added MLKEM and MLDSA provider structs

Author: royb

pkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java

@@ -226,6 +226,10 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         algorithms.put("DILITHIUM3-AES", BCObjectIdentifiers.dilithium3_aes);
         algorithms.put("DILITHIUM5-AES", BCObjectIdentifiers.dilithium5_aes);
 
+        algorithms.put("ML-DSA-44", NISTObjectIdentifiers.id_ml_dsa_44);
+        algorithms.put("ML-DSA-65", NISTObjectIdentifiers.id_ml_dsa_65);
+        algorithms.put("ML-DSA-87", NISTObjectIdentifiers.id_ml_dsa_87);
+
         algorithms.put("SLH-DSA-SHA2-128S", NISTObjectIdentifiers.id_slh_dsa_sha2_128s);
         algorithms.put("SLH-DSA-SHA2-128F", NISTObjectIdentifiers.id_slh_dsa_sha2_128f);
         algorithms.put("SLH-DSA-SHA2-192S", NISTObjectIdentifiers.id_slh_dsa_sha2_192s);

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLDSAKey.java

@@ -0,0 +1,16 @@
+package org.bouncycastle.jcajce.interfaces;
+
+import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
+
+import java.security.Key;
+
+public interface MLDSAKey
+    extends Key
+{
+    /**
+     * Return the parameters for this key.
+     *
+     * @return a MLDSAParameterSpec
+     */
+    MLDSAParameterSpec getParameterSpec();
+}

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLDSAPrivateKey.java

@@ -0,0 +1,14 @@
+package org.bouncycastle.jcajce.interfaces;
+
+import java.security.PrivateKey;
+
+public interface MLDSAPrivateKey
+    extends PrivateKey, MLDSAKey
+{
+    /**
+     * Return the public key corresponding to this private key.
+     *
+     * @return a ML-DSA Public Key
+     */
+    MLDSAPublicKey getPublicKey();
+}

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLDSAPublicKey.java

@@ -0,0 +1,8 @@
+package org.bouncycastle.jcajce.interfaces;
+
+import java.security.PublicKey;
+
+public interface MLDSAPublicKey
+    extends PublicKey, MLDSAKey
+{
+}

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLKEMKey.java

@@ -0,0 +1,16 @@
+package org.bouncycastle.jcajce.interfaces;
+
+import org.bouncycastle.jcajce.spec.MLKEMParameterSpec;
+
+import java.security.Key;
+
+public interface MLKEMKey
+    extends Key
+{
+    /**
+     * Return the parameters for this key.
+     *
+     * @return a MLKEMParameterSpec
+     */
+    MLKEMParameterSpec getParameterSpec();
+}

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLKEMPrivateKey.java

@@ -0,0 +1,14 @@
+package org.bouncycastle.jcajce.interfaces;
+
+import java.security.PrivateKey;
+
+public interface MLKEMPrivateKey
+    extends PrivateKey, MLKEMKey
+{
+    /**
+     * Return the public key corresponding to this private key.
+     *
+     * @return a ML-KEM Public Key
+     */
+    MLKEMPublicKey getPublicKey();
+}

prov/src/main/java/org/bouncycastle/jcajce/interfaces/MLKEMPublicKey.java

@@ -0,0 +1,8 @@
+package org.bouncycastle.jcajce.interfaces;
+
+import java.security.PublicKey;
+
+public interface MLKEMPublicKey
+    extends PublicKey, MLKEMKey
+{
+}

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/Dilithium.java

@@ -1,7 +1,6 @@
 package org.bouncycastle.jcajce.provider.asymmetric;
 
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
 import org.bouncycastle.pqc.jcajce.provider.dilithium.DilithiumKeyFactorySpi;
@@ -21,21 +20,21 @@ public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyFactory.DILITHIUM", PREFIX + "DilithiumKeyFactorySpi");
 
