Merge branch 'main' into pqc-snova

Author: gefeili

pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java

@@ -372,13 +372,13 @@ else if (tagged.getTagNo() == 3)
         return new ASN1Integer(1);
     }
 
-    private boolean checkForVersion3(List signerInfos, List signerInfoGens)
+    private static boolean checkForVersion3(List signerInfos, List signerInfoGens)
     {
         for (Iterator it = signerInfos.iterator(); it.hasNext();)
         {
-            SignerInfo s = SignerInfo.getInstance(((SignerInformation)it.next()).toASN1Structure());
+            SignerInfo s = ((SignerInformation)it.next()).toASN1Structure();
 
-            if (s.getVersion().intValueExact() == 3)
+            if (s.getVersion().hasValue(3))
             {
                 return true;
             }

pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java

@@ -61,7 +61,12 @@ public class CMSTestUtil
     public static KeyPairGenerator ecDsaKpg;
     public static KeyPairGenerator ed25519Kpg;
     public static KeyPairGenerator ed448Kpg;
-    public static KeyPairGenerator mlKemKpg;
+    public static KeyPairGenerator mlDsa44Kpg;
+    public static KeyPairGenerator mlDsa65Kpg;
+    public static KeyPairGenerator mlDsa87Kpg;
+    public static KeyPairGenerator mlKem512Kpg;
+    public static KeyPairGenerator mlKem768Kpg;
+    public static KeyPairGenerator mlKem1024Kpg;
     public static KeyPairGenerator ntruKpg;
     public static KeyGenerator     aes192kg;
     public static KeyGenerator     desede128kg;
@@ -168,7 +173,14 @@ public class CMSTestUtil
             ed448Kpg = KeyPairGenerator.getInstance("Ed448", "BC");
 
             ntruKpg = KeyPairGenerator.getInstance(BCObjectIdentifiers.ntruhps2048509.getId(), "BC");
-            mlKemKpg = KeyPairGenerator.getInstance("ML-KEM-768", "BC");
+
+            mlDsa44Kpg = KeyPairGenerator.getInstance("ML-DSA-44", "BC");
+            mlDsa65Kpg = KeyPairGenerator.getInstance("ML-DSA-65", "BC");
+            mlDsa87Kpg = KeyPairGenerator.getInstance("ML-DSA-87", "BC");
+
+            mlKem512Kpg = KeyPairGenerator.getInstance("ML-KEM-512", "BC");
+            mlKem768Kpg = KeyPairGenerator.getInstance("ML-KEM-768", "BC");
+            mlKem1024Kpg = KeyPairGenerator.getInstance("ML-KEM-1024", "BC");
 
             aes192kg = KeyGenerator.getInstance("AES", "BC");
             aes192kg.init(192, rand);
@@ -281,9 +293,34 @@ public static KeyPair makeNtruKeyPair()
         return ntruKpg.generateKeyPair();
     }
 
-    public static KeyPair makeMLKemKeyPair()
+    public static KeyPair makeMLKem512KeyPair()
+    {
+        return mlKem512Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLKem768KeyPair()
+    {
+        return mlKem768Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLKem1024KeyPair()
+    {
+        return mlKem1024Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLDsa44KeyPair()
     {
-        return mlKemKpg.generateKeyPair();
+        return mlDsa44Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLDsa65KeyPair()
+    {
+        return mlDsa65Kpg.generateKeyPair();
+    }
+
+    public static KeyPair makeMLDsa87KeyPair()
+    {
+        return mlDsa87Kpg.generateKeyPair();
     }
 
     public static SecretKey makeDesede128Key()
@@ -504,6 +541,10 @@ public static X509Certificate makeOaepCertificate(KeyPair subKP, String _subDN,
 
     private static JcaContentSignerBuilder makeContentSignerBuilder(PublicKey issPub)
     {
+        /*
+         * NOTE: Current ALL test certificates are issued under a SHA1withRSA root, so this list is mostly
+         * redundant (and also incomplete in that it doesn't handle EdDSA or ML-DSA issuers).
+         */
         JcaContentSignerBuilder contentSignerBuilder;
         if (issPub instanceof RSAPublicKey)
         {
@@ -521,10 +562,14 @@ else if (issPub.getAlgorithm().equals("ECGOST3410"))
         {
             contentSignerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410");
         }
-        else
+        else if (issPub.getAlgorithm().equals("GOST3410"))
         {
             contentSignerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410");
         }
+        else
+        {
+            throw new UnsupportedOperationException("Algorithm handlers incomplete");
+        }
 
         contentSignerBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
 

pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java

@@ -143,8 +143,12 @@ public class NewEnvelopedDataTest
     private static X509Certificate _reciKemsCert;
     private static KeyPair _reciNtruKP;
     private static X509Certificate _reciNtruCert;
-    private static KeyPair _reciMLKemKP;
-    private static X509Certificate _reciMLKemCert;
+    private static KeyPair _reciMLKem512KP;
+    private static X509Certificate _reciMLKem512Cert;
+    private static KeyPair _reciMLKem768KP;
+    private static X509Certificate _reciMLKem768Cert;
+    private static KeyPair _reciMLKem1024KP;
+    private static X509Certificate _reciMLKem1024Cert;
 
     private static KeyPair _origDhKP;
     private static KeyPair _reciDhKP;
@@ -609,8 +613,14 @@ private static void init()
             _reciNtruKP = CMSTestUtil.makeNtruKeyPair();
             _reciNtruCert = CMSTestUtil.makeCertificate(_reciNtruKP, _reciDN, _signKP, _signDN);
 
-            _reciMLKemKP = CMSTestUtil.makeMLKemKeyPair();
-            _reciMLKemCert = CMSTestUtil.makeCertificate(_reciMLKemKP, _reciDN, _signKP, _signDN);
+            _reciMLKem512KP = CMSTestUtil.makeMLKem512KeyPair();
+            _reciMLKem512Cert = CMSTestUtil.makeCertificate(_reciMLKem512KP, _reciDN, _signKP, _signDN);
+
+            _reciMLKem768KP = CMSTestUtil.makeMLKem768KeyPair();
+            _reciMLKem768Cert = CMSTestUtil.makeCertificate(_reciMLKem768KP, _reciDN, _signKP, _signDN);
+
+            _reciMLKem1024KP = CMSTestUtil.makeMLKem1024KeyPair();
+            _reciMLKem1024Cert = CMSTestUtil.makeCertificate(_reciMLKem1024KP, _reciDN, _signKP, _signDN);
         }
     }
 
@@ -716,7 +726,7 @@ public void testContentType()
         }
     }
 
-    public void testMLKem()
+    public void testMLKem512()
         throws Exception
     {
         byte[] data = "WallaWallaWashington".getBytes();
@@ -725,8 +735,8 @@ public void testMLKem()
         CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
 
         // note: use cert req ID as key ID, don't want to use issuer/serial in this case!
-        edGen.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(_reciMLKemCert, CMSAlgorithm.AES256_WRAP).setKDF(
-            new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256)));
+        edGen.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(_reciMLKem512Cert, CMSAlgorithm.AES128_WRAP)
+            .setKDF(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hkdf_with_sha256)));
 
         CMSEnvelopedData ed = edGen.generate(
             new CMSProcessableByteArray(data),
@@ -743,17 +753,108 @@ public void testMLKem()
         Iterator it = c.iterator();
 
