moved pubKey test for ML-DSA to apply to both encodings.

dghgit · dghgit · commit d6af532dc1ec · 2025-02-24T16:07:35.000+11:00
added pubKey check to ML-KEM where pubKey is provided.
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAPrivateKeyParameters.java
@@ -82,17 +82,17 @@ public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAP
             this.t0 = Arrays.copyOfRange(encoding, index, index + delta);
             index += delta;
             this.t1 = eng.deriveT1(rho, k, tr, s1, s2, t0);
+            this.seed = null;
+        }
 
-            if (pubKey != null)
+        if (pubKey != null)
+        {
+            if (!Arrays.constantTimeAreEqual(this.t1, pubKey.getT1()))
             {
-                if (!Arrays.constantTimeAreEqual(this.t1, pubKey.getT1()))
-                {
-                    throw new IllegalArgumentException("passed in public key does not match private values");
-                }
+                throw new IllegalArgumentException("passed in public key does not match private values");
             }
-
-            this.seed = null;
         }
+
         this.prefFormat = (seed != null) ? BOTH : EXPANDED_KEY;
     }
 
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mlkem/MLKEMPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mlkem/MLKEMPrivateKeyParameters.java
@@ -37,6 +37,11 @@ public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] s, byte[] hpk, b
     }
 
     public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] encoding)
+    {
+        this(params, encoding, null);
+    }
+
+    public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] encoding, MLKEMPublicKeyParameters pubKey)
     {
         super(true, params);
 
@@ -68,6 +73,14 @@ public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] encoding)
             this.seed = null;
         }
 
+        if (pubKey != null)
+        {
+            if (!Arrays.constantTimeAreEqual(this.t, pubKey.t) || !Arrays.constantTimeAreEqual(this.rho, pubKey.rho))
+            {
+                throw new IllegalArgumentException("passed in public key does not match private values");
+            }
+        }
+
         this.prefFormat = BOTH;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -82,17 +82,17 @@ public MLDSAPrivateKeyParameters(MLDSAParameters params, byte[] encoding, MLDSAP`
`82`	`82`	`this.t0 = Arrays.copyOfRange(encoding, index, index + delta);`
`83`	`83`	`index += delta;`
`84`	`84`	`this.t1 = eng.deriveT1(rho, k, tr, s1, s2, t0);`
	`85`	`+ this.seed = null;`
	`86`	`+ }`
`85`	`87`
`86`		`- if (pubKey != null)`
	`88`	`+ if (pubKey != null)`
	`89`	`+ {`
	`90`	`+ if (!Arrays.constantTimeAreEqual(this.t1, pubKey.getT1()))`
`87`	`91`	`{`
`88`		`- if (!Arrays.constantTimeAreEqual(this.t1, pubKey.getT1()))`
`89`		`- {`
`90`		`- throw new IllegalArgumentException("passed in public key does not match private values");`
`91`		`- }`
	`92`	`+ throw new IllegalArgumentException("passed in public key does not match private values");`
`92`	`93`	`}`
`93`		`-`
`94`		`- this.seed = null;`
`95`	`94`	`}`
	`95`	`+`
`96`	`96`	`this.prefFormat = (seed != null) ? BOTH : EXPANDED_KEY;`
`97`	`97`	`}`
`98`	`98`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,11 @@ public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] s, byte[] hpk, b`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] encoding)`
	`40`	`+ {`
	`41`	`+ this(params, encoding, null);`
	`42`	`+ }`
	`43`	`+`
	`44`	`+ public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] encoding, MLKEMPublicKeyParameters pubKey)`
`40`	`45`	`{`
`41`	`46`	`super(true, params);`
`42`	`47`
`@@ -68,6 +73,14 @@ public MLKEMPrivateKeyParameters(MLKEMParameters params, byte[] encoding)`
`68`	`73`	`this.seed = null;`
`69`	`74`	`}`
`70`	`75`
	`76`	`+ if (pubKey != null)`
	`77`	`+ {`
	`78`	`+ if (!Arrays.constantTimeAreEqual(this.t, pubKey.t) \|\| !Arrays.constantTimeAreEqual(this.rho, pubKey.rho))`
	`79`	`+ {`
	`80`	`+ throw new IllegalArgumentException("passed in public key does not match private values");`
	`81`	`+ }`
	`82`	`+ }`
	`83`	`+`
`71`	`84`	`this.prefFormat = BOTH;`
`72`	`85`	`}`
`73`	`86`