-            addKeyFactoryAlgorithm(provider, "DILITHIUM2", PREFIX + "DilithiumKeyFactorySpi$Base2", NISTObjectIdentifiers.id_ml_dsa_44, new DilithiumKeyFactorySpi.Base2());
-            addKeyFactoryAlgorithm(provider, "DILITHIUM3", PREFIX + "DilithiumKeyFactorySpi$Base3", NISTObjectIdentifiers.id_ml_dsa_65, new DilithiumKeyFactorySpi.Base3());
-            addKeyFactoryAlgorithm(provider, "DILITHIUM5", PREFIX + "DilithiumKeyFactorySpi$Base5", NISTObjectIdentifiers.id_ml_dsa_87, new DilithiumKeyFactorySpi.Base5());
+            addKeyFactoryAlgorithm(provider, "DILITHIUM2", PREFIX + "DilithiumKeyFactorySpi$Base2", BCObjectIdentifiers.dilithium2, new DilithiumKeyFactorySpi.Base2());
+            addKeyFactoryAlgorithm(provider, "DILITHIUM3", PREFIX + "DilithiumKeyFactorySpi$Base3", BCObjectIdentifiers.dilithium3, new DilithiumKeyFactorySpi.Base3());
+            addKeyFactoryAlgorithm(provider, "DILITHIUM5", PREFIX + "DilithiumKeyFactorySpi$Base5", BCObjectIdentifiers.dilithium5, new DilithiumKeyFactorySpi.Base5());
 
             provider.addAlgorithm("KeyPairGenerator.DILITHIUM", PREFIX + "DilithiumKeyPairGeneratorSpi");
 
-            addKeyPairGeneratorAlgorithm(provider, "DILITHIUM2", PREFIX + "DilithiumKeyPairGeneratorSpi$Base2", NISTObjectIdentifiers.id_ml_dsa_44);
-            addKeyPairGeneratorAlgorithm(provider, "DILITHIUM3", PREFIX + "DilithiumKeyPairGeneratorSpi$Base3", NISTObjectIdentifiers.id_ml_dsa_65);
-            addKeyPairGeneratorAlgorithm(provider, "DILITHIUM5", PREFIX + "DilithiumKeyPairGeneratorSpi$Base5", NISTObjectIdentifiers.id_ml_dsa_87);
+            addKeyPairGeneratorAlgorithm(provider, "DILITHIUM2", PREFIX + "DilithiumKeyPairGeneratorSpi$Base2", BCObjectIdentifiers.dilithium2);
+            addKeyPairGeneratorAlgorithm(provider, "DILITHIUM3", PREFIX + "DilithiumKeyPairGeneratorSpi$Base3", BCObjectIdentifiers.dilithium3);
+            addKeyPairGeneratorAlgorithm(provider, "DILITHIUM5", PREFIX + "DilithiumKeyPairGeneratorSpi$Base5", BCObjectIdentifiers.dilithium5);
 
             addSignatureAlgorithm(provider, "DILITHIUM", PREFIX + "SignatureSpi$Base", BCObjectIdentifiers.dilithium);
 
-            addSignatureAlgorithm(provider, "DILITHIUM2", PREFIX + "SignatureSpi$Base2", NISTObjectIdentifiers.id_ml_dsa_44);
-            addSignatureAlgorithm(provider, "DILITHIUM3", PREFIX + "SignatureSpi$Base3", NISTObjectIdentifiers.id_ml_dsa_65);
-            addSignatureAlgorithm(provider, "DILITHIUM5", PREFIX + "SignatureSpi$Base5", NISTObjectIdentifiers.id_ml_dsa_87);
+            addSignatureAlgorithm(provider, "DILITHIUM2", PREFIX + "SignatureSpi$Base2", BCObjectIdentifiers.dilithium2);
+            addSignatureAlgorithm(provider, "DILITHIUM3", PREFIX + "SignatureSpi$Base3", BCObjectIdentifiers.dilithium3);
+            addSignatureAlgorithm(provider, "DILITHIUM5", PREFIX + "SignatureSpi$Base5", BCObjectIdentifiers.dilithium5);
         }
     }
 }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/MLDSA.java