         int expectedLength = new DefaultKemEncapsulationLengthProvider().getEncapsulationLength(
-                            SubjectPublicKeyInfo.getInstance(_reciMLKemKP.getPublic().getEncoded()).getAlgorithm());
+            SubjectPublicKeyInfo.getInstance(_reciMLKem512KP.getPublic().getEncoded()).getAlgorithm());
+
+        while (it.hasNext())
+        {
+            KEMRecipientInformation recipient = (KEMRecipientInformation)it.next();
+
+            assertEquals(expectedLength, recipient.getEncapsulation().length);
+
+            assertEquals(NISTObjectIdentifiers.id_alg_ml_kem_512.getId(), recipient.getKeyEncryptionAlgOID());
+
+            CMSTypedStream contentStream = recipient.getContentStream(
+                new JceKEMEnvelopedRecipient(_reciMLKem512KP.getPrivate()).setProvider(BC));
+
+            assertEquals(PKCSObjectIdentifiers.data, contentStream.getContentType());
+            assertEquals(true, Arrays.equals(data, Streams.readAll(contentStream.getContentStream())));
+        }
+    }
+
+    public void testMLKem768()
+        throws Exception
+    {
+        byte[] data = "WallaWallaWashington".getBytes();
+
+        // Send response with encrypted certificate
+        CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
+
+        // note: use cert req ID as key ID, don't want to use issuer/serial in this case!
+        edGen.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(_reciMLKem768Cert, CMSAlgorithm.AES256_WRAP)
+            .setKDF(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hkdf_with_sha256)));
+
+        CMSEnvelopedData ed = edGen.generate(
+            new CMSProcessableByteArray(data),
+            new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).setProvider("BC").build());
+
+        RecipientInformationStore recipients = ed.getRecipientInfos();
+
+        assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES256_CBC);
+
+        Collection c = recipients.getRecipients();
+
+        assertEquals(1, c.size());
+
+        Iterator it = c.iterator();
+
+        int expectedLength = new DefaultKemEncapsulationLengthProvider().getEncapsulationLength(
+            SubjectPublicKeyInfo.getInstance(_reciMLKem768KP.getPublic().getEncoded()).getAlgorithm());
 
         while (it.hasNext())
         {
             KEMRecipientInformation recipient = (KEMRecipientInformation)it.next();
 
             assertEquals(expectedLength, recipient.getEncapsulation().length);
-            
+
             assertEquals(NISTObjectIdentifiers.id_alg_ml_kem_768.getId(), recipient.getKeyEncryptionAlgOID());
 
-            CMSTypedStream contentStream = recipient.getContentStream(new JceKEMEnvelopedRecipient(_reciMLKemKP.getPrivate()).setProvider(BC));
+            CMSTypedStream contentStream = recipient.getContentStream(
+                new JceKEMEnvelopedRecipient(_reciMLKem768KP.getPrivate()).setProvider(BC));
+
+            assertEquals(PKCSObjectIdentifiers.data, contentStream.getContentType());
+            assertEquals(true, Arrays.equals(data, Streams.readAll(contentStream.getContentStream())));
+        }
+    }
+
+    public void testMLKem1024()
+        throws Exception
+    {
+        byte[] data = "WallaWallaWashington".getBytes();
+
+        // Send response with encrypted certificate
+        CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
+
+        // note: use cert req ID as key ID, don't want to use issuer/serial in this case!
+        edGen.addRecipientInfoGenerator(new JceKEMRecipientInfoGenerator(_reciMLKem1024Cert, CMSAlgorithm.AES256_WRAP)
+            .setKDF(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hkdf_with_sha256)));
+
+        CMSEnvelopedData ed = edGen.generate(
+            new CMSProcessableByteArray(data),
+            new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).setProvider("BC").build());
+
+        RecipientInformationStore recipients = ed.getRecipientInfos();
+
+        assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES256_CBC);
+
+        Collection c = recipients.getRecipients();
+
+        assertEquals(1, c.size());
+
+        Iterator it = c.iterator();
+
+        int expectedLength = new DefaultKemEncapsulationLengthProvider().getEncapsulationLength(
+            SubjectPublicKeyInfo.getInstance(_reciMLKem1024KP.getPublic().getEncoded()).getAlgorithm());
+
+        while (it.hasNext())
+        {
+            KEMRecipientInformation recipient = (KEMRecipientInformation)it.next();
+
+            assertEquals(expectedLength, recipient.getEncapsulation().length);
+
+            assertEquals(NISTObjectIdentifiers.id_alg_ml_kem_1024.getId(), recipient.getKeyEncryptionAlgOID());
+
+            CMSTypedStream contentStream = recipient.getContentStream(
+                new JceKEMEnvelopedRecipient(_reciMLKem1024KP.getPrivate()).setProvider(BC));
 
             assertEquals(PKCSObjectIdentifiers.data, contentStream.getContentType());
             assertEquals(true, Arrays.equals(data, Streams.readAll(contentStream.getContentStream())));