Merge branch 'main' into pqc-snova

Author: gefeili

core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java

@@ -429,20 +429,7 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier hqc128 = pqc_kem_hqc.branch("1");
     ASN1ObjectIdentifier hqc192 = pqc_kem_hqc.branch("2");
     ASN1ObjectIdentifier hqc256 = pqc_kem_hqc.branch("3");
-
-    /**
-     * ML-KEM/ML-DSA seed parameters algorithms - temporary
-     */
-    //TODO: delete before release
-    ASN1ObjectIdentifier id_id_alg_seed = bc.branch("10");
-
-    ASN1ObjectIdentifier id_id_alg_ml_dsa_44_seed = id_id_alg_seed.branch("1");
-    ASN1ObjectIdentifier id_id_alg_ml_dsa_65_seed = id_id_alg_seed.branch("2");
-    ASN1ObjectIdentifier id_id_alg_ml_dsa_87_seed = id_id_alg_seed.branch("3");
-    ASN1ObjectIdentifier id_id_alg_ml_kem_512_seed = id_id_alg_seed.branch("4");
-    ASN1ObjectIdentifier id_id_alg_ml_kem_768_seed = id_id_alg_seed.branch("5");
-    ASN1ObjectIdentifier id_id_alg_ml_kem_1024_seed = id_id_alg_seed.branch("6");
-
+    
     /**
      * Mayo
      */

core/src/main/java/org/bouncycastle/pqc/crypto/util/PublicKeyFactory.java

@@ -662,23 +662,23 @@ static class MLKEMConverter
         AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
             throws IOException
         {
-            MLKEMParameters kyberParameters = Utils.mlkemParamsLookup(keyInfo.getAlgorithm().getAlgorithm());
+            MLKEMParameters parameters = Utils.mlkemParamsLookup(keyInfo.getAlgorithm().getAlgorithm());
 
             try
             {
                 ASN1Primitive obj = keyInfo.parsePublicKey();
                 KyberPublicKey kyberKey = KyberPublicKey.getInstance(obj);
 
-                return new MLKEMPublicKeyParameters(kyberParameters, kyberKey.getT(), kyberKey.getRho());
+                return new MLKEMPublicKeyParameters(parameters, kyberKey.getT(), kyberKey.getRho());
             }
             catch (Exception e)
             {
                 // we're a raw encoding
-                return new MLKEMPublicKeyParameters(kyberParameters, keyInfo.getPublicKeyData().getOctets());
+                return new MLKEMPublicKeyParameters(parameters, keyInfo.getPublicKeyData().getOctets());
             }
         }
 
-        static MLKEMPublicKeyParameters getPublicKeyParams(MLKEMParameters dilithiumParams, ASN1BitString publicKeyData)
+        static MLKEMPublicKeyParameters getPublicKeyParams(MLKEMParameters parameters, ASN1BitString publicKeyData)
         {
             try
             {
@@ -687,21 +687,21 @@ static MLKEMPublicKeyParameters getPublicKeyParams(MLKEMParameters dilithiumPara
                 {
                     ASN1Sequence keySeq = ASN1Sequence.getInstance(obj);
 
-                    return new MLKEMPublicKeyParameters(dilithiumParams,
+                    return new MLKEMPublicKeyParameters(parameters,
                         ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets(),
                         ASN1OctetString.getInstance(keySeq.getObjectAt(1)).getOctets());
                 }
                 else
                 {
                     byte[] encKey = ASN1OctetString.getInstance(obj).getOctets();
 
-                    return new MLKEMPublicKeyParameters(dilithiumParams, encKey);
+                    return new MLKEMPublicKeyParameters(parameters, encKey);
                 }
             }
             catch (Exception e)
             {
                 // we're a raw encoding
-                return new MLKEMPublicKeyParameters(dilithiumParams, publicKeyData.getOctets());
+                return new MLKEMPublicKeyParameters(parameters, publicKeyData.getOctets());
             }
         }
     }
@@ -784,7 +784,7 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje
             return getPublicKeyParams(dilithiumParams, keyInfo.getPublicKeyData());
         }
 