@@ -0,0 +1,61 @@
+package org.bouncycastle.jcajce.provider.asymmetric;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.mldsa.MLDSAKeyFactorySpi;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
+
+public class MLDSA
+{
+    private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".mldsa.";
+
+    public static class Mappings
+        extends AsymmetricAlgorithmProvider
+    {
+        public Mappings()
+        {
+        }
+
+        public void configure(ConfigurableProvider provider)
+        {
+            provider.addAlgorithm("KeyFactory.ML-DSA", PREFIX + "MLDSAKeyFactorySpi");
+            provider.addAlgorithm("KeyPairGenerator.ML-DSA", PREFIX + "MLDSAKeyPairGeneratorSpi");
+
+//            addKeyFactoryAlgorithm(provider, "ML-DSA-44", PREFIX + "MLDSAKeyFactorySpi$MLDSA44", NISTObjectIdentifiers.id_ml_dsa_44, new MLDSAKeyFactorySpi.MLDSA44());
+//            addKeyFactoryAlgorithm(provider, "ML-DSA-65", PREFIX + "MLDSAKeyFactorySpi$MLDSA65", NISTObjectIdentifiers.id_ml_dsa_65, new MLDSAKeyFactorySpi.MLDSA65());
+//            addKeyFactoryAlgorithm(provider, "ML-DSA-87", PREFIX + "MLDSAKeyFactorySpi$MLDSA87", NISTObjectIdentifiers.id_ml_dsa_87, new MLDSAKeyFactorySpi.MLDSA87());
+
+
+            addKeyPairGeneratorAlgorithm(provider, "ML-DSA-44", PREFIX + "MLDSAKeyPairGeneratorSpi$MLDSA44", NISTObjectIdentifiers.id_ml_dsa_44);
+            addKeyPairGeneratorAlgorithm(provider, "ML-DSA-65", PREFIX + "MLDSAKeyPairGeneratorSpi$MLDSA65", NISTObjectIdentifiers.id_ml_dsa_65);
+            addKeyPairGeneratorAlgorithm(provider, "ML-DSA-87", PREFIX + "MLDSAKeyPairGeneratorSpi$MLDSA87", NISTObjectIdentifiers.id_ml_dsa_87);
+
+            addSignatureAlgorithm(provider, "ML-DSA", PREFIX + "SignatureSpi$MLDSA", (ASN1ObjectIdentifier) null);
+
+            addSignatureAlgorithm(provider, "ML-DSA-44", PREFIX + "SignatureSpi$MLDSA44", NISTObjectIdentifiers.id_ml_dsa_44);
+            addSignatureAlgorithm(provider, "ML-DSA-65", PREFIX + "SignatureSpi$MLDSA65", NISTObjectIdentifiers.id_ml_dsa_65);
+            addSignatureAlgorithm(provider, "ML-DSA-87", PREFIX + "SignatureSpi$MLDSA87", NISTObjectIdentifiers.id_ml_dsa_87);
+
+
+//            provider.addAlgorithm("Alg.Alias.Signature." + NISTObjectIdentifiers.id_ml_dsa_44, "ML-DSA");
+//            provider.addAlgorithm("Alg.Alias.Signature.OID." + NISTObjectIdentifiers.id_ml_dsa_44, "ML-DSA");
+//
+//            provider.addAlgorithm("Alg.Alias.Signature." + NISTObjectIdentifiers.id_ml_dsa_65, "ML-DSA");
+//            provider.addAlgorithm("Alg.Alias.Signature.OID." + NISTObjectIdentifiers.id_ml_dsa_65, "ML-DSA");
+//
+//            provider.addAlgorithm("Alg.Alias.Signature." + NISTObjectIdentifiers.id_ml_dsa_87, "ML-DSA");
+//            provider.addAlgorithm("Alg.Alias.Signature.OID." + NISTObjectIdentifiers.id_ml_dsa_87, "ML-DSA");
+
+            AsymmetricKeyInfoConverter keyFact = new MLDSAKeyFactorySpi();
+
+            registerKeyFactoryOid(provider, NISTObjectIdentifiers.id_ml_dsa_44, "ML-DSA", keyFact);
+            registerKeyFactoryOid(provider, NISTObjectIdentifiers.id_ml_dsa_65, "ML-DSA", keyFact);
+            registerKeyFactoryOid(provider, NISTObjectIdentifiers.id_ml_dsa_87, "ML-DSA", keyFact);
+
+        }
+
+
+    }
+}

