moved to mldsa from dilithium (choke, sob, sob...)

upgraded composite signatures to FIPS definitions.

Author: dghgit

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAEngine.java

@@ -0,0 +1,24 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.KeyGenerationParameters;
+
+public class MLDSAKeyGenerationParameters
+    extends KeyGenerationParameters
+{
+    private final MLDSAParameters params;
+
+    public MLDSAKeyGenerationParameters(
+        SecureRandom random,
+        MLDSAParameters dilithiumParameters)
+    {
+        super(random, 256);
+        this.params = dilithiumParameters;
+    }
+
+    public MLDSAParameters getParameters()
+    {
+        return params;
+    }
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAKeyGenerationParameters.java

@@ -0,0 +1,60 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+
+public class MLDSAKeyPairGenerator
+    implements AsymmetricCipherKeyPairGenerator
+{
+    private MLDSAParameters dilithiumParams;
+
+    private SecureRandom random;
+
+    private void initialize(
+        KeyGenerationParameters param)
+    {
+        this.dilithiumParams = ((MLDSAKeyGenerationParameters)param).getParameters();
+        this.random = param.getRandom();
+
+    }
+
+    private AsymmetricCipherKeyPair genKeyPair()
+    {
+        MLDSAEngine engine = dilithiumParams.getEngine(random);
+
+        byte[][] keyPair = engine.generateKeyPair();
+        // System.out.println("pk gen = ");
+        // Helper.printByteArray(keyPair[0]);
+
+        MLDSAPublicKeyParameters pubKey = new MLDSAPublicKeyParameters(dilithiumParams, keyPair[0], keyPair[6]);
+        MLDSAPrivateKeyParameters privKey = new MLDSAPrivateKeyParameters(dilithiumParams, keyPair[0], keyPair[1], keyPair[2], keyPair[3], keyPair[4], keyPair[5], keyPair[6]);
+
+        return new AsymmetricCipherKeyPair(pubKey, privKey);
+    }
+
+    public void init(KeyGenerationParameters param)
+    {
+        this.initialize(param);
+    }
+
+    public AsymmetricCipherKeyPair generateKeyPair()
+    {
+        return genKeyPair();
+    }
+    public AsymmetricCipherKeyPair internalGenerateKeyPair(byte[] seed)
+    {
+        MLDSAEngine engine = dilithiumParams.getEngine(random);
+
+        byte[][] keyPair = engine.generateKeyPairInternal(seed);
+        // System.out.println("pk gen = ");
+        // Helper.printByteArray(keyPair[0]);
+
+        MLDSAPublicKeyParameters pubKey = new MLDSAPublicKeyParameters(dilithiumParams, keyPair[0], keyPair[6]);
+        MLDSAPrivateKeyParameters privKey = new MLDSAPrivateKeyParameters(dilithiumParams, keyPair[0], keyPair[1], keyPair[2], keyPair[3], keyPair[4], keyPair[5], keyPair[6]);
+
+        return new AsymmetricCipherKeyPair(pubKey, privKey);
+    }
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAKeyPairGenerator.java

@@ -0,0 +1,23 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+
+public class MLDSAKeyParameters
+    extends AsymmetricKeyParameter
+{
+    private final MLDSAParameters params;
+
+    public MLDSAKeyParameters(
+        boolean isPrivate,
+        MLDSAParameters params)
+    {
+        super(isPrivate);
+        this.params = params;
+    }
+
+    public MLDSAParameters getParameters()
+    {
+        return params;
+    }
+
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAKeyParameters.java

@@ -0,0 +1,29 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import java.security.SecureRandom;
+
+public class MLDSAParameters
+{
+    public static final MLDSAParameters ml_dsa_44 = new MLDSAParameters("ml-dsa-44", 2);
+    public static final MLDSAParameters ml_dsa_65 = new MLDSAParameters("ml-dsa-65", 3);
+    public static final MLDSAParameters ml_dsa_87 = new MLDSAParameters("ml-dsa-87", 5);
+
+    private final int k;
+    private final String name;
+
+    private MLDSAParameters(String name, int k)
+    {
+        this.name = name;
+        this.k = k;
+    }
+
+    MLDSAEngine getEngine(SecureRandom random)
+    {
+        return new MLDSAEngine(k, random);
+    }
+
+    public String getName()
+    {
+        return name;
+    }
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAParameters.java