-        static MLDSAPublicKeyParameters getPublicKeyParams(MLDSAParameters dilithiumParams, ASN1BitString publicKeyData)
+        static MLDSAPublicKeyParameters getPublicKeyParams(MLDSAParameters mlDsaParams, ASN1BitString publicKeyData)
         {
             try
             {
@@ -793,21 +793,21 @@ static MLDSAPublicKeyParameters getPublicKeyParams(MLDSAParameters dilithiumPara
                 {
                     ASN1Sequence keySeq = ASN1Sequence.getInstance(obj);
 
-                    return new MLDSAPublicKeyParameters(dilithiumParams,
+                    return new MLDSAPublicKeyParameters(mlDsaParams,
                         ASN1OctetString.getInstance(keySeq.getObjectAt(0)).getOctets(),
                         ASN1OctetString.getInstance(keySeq.getObjectAt(1)).getOctets());
                 }
                 else
                 {
                     byte[] encKey = ASN1OctetString.getInstance(obj).getOctets();
 
-                    return new MLDSAPublicKeyParameters(dilithiumParams, encKey);
+                    return new MLDSAPublicKeyParameters(mlDsaParams, encKey);
                 }
             }
             catch (Exception e)
             {
                 // we're a raw encoding
-                return new MLDSAPublicKeyParameters(dilithiumParams, publicKeyData.getOctets());
+                return new MLDSAPublicKeyParameters(mlDsaParams, publicKeyData.getOctets());
             }
         }
     }

core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java

@@ -288,9 +288,6 @@ class Utils
         mldsaParams.put(NISTObjectIdentifiers.id_ml_dsa_44, MLDSAParameters.ml_dsa_44);
         mldsaParams.put(NISTObjectIdentifiers.id_ml_dsa_65, MLDSAParameters.ml_dsa_65);
         mldsaParams.put(NISTObjectIdentifiers.id_ml_dsa_87, MLDSAParameters.ml_dsa_87);
-        mldsaParams.put(BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed, MLDSAParameters.ml_dsa_44);
-        mldsaParams.put(BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed, MLDSAParameters.ml_dsa_65);
-        mldsaParams.put(BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed, MLDSAParameters.ml_dsa_87);
         mldsaParams.put(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512, MLDSAParameters.ml_dsa_44_with_sha512);
         mldsaParams.put(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512, MLDSAParameters.ml_dsa_65_with_sha512);
         mldsaParams.put(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512, MLDSAParameters.ml_dsa_87_with_sha512);

pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java

@@ -1,7 +1,6 @@
 package org.bouncycastle.cms.test;
 
 import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -32,7 +31,6 @@
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -985,10 +983,7 @@ public void testSHA1AndMD5WithRSAEncapsulatedRepeated()
 
         CMSSignedData s = gen.generate(msg, true);
 
-        ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
-        ASN1InputStream      aIn = new ASN1InputStream(bIn);
-        
-        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+        s = new CMSSignedData(s.getEncoded());
 
         certs = s.getCertificates();
 
@@ -1041,10 +1036,7 @@ public void testSHA1AndMD5WithRSAEncapsulatedRepeated()
 
         s = gen.generate(msg, true);
 
-        bIn = new ByteArrayInputStream(s.getEncoded());
-        aIn = new ASN1InputStream(bIn);
-
-        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+        s = new CMSSignedData(s.getEncoded());
 
         certs = s.getCertificates();
 
@@ -1851,6 +1843,20 @@ public void testEd25519()
             expectedDigAlgId);
     }
 
+    public void testEd25519Detached()
+        throws Exception
+    {
+        /*
+         * RFC 8419 3.1. When signing with Ed25519, the digestAlgorithm MUST be id-sha512, and the algorithm
+         * parameters field MUST be absent.
+         * 
+         * We confirm here that our implementation defaults to SHA-512 for the digest algorithm.
+         */
+        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512);
+
+        detachedTest(_signEd25519KP, _signEd25519Cert, "Ed25519", EdECObjectIdentifiers.id_Ed25519, expectedDigAlgId);
+    }
+
     public void testEd448()
         throws Exception
     {
@@ -1867,16 +1873,20 @@ public void testEd448()
         encapsulatedTest(_signEd448KP, _signEd448Cert, "Ed448", EdECObjectIdentifiers.id_Ed448, expectedDigAlgId);
     }
 