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/MLKEM.java

@@ -0,0 +1,56 @@
+package org.bouncycastle.jcajce.provider.asymmetric;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.mlkem.MLKEMKeyFactorySpi;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
+import org.bouncycastle.pqc.jcajce.provider.kyber.KyberKeyFactorySpi;
+
+public class MLKEM
+{
+    private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".mlkem.";
+
+    public static class Mappings
+        extends AsymmetricAlgorithmProvider
+    {
+        public Mappings()
+        {
+        }
+
+        public void configure(ConfigurableProvider provider)
+        {
+            provider.addAlgorithm("KeyFactory.ML-KEM", PREFIX + "MLKEMKeyFactorySpi");
+
+            addKeyFactoryAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMKeyFactorySpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512, new MLKEMKeyFactorySpi.MLKEM512());
+            addKeyFactoryAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMKeyFactorySpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768, new MLKEMKeyFactorySpi.MLKEM768());
+            addKeyFactoryAlgorithm(provider, "ML-KEM-1024", PREFIX + "MLKEMKeyFactorySpi$MLKEM1024", NISTObjectIdentifiers.id_alg_ml_kem_1024, new MLKEMKeyFactorySpi.MLKEM1024());
+
+
+            provider.addAlgorithm("KeyPairGenerator.ML-KEM", PREFIX + "MLKEMKeyPairGeneratorSpi");
+
+            addKeyPairGeneratorAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMKeyPairGeneratorSpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512);
+            addKeyPairGeneratorAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMKeyPairGeneratorSpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768);
+            addKeyPairGeneratorAlgorithm(provider, "ML-KEM-1024", PREFIX + "MLKEMKeyPairGeneratorSpi$MLKEM1024", NISTObjectIdentifiers.id_alg_ml_kem_1024);
+
+            provider.addAlgorithm("KeyGenerator.ML-KEM", PREFIX + "MLKEMKeyGeneratorSpi");
+
+            addKeyGeneratorAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMKeyGeneratorSpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512);
+            addKeyGeneratorAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMKeyGeneratorSpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768);
+            addKeyGeneratorAlgorithm(provider, "ML-KEM-1024", PREFIX + "MLKEMKeyGeneratorSpi$MLKEM1024", NISTObjectIdentifiers.id_alg_ml_kem_1024);
+
+            AsymmetricKeyInfoConverter keyFact = new MLKEMKeyFactorySpi();
+
+            provider.addAlgorithm("Cipher.ML-KEM", PREFIX + "MLKEMCipherSpi$Base");
+            provider.addAlgorithm("Alg.Alias.Cipher." + (ASN1ObjectIdentifier) null, "ML-KEM");
+
+            addCipherAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMCipherSpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512);
+            addCipherAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMCipherSpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768);
+            addCipherAlgorithm(provider, "ML-KEM-1024", PREFIX + "MLKEMCipherSpi$MLKEM1024", NISTObjectIdentifiers.id_alg_ml_kem_1024);
+
+            registerOid(provider, (ASN1ObjectIdentifier) null, "ML-KEM", keyFact);
+        }
+    }
+}