@@ -0,0 +1,110 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import org.bouncycastle.util.Arrays;
+
+public class MLDSAPrivateKeyParameters
+    extends MLDSAKeyParameters
+{
+    final byte[] rho;
+    final byte[] k;
+    final byte[] tr;
+    final byte[] s1;
+    final byte[] s2;
+    final byte[] t0;
+
+    private final byte[] t1;
+
+    public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] rho, byte[] K, byte[] tr, byte[] s1, byte[] s2, byte[] t0, byte[] t1)
+    {
+        super(true, params);
+        this.rho = Arrays.clone(rho);
+        this.k = Arrays.clone(K);
+        this.tr = Arrays.clone(tr);
+        this.s1 = Arrays.clone(s1);
+        this.s2 = Arrays.clone(s2);
+        this.t0 = Arrays.clone(t0);
+        this.t1 = Arrays.clone(t1);
+    }
+
+    public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAPublicKeyParameters pubKey)
+    {
+        super(true, params);
+
+        MLDSAEngine eng = params.getEngine(null);
+        int index = 0;
+        this.rho = Arrays.copyOfRange(encoding, 0, MLDSAEngine.SeedBytes); index += MLDSAEngine.SeedBytes;
+        this.k = Arrays.copyOfRange(encoding, index, index + MLDSAEngine.SeedBytes); index += MLDSAEngine.SeedBytes;
+        this.tr = Arrays.copyOfRange(encoding, index, index + MLDSAEngine.TrBytes); index += MLDSAEngine.TrBytes;
+        int delta = eng.getDilithiumL() * eng.getDilithiumPolyEtaPackedBytes();
+        this.s1 = Arrays.copyOfRange(encoding, index, index + delta); index += delta;
+        delta = eng.getDilithiumK() * eng.getDilithiumPolyEtaPackedBytes();
+        this.s2 = Arrays.copyOfRange(encoding, index, index + delta); index += delta;
+        delta = eng.getDilithiumK() * MLDSAEngine.DilithiumPolyT0PackedBytes;
+        this.t0 = Arrays.copyOfRange(encoding, index, index + delta); index += delta;
+
+        if (pubKey != null)
+        {
+            this.t1 = pubKey.getT1();
+        }
+        else
+        {
+            this.t1 = null;
+        }
+    }
+
+    public byte[] getEncoded()
+    {
+        return Arrays.concatenate(new byte[][]{ rho, k, tr, s1, s2, t0 });
+    }
+
+    public byte[] getK()
+    {
+        return Arrays.clone(k);
+    }
+
+    /** @deprecated Use {@link #getEncoded()} instead. */
+    public byte[] getPrivateKey()
+    {
+        return getEncoded();
+    }
+
+    public byte[] getPublicKey()
+    {
+        return MLDSAPublicKeyParameters.getEncoded(rho, t1);
+    }
+
+    public MLDSAPublicKeyParameters getPublicKeyParameters()
+    {
+        return new MLDSAPublicKeyParameters(getParameters(), rho, t1);
+    }
+
+    public byte[] getRho()
+    {
+        return Arrays.clone(rho);
+    }
+
+    public byte[] getS1()
+    {
+        return Arrays.clone(s1);
+    }
+
+    public byte[] getS2()
+    {
+        return Arrays.clone(s2);
+    }
+
+    public byte[] getT0()
+    {
+        return Arrays.clone(t0);
+    }
+
+    public byte[] getT1()
+    {
+        return Arrays.clone(t1);
+    }
+
+    public byte[] getTr()
+    {
+        return Arrays.clone(tr);
+    }
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java

@@ -0,0 +1,44 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import org.bouncycastle.util.Arrays;
+
+public class MLDSAPublicKeyParameters
+    extends MLDSAKeyParameters
+{
+    static byte[] getEncoded(byte[] rho, byte[] t1)
+    {
+        return Arrays.concatenate(rho, t1);
+    }
+
+    final byte[] rho;
+    final byte[] t1;
+
+    public MLDSAPublicKeyParameters(MLDSAParameters params, byte[] encoding)
+    {
+        super(false, params);
+        this.rho = Arrays.copyOfRange(encoding, 0, MLDSAEngine.SeedBytes);
+        this.t1 = Arrays.copyOfRange(encoding, MLDSAEngine.SeedBytes, encoding.length);
+    }
+
+    public MLDSAPublicKeyParameters(MLDSAParameters params, byte[] rho, byte[] t1)
+    {
+        super(false, params);
+        this.rho = Arrays.clone(rho);
+        this.t1 = Arrays.clone(t1);
+    }
+
+    public byte[] getEncoded()
+    {
+        return getEncoded(rho, t1);
+    }
+
+    public byte[] getRho()
+    {
+        return Arrays.clone(rho);
+    }
+
+    public byte[] getT1()
+    {
+        return Arrays.clone(t1);
+    }
+}

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPublicKeyParameters.java

@@ -0,0 +1,61 @@
+package org.bouncycastle.pqc.crypto.mldsa;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.MessageSigner;
+
+public class MLDSASigner
+    implements MessageSigner
+{
+    private MLDSAPrivateKeyParameters privKey;
+    private MLDSAPublicKeyParameters pubKey;
+
+    private SecureRandom random;
+
+    public MLDSASigner()
+    {
+    }
+
+    public void init(boolean forSigning, CipherParameters param)
+    {
+        if (forSigning)
+        {
+            if (param instanceof ParametersWithRandom)
+            {
+                privKey = (MLDSAPrivateKeyParameters)((ParametersWithRandom)param).getParameters();
+                random = ((ParametersWithRandom)param).getRandom();
+            }
+            else
+            {
+                privKey = (MLDSAPrivateKeyParameters)param;
+                random = null;
+            }
+        }
+        else
+        {
+            pubKey = (MLDSAPublicKeyParameters)param;
+        }
+    }
+
+    public byte[] generateSignature(byte[] message)
+    {
+        MLDSAEngine engine = privKey.getParameters().getEngine(random);
+
+        return engine.sign(message, message.length, privKey.rho, privKey.k, privKey.tr, privKey.t0, privKey.s1, privKey.s2);
+    }
+    public byte[] internalGenerateSignature(byte[] message, byte[] random)
+    {
+        MLDSAEngine engine = privKey.getParameters().getEngine(this.random);
+
+        return engine.signSignatureInternal(message, message.length, privKey.rho, privKey.k, privKey.tr, privKey.t0, privKey.s1, privKey.s2, random);
+    }
+
+    public boolean verifySignature(byte[] message, byte[] signature)
+    {
+        MLDSAEngine engine = pubKey.getParameters().getEngine(random);
+
+        return engine.signOpen(message, signature, signature.length, pubKey.rho, pubKey.t1);
+    }
+}