-    public void testDetachedEd25519()
+    public void testEd448Detached()
         throws Exception
     {
-        detachedTest(_signEd25519KP, _signEd25519Cert, "Ed25519", EdECObjectIdentifiers.id_Ed25519, new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512));
-    }
+        /*
+         * RFC 8419 3.1. When signing with Ed448, the digestAlgorithm MUST be id-shake256-len, the algorithm
+         * parameters field MUST be present, and the parameter MUST contain 512, encoded as a positive integer
+         * value.
+         * 
+         * We confirm here that our implementation defaults to id-shake256-len/512 for the digest algorithm.
+         */
+        AlgorithmIdentifier expectedDigAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256_len,
+            new ASN1Integer(512));
 
-    public void testEdDetached448()
-        throws Exception
-    {
-        detachedTest(_signEd448KP, _signEd448Cert, "Ed448", EdECObjectIdentifiers.id_Ed448, new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256_len, new ASN1Integer(512)));
+        detachedTest(_signEd448KP, _signEd448Cert, "Ed448", EdECObjectIdentifiers.id_Ed448, expectedDigAlgId);
     }
 
     public void testEd25519WithNoAttr()
@@ -2519,11 +2529,8 @@ private void subjectKeyIDTest(
         CMSSignedData s = gen.generate(msg, true);
 
         assertEquals(3, s.getVersion());
-        
-        ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
-        ASN1InputStream      aIn = new ASN1InputStream(bIn);
 
-        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+        s = new CMSSignedData(s.getEncoded());
 
         certStore = s.getCertificates();
 
@@ -2563,10 +2570,7 @@ private void subjectKeyIDTest(
 
         s = gen.generate(msg, true);
 
-        bIn = new ByteArrayInputStream(s.getEncoded());
-        aIn = new ASN1InputStream(bIn);
-
-        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+        s = new CMSSignedData(s.getEncoded());
 
         certStore = s.getCertificates();
 
@@ -2641,7 +2645,7 @@ private void encapsulatedTest(
 
         CMSSignedData s = gen.generate(msg, true);
 
-        s = new CMSSignedData(ContentInfo.getInstance(s.getEncoded()));
+        s = new CMSSignedData(s.getEncoded());
 
         Set digestAlgorithms = new HashSet(s.getDigestAlgorithmIDs());
 
@@ -2720,7 +2724,7 @@ private void encapsulatedTest(
 
         s = gen.generate(msg, true);
 
-        s = new CMSSignedData(ContentInfo.getInstance(s.getEncoded()));
+        s = new CMSSignedData(s.getEncoded());
 
         certStore = s.getCertificates();
         crlStore = s.getCRLs();
@@ -2776,12 +2780,9 @@ private void detachedTest(
 
         gen.addCertificates(certs);
 
-        CMSSignedData s = gen.generate(msg, true);
-
-        ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
-        ASN1InputStream aIn = new ASN1InputStream(bIn);
+        CMSSignedData s = gen.generate(msg);
 
-        s = new CMSSignedData(msg, ContentInfo.getInstance(aIn.readObject()));
+        s = new CMSSignedData(msg, s.getEncoded());
 
         Set digestAlgorithms = new HashSet(s.getDigestAlgorithmIDs());
 
@@ -2948,10 +2949,7 @@ public void testNullContentWithSigner()
 
         CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
 
-        ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
-        ASN1InputStream      aIn = new ASN1InputStream(bIn);
-        
-        s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+        s = new CMSSignedData(s.getEncoded());
 
         verifySignatures(s);
     }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/MLDSAKeyFactorySpi.java

@@ -13,7 +13,6 @@
 import java.util.Set;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -54,9 +53,9 @@ public MLDSAKeyFactorySpi(Set<ASN1ObjectIdentifier> keyOids)
         this.isHashOnly = false;
     }
 
