used and the parameters field MUST be
+//         * omitted.
+//         *
+//         * We confirm here that our implementation defaults to SHA-512 for the digest algorithm.
+//         */
+//        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512);
+//
+//        encapsulatedTest(_signMLDsa87KP, _signMLDsa87Cert, "ML-DSA-87", NISTObjectIdentifiers.id_ml_dsa_87,
+//            expectedDigAlgId);
+//    }
+
     private void rsaPSSTest(String signatureAlgorithmName)
         throws Exception
     {