-    public MLDSAKeyFactorySpi(ASN1ObjectIdentifier keyOid, ASN1ObjectIdentifier seedOid)
+    public MLDSAKeyFactorySpi(ASN1ObjectIdentifier keyOid)
     {
-        super(setOf(keyOid, seedOid));
+        super(keyOid);
 
         this.isHashOnly = (keyOid.equals(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512)
             || keyOid.equals(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512)
@@ -227,7 +226,7 @@ public static class MLDSA44
     {
         public MLDSA44()
         {
-            super(NISTObjectIdentifiers.id_ml_dsa_44, BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed);
+            super(NISTObjectIdentifiers.id_ml_dsa_44);
         }
     }
 
@@ -236,7 +235,7 @@ public static class MLDSA65
     {
         public MLDSA65()
         {
-            super(NISTObjectIdentifiers.id_ml_dsa_65, BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed);
+            super(NISTObjectIdentifiers.id_ml_dsa_65);
         }
     }
 
@@ -245,7 +244,7 @@ public static class MLDSA87
     {
         public MLDSA87()
         {
-            super(NISTObjectIdentifiers.id_ml_dsa_87, BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed);
+            super(NISTObjectIdentifiers.id_ml_dsa_87);
         }
     }
 
@@ -263,7 +262,7 @@ public static class HashMLDSA44
     {
         public HashMLDSA44()
         {
-            super(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512, BCObjectIdentifiers.id_id_alg_ml_dsa_44_seed);
+            super(NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512);
         }
     }
 
@@ -272,7 +271,7 @@ public static class HashMLDSA65
     {
         public HashMLDSA65()
         {
-            super(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512, BCObjectIdentifiers.id_id_alg_ml_dsa_65_seed);
+            super(NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512);
         }
     }
 
@@ -281,7 +280,7 @@ public static class HashMLDSA87
     {
         public HashMLDSA87()
         {
-            super(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512, BCObjectIdentifiers.id_id_alg_ml_dsa_87_seed);
+            super(NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512);
         }
     }
 }

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/BaseKeyFactorySpi.java

@@ -7,7 +7,6 @@
 import java.security.spec.KeySpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
-import java.util.HashSet;
 import java.util.Set;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -34,16 +33,6 @@ protected BaseKeyFactorySpi(ASN1ObjectIdentifier keyOid)
         this.keyOids = null;
     }
 
-    protected static Set setOf(ASN1ObjectIdentifier oid1, ASN1ObjectIdentifier oid2)
-    {
-        Set hashSet = new HashSet(2);
-
-        hashSet.add(oid1);
-        hashSet.add(oid2);
-
-        return hashSet;
-    }
-
     public PrivateKey engineGeneratePrivate(KeySpec keySpec)
         throws InvalidKeySpecException
     {

prov/src/test/java/org/bouncycastle/pqc/jcajce/provider/test/SLHDSATest.java

@@ -151,14 +151,14 @@ public void testKeyFactory()
             NISTObjectIdentifiers.id_hash_slh_dsa_shake_256f_with_shake256,
             NISTObjectIdentifiers.id_hash_slh_dsa_shake_256s_with_shake256,
         };
-        
-        for (int i = 0; i != 1; i++)
+
+        for (int i = 0; i != names.length; i++)
         {
             KeyPairGenerator kpGen = KeyPairGenerator.getInstance(names[i]);
             KeyPair kp = kpGen.generateKeyPair();
-             System.err.println(names[i]);
+
             tryKeyFact(KeyFactory.getInstance(names[i], "BC"), kp, kp44, "2.16.840.1.101.3.4.3.17");
-           // tryKeyFact(KeyFactory.getInstance(oids[i].toString(), "BC"), kp, kp44, "2.16.840.1.101.3.4.3.17");
+            tryKeyFact(KeyFactory.getInstance(oids[i].toString(), "BC"), kp, kp44, "2.16.840.1.101.3.4.3.17");
         }
     }